DEVHIDE
Login Or Sign up

Scapy: calculate round trip time (RTT) with scapy

2.7k Views Asked by At

I am trying to calculate RTT values via scapy on run time. The same task I did with wireshark as well. But values from both does not match at all. I can get an accurate timestamp via sendpfast() method provided in scapy but how to capture and display at the same time? Like It could be done with send-receive sr() function of scapy. The RTT captured by scapy and wireshark can be seen below.

**scapy**     **wireshark**
0.1039998531    0,110971
0.0880000591    0,001198
0.1029999256    0,096224
0.0959999561    0,012241
0.1109998226    0,001866
0.0909998417    0,11562
0.1110000610    0,002541
0.1029999256    0,116533
0.1029999256    0,001403
0.1030001640    0,102193
0.1009998322    0,002144
python wireshark scapy roundtrip
Original Q&A
1

There are 1 best solutions below

0
On

You can check the RFC1323, and calculate the RTT using TSval and TSecr. To avoid complexity, you can just try with SYN-SYN/ACK-ACK on three-way-handshake, when the connection is stablished. Something like this...

12:02:22.549838 IP xxx.xxx.xxx.xxx.34400 > yyy.yyy.yyy.yyy.80: Flags [S], seq 3721025326, win 26883, options [mss 8961,sackOK,TS val 2130701590 ecr 0,nop,wscale 7], length 0

12:02:22.827325 IP yyy.yyy.yyy.yyy.80 > xxx.xxx.xxx.xxx.34400: Flags [S.], seq 506523745, ack 3721025327, win 42408, options [mss 1380,sackOK,TS val 41895331 ecr 2130701590,nop,wscale 8], length 0

12:02:22.827383 IP xxx.xxx.xxx.xxx.34400 > yyy.yyy.yyy.yyy.80: Flags [.], ack 1, win 211, options [nop,nop,TS val 2130701660 ecr 41895331], length 0

SYN => TS val 2130701590

SYN/ACK => ecr 2130701590, TS val 41895331

ACK => TS val 2130701660

RTT = 2130701660 - 2130701590 = 70 (I think the unit is miliseconds)

>>> capture = sniff(filter="port 80", timeout = 10, count = 50)
>>> tsvaltmp = 0
>>> tsecrtmp = 0
>>> for pkt in capture:
...   tsdata=dict(pkt['TCP'].options)
...   tsvalpkt = tsdata['Timestamp'][0]
...   tsecrpkt = tsdata['Timestamp'][1]
...   if tsvaltmp == tsecrpkt:
...     rtt = tsvalpkt - tsecrtmp
...     if rtt != 0 and tsecrtmp != 0:
...       print rtt
...   tsvaltmp = tsvalpkt
...   tsecrtmp = tsecrpkt
... 
6014
8
8
8
6310
9
>>>

Related Questions in PYTHON

Related Questions in WIRESHARK

Related Questions in SCAPY

Related Questions in ROUNDTRIP

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.