How to do a "time-slice" in packages in a network dump with Python?

Navigation
2

I'm trying to "catch" source IPs and destination IPs inside a network dump (PCAP) file. The idea is to save all source IPs and all destination IPS by scanning the file every 10 minutes ("time-slice"), for example.

The code below opens the dump ("capture.pcap") and prints the packet times. How to "split" the packets every 10 min? I did not understand what time it was ... Would that be a thousandth? What unit of time is used? 

from scapy.all import *

pkts = rdpcap("captura.pcap")

for p in pkts:
    print p.time

The output is: 

1488498263.14
1488498263.15
1488498263.15
1488498263.15
1488498263.31
1488498263.31
1488498263.31
1488498263.6
1488498263.78
1488498264.49
1488498264.49
1488498264.49
1488498264.49
1488498264.5
1488498264.5
1488498264.5
1488498264.5
1488498265.07
1488498265.07
    
asked by anonymous 03.03.2017 / 01:43

1 answer

2

These values are in timestamp :

In python2.7 you can import datetime to make conversions of timestamp 

>>> import datetime
>>> datetime.datetime.fromtimestamp(1488498263.14)
datetime.datetime(2017, 3, 2, 20, 44, 23, 140000)
>>>

As an example I used your first timestamp=1488498263.14 fixes the function return notation that is equivalent to year / month / day hour / minutes / seconds = 2/3/2017 20:44:23, you only get the data return and ride the way you want!

One way to get the values you need is not to convert the timestamp, if you want to get the values every 10 minutes then add the first timestamp + 10 min in timestamp and save the values that are less than or equal to the value of the timestamp + 10, OK you picked up 10 mins of data, now for the next timestamp you make the same logic add the next timestamp + 10 again and go walking and saving all values that are less than or equal and do this until the end, a logic is this:

First value + 10 min timestamp: 

1488498263.14+ 10 * 60 = 1488498863.14

Walk in your for saving all values / lines that are less than or equal to 1488498863.14, when you find a larger value, add that value + 10 * 60 again and store all values within that period, do this to the end, do not have easy way use logic ... 

pkts = [1488498263.14, 1488498263.15, 1488498263.15, 1488498263.15, 1488498263.31, 1488498263.31, 1488498263.31, 1488498263.6, 1488498263.78, 1488498264.49, 1488498264.49, 1488498264.49, 1488498264.49, 1488498264.5, 1488498264.5, 1488498264.5, 1488498264.5, 1488498265.07, 1488498265.07]


somaMin = pkts[0] + 1

valores=[]
for p in pkts:

    if p<=somaMin:
        #armazenando os valores que estiverem dentro do intervalo de tempo
        valores.append(p)

    else:

        #processe aqui tudo que tem no vetor valores, eles vão conter os dados no intervalo desejado

        #apagando tudo que tem dentro do vetor para receber os próximos dados
        valores=[]
        #armazenando o próximo valor
        valores.append(p)
        #somando o valor novamente
        somaMin=p+ 1

#processe aqui tudo que restou no vetor valores, eles vão conter os dados que sobraram

I do not have all the data from your sniffer, but using the data you showed, it's about 2 seconds, so I did: 

somaMin = pkts[0] + 1

But in your case change the sumMin to be + 10 * 60 

somaMin = pkts[0] + 10 * 60

Do not forget about the other too: 

somaMin=p+ 10 * 60

I can not be clearer than that lol

    
03.03.2017 / 02:00
PDO exec returning false Hexadecimal string cut when inserting with PDO