From 2c53ebae21ba8d2865c03c770f73a9278d79062a Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 11 Jun 2013 08:20:54 +0200 Subject: [PATCH] Source IP added in the extended output --- nb_collect.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/nb_collect.py b/nb_collect.py index e5c3161..3ec46cb 100644 --- a/nb_collect.py +++ b/nb_collect.py @@ -2,7 +2,7 @@ import dpkt import pcap import re import sys - +import socket from optparse import OptionParser @@ -10,7 +10,7 @@ usage = "usage: %prog [options]" parser = OptionParser(usage) parser.add_option("-i","--interface", dest="interface", help="live capture on interface (default:lo)") parser.add_option("-r","--read", dest="filedump", help="read pcap file") -parser.add_option("-e","--extended", dest="extended", help="enable extended format including pcap timestamp") +parser.add_option("-e","--extended", dest="extended", action="store_true", help="enable extended format including pcap timestamp") (options, args) = parser.parse_args() @@ -32,11 +32,12 @@ decode = { pcap.DLT_LOOP:dpkt.loopback.Loopback, try: sys.stderr.write('listening on %s: %s' % (pc.name, pc.filter)) for ts, pkt in pc: - ip = decode(pkt).data + eth = dpkt.ethernet.Ethernet(pkt) + ip = eth.data udp = ip.data if re.search("^nb", udp.data): if options.extended: - print str(ts)+"|"+udp.data + print str(ts)+"|"+str(socket.inet_ntoa(ip.src))+"|"+udp.data else: print udp.data except KeyboardInterrupt: