Live Network Tracing in Python
python-libtrace comes highly recommended over scapy . Scapy always feels a bit alien to me, I think the custom repl front end aimed at 'security people' (whatever that means). I am sure it is there to make things simple, but for me it just makes it harder to write programs with.
python-libtrace
certainly isn't easy to install, all of the documentation is
left to the libtrace project. Once I figured out the magic words I was able to
throw together a dscp mark classifier really quickly. For live capture on your
system you will probably have to change the
bpf:em0
to something like
pcapint:eth0
.
import plt
import time
trace = plt.trace('bpf:em0')
trace.start()
INTERVAL = 1
dscp = {}
start = time.time()
try:
for pkt in trace:
ip = pkt.ip
if not ip:
continue
dscpvalue = ip.traffic_class >> 2
if dscpvalue in dscp:
dscp[dscpvalue] = dscp[dscpvalue] + 1
else:
dscp[dscpvalue] = 1
done = time.time()
if done - start > INTERVAL:
print("marks:".format(len(dscp)), end="")
for mark,count in dscp.items():
print(" {}:{},".format(mark, count), end="")
print("")
dscp = {}
start = done
except KeyboardInterrupt:
trace.close()
sys.exit()
This can be tested with netcat quite easily, though the options seem to be different everywhere.
nc -u -T ef [host] [post]
Reading: Cibola Burn, Excession