How to calculate payload size by using python dpkt library

1.9k Views Asked by user14834847 At 04 April 2025 at 05:30

I need to process a 7GB pcap file to extract their packets size, payloads size. I initially use scapy's PcapReader to extract these sizes, but scapy run truly slow for 7GB file. So I change to use DPKT library, however, I don't know how to check its TCP payload size.

import dpkt
payload_size=[]
packet_size=[]

for ts,buf in dpkt.pcapng.Reader(open('pcap file','rb')):
    eth=dpkt.ethernet.Ethernet(buf) 
    if eth.type==dpkt.ethernet.ETH_TYPE_IP:
        ip=eth.data
        if ip.p==dpkt.ip.IP_PROTO_TCP:
            packet_size.append(ip.len)
            payload_size.append(?)
    else:
        pass

Original Q&A

There are 1 best solutions below

saquintes On 16 December 2020 at 06:27 BEST ANSWER

Looking at the source for dpkt's IP class

    def __len__(self):
        return self.__hdr_len__ + len(self.opts) + len(self.data)

They calculate the length as the header, options, and length of data. So I think you can get the payload length by:

payload_size.append(len(ip.data))

Update:

OP wanted the TCP payload. The TCP's source is similar:

    def __len__(self):
        return self.__hdr_len__ + len(self.opts) + len(self.data)

So the length of the TCP payload should be len(ip.data.data).

if ip.p==dpkt.ip.IP_PROTO_TCP: 
   tcp = ip.data
   payload_len = len(tcp.data)

How to calculate payload size by using python dpkt library

There are 1 best solutions below

Related Questions in PYTHON

Related Questions in PAYLOAD

Related Questions in DPKT

Trending Questions

Popular # Hahtags

Popular Questions