Is there a way to do
tcpdump -i lo -A
and have it print all urls, any connections made?
I have done:
sudo tcpdump -i lo -A | grep Host:
which works great. But I was wondering if there are options to do the same in tcpdump
Finally, is there a way to do this in python without using a sys command or Popen/subprocess
tcpdump cannot filter based upon the content of the packets (no deep packet inspection) as it only uses pcacp-filter.
You could improve your performance by only dumping those packages for incoming TCP connections to your HTTP port
.
tcpdump -i lo -A tcp port 80
TCPDUMP python: use Pcapy
Another option is to use tshark
you can use scapy the sniff function and use regex or grep
import scapy
tcpdump = sniff(count=5,filter="host 64.233.167.99",prn=lambda x:x.summary())
print tcpdump
change the filter for your filter text :)
or maybe you want to save the traffic and see it in wireshark
wrpcap("temp.cap",pkts)
What you want to use is libpcap which is the packet capture library which tcpdump uses. There is a python wrapper for this which can be found here.
You can, in python, then build any filtering that you want on top of the filtering already provided by pcap/tcpdump. Then display this filtered output (or whatever it is you want to do in your python script).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With