python-libtrace comes highly recommended over scapy . Scapy always feels a bit alien to me, I think the custom repl front end aimed at 'security people' (whatever that means). I am sure it is there to make things simple, but for me it just makes it harder to write programs with.

python-libtrace certainly isn't easy to install, all of the documentation is left to the libtrace project. Once I figured out the magic words I was able to throw together a dscp mark classifier really quickly. For live capture on your system you will probably have to change the bpf:em0 to something like pcapint:eth0 .

import plt
import time

trace = plt.trace('bpf:em0')
trace.start()

INTERVAL = 1

dscp = {}
start = time.time()

try:
    for pkt in trace:
        ip = pkt.ip
        if not ip:
            continue

        dscpvalue = ip.traffic_class >> 2

        if dscpvalue in dscp:
            dscp[dscpvalue] = dscp[dscpvalue] + 1
        else:
            dscp[dscpvalue] = 1

        done = time.time()

        if done - start > INTERVAL:
            print("marks:".format(len(dscp)), end="")
            for mark,count in dscp.items():
                print(" {}:{},".format(mark, count), end="")
            print("")
            dscp = {}
            start = done
except KeyboardInterrupt:
    trace.close()
    sys.exit()

This can be tested with netcat quite easily, though the options seem to be different everywhere.

nc -u -T ef [host] [post]

Reading: Cibola Burn, Excession

I wrote up a script yesterday to grab the most recent file from the super awesome toshiba flashair wifi sd card . I had suggested the card to someone in the hackerspace, he planned on using it to help align a camera trap (not that model, but you get the idea).

Once you put the trap up a tree, it is a real hassle to figure out if it is really pointing the way you want it to. So use the wifi sd card to grab the latest image and confirm it is.

After writing the script I tried for a while to get my laptop connected, but it seems that the camera trap doesn't keep the card powered on for nearly long enough. I might be able to get it to work if I can get my laptop to over overzealous in connecting to the wifi.

It is Sunday, so that makes seven days of writing .

Reading: Cibola Burn, Excession Location: 57.155,-2.210

Apparently there isn't a simple API to turn a lat/lon into the weather. I have no idea why web services all seem to insist on having an API key for all requests. It is just annoying.

Reading: Cibola Burn, Excession

It seems I am submitting a lightning talk to CCC. Lightning talks a short 5 minute presentations. The format is really popular for adding a load of content to a conference, giving many more people a chance to talk.

I have watched the congress and camp lightning talk sessions before, but I can't really remember any jumping out at me. Searching today for 'best lightning talks eva' didn't have useful results. Well, wat came up, wat is an excellent talk.

I guess I will watch some lightning talks from previous congresses and see what they were like.

Reading: Cibola Burn, Excession

Q : How do I get the interface speed?

A : On Linux:

$ ethtool eth0 
    Speed: 1000Mb/s

Not what I want at all,

Q How do I get interface throughput

A iftop does what top does for network interfaces:

$ iftop
interface: em0
IP address is: 192.168.204.4
MAC address is: ffffffec:ffffffb1:ffffffd7:34:ffffffa3:ffffffa1
pcap_open_live(em0): em0: You don't have permission to capture on that device ((cannot open device) /dev/bpf: Permission denied)

Annoying

$ sudo iftop
...cool ncurses display...

A Besides iftop and iptraf, also check: bwm-ng

$ bwm-ng 
...cool ncurses display...

Not scriptable

$ bwm-ng --output csv
1479982871;em0;0.00;0.00;0.00;0;0;0.00;0.00;0.00;0;0;0.00;0.00;0;0
1479982871;lo0;0.00;0.00;0.00;0;0;0.00;0.00;0.00;0;0;0.00;0.00;0;0
1479982871;total;0.00;0.00;0.00;0;0;0.00;0.00;0.00;0;0;0.00;0.00;0;0

Q How do those commands gather their data?

A It is different everywhere

Getting a look a network rates is really easy on FreeBSD, the systat tool in ifstat ships with the base system. But if you want to do this programmatically there isn't a lot of information out there, I had to read source code to figure out how to do it.

The initial iftop error message indicates they are doing a capture of all the traffic on all interfaces and working this stuff out on their own. That requires root and I really don't want the hassle of doing it, surely the OS is capturing these stats from the network stack?

On Linux, these stats are exposed via /proc :

/sys/class/net/eth0/statistics/rx_bytes
/sys/class/net/eth0/statistics/tx_bytes

There may actually be other interfaces for Linux, but I don't think it is worth digging any further.

On FreeBSD you can do what systat does and use a sysctl call to populate a struct. The bwm-ng man page has a heap of methods for finding these numbers on different platforms, for the BSD's and MacOS it suggests the getifaddrs interface.

For portable code not written in C I will probably set up a thread running bwm-ng outputting csv data.

Reading: Cibola Burn, Excession