问题
Is there anyway to get nanoseconds out of a pcap with existing python libraries? I have a nanoseconds pcap file that works just fine with Wireshark but the Python pcapy library will not even import the file.
This functionality does exist in c libpcap (see: this thread) but has anyone ported it into Python? I took a look at the source code but it is over my head in changing pcapy to allow this.
Nanoseconds are necessary for what I am doing and microseconds do not give me the necessary precision, though my code is working perfectly fine with micros.
回答1:
After trying every existing pcap module in Python, we decided to edit the source on pcapy. We changed this to include the "pcap_open_offline_with_tstamp_precision(pathname, PCAP_TSTAMP_PRECISION_NANO, errbuf);" functionality that already existed in libpcap and it worked perfectly. Now we have nanosecond resolution for our packet capture analysis.
回答2:
Within each packet, if you use:
header.getts()[0]
It will return the epoch time. I'm using:
def convert_timefromepoch(epochTimestamp): return time.strftime('%Y/%m/%d %H:%M:%S', time.gmtime(epochTimestamp))
timeStamp = convert_timefromepoch(header.getts()[0])
to get a string of the date/time for use in my output.
来源:https://stackoverflow.com/questions/21764341/pcap-nanoseconds-python