Hi Sunil,
Hummm... have you tried tcpdump?
tcpdump needs less resources than tshark, doesn't it?
I've never used Ryu pcaplib for the live sniffing, so I don't know how amount
of resources it will
take and how to use it for such purpose.
As the similar library, Scapy provide the live sniffing feature, please refer
to the following.
https://github.com/secdev/scapy
Thanks,
Iwase
On 2017年10月05日 09:49, Sunil wrote:
Hi Iwase,
Thinking on how to use these pcap libraries, I have a unique requirement of sniffing the live
traffic and do a pcap ( sampling every 15 min). I need this to do a deep packet inspection for
traffic learning. When I did that using tshark on my edge device ( which runs on small resource
hardware), it started overheating. Therefore tshark is definitely not the way to go.
I was wondering if anyone in the Ryu community has used to the above library ( ryu pcap) and did a
live packet capture. without performance penalty Is there an optimal way of doing it ?.
thanks
Sunil
On Wed, Sep 27, 2017 at 10:34 PM, Iwase Yusuke <iwase.yusu...@gmail.com
<mailto:iwase.yusu...@gmail.com>> wrote:
Hi Sunil,
You want to use "ryu.lib.pcaplib" on outside of Ryu Application, right?
If so, of course yes.
"pcaplib" is available like Python library.
The following script is a simple tool for displaying pcap file using
"pcaplib"
and the packet libraries of Ryu.
I'm usually using this tool for the debugging purpose.
======
#!/usr/bin/env python
import argparse
import six
from ryu.utils import binary_str
from ryu.lib import pcaplib
from ryu.lib.packet import packet
parser = argparse.ArgumentParser(
description='Display packets contained in pcap file.')
parser.add_argument('file', metavar='FILE', type=str,
help='pcap file to display')
args = parser.parse_args()
def main():
cnt = 0
for ts, buf in pcaplib.Reader(open(args.file, 'rb')):
cnt += 1
try:
pkt = packet.Packet(buf)
except Exception as e:
print(e)
print('===\n%s\n===' % binary_str(buf))
continue
print("\n*** %d, %f\n" % (cnt, ts))
for p in pkt.protocols:
if isinstance(p, six.binary_type):
print(binary_str(p))
else:
print(p)
print("\n")
if __name__ == '__main__':
main()
======
Thanks,
Iwase
On 2017年09月27日 08:48, Sunil wrote:
Hello,
I was wondering if it is possible to use the Ryu libraries primarily
for pcap/ extraction
purpose similar to what tshark is using. I understand that it is not
the original purpose
for Ryu implementation, but i was using the packetIn sample code and i
see a pretty powerful
pcap libraries underneath. Is my understanding right and if so, can I
do it ?
thanks
Sunil.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net <mailto:Ryu-devel@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/ryu-devel
<https://lists.sourceforge.net/lists/listinfo/ryu-devel>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel
