I use tcpdump to sniff my network packet and I want to g开发者_StackOverflow社区et some info out of the stored file. My file have 2 separated lines but they repeated many times.
23:30:43.170344 IP (tos 0x0, ttl 64, id 55731, offset 0, flags [DF], proto TCP (6), length 443)
192.168.98.138.49341 > 201.20.49.239.80: Flags [P.], seq 562034569:562034972, ack 364925832, win 5840, length 403
I want to get timestamp(23:30:43.170344) and id(id 55731) and offset(23:30:43.170344) from first line(all line like this on my file). and store in a different list.
And get 2 separated ip (192.168.98.138.49341 and 201.20.49.239.80) and seq (seq 562034569:562034972) and ack(ack 364925832) from the second (all line like this on my file) line and store in a different list.
If I can do this with a regular expression it would be best.
For the first portion, to get timestamp, id and offset.
I am sure this is a crude regex.
>>> import re
>>> l = '23:30:43.170344 IP (tos 0x0, ttl 64, id 55731, offset 0, flags [DF], proto TCP (6), length 443)'
>>> k = re.compile(r'^([0-9:]+\.[0-9]+) IP \(.* id ([0-9]+), offset ([0-9]+).*\)')
>>> x = k.match(l)
>>> x.groups()
('23:30:43.170344', '55731', '0')
>>> x.groups()[0]
'23:30:43.170344'
>>> x.groups()[1]
'55731'
>>> x.groups()[2]
'0'
>>>
For the second part:
>>> l = '192.168.98.138.49341 > 201.20.49.239.80: Flags [P.], seq 562034569:562034972, ack 364925832, win 5840, length 403'
>>> k = re.compile(r'^([0-9.]+) > ([0-9.]+): .* seq ([0-9:]+), ack ([0-9]+).*')
>>> x = k.match(l)
>>> for y in x.groups(): print y
...
192.168.98.138.49341
201.20.49.239.80
562034569:562034972
364925832
For a read up on re module:
- http://www.doughellmann.com/PyMOTW/re/
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论