Extract tcpdump timestamp from txt file

Question

I'm trying to calculate the throughput from the output of tcpdump using python. So far I called tcpdump from python and managed to write the output in a text file. Sample output:

01:06:23.649464 0us IP (tos 0x0, ttl 128, id 63533, offset 0, flags [none], proto UDP (17), length 72) 251.146.199.137.1066 > 156.96.135.220.62827: UDP, length 44

01:06:23.920316 0us IP (tos 0x0, ttl 1, id 10354, offset 0, flags [none], proto IGMP (2), length 32, options (RA)) 251.146.198.120 > fm-dyn-140-0-193-221.fast.net.id: [|igmp]

However, I'm stuck on the next part. Extracting the time and length (the first one) and calculating the throughput. I'm new to python and don't have clear idea about regular expression. Also since the timestamps include micro second is there any easy method to work with them to calculate throughput?

Thanks in advance.

Answer 1

Forget about regex, you can use datetime module.

Using datetime

>>> from datetime import datetime
>>> lines = ['01:06:23.649464 0us IP (tos 0x0, ttl 128, id 63533, offset 0, flags [none], proto UDP (17), length 72) 251.146.199.137.1066 > 156.96.135.220.62827: UDP, length 44', '01:06:23.920316 0us IP (tos 0x0, ttl 1, id 10354, offset 0, flags [none], proto IGMP (2), length 32, options (RA)) 251.146.198.120 > fm-dyn-140-0-193-221.fast.net.id: [|igmp]']
>>> times = [datetime.strptime(line[:15], '%H:%M:%S.%f') for line in lines]

The throughput could be calculated directly, but you'll need to use strptime from datetime to that.

>>> times[1] - times[0]
datetime.timedelta(0, 0, 270852)