Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <nocommercials45@yahoo.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.004
X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'output': 0.05; 'socket': 0.07; 'subject:file': 0.07; 'ascii': 0.09; 'http': 0.09; 'url:blog': 0.10; 'posted': 0.15; 'differs': 0.16; 'doesnt': 0.16; 'expected,': 0.16; 'len(data)': 0.16; 'length.': 0.16; 'subject:download': 0.16; 'tcp': 0.16; 'timestamp': 0.16; 'url:general': 0.16; 'url:gmane': 0.16; 'url:thread': 0.16; 'charset:iso-8859-15': 0.16; 'import': 0.22; 'print': 0.22; 'header:User-Agent:1': 0.23; 'subject: .': 0.24; 'file.': 0.24; 'second': 0.26; 'idea': 0.28; 'work.': 0.31; 'url:2008': 0.31; 'skip:d 20': 0.34; 'subject:from': 0.34; 'connection': 0.35; 'something': 0.35; 'but': 0.35; 'really': 0.36; 'sequence': 0.36; 'doing': 0.36; 'hi,': 0.36; 'url:org': 0.36; 'should': 0.36; 'to:addr:python-list': 0.38; 'to:addr:python.org': 0.39; 'according': 0.40; 'even': 0.60; 'read': 0.60; 'numbers': 0.61; 'simple': 0.61; 'first': 0.61; 'here:': 0.62; 'received:77.238.189': 0.65; 'received:bullet.mail.ird.yahoo.com': 0.65; 'received:46': 0.66; 'received:77.238.189.233': 0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1381501523; bh=dJPrrRF1Tijs+viaq5rDweD9d0QYpQEb1SoSwmexzSQ=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding; b=EfqA0vyXDDLtEcV3U+K0ms0HwROipxfa7kKutkpzMoEEsMmwSAs5fuGn1ndwLxnTswpfH3VYeUT1p4uhOxt7mBzZTV3Pf5Z95xNSL+evVdkoKHa7rVkx6o0rXO4C9miQCaYRP2mWYhz87J658nxaGabXBZD7NtUIb8FQnxVZG2E=
X-Yahoo-Newman-Id: 891997.87509.bm@smtp128.mail.ir2.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: Y5tYNhIVM1mNWj_MLwyp0UF7t9GKXKWvwbUFmNreOaT8FEv xOxbnShxtwPlMud0EbprSEse6PHmcbGA8Ltnf_VvvkD9hr7ijGdwBcfGXTZk caS_CVgh0GVGYGvl1FKyP2sVS43n7SRcSIa4BMQejE3hht9uFABGKnj.qJjL I1sKBqhsOh6k1xEtxpf3tob4XJ4tONRW8Luu1YPc7Au.cOQeLAJoFMiI7_xp d3iamXr3y3UYNQX1Phjjv9NKaL3RdhaMr1esTW9pFmdgcUStGe7NLlUWHBAb jeUmlLC8VVjCqsQl6n56mr27ZtdC8KhpfsIS2YPjlAKs51XXqObIN4tISWJd MFnflPeekyEHoOXoSnh2vm65lzJwsLCi92wz4zqw._Lp5i4IwWYSKouXxTTr 69AXL1k3ZR2fxfjDK3jH9Wiu_jtnDILPIQ.JI86snK.rObgiPbVYzyaugIsJ 8Tq8IJ5RpzaG7wvk.KoA0jinNAgaCCrPsQ54GdYapRiXuIAtI28P_UFgPGCu BAsCNTiBtB5W3BdC.4uAo8s6W3H1.2ARGUDz4YFpiNMm3qWVFaaZzf7D3yfK 4.Pq7_Fi216Kqa8tRR35l1ecJg6fw_caIM_PfeRhnSV.w28R6KiT3jWai8Z9 Ut1F7GenyEZl23CDf_AztV.oSmA29xP1gb7LUqCHAW7VJ1tpHtknbLXj.fyp _Go32W5oIk6bt_LC.sDJGSAPtYI86ozMUYmLG5JLt0ItthIqwHjwusCiMc9B l
X-Yahoo-SMTP: AdsEEYaswBC3VBbYwjap82DMO0ZNrwBwIlnBjw--
X-Rocket-Received: from [192.168.29.38] (nocommercials45@141.41.92.122 with ) by smtp128.mail.ir2.yahoo.com with SMTP; 11 Oct 2013 14:25:23 +0000 UTC
Date: Fri, 11 Oct 2013 16:25:15 +0200
From: patrick <nocommercials45@yahoo.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: python-list@python.org
Subject: calculating download speed from .pcap file
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 11 Oct 2013 16:33:35 +0200
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.1005.1381502016.18130.python-list@python.org>
Lines: 35
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1381502017 news.xs4all.nl 15975 [2001:888:2000:d::a6]:47779
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:56685

hi,

im looking for a way to calculate download speed for a http connection 
inside my .pcap file.
but doing even a simple read with dpkt doesnt really work.

import pcap, dpkt
import socket

pcapReader = dpkt.pcap.Reader(file("http-download.pcap"))
for ts, data in pcapReader:
     print ts, len(data)
     eth = dpkt.ethernet.Ethernet(data)
     print eth


according to this howto: 
http://jon.oberheide.org/blog/2008/10/15/dpkt-tutorial-2-parsing-a-pcap-file/
it should output something reable, but instead i get ascii art. nothing 
readable.

ts and len(data) work as expected, the first is the timestamp and the 
second the packet length.

any idea whats wrong?



ive had some progresss with scapy when working with icmp, but when 
reading the TCP sequence numbers output differs from wireshark/tcpdump. 
posted it here: 
http://thread.gmane.org/gmane.comp.security.scapy.general/4952


greets