I recently had a need to specify and increment the IP timestamp values of packets in a PCAP. In this example, the starting second value is specified and we increment the microsecond value. This requires the use of Scapy. If you have any questions or recommendations for improvement, please leave a comment below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | #!/usr/bin/python
# Script to parse a PCAP and modify timestamps
# Requires Scapy
# 0.1 - 03012012
# Stephen Reese
from scapy.all import *
import sys
# Get input and output files from command line
if len(sys.argv) < 2:
print "Usage: rewritetimestamp.py inputpcapfile"
sys.exit(1)
# Assign variable names for input and output files
infile = sys.argv[1]
def process_packets():
pkts = rdpcap(infile)
cooked=[]
timestamp = 1234567890.000000
for p in pkts:
p.time = timestamp
timestamp += 0.000001
pmod=p
p.time
cooked.append(pmod)
wrpcap("out.pcap", cooked)
process_packets()
|
Comments
comments powered by Disqus