利用python脚本执行tcpdump抓包,支持传参、并发抓取多个包、文件循环覆盖抓取

python 专栏收录该内容
8 篇文章 0 订阅

利用python脚本执行tcpdump抓包,支持传参、并发抓取多个包、文件循环覆盖抓取

利用subprocess类,执行shell命令tcpdump 抓包
支持同时抓取多个包,会启用多个线程
抓取包文件,保存到指定路径
每次执行脚本,触发循环覆盖删除过期多余文件


#!/usr/bin/env python
# AUTH: wangshengke@kedacom.com

"""
tcpdump -i any -s 0 -w /opt/log/tcpdump/2018-07-19--10-43-30.pcap tcp and ip host 172.16.185.40 and port 8080
"""


import sys, subprocess, os, time
from sys import argv

Seconds = 12  # 每包要抓取的时长
RunNum = 30     # 最大同时抓包数,并发抓取多个
MaxFNum = 30  # 最大保存文件数

PackPath = "/opt/log/tcpdump" # save path
#p_IgnorPort = "port ! 8080 and port ! 3316 and port ! 3306 and port ! 5672"  # 8080java , 3316mysql

def CheckArgv(): #参数校验
    """
    argv0 =
    argv1 = tcp/udp
    argv2 = ip
    argv3 = port (0 is no)
    check param
    """
    L = argv[1:]
    print(L)
    if len(L) < 3:
        print("wrong number of parameters: {} : tcp/udp ip port".format(len(L)))
        return False,L
    if L[0].lower() == "udp":
        L[0] = ("udp")
    else:
        L[0] = ("tcp")
    return True,L

def CheckPath(p):  #文件路径生成、校验
    """
    :param p: file path
    :return:
    """
    if not os.path.exists(p):
        os.makedirs(p)
    return True

def getdirsize(dir):
    size = 0
    for root, dirs, files in os.walk(dir):
        size += sum([os.path.getsize(os.path.join(root, name)) for name in files])
    return size

def DelFile(p , n):  #循环删除文件
    """
    :param p: file path
    :param n: max num of saved files
    :return:
    """
    L1 = os.listdir(p)
    L2 = sorted(L1, key=lambda x: os.path.getmtime(os.path.join(p, x)) )
    if not L2:
        return False
    print("file num: {}, maxNum : {}".format(len(L2), n))
    OutOfNum = len(L2) - n +1
    if OutOfNum > 0:
        for i in range(OutOfNum):
            os.remove(os.path.join(p, L2[i]))
            print("del:{}".format(os.path.join(p, L2[i])))
    return True

def CheckPsNum():
    """
    check the linux server , dumping thread nums
    :return:
    """
    if sys.platform == "win32":
        return 0
    cmd = r'ps axu | egrep "/opt/log/tcpdump"| grep -v "grep" | wc -l'
    pro = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
    rdl = pro.stdout.readlines()
    N1 = int(rdl[0])
    print("ps axu | grep tcpdump = {}".format(N1))
    return N1

def tcpdump(p, la, dur):  #抓包主体函数
    ErrCode = ""
    t1 = time.strftime("_%m-%d_%H-%M-%S", time.localtime())
    name = la[1] + t1 + "_" + la[0].upper()
    cmd1 = "tcpdump -i any -s 0 -w {0}/{1}.pcap {2} and ip host {3}".format(p, name, la[0], la[1])
    if int(la[2]) != 0:
        cmd1 = cmd1 + " and port {}".format(la[2])
    print(cmd1)

    BackN = CheckPsNum()
    if BackN >= RunNum:
        ErrCode = "Out Of Num: {}".format(BackN)
        print(ErrCode)
        return ErrCode

    pro = subprocess.Popen(cmd1, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
    print("processid.{0}, stat. {1}".format(pro.pid, pro.poll()))
    if pro.poll() != None:
        ErrCode = "execute cmd error; poll()={} PID={}".format(pro.poll(),pro.pid)
    else:
        ErrCode = "execute cmd OK; poll()={}  PID={}".format(pro.poll(),pro.pid)
        time.sleep(dur)
    print(ErrCode)
    pro.terminate()
    return ErrCode

if __name__ == '__main__':
    Ret,L = CheckArgv()
    if Ret == True:
        CheckPath(PackPath)
        DelFile(PackPath, MaxFNum)
        tcpdump(PackPath, L, Seconds)
  • 2
    点赞
  • 3
    评论
  • 3
    收藏
  • 一键三连
    一键三连
  • 扫一扫,分享海报

©️2021 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值