tcpdump
is my go-to tool to analyze traffic (together with Wireshark when I want an easier review of the pcap
file).
This fantastic tool fails however to deliver a predictable and easy to parse output format ("predictable" as in "same on all Linux environments and hopefully on Windows as well" and "easy to parse" as in "has an output format which can be easily analyzed in a script"). I want to parse a live traffic, not a pcap
file (for which solutions exist)
Is there a way to output a parsable output (ideally JSON)? Maybe though another tool which I did not spot but since this is a request for recommendation probably against the rules, I put it in small letters
The analysis will ultimately be done in Python but I did not find a suitable library to read the traffic. Specifically, scapy
is not a good solution as its sniffing capacities are very limited (a lot of packets are missed), as opposed to its packet forging magic.