scomma/plankton.py

## plankton.py
#!/opt/bin/python2.7
# This program is free software. It comes without any warranty, to
# the extent permitted by applicable law. You can redistribute it
# and/or modify it under the terms of the Do What The Fuck You Want
# To Public License, Version 2, as published by Sam Hocevar. See
# http://sam.zoy.org/wtfpl/COPYING for more details.

import re, datetime, subprocess

INTERFACE = 'br0'

proc = subprocess.Popen(['tcpdump', '-A', '-i', INTERFACE, '-vvv', '-s', '500', 'tcp port 80 and ip[2:2] > 40 and tcp[tcpflags] & tcp-push != 0 and dst port 80', '-f', '-n'], stdout=subprocess.PIPE)

re_timestamp = re.compile('^(\d\d:\d\d:\d\d\.\d{6}) IP ')
re_ips       = re.compile('^\s{4}(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.(\d{1,5}) > (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.(\d{1,5}): Flags')
re_path      = re.compile('(?:GET|POST) ([^ ]+) HTTP/1\.')
re_host      = re.compile('^Host: (\S+)')

timestamp = src_ip = src_port = dst_ip = dst_port = path = host = None

for line in proc.stdout:
    m = re_timestamp.search(line)
    if m: timestamp, = m.groups()

    m = re_ips.search(line)
    if m: src_ip, src_port, dst_ip, dst_port = m.groups()

    m = re_path.search(line)
    if m: path, = m.groups()

    m = re_host.search(line)
    if m:
        host, = m.groups()

    if timestamp and src_ip and path and host:
        date = datetime.date.today()
        print "%s %s | %15s > %-15s | http://%s%s" % (date, timestamp, src_ip, dst_ip, host, path[:80])
        timestamp = src_ip = src_port = dst_ip = dst_port = path = host = None
	#!/opt/bin/python2.7
	# This program is free software. It comes without any warranty, to
	# the extent permitted by applicable law. You can redistribute it
	# and/or modify it under the terms of the Do What The Fuck You Want
	# To Public License, Version 2, as published by Sam Hocevar. See
	# http://sam.zoy.org/wtfpl/COPYING for more details.

	import re, datetime, subprocess

	INTERFACE = 'br0'

	proc = subprocess.Popen(['tcpdump', '-A', '-i', INTERFACE, '-vvv', '-s', '500', 'tcp port 80 and ip[2:2] > 40 and tcp[tcpflags] & tcp-push != 0 and dst port 80', '-f', '-n'], stdout=subprocess.PIPE)

	re_timestamp = re.compile('^(\d\d:\d\d:\d\d\.\d{6}) IP ')
	re_ips = re.compile('^\s{4}(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.(\d{1,5}) > (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.(\d{1,5}): Flags')
	re_path = re.compile('(?:GET\|POST) ([^ ]+) HTTP/1\.')
	re_host = re.compile('^Host: (\S+)')

	timestamp = src_ip = src_port = dst_ip = dst_port = path = host = None

	for line in proc.stdout:
	m = re_timestamp.search(line)
	if m: timestamp, = m.groups()

	m = re_ips.search(line)
	if m: src_ip, src_port, dst_ip, dst_port = m.groups()

	m = re_path.search(line)
	if m: path, = m.groups()

	m = re_host.search(line)
	if m:
	host, = m.groups()

	if timestamp and src_ip and path and host:
	date = datetime.date.today()
	print "%s %s \| %15s > %-15s \| http://%s%s" % (date, timestamp, src_ip, dst_ip, host, path[:80])
	timestamp = src_ip = src_port = dst_ip = dst_port = path = host = None