The attached Python script will feed a dump file to tethereal and print the start time, end time, User-Agent string, and a comma-separated list of GET requests for each conversation in a capture file. It's a quick-and-dirty hack, but it should do what you need.
On Tue, 23 Sep 2003, Stefan Auweiler wrote: > Gurus, > > I have a really big snoop, from where I have report the HTTP round trip > time: > > I filter on (http.request or http.response) to get a list of all related > packets. > > How can I get the following Information (best in a list, one line per > conversation) for each conversation: > > - Starttime > > - Endtime > > - GET url > > - User-Agent info from HTTP header > > > Can one point me on a tool or a way to do this? > > Thanks in advance. > (using ethereal 0.9.9 on windows) > > _______________________________________________ > Ethereal-users mailing list > [EMAIL PROTECTED] > http://www.ethereal.com/mailman/listinfo/ethereal-users >
#!/bin/env python import sys import os import re import string tethereal = '/path/to/tethereal' frame_re = re.compile(r'^ Time since reference or first frame: (\d+.\d+) seconds') ip_re = re.compile(r'^Internet Protocol, Src Addr: \S+ \(([\d.]+)\), ' + 'Dst Addr: \S+ \(([\d.]+)\)') tcp_re = re.compile(r'Transmission Control Protocol, ' + 'Src Port: \S+ \((\d+)\), Dst Port: \S+ \((\d+)\), ') get_re = re.compile(r'^ GET (.+) HTTP/') agent_re = re.compile(r' User-Agent: (.*)') conns = {} class http_conn: # Gratuitous OOPing def __init__(self, time, agent): self.start_time = time self.user_agent = agent self.get_list = [] self.end_time = time def update_time(self, time): self.end_time = time def add_get(self, get_val): self.get_list.append(get_val) def dump(self, key_str): print '%s\t%s\t%s\t%s' % ( self.start_time, self.end_time, self.user_agent, ', '.join(self.get_list) ) if len(sys.argv) < 2: print 'Usage: ' + sys.argv[0] + ' <capture file>' sys.exit(1) try: tdata = os.popen(tethereal + ' -nVr ' + sys.argv[1], 'r') except: print 'Error reading from pipe' sys.exit(1) for line in tdata: line = line.rstrip() res = frame_re.match(line) if res is not None: key = None src_ip = '' dst_ip = '' src_port = '' dst_port = '' time = res.group(1) res = ip_re.match(line) if res is not None: src_ip = res.group(1) dst_ip = res.group(2) res = tcp_re.match(line) if res is not None: src_port = res.group(1) dst_port = res.group(2) key = ':'.join([src_ip, src_port, dst_ip, dst_port]) if conns.has_key(key): conns[key].update_time(time) res = get_re.match(line) if res is not None: get_val = res.group(1) res = agent_re.match(line) if res is not None: if not conns.has_key(key): conns[key] = http_conn(time, res.group(1)) conns[key].add_get(get_val) print 'Start Time\tEnd Time\tUser Agent\tGETs' conn_list = conns.keys() conn_list.sort() for key in conn_list: conns[key].dump(key)