Another option is to run tcpdump as a sub-process writing to stdout, and
write a ProcessProtocol to parse the pcap stream. This is not terribly
difficult, and can actually have some advantages - if your python
process blocks for too long you can lose captured packets, but by
letting tcpdump aggressively drive the reading of the socket, you can
(ab)use the pipe() buffers to hold a small backlog.
[If you need even more aggressive buffering, replace tcpdump with gulp]
If you do this you should extract packet timestamps from the pcap
stream, not the wall clock.
I have code to do this, if anyone can't figure it out themselves.
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
