问题
I have a large tcpdump capture ( with > 1gb of data in a .dump file) which I would like to parse to get some statistics like the number of different IPs involved in sending traffic, etc. I would like to know if there is a clean way of accessing such data in the binary trace file through python?
The way I tried doing it is by running
tcpdump -r something.dump > myfile.out
And then try to parse myfile.out with python code to get the data i want. But the command above is taking forever to complete and would like to use a better way of doing this.
Edit: Wireshark runs out of memory while trying to open the file.
回答1:
Take a look at the dpkt module. It should be able to parse the pcap file on demand. Jon Oberheide has a great blog post showing how you can access the parsed representation of packets within a pcap packet capture file.
来源:https://stackoverflow.com/questions/14410580/parsing-large-tcpdump-files-in-python