Problem with PCAP to CSV conversion in `netshare/pre_post_processors/netshare/main.c`
Xinyu-Li-123 opened this issue · 1 comments
The program /netshare/pre_post_processors/netshare/main.c seems unable to identify protocols other than TCP and UDP.
This program converts TCP and UDP to their corresponding protocol number but it ignores all other kinds of protocals. Is this a bug or is it by design?
Currently, we use a five-tuple notation (source IP, destination IP, source port, destination port, protocol) to identify flows where it's only applicable for TCP/UDP. So when converting from pcap to CSV, we only keep TCP/UDP.
If you would like to take care of other protocols (e.g., ICMP), you may add that part to (1) pcap2csv (2) creating flow representations -- however there is no "real flow" for protocols other than TCP/UDP, you may put a placeholder for port numbers and proceed with the same five-tuple schema.