[Twisted-Python] twisted irc client + packet capturing

Phil Mayers p.mayers at imperial.ac.uk
Fri Nov 8 10:01:09 MST 2013


Another option is to run tcpdump as a sub-process writing to stdout, and 
write a ProcessProtocol to parse the pcap stream. This is not terribly 
difficult, and can actually have some advantages - if your python 
process blocks for too long you can lose captured packets, but by 
letting tcpdump aggressively drive the reading of the socket, you can 
(ab)use the pipe() buffers to hold a small backlog.

[If you need even more aggressive buffering, replace tcpdump with gulp]

If you do this you should extract packet timestamps from the pcap 
stream, not the wall clock.

I have code to do this, if anyone can't figure it out themselves.




More information about the Twisted-Python mailing list