R
richardd
Hi,
I am writing code to deal with PCAP files. I have a PCAP dump and I am
looking at the timestamps in the PCAP packet headers to see if they are in
the correct order in the file. To do this I have a class called
PCAPPacketHdr as follows
import struct
class PCAPPacketHdr:
FormatString = "LLLL"
TSSec = None
TSUSec = None
InclLen = None
OrigLen = None
def Pack(self):
return struct.pack( self.FormatString, self.TSSec, self.TSUSec,
self.InclLen, self.OrigLen )
def Unpack(self, buffer):
self.TSSec, self.TSUSec, self.InclLen, self.OrigLen =
struct.unpack( self.FormatString, buffer )
def Size(self):
return struct.calcsize (self.FormatString)
I then have code which opens up the file (skipping the PCAP file magic
number and PCAP file header), and reads in each packet header as follows:
while not eof:
#read in PCAPPacketHdr
buf = curFile.read(packetHdr.Size())
if len(buf) == packetHdr.Size():
packetHdr.Unpack(buf)
if lastPacketHdr != None:
if lastPacketHdr.TSSec > packetHdr.TSSec:
outputFile.write("ERROR: Packet TSSec earlier than last
one: \n")
outputFile.write(" Last Packet
"+repr(lastPacketHdr.TSSec)+"."+repr(lastPacketHdr.TSUSec)+"\n")
elif lastPacketHdr.TSSec == packetHdr.TSSec:
if lastPacketHdr.TSUSec > packetHdr.TSUSec:
outputFile.write("ERROR: Packet TSUSec earlier than
last one\n")
outputFile.write(" Last Packet
"+repr(lastPacketHdr.TSSec)+"."+repr(lastPacketHdr.TSUSec)+"\n")
outputFile.write(" Packet
"+repr(packetHdr.TSSec)+"."+repr(packetHdr.TSUSec)+"\n")
lastPacketHdr = copy.deepcopy(packetHdr)
#skip packet payload
packetPayload = curFile.read(packetHdr.InclLen)
else:
eof = True
This code appears to work fine for extracting the timestamps from the file,
the repr( ) calls on the timestamps allow me to write them to the output
file correctly, it's just the comparison operators don't appear to be
working as I would expect. It appears than when the TSUSec timestamp is the
same as the previous one in the data I input, it reports "ERROR: Packet
TSUSec earlier than last one".
This makes me think that the comparison operators aren't acting on the data
as longs as I expected.
Can anyone shed some light on what I'm doing wrong, I'm still very new to
Python.
Thanks in advance,
Rich
I am writing code to deal with PCAP files. I have a PCAP dump and I am
looking at the timestamps in the PCAP packet headers to see if they are in
the correct order in the file. To do this I have a class called
PCAPPacketHdr as follows
import struct
class PCAPPacketHdr:
FormatString = "LLLL"
TSSec = None
TSUSec = None
InclLen = None
OrigLen = None
def Pack(self):
return struct.pack( self.FormatString, self.TSSec, self.TSUSec,
self.InclLen, self.OrigLen )
def Unpack(self, buffer):
self.TSSec, self.TSUSec, self.InclLen, self.OrigLen =
struct.unpack( self.FormatString, buffer )
def Size(self):
return struct.calcsize (self.FormatString)
I then have code which opens up the file (skipping the PCAP file magic
number and PCAP file header), and reads in each packet header as follows:
while not eof:
#read in PCAPPacketHdr
buf = curFile.read(packetHdr.Size())
if len(buf) == packetHdr.Size():
packetHdr.Unpack(buf)
if lastPacketHdr != None:
if lastPacketHdr.TSSec > packetHdr.TSSec:
outputFile.write("ERROR: Packet TSSec earlier than last
one: \n")
outputFile.write(" Last Packet
"+repr(lastPacketHdr.TSSec)+"."+repr(lastPacketHdr.TSUSec)+"\n")
elif lastPacketHdr.TSSec == packetHdr.TSSec:
if lastPacketHdr.TSUSec > packetHdr.TSUSec:
outputFile.write("ERROR: Packet TSUSec earlier than
last one\n")
outputFile.write(" Last Packet
"+repr(lastPacketHdr.TSSec)+"."+repr(lastPacketHdr.TSUSec)+"\n")
outputFile.write(" Packet
"+repr(packetHdr.TSSec)+"."+repr(packetHdr.TSUSec)+"\n")
lastPacketHdr = copy.deepcopy(packetHdr)
#skip packet payload
packetPayload = curFile.read(packetHdr.InclLen)
else:
eof = True
This code appears to work fine for extracting the timestamps from the file,
the repr( ) calls on the timestamps allow me to write them to the output
file correctly, it's just the comparison operators don't appear to be
working as I would expect. It appears than when the TSUSec timestamp is the
same as the previous one in the data I input, it reports "ERROR: Packet
TSUSec earlier than last one".
This makes me think that the comparison operators aren't acting on the data
as longs as I expected.
Can anyone shed some light on what I'm doing wrong, I'm still very new to
Python.
Thanks in advance,
Rich