[Tutor] Reading eth0 With Python

Lloyd Kvam pythontutor at venix.com
Sat Nov 15 18:30:45 EST 2003 

I expect that snort should be able to do what you want.

http://www.linuxsecurity.com/articles/intrusion_detection_article-6514.html
Linux Snort-Inline Toolkit

That link should help you get started.


Null Pointer wrote:

> On Saturday 15 November 2003 16:53, you wrote:
> 
> 
>>Python's device access is normally provided with C programs that
>>are managed through a Python interface.  Python is usually too
>>slow to directly handle data from a fast device.  Even a C
>>program like tcpdump has difficulty keeping up with a busy
>>network connection.
> 
> 
> I suspected that.
> 
> 
>>Your best bet is probably to use tcpdump (or the equivalent) to
>>store the packets and use python to analyze the data.
>>
>>Are you trying to communicate with or manage a device that
>>doesn't support TCP/IP (or some other higher-level protocol)?
> 
> 
> Actually, I'm trying to determine when packets are flowing into and 
> out of eth0, __except__ for the UDP status packets originating from 
> my ISDN-TA/Hub/Router, which arrive every ten seconds.  To do that, 
> I need to examine the packets for sending host/port information, 
> AFAIK. 
> 
> To put it another way, I want to be able to react to any outbound 
> packet and any inbound packet that isn't coming from my 
> ISDN-TA/Hub/Router.
> 
> I do have a script running monitoring the UDP status packets on port 
> 2071, but I also need to know when data comes in destined for any 
> other port, and when any outbound packets occur.
> 
> I've considered piping the output of tcpdump into a Python script, 
> but I was hoping for a cleaner solution.
> 
> Did I mention I am new to Linux and Python.  Nothing like jumping in 
> the deep end.  {:^)>
> 
> N. P.
> 
> 
> 
>>Null Pointer wrote:
>>
>>>Anyone know if it is possible to read Linux's eth0 device using
>>>Python?
> 
> 
> 
> _______________________________________________
> Tutor maillist  -  Tutor at python.org
> http://mail.python.org/mailman/listinfo/tutor
> 

-- 
Lloyd Kvam
Venix Corp.
1 Court Street, Suite 378
Lebanon, NH 03766-1358

voice:	603-653-8139
fax:	801-459-9582

More information about the Tutor mailing list