/pcap-converter

Pcap Converter: convert pcap to text or flows.

Primary LanguagePython

Description
====================
This tool provides two functionality:
    - convert binary pcap file to text files [pcap-to-txt.py]
    - convert pcap file to netflows [pcap-to-flow.py]

txt format
-------------------
1   0.000000 51.142.253.91 -> 15.236.229.88 TCP 54 2555 22746
<seq no> <time stamp> <src ip> -> <dst ip> <protocol> <pkt size> <src port> <dst port>

flow format
--------------------
0.000429 238.227.214.84 147.47.105.20 TCP 54 0.014504
<start time stamp> <src ip> <dst ip> <protocol> <flow size> <flow duration>


Dependency
=====================
tshark

http://www.wireshark.org/docs/man-pages/tshark.html

You can install tshark easily in ubuntu

sudo apt-get install tshark


Usage
=====================

    $ ./pcap-to-flow.py -p ./tests/dosattack.pcap -t 0.01
    $ ./pcap-to-txt.py -i ./tests/dosattack.pcap

Type the following commands for more help
    
    $ ./pcap-to-flow.py -h
    $ ./pcap-to-txt.py -h
    

Authors
====================
    Jing Conan Wang
    wangjing AT bu.edu