Scapy:用scapy计算往返时间(RTT)

Question

我试图通过运行时的替罪羊计算RTT值。我和wireshark做的同样的事情。但两者的价值根本不匹配。我可以获得一个精确的时间戳通过sendpfast()方法提供的替罪羊，但如何同时捕获和显示？就像它可以做的发送-接收sr()功能的替罪羊。替罪羊和wireshark捕获的RTT可以在下面看到。

**scapy**     **wireshark**
0.1039998531    0,110971
0.0880000591    0,001198
0.1029999256    0,096224
0.0959999561    0,012241
0.1109998226    0,001866
0.0909998417    0,11562
0.1110000610    0,002541
0.1029999256    0,116533
0.1029999256    0,001403
0.1030001640    0,102193
0.1009998322    0,002144

Answer 1

您可以检查RFC1323，并使用TSval和TSecr计算RTT。为了避免复杂性，您可以尝试使用SYN/ACK进行三路握手，当建立连接时。就像这样..。

12:02:22.549838 IP xxx.xxx.xxx.xxx.34400 > yyy.yyy.yyy.yyy.80: Flags [S], seq 3721025326, win 26883, options [mss 8961,sackOK,TS val 2130701590 ecr 0,nop,wscale 7], length 0

12:02:22.827325 IP yyy.yyy.yyy.yyy.80 > xxx.xxx.xxx.xxx.34400: Flags [S.], seq 506523745, ack 3721025327, win 42408, options [mss 1380,sackOK,TS val 41895331 ecr 2130701590,nop,wscale 8], length 0

12:02:22.827383 IP xxx.xxx.xxx.xxx.34400 > yyy.yyy.yyy.yyy.80: Flags [.], ack 1, win 211, options [nop,nop,TS val 2130701660 ecr 41895331], length 0

SYN => TS val 2130701590 SYN/ACK => ecr 2130701590，TS val 41895331 ACK => TS val 2130701660 RTT = 2130701660 - 2130701590 = 70 (我认为单位是毫秒)

>>> capture = sniff(filter="port 80", timeout = 10, count = 50)
>>> tsvaltmp = 0
>>> tsecrtmp = 0
>>> for pkt in capture:
...   tsdata=dict(pkt['TCP'].options)
...   tsvalpkt = tsdata['Timestamp'][0]
...   tsecrpkt = tsdata['Timestamp'][1]
...   if tsvaltmp == tsecrpkt:
...     rtt = tsvalpkt - tsecrtmp
...     if rtt != 0 and tsecrtmp != 0:
...       print rtt
...   tsvaltmp = tsvalpkt
...   tsecrtmp = tsecrpkt
... 
6014
8
8
8
6310
9
>>>