pcap

问题 I am trying to programmatically capture a stream of packets by using Tshark . The simplified terminal command I am using is: tshark -i 2 -w output.pcap This is pretty straightforward, but I then need to get a .csv file in order to easily analyze the information captured. By opening the .pcap file in Wireshark and exporting it in .csv what I get is a file structured as follows: "No.","Time","Source","Destination","Protocol","Length","Info" but,again, I need to do this in an automatic way. So I

问题 I've got this code which is working fine to write a pcap file (with just the Ethernet protocol for the test) with libpcap: struct ethernet { u_char mac1[6]; u_char mac2[6]; u_short protocol; }; int main() { pcap_t *pd; pcap_dumper_t *pdumper; pd = pcap_open_dead(DLT_EN10MB, 65535); pdumper = pcap_dump_open(pd, "test.pcap"); struct pcap_pkthdr packet_header; struct timeval ts; packet_header.ts = ts; packet_header.caplen = sizeof(struct ethernet); packet_header.len = sizeof(struct ethernet);

来源： https://stackoverflow.com/questions/57326230/how-can-i-convert-a-pcap-into-csv-using-python

来源： https://stackoverflow.com/questions/57326230/how-can-i-convert-a-pcap-into-csv-using-python

问题 I've got two PCAP files, A and B . A has a 'magic number' in the header of d4 c3 b2 a1 , B has a 'magic number' in the header of 4d 3c b2 a1 . According to the wireshark documentation (http://wiki.wireshark.org/Development/LibpcapFileFormat), only 0xd4c3b2a1 and 0xa1b2c3d4 are valid magic numbers, which leads me to think that B is not a valid magic number. Running file on linux backs this up, with the output of file A being: tcpdump capture file (little-endian) - version 2.4 (Ethernet,

问题 I was wondering if there is any tool that can parse pcap data and convert it to a csv file with the following information: timestamp, bytes, uplink/downlink, some extra info.. Basically, the uplink/downlink could be seen by the IP/MAC address, and the extra info is not really needed, but what I mean with that is choose a specific field of a packet for example. I have been trying some tools but I have not found the suitable one yet. Otherwise I will write a small parser. Thanks in advance! 回答1

问题 I have multiple text file which I have previously captured via TCPDump, but I didn't set the config correctly and as a result I don't have a complete dump to convert it to pcap file with the help of text2pcap. Therefore, I have tried to write a python script to convert my text files to pcaps. Following is what my captured file looks like: tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 1509471560.944080 MAC1 > MAC2, ethertype IPv4 (0x0800), length 74: (tos

问题 I have a socket bound to a NIC that I am using to capture packets in a pcap_loop. I have a separate process running that eventually does a "read" on that same device, but only after a unix local pipe is ready to be read. Is it correct to say that the read() on the device from the 2nd process will read everything that's ready, not just one packet at a time, even though my other process is set up to use pcap_loop to read a packet at a time? 回答1: I have a socket bound to a NIC that I am using to

问题 I want to make a C program in which one laptop(say server) is acting as a HTTP forwarder(it has access to the internet by WLAN) for another laptop(say client) and both laptops are connected to each other by LAN. Steps that I implemented are : 1) (in the child process)listen at eth1 and if destination port == 80 , then modify packet - (a) write destination ip and source port in router.txt (b) change source IP, source and destination mac addr, checksum (c) inject the modified packet in wlan1

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 3 years ago . I was wondering if there are any sample wireshark pcaps for diameter protocol out there? If so please share. Thanks 回答1: Here is one sample capture 回答2: I recommend you to take a look at the wireshark wiki regarding diameter, there a sample right there: https://wiki.wireshark.org/DIAMETER 回答3: It won't do you