@ Gribouillis: Yes I know. I just re-explaining my need regarding your explanation: "Finally, remove the groups with only one packet"
So with your code, I got the whole of packets if I want only the duplicated one I have to check if my [tcp].seq is in this list. Something like this ? are you agree ?
So with your code, I got the whole of packets if I want only the duplicated one I have to check if my [tcp].seq is in this list. Something like this ? are you agree ?
def is_dupl(s):
v = duplication_pkt_count(s)
for p in s:
if p.haslayer(TCP) and p.haslayer(IP):
for i in range(0, len(v)):
if p[TCP].seq in v and (p[IP].src == s_ip):
sCount += 1
if p[TCP].seq in v and (p[IP].src == c_ip):
cCount += 1
return (sCount, cCount)