Can I sniff UDP packets addressed another Linux machine using Python?

Question

I have a Python process on one Linux machine server1 that receives and processes raw UDP packets. I want to have another Linux machine server2 capable of listening to the same UDP packets server1 is receiving.

Is there any Python solution capable of sniffing UDP packets addressed to the another (Linux) machine?

Answer 1

I have had a similar problem, and wrote a small python script to forward incoming udp packets to multiply hosts. A drawback here is ofcourse that you loose the source IP of the originating udp packets.

import socket
import sys, time, string

def sendUDP(remotehost,remoteport,UDPSock,data):
    UDPSock.sendto( data, (remotehost,remoteport))

def serverLoop(listenport,remotes):
    # Set up socket
    UDPSock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
    UDPSock.bind( ("0.0.0.0",listenport) )
    while 1:
        data, addr = UDPSock.recvfrom(1024)
        if not data: pass
        else:
            sys.stdout.write(".") ; sys.stdout.flush()
            # Send udp packet to remotes...
            for remote in remotes:
                if remote[0] == addr: pass
                else: sendUDP(remote[0],remote[1],UDPSock,data)
        time.sleep(0.001)

if __name__ == "__main__":
    if len(sys.argv) < 3:
        print "%s listenport remotehost1:port1 remotehostN:portN ..." % sys.argv[0]
        sys.exit(-1)
    listenport = int(sys.argv[1])
    print "Local foward port %d" % listenport
    remotes = []
    for pair in sys.argv[2:]:
        host,port = string.split(pair,":")
        remotes.append( (host,int(port)) )
        print "Adding remote forward %s:%s" % (host,port)
    print "Starting serverloop"
    serverLoop(listenport,remotes)

Answer 2

If you want more than one machine to process the same data, you'd be better off going to mulitcast (if you can control the sender and the infrastructure)

Else, http://sourceforge.net/projects/pylibpcap/ will enable packet capture via python. You will still have to configure the infrastructure to get the packets to the machine you want to sniff them. Either by iptables (if is a Linux machine) or a mirror port on the switch etc.

Edit:

If you want the processes on different machines (you think one machine can't do it all) I would have a Linux machine receive the data, and using iptables, send it to multiple other machines. Maybe to a different socket on the same machine. This is possible because its UDP. If you want it all on the same machine, I would have a single process that spawns subprocesses with connected PIPEs, binds the UDP socket and copies the data to each subprocess' pipe; maybe after some input validation

Answer 3

This not depends on Python but on your network architecture. If server1 and server2 are connected (probably they are) through a switch then you can't do it, because the packet passing through the router will be sent only to the requested IP.

So first of all, tell us how is composed your network architecture. Where are server1 and server2? How the reach each other?

Your problem solution won't depend neither on your OS nor in the language used. Anyway, you tagged your question "linux", so I think you are familiar with that OS. If this is the case, and server1 and server2 access the LAN through the same router, you can evaluate the possibility of installing linux on your router (have a look at openwrt), and perform the sniffing and whatever from the router itself.