Page MenuHomePhabricator
Paste P7763

Parse a pcap file having poolcounter traffic in it
ActivePublic
Actions

Authored by akosiaris on Nov 5 2018, 4:05 PM.
Tags
Referenced Files
F27065389: Poolcounter Stats
Nov 5 2018, 4:09 PM
F27065379: Parse a pcap file having poolcounter traffic in it
Nov 5 2018, 4:05 PM
Subscribers
None
import re
from scapy.all import *
data = 'poolcounter.dump'
pkts = rdpcap(data)
keys = {}
for pkt in pkts:
payload = bytes(pkt['TCP'].payload).decode('ascii')
m = re.match('ACQ4ME (.*) \d+ \d+ \d+', payload)
if m:
key = m.group(1)
if key in keys:
keys[key]['total'] += 1
keys[key]['pending'] += 1
if keys[key]['locked_at'] == 0:
keys[key]['locked_at'] = pkt.time
else:
keys[key] = {
'total': 1,
'pending': 1,
'created_at': pkt.time,
'locked_at': pkt.time,
'lock_times': [],
}
m = re.match('RELEASE (.*)', payload)
if m:
key = m.group(1)
if key in keys:
keys[key]['pending'] -= 1
# Were we the last one? Then the thing just got unlocked
if keys[key]['pending'] == 0:
keys[key]['lock_times'].append(pkt.time - keys[key]['locked_at'])
keys[key]['locked_at'] = 0
else:
keys[key] = {
'total': 0,
'pending': 0,
'created_at': pkt.time,
'locked_at': 0,
'lock_times': [],
}
with open('poolcounter.stats', 'w') as f:
pprint.pprint(keys, f)
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL