0

Let me first describe the architecture of my project. I am dumping packets from a router by using tcpdump ... | nc <vm_addr> 1111 which translates them to a virtual machine, which has lots and lots of memory for this purpose.

On the virtual machine I am planning to read the packets by using my python script and then sort the packets for example by the port they using.

I am wondering which is the best way to do it, because most of python pcap libraries can read from file, but not from socket or file handler.

Lalit Kumar B
  • 47,486
  • 13
  • 97
  • 124
PaulOverflow
  • 1,091
  • 1
  • 10
  • 12

1 Answers1

0

How about pypcap?

$ sudo apt-get install libpcap-dev

$ pip install pypcap

A socket can read and write as a file can. See this StackOverflow question. With bursty traffic it may be a good idea to implement a loop and some (StringIO or file) buffering nevertheless.

Community
  • 1
  • 1
Freek Wiekmeijer
  • 4,556
  • 30
  • 37