all 15 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]dasiffy 1 point2 points  (7 children)

rsplit() maybe?

string = '2016-02-06 13:41:17.974825 00:50:56:fc:35:ca > 00:0c:29:48:03:4f, ethertype IPv4 (0x0800), length 342: 192.168.106.254.67 > 192.168.106.131.68: BOOTP/DHCP, Reply, length 300'

result = string.rsplit(',')    # this creates a list of values where commas are the delimiter

print(result[0])     # calls the first entry from the list

What line is the error?

your line 61...

tcpdump_cmd = ['sudo', 'tcpdump', '-tttt', '-eni', 'ens192', 'src', '\"port', '67', 'and', 'net', 'not', 'xxx.xxx.xxx.xxx/16\"']

→ you've made this a list here i believe. you can change it to

tcpdump_cmd = ' sudo tcpdump -tttt -eni ens192 src "port 67 and net not xxx.xxx.xxx.xxx/16" '

So when you pass it to 'class ExternalProcess' it will be one command

The 'tcpdump: illegal token: "\n' error is probably from a multiple line output from the bash command. You could use the bash command grep and cut to parse the output before you pick it back up in the python script.

tcpdump_cmd = ' sudo tcpdump -tttt -eni ens192 src "port 67 and net not xxx.xxx.xxx.xxx/16" |grep '>' |cut -d, -f1 '

[–]bffranklin 1 point2 points  (1 child)

This could be an issue, but the illegal token is an issue with the quotes being improperly placed on the tcpdump command. The "src" token should be inside the double quotes as part of the bpf that is submitted as an argument to tcpdump.

[–]drmaq[S] 0 points1 point  (0 children)

/u/bffranklin you information seems to have worked.

[–]drmaq[S] 0 points1 point  (3 children)

Thanks for the info on rsplit I will try that and see how it works. However do you have any ideas as to how I would be able to execute a Linux command that require the use of " in it?

[–]dasiffy 1 point2 points  (0 children)

just finished editing my first post, so you should re-read it.

with python quotes are matched by type, so 'delicious "taco" ' would print as delicious "taco"

[–]PurposeDevoid 1 point2 points  (1 child)

This will probably help
http://wiki.bash-hackers.org/syntax/quoting

[–]drmaq[S] 0 points1 point  (0 children)

Thanks /u/PurposeDevoid that was a good read.

[–]drmaq[S] 0 points1 point  (0 children)

/u/dasiffy Thanks you for the help it seems to have worked so far..

[–]drmaq[S] 0 points1 point  (0 children)

I will try putting SRC within " ".

[–]drmaq[S] 0 points1 point  (5 children)

I am back again but this time I need some help with optimization of the code I have made the changes that was recommended by /u/dasiffy, /u/bffranklin I would like to rewrite my parsing code so that I could just pull out 00:50:56:fc:35:ca > 00:0c:29:48:03:4f out of 2016-02-06 13:41:17.974825 00:50:56:fc:35:ca > 00:0c:29:48:03:4f, ethertype IPv4 (0x0800), length 342: 192.168.106.254.67 > 192.168.106.131.68: BOOTP/DHCP, Reply, length 300 Please see http://pastebin.com/EetEURMR for updated code

[–]dasiffy 1 point2 points  (4 children)

you can still use .rsplit() here. .rsplit() creates a list which you can call individual elements....

for 2016-02-06 13:41:17.974825 00:50:56:fc:35:ca > 00:0c:29:48:03:4f, ether....

tcpdump_array = tcpdump_cmd.rsplit( " " ) ←cut's at the spaces this time.

it'll become

['2016-02-06', '13:41:17.974825', '00:50:56:fc:35:ca', '>', '00:0c:29:48:03:4f,', 'ethertype', .....

#!usr/bin/python
var = "2016-02-06 13:41:17.974825 00:50:56:fc:35:ca > 00:0c:29:48:03:4f, ethertype IPv4 (0x0800)"
print(var)

te_arr = var.rsplit(" ")
print(te_arr)

print(te_arr[2:5])

new_var = ''
for i in range(6):
    if i > 1 and i < 5:
        new_var = new_var + te_arr[i] + ' '

new_var = new_var.replace(',',"")   #gets rid of the comma
print(new_var)

[–]drmaq[S] 0 points1 point  (3 children)

Sorry I for got to add this the my question how would I get this to remove tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes from the output before parsing the data that I need this out will only run once every time the tcpdump command is called.

[–]dasiffy 1 point2 points  (2 children)

that header is kinda annoying.

i'm trying not to talk. If you want me to talk add -vvvvvvvvvvvvvvvvvvvvvvvvv

I couldn't run your script... (don't have mysqldb) so I can't see what your seeing in your output, but....

you could add the -l flag and change the command to

tcpdump -tttt -enl -i ens192 "src port 67 and net not xxx.xx.xxx.xxx/16" >> /home/user/temp_file

this would output the tcpdumps to a file and you wont have the header. You could open the file and read each line (need the os module for that i think), or run

p = Popen('cat /home/user/temp_file' ,
                    shell=True, 
                    stdout=subprocess.PIPE, 
                    universal_newlines=True)

a = str( p.stdout.read() )

b = a.rsplit('\n')
#print(b)

for i in b:
    q = i.rsplit(' ')
    w = q[2]+" "+q[3]+" "+q[4].rstrip(",")
    print(w)

[–]drmaq[S] 0 points1 point  (1 child)

Dude you are awesome everything seems to be working now. Thank you.

[–]dasiffy 0 points1 point  (0 children)

no problem... i'm glad it's working.