TCPDump Service#

TCPDump Service Class#

Classes:

TCPDump(hosts[, ifnames, networks, options, ...])

Monitor network traffic using tcpdump.

class enoslib.service.tcpdump.TCPDump(hosts: Iterable[Host], ifnames: List[str] | None = None, networks: Iterable[Network] | None = None, options: str = '', backup_dir: Path | str | None = None)#

Monitor network traffic using tcpdump.

This connects to every host to launch as many tcpdump processes as network interfaces to monitor. The pcap files can be retrieved and analysed by your favorite tool (wireshark, scappy …). Each tcpdump process is launched in the background using a dedicated tmux session.

Can be used as a Context Manager. In this case, the pcap files are retrieved automatically when exiting and all the remaining tcpdump processes are killed.

Note that if networks is used, sync_info() must have been called before.

Parameters:
  • hosts – list of hosts to consider

  • ifnames – explicit network card names to monitor. “any” is a possible keyword that will monitor all interfaces.

  • networks – monitor all interfaces that belong to one of those networks

  • options – extra options to pass to tcpdump command line.

  • backup_dir – path to a local directory where the pcap files will be saved

Examples

 1import logging
 2import tarfile
 3from pathlib import Path
 4
 5from scapy.all import rdpcap
 6
 7import enoslib as en
 8
 9en.init_logging(level=logging.INFO)
10en.check()
11
12
13CLUSTER = "parasilo"
14SITE = en.g5k_api_utils.get_cluster_site(CLUSTER)
15job_name = Path(__file__).name
16
17# claim the resources
18conf = en.G5kConf.from_settings(job_name=job_name, walltime="0:20:00", job_type=[])
19network = en.G5kNetworkConf(id="n1", type="prod", roles=["my_network"], site=SITE)
20conf.add_network_conf(network).add_machine(
21    roles=["control", "client"], cluster=CLUSTER, nodes=1, primary_network=network
22).add_machine(
23    roles=["control", "server"], cluster=CLUSTER, nodes=1, primary_network=network
24).finalize()
25
26provider = en.G5k(conf)
27roles, networks = provider.init()
28
29roles = en.sync_info(roles, networks)
30
31# start a capture
32# - on all the interface configured on the my_network network
33# - we dump icmp traffic only
34# - for the duration of the commands (here a client is pinging the server)
35with en.TCPDump(
36    hosts=roles["control"], networks=networks["my_network"], options="icmp"
37) as t:
38    backup_dir = t.backup_dir
39    _ = en.run(f"ping -c10 {roles['server'][0].address}", roles["client"])
40
41# pcap files are retrieved in the __enoslib__tcpdump__ directory
42# - can be loaded in wireshark
43# - manipulated with scappy ...
44
45
46# Examples:
47# create a dictionary of (alias, if) -> list of decoded packets by scapy
48decoded_pcaps = {}
49for host in roles["control"]:
50    host_dir = backup_dir / host.alias
51    t = tarfile.open(host_dir / "tcpdump.tar.gz")
52    t.extractall(host_dir / "extracted")
53    # get all extracted pcap for this host
54    pcaps = (host_dir / "extracted").rglob("*.pcap")
55    for pcap in pcaps:
56        decoded_pcaps.setdefault(
57            (host.alias, pcap.with_suffix("").name), rdpcap(str(pcap))
58        )
59
60# Displaying some packets
61for (host, ifs), packets in decoded_pcaps.items():
62    print(host, ifs)
63    packets[0].show()
64    packets[1].show()
backup(backup_dir: Path | None = None)#

(abstract) Backup the service.

deploy(force: bool = False)#

(abstract) Deploy the service.

destroy()#

(abstract) Destroy the service.