import os
import re
os.chdir("d:\\")
def main(input_file, output_file):
pattern = re.compile('\s*\d*\s*(\d\.\d*)\s*((\d{1,3}\.){3}\d{1,3})\s*((\d{1,3}\.){3}\d{1,3}).*(\d\d\d\d\d).*\[SYN\].*')#正则
pattern2 = re.compile('\s*\d*\s*(\d\.\d*)\s*(\d{1,3}\.){3}\d{1,3}\s*(\d{1,3}\.){3}\d{1,3}.*(\d\d\d\d\d).*\[SYN\,\sACK\].*')#正则
reader = open(input_file, 'r')#读行
buff = []
while True:
line = reader.readline()
if len(line) == 0:
break
line = line.rstrip()
m = pattern.match(line)
if m:
k = m.group(6)#可以这么赋值吗????
try:
x = float(m.group(1))
except ValueError, e:
# someString was NOT floating-point, what now?
f = reader.readline()
for line2 in f:#循环里的循环,感觉这很有可能错啊
if len(line2) == 0:
break
line2 = line.rstrip()
m2 = pattern2.match(line2)
if m2:
i = m2.group(6)
y = float(m2.group(1))
if k == i:#匹配两行同意字符串相等
p == y - x #把字符串前的字符相减
buff.append("%s %s" % (m.group(4), y, m.group(6)))#添加到buff里
reader.close()
writer = open(output_file, 'w')
writer.write('\n'.join(buff))
writer.close()
if __name__ == '__main__':
main('track.txt', 'yue.txt')
track.txt
No. Time Source Destination Protocol Length Info
1 0.000000000 fe80::b9be:a018:ba1d:e6fd ff02::c SSDP 208 M-SEARCH * HTTP/1.1
Frame 1: 208 bytes on wire (1664 bits), 208 bytes captured (1664 bits) on interface 0
Ethernet II, Src: HonHaiPr_8c:b7:63 (ac:d1:b8:8c:b7:63), Dst: IPv6mcast_0c (33:33:00:00:00:0c)
Internet Protocol Version 6, Src: fe80::b9be:a018:ba1d:e6fd (fe80::b9be:a018:ba1d:e6fd), Dst: ff02::c (ff02::c)
User Datagram Protocol, Src Port: 54980 (54980), Dst Port: 1900 (1900)
Hypertext Transfer Protocol
No. Time Source Destination Protocol Length Info
2 0.882100000 172.20.50.180 106.120.167.29 DNS 364 Standard query 0x0a04 [Malformed Packet]
Frame 2: 364 bytes on wire (2912 bits), 364 bytes captured (2912 bits) on interface 0
Ethernet II, Src: HonHaiPr_8c:b7:63 (ac:d1:b8:8c:b7:63), Dst: Dell_6c:f7:00 (b8🇨🇦3a:6c:f7:00)
Internet Protocol Version 4, Src: 172.20.50.180 (172.20.50.180), Dst: 106.120.167.29 (106.120.167.29)
User Datagram Protocol, Src Port: 61100 (61100), Dst Port: 53 (53)
Domain Name System (query)
[Malformed Packet: DNS]
No. Time Source Destination Protocol Length Info
3 1.331172000 172.20.50.180 129.22.4.32 DNS 72 Standard query 0x949d A www.duba.com
Frame 3: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) on interface 0
Ethernet II, Src: HonHaiPr_8c:b7:63 (ac:d1:b8:8c:b7:63), Dst: Dell_6c:f7:00 (b8🇨🇦3a:6c:f7:00)
Internet Protocol Version 4, Src: 172.20.50.180 (172.20.50.180), Dst: 129.22.4.32 (129.22.4.32)
User Datagram Protocol, Src Port: 54845 (54845), Dst Port: 53 (53)
Domain Name System (query)
No. Time Source Destination Protocol Length Info
4 1.360409000 172.20.50.180 129.22.104.132 DNS 72 Standard query 0x949d A www.duba.com
Frame 4: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) on interface 0
Ethernet II, Src: HonHaiPr_8c:b7:63 (ac:d1:b8:8c:b7:63), Dst: Dell_6c:f7:00 (b8🇨🇦3a:6c:f7:00)
Internet Protocol Version 4, Src: 172.20.50.180 (172.20.50.180), Dst: 129.22.104.132 (129.22.104.132)
