18

Is there a way to get the packet's arrivals time using scapy? Using scapy to read the pcap file and I want to know all the packet's arrivals time because as we know wireshark can see it. So I guess there must be a way. Anyone know?

Mike Pennington
  • 41,899
  • 19
  • 136
  • 174
leong
  • 339
  • 3
  • 5
  • 12

1 Answers1

32

use pkt.time

[mpenning@tsunami icinga-1.7.1]$ sudo python
[sudo] password for mpenning:
Python 2.6.6 (r266:84292, Dec 26 2010, 22:31:48)
[GCC 4.4.5] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from scapy.all import sniff
WARNING: No route found for IPv6 destination :: (no default route?)
>>> pkts = sniff(iface='eth0')
^C>>>
>>> pkts
<Sniffed: TCP:2 UDP:8 ICMP:0 Other:4>
>>> for pkt in pkts:
...     print pkt.time
...
1343551962.73
1343551963.28
1343551963.28
1343551963.32
1343551963.32
1343551963.36
1343551963.4
1343551963.45
1343551963.55
1343551963.65
1343551963.75
1343551963.85
1343551963.85
>>>
Mike Pennington
  • 41,899
  • 19
  • 136
  • 174
  • Thanks! I've digging this for hours. BTW, it's also discussed in [this thread](http://www.wireshark.org/lists/wireshark-dev/200808/msg00165.html) and also see [wireshark doc](http://wiki.wireshark.org/Timestamps). – Jinghao Shi Apr 15 '14 at 20:17
  • What a brilliant answer – dipl0 Jul 01 '18 at 11:05