I have some pcap files I want to count the number of tcp retransmissions on a pe开发者_高级运维r-flow basis. Does anyone knows of a python module I could leverage for this?
I don't know of something that will do the count for you, but there are a couple ways to open pcap files in Python. I like scapy, http://www.secdev.org/projects/scapy/
there is also pypcap http://code.google.com/p/pypcap/ and while i've never used it, the dirtbags.net implementation looks interesting. It does not use the pcap libs which is kind of cool. http://dirtbags.net/py-pcap.html
Not enough reputation points to post this as a comment, but tshark supports exporting of pcap files to xml using the -T option (with either the pdml or psml argument):
tshark -T pdml -r {infile} >{outfile}
One you have the xml files, you can easily parse them with one of the many libraries available out there.
You could use a python subprocess to call tshark. tshark is the console version of wireshark. tshark/wireshark have many options to filter and analyse pcaps. Counting retransmission on a per flow basis could be archived like this:
tshark -T fields -e tcp.stream -e frame.number -r cap.pcapng 'tcp.analysis.retransmission'
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论