Giter Site home page Giter Site logo

nldecap's Introduction

nldecap Build Status

Pretty-printing for netlink monitoring device captures.

nldecap allows you to see what's happening over the netlink interface, in a human-readable way.

Requirements

Basic Usage

./nldecap.py <pcap file or - for stdin>

See ./nldecap.py -h for all options and their help.

The pcap file

nldecap takes a pcap file as its first argument, or - for standard input.

This file is typically obtained by capturing on a nlmon interface with tcpdump(8), although the - syntax allows reading directly tcpdump's piped output, like this:

# tcpdump -i nlmon0 -U -w - | ./nldecap.py -

The -U argument to tcpdump makes its packet output unbuffered, which means packets will be displayed immediately upon reception and not after a buffer-induced delay.

nlmon interfaces

Netlink Monitoring interfaces allow capturing traffic over netlink sockets with traditional packet capture tools.

This makes them very useful for netlink-related troubleshooting, and they're also easy to setup:

# ip link add nlmon0 type nlmon
# ip link set nlmon0 up

or with pyroute2:

ipr = IPRoute()
ipr.link("add", ifname="nlmon0", kind="nlmon", state="up")

TODO

  • Determine minimal pyroute2 version
  • More tests

In action

$ # Using the builtin tree-like display
$ ./nldecap.py ipr.cap
[packet 1] message 1 (rtmsg)
├─family : 2
├─dst_len : 0
├─proto : 0
├─tos : 0
├─event : 'RTM_GETROUTE'
├─header
│ ├─pid : 0
│ ├─length : 40
│ ├─flags : 769
│ ├─error : None
│ ├─type : 26
│ └─sequence_number : 1497801523
├─flags : 0
├─attrs
│ ├[0] RTA_UNSPEC : None
│ └[1] UNKNOWN
│   └─header
│     ├─length : 8
│     └─type : 29
├─table : 0
├─src_len : 0
├─type : 0
└─scope : 0

$ # Using the pprint display
$ ./nldecap.py ipr.cap -p
[packet 1] message 1 (rtmsg)
{'attrs': [('RTA_UNSPEC', None),
           ('UNKNOWN', {'header': {'length': 8, 'type': 29}})],
 'dst_len': 0,
 'event': 'RTM_GETROUTE',
 'family': 2,
 'flags': 0,
 'header': {'error': None,
            'flags': 769,
            'length': 40,
            'pid': 0,
            'sequence_number': 1497801523,
            'type': 26},
 'proto': 0,
 'scope': 0,
 'src_len': 0,
 'table': 0,
 'tos': 0,
 'type': 0}

nldecap's People

Contributors

etene avatar ffourcot avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

ffourcot

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.