Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PCAP Nano Support #46

Closed
GoogleCodeExporter opened this issue May 5, 2015 · 1 comment
Closed

PCAP Nano Support #46

GoogleCodeExporter opened this issue May 5, 2015 · 1 comment
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

What steps will reproduce the problem?
First off, if you run this code from the tutorial with the added print 
statement.
#!/usr/bin/env python

import dpkt

f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)

for ts, buf in pcap:
    eth = dpkt.ethernet.Ethernet(buf)
    ip = eth.data
    tcp = ip.data

    if tcp.dport == 80 and len(tcp.data) > 0:
        http = dpkt.http.Request(tcp.data)
        print http.uri
    print ts

f.close()

You will see a number similar to this
1234567890.12

Where is the microsecond resolution?

What is the expected output? What do you see instead?
1234567890.123456789 would be the expected output (like wireshark when it opens 
the same file)


What version of the product are you using? On what operating system?
Version 1.7
Linux Fedora Core 11

Please provide any additional information below.
In addition to this I would like to modify the code so it works with the nano 
extensions to pcap, which gives the time format 3 extra digits after the 0 for 
the time stamp.  Any suggestions on where to start to parse this data 
differently ??

Original issue reported on code.google.com by stuart.j...@gmail.com on 30 Aug 2010 at 4:59
@GoogleCodeExporter
Copy link
Author 

I am assuming that you are doing something like this:
for ts, buf in pcap:
     print ts

And then you observe the timestamp to be "1408173480.93" instead  
of "1408173480.936543", as shown in wireshark. This is because the print  
function in python limits float to two decimal places.

Example:
>>> x = 1258494066.119061
>>> x
1258494066.119061
>>> print x
1258494066.12

If you really need to print the full value, use format:
>>> "{0:.6f}".format(x)
'1258494066.119061' 

If you have a nanosecond capture file, the place you will need to make the 
change is in the __iter__() function of the pcap.py module. Instead of dividing 
hdr.tv_usec by 1000000.0, you will need to divide it by 1000000000.0

Original comment by kbandla@in2void.com on 25 Dec 2014 at 7:00

  • Changed state: Duplicate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter