The attached Python script will feed a dump file to tethereal and print
the start time, end time, User-Agent string, and a comma-separated list of
GET requests for each conversation in a capture file. It's a
quick-and-dirty hack, but it should do what you need.
On Tue, 23 Sep 2003, Stefan Auweiler wrote:
> Gurus,
>
> I have a really big snoop, from where I have report the HTTP round trip
> time:
>
> I filter on (http.request or http.response) to get a list of all related
> packets.
>
> How can I get the following Information (best in a list, one line per
> conversation) for each conversation:
>
> - Starttime
>
> - Endtime
>
> - GET url
>
> - User-Agent info from HTTP header
>
>
> Can one point me on a tool or a way to do this?
>
> Thanks in advance.
> (using ethereal 0.9.9 on windows)
>
> _______________________________________________
> Ethereal-users mailing list
> [EMAIL PROTECTED]
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
#!/bin/env python
import sys
import os
import re
import string
tethereal = '/path/to/tethereal'
frame_re = re.compile(r'^ Time since reference or first frame: (\d+.\d+) seconds')
ip_re = re.compile(r'^Internet Protocol, Src Addr: \S+ \(([\d.]+)\), ' +
'Dst Addr: \S+ \(([\d.]+)\)')
tcp_re = re.compile(r'Transmission Control Protocol, ' +
'Src Port: \S+ \((\d+)\), Dst Port: \S+ \((\d+)\), ')
get_re = re.compile(r'^ GET (.+) HTTP/')
agent_re = re.compile(r' User-Agent: (.*)')
conns = {}
class http_conn: # Gratuitous OOPing
def __init__(self, time, agent):
self.start_time = time
self.user_agent = agent
self.get_list = []
self.end_time = time
def update_time(self, time):
self.end_time = time
def add_get(self, get_val):
self.get_list.append(get_val)
def dump(self, key_str):
print '%s\t%s\t%s\t%s' % (
self.start_time,
self.end_time,
self.user_agent,
', '.join(self.get_list)
)
if len(sys.argv) < 2:
print 'Usage: ' + sys.argv[0] + ' <capture file>'
sys.exit(1)
try:
tdata = os.popen(tethereal + ' -nVr ' + sys.argv[1], 'r')
except:
print 'Error reading from pipe'
sys.exit(1)
for line in tdata:
line = line.rstrip()
res = frame_re.match(line)
if res is not None:
key = None
src_ip = ''
dst_ip = ''
src_port = ''
dst_port = ''
time = res.group(1)
res = ip_re.match(line)
if res is not None:
src_ip = res.group(1)
dst_ip = res.group(2)
res = tcp_re.match(line)
if res is not None:
src_port = res.group(1)
dst_port = res.group(2)
key = ':'.join([src_ip, src_port, dst_ip, dst_port])
if conns.has_key(key):
conns[key].update_time(time)
res = get_re.match(line)
if res is not None:
get_val = res.group(1)
res = agent_re.match(line)
if res is not None:
if not conns.has_key(key):
conns[key] = http_conn(time, res.group(1))
conns[key].add_get(get_val)
print 'Start Time\tEnd Time\tUser Agent\tGETs'
conn_list = conns.keys()
conn_list.sort()
for key in conn_list:
conns[key].dump(key)
