Scapy - how to get the statistics?
Question
I need to write a network sniffer and I have decided to use python to do it. I know that the performances will not be the best, and for this kind of software I should use c or c++, but a good prototype will just do for me. So I have been working with libpcap library for python 2.7 and I could get all the info I needed such as: IP source and destination, with relative ports, timestamp and packet length. But the problem was that I noticed that with high traffic there was an huge packet dropping.
It must be said that these info were inserted into a mysql database during the whole process.
So before I go further with Scapy I would like to understand if there is a way to measure how many packets I will loose during this elaboration .
Thank you
1 answers
solution1
0 ACCPTED 2013-06-11 12:02:13
I have fixed in an indirect way. I am using
tcpdump -G 3600 -i interface -n -w %H-Capture.pcap
From here I collect all the statistics about discarded packets and filtered and so on. Please mind that to minimize the percentage of discarded packet the option -n is vital since it basically says not to resolve each host in the packets captured -G instead basically tells to cycle over 3600 seconds creating ie a file each hour.
After this I just go Scapy from cli and in scapy I do the following:
x = rdpcap("myfile")
len_x = len(x)
for i in x:
if TCP in i:
i.show()
this will show only the TCP packets. If you want you can also filter UDP or ICMP and so on in the same way.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.