Why not try something like? http://oss.coresecurity.com/projects/pcapy.html Otherwise you should probably implement threading to keep track of the different tcpdumps and their results. http://docs.python.org/library/threading.html and you are much more likely to get better answers at http://stackoverflow.com/ :) On 11/12/2010 03:10 PM, joe mwirigi wrote:
Av an issue with some script or may be logic on howto I would want to capture the verbose of tcp dump to sniff traffic on a given port say ssh so i write some class # module sniff sniff class PrimarySpoof: / """ Primary spoof class.
This class shall be used to read tcpdump output from the system it shall then pass this packet to a class variable called capturedPacket to make it available to other methods for further manupulation """/ capturedPacket=None
*def* __init__(self,port): """ initialize the port.
""" self.port = port
*def* initializeTcpdump(self): # you must have imported the os module """ This method will initialize tcpdump for the port indicated in the init.
""" import os cmd = "tcpdump -nnvvXSs 1514 -i eth0 dst port %d"%self.port # test if it returns some output #cmd = "tcpdump -nnvvXSs 1514 -i eth0" PrimarySpoof.capturedPacket = os.system(cmd)
*def* displayCapturedPacket(self): """ Display the raw packet.
""" print PrimarySpoof.capturedPacket
################### end of part sample
My question and problem is if i run several tcp dumps at the same time, will the output be in sync?
Say (1) i first run a tcpdump to just get the headers i.e source and destination without the payload
(2) run another tcpdump just to get the payload
(3) Then I re-assemble the packet and >>> my fun things
OR Get the entire verbose then get into the regex hell, remember this is a continual stream, picking out the headers pay load and the tail as well as doing the processing :
well someone advice
Kind Rgds