I am trying to create a Python script where I parse a pcap file and measure traffic burstiness down to the sub-millisecond level. The problem is that it looks like the timestamps provided by dpkt doesn't appear to provide fine enough resolution. The following script #!/usr/bin/python import dpkt, sys
f=file(sys.argv[1],"rb")
pcap=dpkt.pcap.Reader(f)
for ts, buf in pcap:
eth=dpkt.ethernet.Ethernet(buf)
size = len(eth)
print "packet size %s" % size
print "timestamp %s" % ts
Yields the following results
packet size 199 timestamp 1397589057.04 packet size 119 timestamp 1397589057.04 packet size 66 timestamp 1397589057.04 packet size 247 timestamp 1397589057.04
The actual timestamps for those packets should have a .043549 format which goes down to the microsecond. Does anyone know how to get the full timestamp?