当前位置: 文江博客话题详情

Python 和 NGREP

发布于 2024-08-23 03:34:58 字数 209 浏览 4 评论 0原文

我希望能够从 python 代码内部启动和停止 NGREP 进程。我确实没有系统级别的 python 经验。

通常我从命令行运行 NGREP,但我希望能够每小时从脚本运行它并捕获跟踪,然后处理结果。

谁能指出我如何实现这一目标的方向。

顺便说一句,我真的只需要能够进行数据包捕获,也许Python有内置的功能,也许是tcpdump?

谢谢。

原文

I want to be able to start and stop an NGREP process from inside my python code. I really dont have experience with python on a system level.

Normally I run NGREP from the command line, but I would like to be able to run it from a script every hour and capture the trace and then process the results.

Can anyone point me in the direction of how to achieve this.

By the way, I really just need to be able to do a packet capture, perhaps Python has builtin capabilities for this, maybe tcpdump?

Thanks.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

清音悠歌 2024-08-30 03:34:58

我不是专家,但我会这样做:

import subprocess
import sys
import re
import time

keep_running = 1 #Loop flag
wait_hours = 12  #Stop for 12 hours and then run again
run_hours = 1    #We will run ngrep for an hour. The nth run will be dumped to net_log_n.txt
f_num=0
hours_so_far=0
run_time_limit = 100    #Suppose you only want to take a log for 100 hours while you are away.
while keep_running:
    ngrep_cmd = "sudo ngrep -ixW >  net_log_" + str(fnum) + ".txt &"
    subprocess.call([ngrep_cmd], shell=True)
    time.sleep(run_hours*3600)
    subprocess.call(["sudo killall ngrep"], shell=True)
    time.sleep(wait_hours*3600)
    f_num += 1
    hours_so_far += run_hours
    if hours_so_far >= run_time_limit:
        keep_running = 0

您必须以 root 身份或使用 sudo 运行它。

我希望它有帮助!

I am not an expert but I would do this:

import subprocess
import sys
import re
import time

keep_running = 1 #Loop flag
wait_hours = 12  #Stop for 12 hours and then run again
run_hours = 1    #We will run ngrep for an hour. The nth run will be dumped to net_log_n.txt
f_num=0
hours_so_far=0
run_time_limit = 100    #Suppose you only want to take a log for 100 hours while you are away.
while keep_running:
    ngrep_cmd = "sudo ngrep -ixW >  net_log_" + str(fnum) + ".txt &"
    subprocess.call([ngrep_cmd], shell=True)
    time.sleep(run_hours*3600)
    subprocess.call(["sudo killall ngrep"], shell=True)
    time.sleep(wait_hours*3600)
    f_num += 1
    hours_so_far += run_hours
    if hours_so_far >= run_time_limit:
        keep_running = 0

You will have to run it as root or with sudo.

I hope it helps!

回复 原文
鸵鸟症 2024-08-30 03:34:58

它不是内置的,但您可以尝试数据包捕获和注入库

its not in-built, but you can try Packet Capture and Injection Library

回复 原文
戏剧牡丹亭 2024-08-30 03:34:58

查找 threading.Timerpexpect。如果您不想安装 pexpect,可以使用 subprocess.Popen 代替。

编辑:响应评论:

import os
from signal import SIGTERM, SIGKILL
os.kill(pid, SIGTERM) #you can also send SIGKILL instead of SIGTERM. 
#You might also have to put this call in a try block and catch OSError
#Only available on *NIX

编辑2:如果您想手动捕获数据包,请使用 pypcap 。这几乎肯定可以满足您的要求,因为 tcpdump 使用 libpcap 本身。

Look up threading.Timer and pexpect. If you don't want to install pexpect, you can use subprocess.Popen instead.

EDIT: In response to the comment:

import os
from signal import SIGTERM, SIGKILL
os.kill(pid, SIGTERM) #you can also send SIGKILL instead of SIGTERM. 
#You might also have to put this call in a try block and catch OSError
#Only available on *NIX

EDIT2: If you want to hand-roll the packet capture, use pypcap. This should almost certainly do what you want, since tcpdump uses libpcap itself.

回复 原文
~没有更多了~

关于作者

虐人心

有一天你能到我的心里去,你会看到那里全是你给的伤悲。

0 文章
0 评论
24514 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

内心激荡

文章 0 评论 0

JSmiles

文章 0 评论 0

赏烟花じ飞满天

文章 0 评论 0

左秋

文章 0 评论 0

迪街小绵羊

文章 0 评论 0

瞳孔里扚悲伤

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文