How can I count the number of tcp retransmissions in a pcap file using python?

I have some pcap files I want to count the number of tcp retransmissions on a pe开发者_高级运维r-flow basis. Does anyone knows of a python module I could leverage for this?

I don't know of something that will do the count for you, but there are a couple ways to open pcap files in Python. I like scapy, http://www.secdev.org/projects/scapy/

there is also pypcap http://code.google.com/p/pypcap/ and while i've never used it, the dirtbags.net implementation looks interesting. It does not use the pcap libs which is kind of cool. http://dirtbags.net/py-pcap.html

Not enough reputation points to post this as a comment, but tshark supports exporting of pcap files to xml using the -T option (with either the pdml or psml argument):

tshark -T pdml -r {infile} >{outfile}

One you have the xml files, you can easily parse them with one of the many libraries available out there.

You could use a python subprocess to call tshark. tshark is the console version of wireshark. tshark/wireshark have many options to filter and analyse pcaps. Counting retransmission on a per flow basis could be archived like this:

tshark -T fields -e tcp.stream -e frame.number -r cap.pcapng 'tcp.analysis.retransmission'