User Datagram Protocol, Src Port: 54845 (54845), Dst Port: 53 (53)
Domain Name System (query)
No. Time Source Destination Protocol Length Info
5 2.126667000 172.20.50.180 129.22.4.32 DNS 71 Standard query 0xb533 A twitter.com
Frame 5: 71 bytes on wire (568 bits), 71 bytes captured (568 bits) on interface 0
Ethernet II, Src: HonHaiPr_8c:b7:63 (ac:d1:b8:8c:b7:63), Dst: Dell_6c:f7:00 (b8🇨🇦3a:6c:f7:00)
Internet Protocol Version 4, Src: 172.20.50.180 (172.20.50.180), Dst: 129.22.4.32 (129.22.4.32)
User Datagram Protocol, Src Port: 60536 (60536), Dst Port: 53 (53)
Domain Name System (query)
No. Time Source Destination Protocol Length Info
6 2.126936000 172.20.50.180 129.22.4.32 DNS 73 Standard query 0x1d73 A terrapops.com
Frame 6: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on interface 0
Ethernet II, Src: HonHaiPr_8c:b7:63 (ac:d1:b8:8c:b7:63), Dst: Dell_6c:f7:00 (b8🇨🇦3a:6c:f7:00)
Internet Protocol Version 4, Src: 172.20.50.180 (172.20.50.180), Dst: 129.22.4.32 (129.22.4.32)
User Datagram Protocol, Src Port: 53382 (53382), Dst Port: 53 (53)
Domain Name System (query)
No. Time Source Destination Protocol Length Info
7 2.127255000 172.20.50.180 129.22.4.32 DNS 72 Standard query 0xbe04 A fidelity.com
Frame 7: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) on interface 0
Ethernet II, Src: HonHaiPr_8c:b7:63 (ac:d1:b8:8c:b7:63), Dst: Dell_6c:f7:00 (b8🇨🇦3a:6c:f7:00)
No. Time Source Destination Protocol Length Info
17 2.161969000 172.20.50.180 223.165.27.13 TCP 66 53688→80 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 17: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: HonHaiPr_8c:b7:63 (ac:d1:b8:8c:b7:63), Dst: Dell_6c:f7:00 (b8🇨🇦3a:6c:f7:00)
Internet Protocol Version 4, Src: 172.20.50.180 (172.20.50.180), Dst: 223.165.27.13 (223.165.27.13)
Transmission Control Protocol, Src Port: 53688 (53688), Dst Port: 80 (80), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
18 2.162307000 172.20.50.180 223.165.27.13 TCP 66 53689→80 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 18: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: HonHaiPr_8c:b7:63 (ac:d1:b8:8c:b7:63), Dst: Dell_6c:f7:00 (b8🇨🇦3a:6c:f7:00)
Internet Protocol Version 4, Src: 172.20.50.180 (172.20.50.180), Dst: 223.165.27.13 (223.165.27.13)
Transmission Control Protocol, Src Port: 53689 (53689), Dst Port: 80 (80), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
19 2.163036000 129.22.104.132 172.20.50.180 DNS 89 Standard query response 0x1d73 A 67.55.77.170
Frame 19: 89 bytes on wire (712 bits), 89 bytes captured (712 bits) on interface 0
Ethernet II, Src: Dell_6c:f7:00 (b8🇨🇦3a:6c:f7:00), Dst: HonHaiPr_8c:b7:63 (ac:d1:b8:8c:b7:63)
Internet Protocol Version 4, Src: 129.22.104.132 (129.22.104.132), Dst: 172.20.50.180 (172.20.50.180)
User Datagram Protocol, Src Port: 53 (53), Dst Port: 53382 (53382)
Domain Name System (response)
找到含有SYN的行,然后提取这一行中的端口号,然后在全部行里找端口号一样的行、并有字符串[SYN,ACK].
然后在这两行中提取时间、再减一下,大概就是这个功能、