0

Let's say that I run: tcpdump -w 0001.pcap -i eth0 and during the capture I'm visting stackoverflow and then I cancel the capture. This gives me a .pcap file with all the captured data and the packets for visiting stackoverflow.

I'm trying to create a simple python3 program that gives me a summary or a list with the total amount of packets it took to visit the website. I'm using the dpkt-module but I can't seem to find a simple solution for this.

I'm pretty bad at Python. I would appreciate any tips on how to do this.

grabbhalf
  • 61
  • 1
  • 1
  • 7
  • "total number of packets it took" -> to set up the connection? To load the content? All traffic in the capture from Stack Overflow? What specifically is your end goal? – Ross Jacobs Nov 10 '19 at 20:30
  • @RossJacobs Sorry for being unclear, I would like to see all the packets required to set up the connection and to load the content on the website. – grabbhalf Nov 10 '19 at 20:55
  • 1
    I recommend downloading Wireshark, taking a capture, and filtering by a specific website's IP address with `ip.addr==` so you can get a better sense of what traffic flows look like. Occasionally a website will use javascript to pull additional data or poll the client (i.e. some sites will never "load" if you define "load" as no additional network traffic). You may want to see when the website has loaded in your browser to a usable state and/or set a timeout with tshark/tcpdump and then kill the capture. – Ross Jacobs Nov 10 '19 at 21:05
  • Thank you! I'm gonna try that! – grabbhalf Nov 10 '19 at 21:31

1 Answers1

0

You can use scapy library for this.

from scapy.all import rdpcap
packets = rdpcap('0001.pcap')
print(len(packets))

This will give you the number of packets it received

Ruli
  • 2,592
  • 12
  • 30
  • 40
yashaswini mp
  • 21
  • 2