scapy: UDP defragmentation timestamp problem
https://stackoverflow.com/questions/5422432
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
i use the following script (python + scapy) to create a defragmented version of a pcap file that contains fragmented UDP packets.
# Read pcap file
in=rdpcap("in.pcap")
# Defragment ...
out = defragment(in)
# Write defragmented pcap file
wrpcap ("out.pcap", out)
My problem is that the pcap timestamps of defragmented packets are set to the date of the defragmentation, and not to the date of the capture. Non-fragmented packet still have their original capture timestamps.
I had a look to inet.py, defragment() and defrag(), but i'm not very fluent in scapy, i'd like help to make sense of it and hack it to keep the date of, say, the last fragment, and put it in the defragmented packet...
Could anybody help me on this, any hint?
Like, where can i find the capture date in input packets, and where should i put it in the defragmented packet...
Of course, any other solution reaching the same goal is welcome (i admit... i'm in hurry :( ...)
No correct solution
