I'm wanting to find the timestamping from pcap file using python dpkt package; similar to tcpdump -tttt option which would provide me the details of time with date of the packet that was generated.
Asked
Active
Viewed 1,343 times
2 Answers
1
It would be great if you could provide some code snippet in your question. A rough guess is that you can try something like this:
myPcap = open('test.pcap')
pcap = dpkt.pcap.Reader(myPcap)
for ts in pcap:
print ts
ρss
- 5,115
- 8
- 43
- 73
1
It can be done by importing the datetime package.
import dpkt
import datetime
for ts, buf in pcap:
eth=dpkt.ethernet.Ethernet()
//this is the method that is used to convert the epoch time to date
date1=**datetime.datetime.fromtimestamp(float(ts)).strftime('%d-%m-%Y')**
//rest of the code can go after this
Nightforce2
- 1,426
- 5
- 18
- 31
user3045498
- 31
- 1
- 5