GithubHelp home page GithubHelp logo

isabella232 / python-sortcap Goto Github PK

View Code? Open in Web Editor NEW

This project forked from rapid7/python-sortcap

0.0 0.0 0.0 9 KB

Created by Derek Abdine via the GitHub Connector

License: Other

Python 93.00% Makefile 7.00%

python-sortcap's Introduction

python-sortcap

Or in short: sortcap

Problem Statement

Medium to large sized PCAPs are tricky to "access" in the sense that all tools will go over the whole file to show details about a certain connection / ip.

Sortcap

We just sort the pcap's packets, ordered by the "connection tuple" (src, sport, dst, dport, proto). This way you can remember the offset of the first packet for one of the tuples, and then efficiently extract all related packets. The connection information can then be indexed somehow so one can search for an ip / port to get the respective offsets.

Example

./sortcap -i <input_pcap> -o <output_pcap>

Or with the Docker image:

docker run --rm --net=none -v $PWD:/pcap r7labs/sortcap -i input.pcap -o output.pcap

If you have a pcapng or pcapng.gz etc, you need to preprocess with mergecap

docker run --rm --net=none -v $PWD:/pcap --entrypoint mergecap r7labs/sortcap -F pcap -w output.pcap input.pcapng.gz

Future work

  • Support pcapng / gzipped natively
  • Other indexing options (see --index)
  • Other protocol types?

python-sortcap's People

Contributors

jhart-r7 avatar mschloesser-r7 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.