-
Notifications
You must be signed in to change notification settings - Fork 0
/
tcpdump.py
66 lines (55 loc) · 1.54 KB
/
tcpdump.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
import sys, os, re
from datetime import datetime
from time import time
import thread
__all__ = [ 'TcpDump' ]
from config import *
TCPDUMP = 'tcpdump -qtlni %s tcp'
dump_skip = 2
# IP ks279501.kimsufi.com.2399 > drink.kerozene.de.33701: tcp 112
re_host_str = r'([a-zA-Z0-9_.-]+)\.([0-9a-zA-Z_-]+)'
re_host = re.compile(re_host_str)
re_output = re.compile('IP %s > %s: tcp ([0-9]+).*'%(re_host_str, re_host_str))
def get_dump(iface) :
return os.popen(TCPDUMP%iface, 'r')
def parse_dump_line(l) :
#print "<< %s >>"%l
try :
return re_output.match(l).groups()
except :
#print "RE FAILED", l
return hostname, hostname
class TcpDump(object) :
def __init__(self, iface) :
self.dump = get_dump(iface)
for i in xrange(dump_skip) :
self.dump.readline()
self.lock = thread.allocate_lock()
self.counts = {}
self.t = time()
thread.start_new_thread(self._thread, tuple())
self.quit=False
def _thread(self) :
while not self.quit :
packet_from, port_from, packet_to, port_to, size = parse_dump_line(self.dump.readline())
who, port = packet_from in (hostname, hostip) and (packet_to, port_to) or (packet_from, port_from)
port = int(port)
size = int(size)
key = (who, port)
self.lock.acquire()
if key in self.counts :
self.counts[key] += size
else :
self.counts[key] = size
self.lock.release()
self.dump.close()
def __del__(self) :
self.quit=True
def get_counts(self) :
self.lock.acquire()
ret = self.counts
ret_t = self.t
self.counts = {}
self.t = time()
self.lock.release()
return ret, self.t-ret_t