Reputation: 65
find tcp flows using scapy
I am using scapys sniff function to capture tcp and udp packets.I would like to know the tcp flow and how long the flow existed.in wireshark we have session id which is internal to wireshark.I want to know how long the flow existed using for packet sniffed using scapy. is any field in tcp or udp packet or any way to calculate how long the flow existed. I am searching for solution in google but no luck with the answer. We also have a graph in wireshark to see the flow arrows.can we achieve the same using python.
Upvotes: 1
Views: 2062
Answers (1)
Reputation: 3134
Each packet has a timestamp associated with it, which you can easily retrieve as follows:
>>> pkt = Ether() / IP() / UDP()
>>> pkt.time
1411350054.376391
>>>
So it's just a matter of find the first TCP packet and the last TCP packet in the session to calculate the duration.
Upvotes: 1
Related Questions
- Extracting TCP data with Scapy
- Python/Scapy: sniff only incoming packets
- TCP Traceroute in python
- Scapy - TCPSession from list of packets
- Get TCP Flags with Scapy
- Scapy TCP RST atack
- Scapy and sniff. how can I filter TCP SYN?
- Scapy Raw Sockets
- Python based network sniffer (scapy not good enough?)
- Access to Scapy's inner protocol layers