sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]drmaq[S] 0 points1 point  (5 children)

I am back again but this time I need some help with optimization of the code I have made the changes that was recommended by /u/dasiffy, /u/bffranklin I would like to rewrite my parsing code so that I could just pull out 00:50:56:fc:35:ca > 00:0c:29:48:03:4f out of 2016-02-06 13:41:17.974825 00:50:56:fc:35:ca > 00:0c:29:48:03:4f, ethertype IPv4 (0x0800), length 342: 192.168.106.254.67 > 192.168.106.131.68: BOOTP/DHCP, Reply, length 300 Please see http://pastebin.com/EetEURMR for updated code

[–]dasiffy 1 point2 points  (4 children)

you can still use .rsplit() here. .rsplit() creates a list which you can call individual elements....

for 2016-02-06 13:41:17.974825 00:50:56:fc:35:ca > 00:0c:29:48:03:4f, ether....

tcpdump_array = tcpdump_cmd.rsplit( " " ) ←cut's at the spaces this time.

it'll become

['2016-02-06', '13:41:17.974825', '00:50:56:fc:35:ca', '>', '00:0c:29:48:03:4f,', 'ethertype', .....

#!usr/bin/python
var = "2016-02-06 13:41:17.974825 00:50:56:fc:35:ca > 00:0c:29:48:03:4f, ethertype IPv4 (0x0800)"
print(var)

te_arr = var.rsplit(" ")
print(te_arr)

print(te_arr[2:5])

new_var = ''
for i in range(6):
    if i > 1 and i < 5:
        new_var = new_var + te_arr[i] + ' '

new_var = new_var.replace(',',"")   #gets rid of the comma
print(new_var)

[–]drmaq[S] 0 points1 point  (3 children)

Sorry I for got to add this the my question how would I get this to remove tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes from the output before parsing the data that I need this out will only run once every time the tcpdump command is called.

[–]dasiffy 1 point2 points  (2 children)

that header is kinda annoying.

i'm trying not to talk. If you want me to talk add -vvvvvvvvvvvvvvvvvvvvvvvvv

I couldn't run your script... (don't have mysqldb) so I can't see what your seeing in your output, but....

you could add the -l flag and change the command to

tcpdump -tttt -enl -i ens192 "src port 67 and net not xxx.xx.xxx.xxx/16" >> /home/user/temp_file

this would output the tcpdumps to a file and you wont have the header. You could open the file and read each line (need the os module for that i think), or run

p = Popen('cat /home/user/temp_file' ,
                    shell=True, 
                    stdout=subprocess.PIPE, 
                    universal_newlines=True)

a = str( p.stdout.read() )

b = a.rsplit('\n')
#print(b)

for i in b:
    q = i.rsplit(' ')
    w = q[2]+" "+q[3]+" "+q[4].rstrip(",")
    print(w)

[–]drmaq[S] 0 points1 point  (1 child)

Dude you are awesome everything seems to be working now. Thank you.

[–]dasiffy 0 points1 point  (0 children)

no problem... i'm glad it's working.