TCPDump Service#
TCPDump Service Class#
Classes:
|
Monitor network traffic using tcpdump. |
- class enoslib.service.tcpdump.TCPDump(hosts: Iterable[Host], ifnames: List[str] | None = None, networks: Iterable[Network] | None = None, options: str = '', backup_dir: Path | str | None = None)#
Monitor network traffic using tcpdump.
This connects to every host to launch as many tcpdump processes as network interfaces to monitor. The pcap files can be retrieved and analysed by your favorite tool (wireshark, scappy …). Each tcpdump process is launched in the background using a dedicated tmux session.
Can be used as a Context Manager. In this case, the pcap files are retrieved automatically when exiting and all the remaining tcpdump processes are killed.
Note that if networks is used,
sync_info()
must have been called before.- Parameters:
hosts – list of hosts to consider
ifnames – explicit network card names to monitor. “any” is a possible keyword that will monitor all interfaces.
networks – monitor all interfaces that belong to one of those networks
options – extra options to pass to tcpdump command line.
backup_dir – path to a local directory where the pcap files will be saved
Examples
1import logging 2import tarfile 3from pathlib import Path 4 5from scapy.all import rdpcap 6 7import enoslib as en 8 9en.init_logging(level=logging.INFO) 10en.check() 11 12 13CLUSTER = "parasilo" 14SITE = en.g5k_api_utils.get_cluster_site(CLUSTER) 15job_name = Path(__file__).name 16 17# claim the resources 18conf = en.G5kConf.from_settings(job_name=job_name, walltime="0:20:00", job_type=[]) 19network = en.G5kNetworkConf(id="n1", type="prod", roles=["my_network"], site=SITE) 20conf.add_network_conf(network).add_machine( 21 roles=["control", "client"], cluster=CLUSTER, nodes=1, primary_network=network 22).add_machine( 23 roles=["control", "server"], cluster=CLUSTER, nodes=1, primary_network=network 24).finalize() 25 26provider = en.G5k(conf) 27roles, networks = provider.init() 28 29roles = en.sync_info(roles, networks) 30 31# start a capture 32# - on all the interface configured on the my_network network 33# - we dump icmp traffic only 34# - for the duration of the commands (here a client is pinging the server) 35with en.TCPDump( 36 hosts=roles["control"], networks=networks["my_network"], options="icmp" 37) as t: 38 backup_dir = t.backup_dir 39 _ = en.run(f"ping -c10 {roles['server'][0].address}", roles["client"]) 40 41# pcap files are retrieved in the __enoslib__tcpdump__ directory 42# - can be loaded in wireshark 43# - manipulated with scappy ... 44 45 46# Examples: 47# create a dictionary of (alias, if) -> list of decoded packets by scapy 48decoded_pcaps = {} 49for host in roles["control"]: 50 host_dir = backup_dir / host.alias 51 t = tarfile.open(host_dir / "tcpdump.tar.gz") 52 t.extractall(host_dir / "extracted") 53 # get all extracted pcap for this host 54 pcaps = (host_dir / "extracted").rglob("*.pcap") 55 for pcap in pcaps: 56 decoded_pcaps.setdefault( 57 (host.alias, pcap.with_suffix("").name), rdpcap(str(pcap)) 58 ) 59 60# Displaying some packets 61for (host, ifs), packets in decoded_pcaps.items(): 62 print(host, ifs) 63 packets[0].show() 64 packets[1].show()
- backup(backup_dir: Path | None = None)#
(abstract) Backup the service.
- deploy(force: bool = False)#
(abstract) Deploy the service.
- destroy()#
(abstract) Destroy the service.