Get number of packets in tcpdump file, without reading entire thing - TCP-IP

This is a discussion on Get number of packets in tcpdump file, without reading entire thing - TCP-IP ; Hello, I would have posted to the tcpdump mailing list, but for the life of me can't access it. I am using python and pcapy (python interface to libpcap) to read a tcpdump output file (-w option). Q: Is there ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Get number of packets in tcpdump file, without reading entire thing

  1. Get number of packets in tcpdump file, without reading entire thing

    Hello,
    I would have posted to the tcpdump mailing list, but for the life of
    me can't access it. I am using python and pcapy (python interface to
    libpcap) to read a tcpdump output file (-w option).

    Q: Is there a way to get the total number of packets in the dump file
    without having to read the entire thing? I would like to give some
    sort of progress indicator.

    Many thanks
    Saptarshi

  2. Re: Get number of packets in tcpdump file, without reading entirething

    On Jul 15, 11:25 am, Saptarshi wrote:

    > Q: Is there a way to get the total number of packets in the dump file
    > without having to read the entire thing? I would like to give some
    > sort of progress indicator.


    The pcap file format doesn't include the number of packets in the
    file.

    But you can implement your progress meter by keeping track of the
    following:
    1) file size
    2) processed packet counter
    3) running total of /captured/ bytes in each processed packet
    (incl_len)

    Then, your progress will be:

    progress = (packet_counter*16 + incl_len_total ) / (file_size - 24)

    Note that this procedure will give you the progress in terms of bytes,
    rather than in terms of packets, so it's not exactly what you were
    looking for. But it ought to suffice for "some sort of progress
    indicator" ;-)

    /chris

  3. Re: Get number of packets in tcpdump file, without reading entirething


    > The pcap file format doesn't include the number of packets in the
    > file.


    Yes, I was expecting that.

    >
    > But you can implement your progress meter by keeping track of the
    > following:
    > 1) file size
    > 2) processed packet counter
    > 3) running total of /captured/ bytes in each processed packet
    > (incl_len)
    >
    > Then, your progress will be:
    >
    > progress = (packet_counter*16 + incl_len_total ) / (file_size - 24)
    >


    This should be a good enough substitute.
    Thanks
    Saptarshi

+ Reply to Thread