Skip to content

Instantly share code, notes, and snippets.

@fqrouter

fqrouter/tcpdump_sniffer.py

Created February 11, 2013 06:31
Show Gist options
  • Save fqrouter/4753000 to your computer and use it in GitHub Desktop.
Save fqrouter/4753000 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
tcpdump_sniffer.py
class TcpdumpSniffer(object):
def __init__(self, iface, src, dst):
self.iface = iface
self.src = src
self.dst = dst
self.packets = []
def start_sniffing(self):
self.pcap_file_path = tempfile.mktemp()
filter = '(dst host %s and src host %s) or icmp' % (self.src, self.dst)
self.tcmpdump_proc = subprocess.Popen(
['tcpdump', '-i', self.iface, '-w', self.pcap_file_path, filter],
stderr=subprocess.PIPE, stdout=subprocess.PIPE, stdin=subprocess.PIPE)
def stop_sniffing(self):
self.tcmpdump_proc.terminate()
self.tcmpdump_proc.wait()
for packet in rdpcap(self.pcap_file_path):
if IP in packet:
self.collect_packet(packet[IP])
return self.packets
def collect_packet(self, packet):
packet.mark = None
if self.dst == packet.src and self.src == packet.dst:
packet.mark = 'inbound'
self.packets.append(packet)
elif IPerror in packet:
if self.src == packet[IPerror].src and self.dst == packet[IPerror].dst:
packet.mark = 'ttl-exceeded'
self.packets.append(packet)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment