summaryrefslogtreecommitdiff
path: root/external/construct/formats/data/cap.py
diff options
context:
space:
mode:
Diffstat (limited to 'external/construct/formats/data/cap.py')
-rw-r--r--external/construct/formats/data/cap.py55
1 files changed, 55 insertions, 0 deletions
diff --git a/external/construct/formats/data/cap.py b/external/construct/formats/data/cap.py
new file mode 100644
index 0000000..f95c5c1
--- /dev/null
+++ b/external/construct/formats/data/cap.py
@@ -0,0 +1,55 @@
+"""
+tcpdump capture file
+"""
+from construct import *
+import time
+from datetime import datetime
+
+
+class MicrosecAdapter(Adapter):
+ def _decode(self, obj, context):
+ return datetime.fromtimestamp(obj[0] + (obj[1] / 1000000.0))
+ def _encode(self, obj, context):
+ offset = time.mktime(*obj.timetuple())
+ sec = int(offset)
+ usec = (offset - sec) * 1000000
+ return (sec, usec)
+
+packet = Struct("packet",
+ MicrosecAdapter(
+ Sequence("time",
+ ULInt32("time"),
+ ULInt32("usec"),
+ )
+ ),
+ ULInt32("length"),
+ Padding(4),
+ HexDumpAdapter(Field("data", lambda ctx: ctx.length)),
+)
+
+cap_file = Struct("cap_file",
+ Padding(24),
+ Rename("packets", OptionalGreedyRange(packet)),
+)
+
+
+if __name__ == "__main__":
+ obj = cap_file.parse_stream(open("../../tests/cap2.cap", "rb"))
+ print(len(obj.packets))
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-21 15:35:36 +0000