Re: Extracting information about streams from pcap

you can try tcpextract.allthough bit modification will be needed but
it can do ur work.
http://tcpxtract.sourceforge.net/
---------------------------------------
http://www.secgeeks.com
get a blog on SecGeeks :)
register here:-
http://secgeeks.com/user/register
rss feeds :-
http://secgeeks.com/node/feed

http://www.newskicks.com
Submit and kick for new stories from all around the world.
---------------------------------------

On 6/30/07, David <lists@xxxxxxxxx> wrote:
Hi,

I have a large pcap file that I would like to extract overview
stream/packet information from. I would like data about TCP, UDP and
ICMP in the following format:

src_ip, dst_ip, src_port, dst_port, protocol, packets, time
(obviously some fields aren't relevant for some protocols)

I have seen a number of tools but many seem to be based around TCP
streams only. I have no problem wrapping awk around a program to
generate the right output, but a C/Python library might be more help.

Any ideas?

David


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------




--

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

Relevant Pages