Ethereal-users: Re: [Ethereal-users] Performance Report

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Gerald Combs <gerald@xxxxxxxxxxxx>
Date: Wed, 24 Sep 2003 22:10:23 -0500 (CDT)
The attached Python script will feed a dump file to tethereal and print
the start time, end time, User-Agent string, and a comma-separated list of
GET requests for each conversation in a capture file.  It's a
quick-and-dirty hack, but it should do what you need.

On Tue, 23 Sep 2003, Stefan Auweiler wrote:

> Gurus,
> 
> I have a really big snoop, from where I have report the HTTP round trip
> time:
> 
> I filter on (http.request or http.response) to get a list of all related
> packets.
> 
> How can I get the following Information (best in a list, one line per
> conversation) for each conversation:
> 
> - Starttime
> 
> - Endtime
> 
> - GET url
> 
> - User-Agent info from HTTP header
> 
> 
> Can one point me on a tool or a way to do this?
> 
> Thanks in advance.
> (using ethereal 0.9.9 on windows)
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> 

#!/bin/env python

import sys
import os
import re
import string

tethereal = '/path/to/tethereal'

frame_re = re.compile(r'^    Time since reference or first frame: (\d+.\d+) seconds')
ip_re = re.compile(r'^Internet Protocol, Src Addr: \S+ \(([\d.]+)\), ' +
	'Dst Addr: \S+ \(([\d.]+)\)')
tcp_re = re.compile(r'Transmission Control Protocol, ' +
	'Src Port: \S+ \((\d+)\), Dst Port: \S+ \((\d+)\), ')
get_re = re.compile(r'^    GET (.+) HTTP/')
agent_re = re.compile(r'    User-Agent: (.*)')

conns = {}

class http_conn:	# Gratuitous OOPing
	def __init__(self, time, agent):
		self.start_time = time
		self.user_agent = agent
		self.get_list = []
		self.end_time = time
	
	def update_time(self, time):
		self.end_time = time

	def add_get(self, get_val):
		self.get_list.append(get_val)

	def dump(self, key_str):
		print '%s\t%s\t%s\t%s' % (
			self.start_time, 
			self.end_time,
			self.user_agent,
			', '.join(self.get_list)
			)


if len(sys.argv) < 2:
	print 'Usage: ' + sys.argv[0] + ' <capture file>'
	sys.exit(1)
	
try:
	tdata = os.popen(tethereal + ' -nVr ' + sys.argv[1], 'r')
except:
	print 'Error reading from pipe'
	sys.exit(1)

for line in tdata:
	line = line.rstrip()

	res = frame_re.match(line)
	if res is not None:
		key = None
		src_ip = ''
		dst_ip = ''
		src_port = ''
		dst_port = ''
		time = res.group(1)

	res = ip_re.match(line)
	if res is not None:
		src_ip = res.group(1)
		dst_ip = res.group(2)

	res = tcp_re.match(line)
	if res is not None:
		src_port = res.group(1)
		dst_port = res.group(2)
		key = ':'.join([src_ip, src_port, dst_ip, dst_port])
		if conns.has_key(key):
			conns[key].update_time(time)

	res = get_re.match(line)
	if res is not None:
		get_val = res.group(1)

	res = agent_re.match(line)
	if res is not None:
		if not conns.has_key(key):
			conns[key] = http_conn(time, res.group(1))
		conns[key].add_get(get_val)

print 'Start Time\tEnd Time\tUser Agent\tGETs'

conn_list = conns.keys()
conn_list.sort()
for key in conn_list:
	conns[key].dump(key)