Skip to content

Instantly share code, notes, and snippets.

@djoreilly

djoreilly/read-rabbit-cap.py

Last active February 21, 2019 17:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save djoreilly/0a4ed41c61da659748be08170d21eefd to your computer and use it in GitHub Desktop.
Save djoreilly/0a4ed41c61da659748be08170d21eefd to your computer and use it in GitHub Desktop.
Download ZIP
Pretty print an OpenStack Olso messaging packet capture
Raw
read-rabbit-cap.py
'''
Pretty print an OpenStack Oslo messaging packet capture.
tcpdump -ni ethX tcp port 5672 -w rabbit.cap
python read-rabbit-cap.py rabbit.cap
python read-rabbit-cap.py rabbit.cap | grep -v context
'''
import json
import pprint
import sys
import time
from scapy.all import *
SVR_PORT = 5672
cap_file = sys.argv[1] if len(sys.argv) == 2 else "rabbit.cap"
pkts = rdpcap(cap_file)
stats = {}
for p in pkts:
#if not (p.proto == 0x800 and p[IP].proto == 0x6):
# continue
s = str(p[TCP].payload)
start = s.find("oslo.message")
end = s.find("oslo.version")
if start == -1 or end == -1:
continue
s = s[start+16:end-4]
s = s.replace('\\', '')
print("="*50)
print("%s:%s --> %s:%s %s \n" % (p[IP].src, p[TCP].sport, p[IP].dst,
p[TCP].dport, time.ctime(p.time)))
try:
d = json.loads(s)
pprint.pprint(d, width=1)
except ValueError:
print(p)
key = p[TCP].sport if p[TCP].dport == SVR_PORT else p[TCP].dport
last = stats.setdefault(key, {"sent_bytes": 0, "recv_bytes":0})
if p[TCP].dport == SVR_PORT:
last["sent_bytes"] += p.len
else:
last["recv_bytes"] += p.len
print("\n========== Stats ==========")
print(pkts)
pprint.pprint(stats)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment