Re: Extracting information about streams from pcap

["crazy frog crazy frog" <i.m.crazy.frog () gmail com>]

you can try tcpextract.allthough bit modification will be needed but
it can do ur work.
http://tcpxtract.sourceforge.net/
---------------------------------------
http://www.secgeeks.com
get a blog on SecGeeks :)
register here:-
http://secgeeks.com/user/register
rss feeds :-
http://secgeeks.com/node/feed

http://www.newskicks.com
Submit and kick for new stories from all around the world.
---------------------------------------

On 6/30/07, David <lists () edeca net> wrote:
> Hi,
>
> I have a large pcap file that I would like to extract overview
> stream/packet information from.  I would like data about TCP, UDP and
> ICMP in the following format:
>
> src_ip, dst_ip, src_port, dst_port, protocol, packets, time
> (obviously some fields aren't relevant for some protocols)
>
> I have seen a number of tools but many seem to be based around TCP
> streams only.  I have no problem wrapping awk around a program to
> generate the right output, but a C/Python library might be more help.
>
> Any ideas?
>
> David
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Swap Out your SPI or Watchfire app sec solution for
> Cenzic's robust, accurate risk assessment and management
> solution FREE - limited Time Offer
>
> http://www.cenzic.com/wf-spi
> ------------------------------------------------------------------------


--

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------