clarartp / dpkt

Automatically exported from code.google.com/p/dpkt
Other
0 stars 0 forks source link

PCAP Nano Support #46

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
First off, if you run this code from the tutorial with the added print 
statement.
#!/usr/bin/env python

import dpkt

f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)

for ts, buf in pcap:
    eth = dpkt.ethernet.Ethernet(buf)
    ip = eth.data
    tcp = ip.data

    if tcp.dport == 80 and len(tcp.data) > 0:
        http = dpkt.http.Request(tcp.data)
        print http.uri
    print ts

f.close()

You will see a number similar to this
1234567890.12

Where is the microsecond resolution?

What is the expected output? What do you see instead?
1234567890.123456789 would be the expected output (like wireshark when it opens 
the same file)

What version of the product are you using? On what operating system?
Version 1.7
Linux Fedora Core 11

Please provide any additional information below.
In addition to this I would like to modify the code so it works with the nano 
extensions to pcap, which gives the time format 3 extra digits after the 0 for 
the time stamp.  Any suggestions on where to start to parse this data 
differently ?? 

Original issue reported on code.google.com by stuart.j...@gmail.com on 30 Aug 2010 at 4:59

GoogleCodeExporter commented 9 years ago
I am assuming that you are doing something like this:
for ts, buf in pcap:
     print ts

And then you observe the timestamp to be "1408173480.93" instead  
of "1408173480.936543", as shown in wireshark. This is because the print  
function in python limits float to two decimal places.

Example:
>>> x = 1258494066.119061
>>> x
1258494066.119061
>>> print x
1258494066.12

If you really need to print the full value, use format:
>>> "{0:.6f}".format(x)
'1258494066.119061' 

If you have a nanosecond capture file, the place you will need to make the 
change is in the __iter__() function of the pcap.py module. Instead of dividing 
hdr.tv_usec by 1000000.0, you will need to divide it by 1000000000.0

Original comment by kbandla@in2void.com on 25 Dec 2014 at 7:00