Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Extracting information about streams from pcap

From: Jim Clausing <clausing () computer org>
Date: Sun, 1 Jul 2007 22:52:23 -0400 (EDT)
http://ipaudit.sourceforge.net

--
Jim Clausing

On or about Sat, 30 Jun 2007, David pontificated thusly:


Hi,

I have a large pcap file that I would like to extract overview stream/packet
information from.  I would like data about TCP, UDP and ICMP in the following
format:

src_ip, dst_ip, src_port, dst_port, protocol, packets, time
(obviously some fields aren't relevant for some protocols)

I have seen a number of tools but many seem to be based around TCP streams
only.  I have no problem wrapping awk around a program to generate the right
output, but a C/Python library might be more help.

Any ideas?

David


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: