pcap nanoseconds Python

Question

Is there anyway to get nanoseconds out of a pcap with existing python libraries? I have a nanoseconds pcap file that works just fine with Wireshark but the Python pcapy library will not even import the file.

This functionality does exist in c libpcap (see: this thread) but has anyone ported it into Python? I took a look at the source code but it is over my head in changing pcapy to allow this.

Nanoseconds are necessary for what I am doing and microseconds do not give me the necessary precision, though my code is working perfectly fine with micros.

Maybe try switching library. FTR, Scapy supports nanoseconds précision in pcaps — Cukic0d, Jun 24 '19 at 21:47

score 3 · Answer 1 · answered Feb 24 '14 at 19:24

3

After trying every existing pcap module in Python, we decided to edit the source on pcapy. We changed this to include the "pcap_open_offline_with_tstamp_precision(pathname, PCAP_TSTAMP_PRECISION_NANO, errbuf);" functionality that already existed in libpcap and it worked perfectly. Now we have nanosecond resolution for our packet capture analysis.

answered Feb 24 '14 at 19:24

Mildew

51
7

1

Your improvement in pcapy to support nanosecond precision timestamps sounds very useful. Can you share your implementation of the change? – Ben Baumgold May 07 '14 at 02:10

score 0 · Answer 2 · answered Jan 20 '15 at 12:34

Within each packet, if you use:

header.getts()[0]

It will return the epoch time. I'm using:

def convert_timefromepoch(epochTimestamp): return time.strftime('%Y/%m/%d %H:%M:%S', time.gmtime(epochTimestamp))

timeStamp = convert_timefromepoch(header.getts()[0])

to get a string of the date/time for use in my output.

pcap nanoseconds Python

2 Answers2

Linked