Menu
Is there a way to get the packet's arrivals time using scapy? Using scapy to read the pcap file and I want to know all the packet's arrivals time because as we know wireshark can see it. So I guess there must be a way. Anyone know?
497
Reading a pcap file with Scapy, is commonly done by using rdpcap() . This function reads the whole file and load it up in memory, depending on the size of the file you're trying to read can take quite some memory. Two versions of a Script to do the same thing.
Sniffing packets using scapy: To sniff the packets use the sniff() function. The sniff() function returns information about all the packets that has been sniffed. To see the summary of packet responses, use summary(). The sniff() function listens for an infinite period of time until the user interrupts.
Documentation says that scapy.sr() returns packets from layer 3 and scapy. srp() returns packets from layer 2.
Scapy runs natively on Linux, Windows, OSX and on most Unixes with libpcap (see scapy's installation page). The same code base now runs natively on both Python 2 and Python 3.
use pkt.time
[mpenning@tsunami icinga-1.7.1]$ sudo python
[sudo] password for mpenning:
Python 2.6.6 (r266:84292, Dec 26 2010, 22:31:48)
[GCC 4.4.5] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from scapy.all import sniff
WARNING: No route found for IPv6 destination :: (no default route?)
>>> pkts = sniff(iface='eth0')
^C>>>
>>> pkts
<Sniffed: TCP:2 UDP:8 ICMP:0 Other:4>
>>> for pkt in pkts:
... print pkt.time
...
1343551962.73
1343551963.28
1343551963.28
1343551963.32
1343551963.32
1343551963.36
1343551963.4
1343551963.45
1343551963.55
1343551963.65
1343551963.75
1343551963.85
1343551963.85
>>>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
