Handling tcpdump output in python

python subprocess popen tcpdump

ashish g · Jul 28, 2013 · Viewed 22.5k times · Source

Im trying to handle tcpdump output in python.

What I need is to run tcpdump (which captures the packets and gives me information) and read the output and process it.

The problem is that tcpdump keeps running forever and I need to read the packet info as soon as it outputs and continue doing it.

I tried looking into subprocess of python and tried calling tcpdump using popen and piping the stdout but it doesnt seem to work.

Any directions on how to proceed with this.

import subprocess

def redirect():
    tcpdump = subprocess.Popen("sudo tcpdump...", stdin=subprocess.PIPE, stdout=subprocess.PIPE, shell=True)
    while True:
        s = tcpdump.stdout.readline()
        # do domething with s

redirect()

Answer

You can make tcpdump line-buffered with "-l". Then you can use subprocess to capture the output as it comes out.

import subprocess as sub

p = sub.Popen(('sudo', 'tcpdump', '-l'), stdout=sub.PIPE)
for row in iter(p.stdout.readline, b''):
    print row.rstrip()   # process here

Handling tcpdump output in python

Answer

Related questions