Let me first describe the architecture of my project. I am dumping packets from a router by using tcpdump ... | nc <vm_addr> 1111 which translates them to a virtual machine, which has lots and lots of memory for this purpose.
On the virtual machine I am planning to read the packets by using my python script and then sort the packets for example by the port they using.
I am wondering which is the best way to do it, because most of python pcap libraries can read from file, but not from socket or file handler.
How about pypcap?
$ sudo apt-get install libpcap-dev
$ pip install pypcap
A socket can read and write as a file can. See this StackOverflow question. With bursty traffic it may be a good idea to implement a loop and some (StringIO or file) buffering nevertheless.