Ricky Robinson
Reputation: 22903
time unit in tcpdump timestamps
In Scapy (which uses tcpdump to capture packets), I'm extracting timestamps from a data packet that I sent and from the ICMP reply that I got from it.
>>> icmpPacket.time
1344448836.482289
>>> dataPacket.time
1344448832.707281
>>> RTT = icmpPacket.time - dataPacket.time
>>> RTT
3.775007963180542
What's the unit of time here? How can I have it in seconds?
Upvotes: 3
Views: 3848
Answers (1)
Martijn Pieters
Reputation: 1123400
The unit of time is seconds since the UNIX epoch (00:00:00 UTC on 1 January 1970). Use the time or datetime modules to interpret these, depending on your needs. The latter is a higher-level module.
Example:
>>> import datetime
>>> icmpstamp = datetime.datetime.fromtimestamp(1344448836.482289)
>>> icmpstamp
datetime.datetime(2012, 8, 8, 20, 0, 36, 482289)
>>> print icmpstamp
2012-08-08 20:00:36.482289
>>> datastamp = datetime.datetime.fromtimestamp(1344448832.707281)
>>> datastamp
datetime.datetime(2012, 8, 8, 20, 0, 32, 707281)
>>> print datastamp
2012-08-08 20:00:32.707281
>>> difference = icmpstamp - datastamp
>>> difference
datetime.timedelta(0, 3, 775008)
>>> print difference
0:00:03.775008
Your RTT value is thus already the difference between the two timestamps in seconds.
Upvotes: 2
Related Questions
- Scapy: packet.time vs Timestamp
- How to get TCP-Timestamp (TSval) using python
- Write packets captured with scapy sniff in time intervals
- scapy: Timestamps lacking float precision on sniffed packets
- scapy timestamp measurement for outgoing packets
- Specify timestamp on each packet in Scapy?
- time stamp in tcpdump file
- Scapy PcapReader and packets time
- Higher timestamp precision with scapy
- scapy get packet's arrivals time