python, dpkt and timestamps

Question

I have a problem.

How can I get response time difference between GET and HTTP/1.0 200 OK (i mean time latency of web-server) with using of dpkt library and ts for each hostname from pcap file?

My preliminary code:

#!/usr/bin/env python

import dpkt

f = open('mycapture.cap')
pcap = dpkt.pcap.Reader(f)

for ts, buf in pcap:
    eth = dpkt.ethernet.Ethernet(buf)
    ip = eth.data
    tcp = ip.data

    if tcp.dport == 80 and len(tcp.data) > 0:
        http = dpkt.http.Request(tcp.data)
        print ts, http.headers['host']

f.close()

But it's still output timestamps only GET requests.

It's gonna looks like:

tcpdump -i eth0 -w pcapfile; python (command).py pcapfile

google.com 0.488183
facebook.com 0.045466
quora.com 0.032777

score 2 · Answer 1 · answered Jan 24 '13 at 08:03

It seems that you managed to get the first packet of request, now you need to get the first packet of the response... something like:

if tcp.sport == 80 and len(tcp.data) > 0:
     # Here you can save the timestamp of the response and calculate the difference

Good luck

python, dpkt and timestamps

1 Answers1