简体   繁体   中英

Tcpdump : Unable to capture packets from Python script

I'm trying to open Tcpdump to capture UDP packets from a Python script. Here is my code:

os.system("tcpdump -i wlp2s0 -n dst 8.8.8.8 -w decryptedpackets.pcap &")
testfile = urllib.URLopener()
s = socket(AF_INET, SOCK_DGRAM)
host = "8.8.8.8"
port = 5000
buf = 1024
addr = (host, port)
s.connect((host, port))
f = open("file.txt", "rb")
data = f.read(buf)

while (data):
    if (s.sendto(data, addr)):
        print "sending ..."
        data = f.read(buf)

I am able to capture the packets (pcap file has content) if I manually execute this command in shell:

tcpdump -i wlp2s0 -n dst 8.8.8.8 -w decryptedpackets.pcap &

However, If I use os.system() I can't capture the packets. ( When I open the pcap file, I find it empty)

I have verified and found that there is a process that gets created when the Python script is executed:

root 10092 0.0 0.0 17856 1772 pts/19 S 10:25 0:00 tcpdump -i wlp2s0 -n dst 8.8.8.8 -w decryptedpackets.pcap

Also, I'm running this as a sudo user to avoid any permission problems.

Any suggestions what could be causing this problem ?

From python documentation .

os.system(command) Execute the command (a string) in a subshell. This is implemented by calling the Standard C function system(), and has the same limitations. Changes to sys.stdin, etc. are not reflected in the environment of the executed command.

On Unix, the return value is the exit status of the process encoded in the format specified for wait(). Note that POSIX does not specify the meaning of the return value of the C system() function, so the return value of the Python function is system-dependent.

On Windows, the return value is that returned by the system shell after running command, given by the Windows environment variable COMSPEC: on command.com systems (Windows 95, 98 and ME) this is always 0; on cmd.exe systems (Windows NT, 2000 and XP) this is the exit status of the command run; on systems using a non-native shell, consult your shell documentation.

The subprocess module provides more powerful facilities for spawning new processes and retrieving their results; using that module is preferable to using this function. See the Replacing Older Functions with the subprocess Module section in the subprocess documentation for some helpful recipes.

I think that os.system returns immediately and the script keeps going, there's no problem with the code but you probably need to create a separate thread and call os.system with the tcp-dump since I believe that it is returning immediately.

did you use the -w switch too when running from the command line instead of the script? If not your problem might be buffering and you should have a look at the -U option. Apart from that the -w switch should be used before the capture expression, ie the expression should be the last thing. In summary: tcpdump -i wlp2s0 -n -w out.pcap -U dst 8.8.8.8 – Steffen Ullrich

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM