* Due to slight variations in the plugin engine, be sure to download the plugin for the right version of ProcDOT
Project source can be downloaded from
Author & Contributor List
PCAP_tools is a set of plugins to add functionality to ProcDOT. With this plugin, you will be able to dump files from the pcap and view flows in ProcDOT. TCPflow is used with the plugin to accomplish this.
Download files from the repository for your system. Move the pcap_tools(.py) and pdp fles into you ProcDOT plugins directory. These plugins depend on Python 2.7 and tcpflow 1.4.4 or later (http://www.digitalcorpora.org/downloads/tcpflow/). Place the tcpflow executable either in the plugin folder or from a system callable path. On Windows, make sure the pcap_tools.bat contains the rihgt path to for python.
Fire up ProcDOT and there should an entry in the Plugin menu called Extract Files From PCAP, and a right click option on a server node labeled Follow TCP Stream and Extract File(s) From Flow.
Extract Files From PCAP
Extract Files From PCAP is controled by pcap_tools_files.pdp. With this config file in the ProcDOT plugins folder, there should now be an entry in the plugins menu.
This plugin will allow you to extract files that are contained in pcap file loaded in ProcDOT. Once selected, a new window will open asking you which hash algorithum you want to use(MD5, SHA1, SHA256). Once you are done picking a hash, it will ask for folder to save the files in.
Follow TCP Stream
The plugin will allow you to view complete flows natively in ProcDOT. They will look simular to viewing them in Wireshark.
Also, if a stream contains gzipped data, Follow TCP Stream should automagically ungzip the stream.
Extract File(s) From Flow
Extract File(s) From Flow is controled by pcap_tools_stream_file.pdp, With this config file loaded in ProcDOT plugins folder, there should now be an entry in the right click menu when you are on a server node.
The plugin will allow you to extract the files from the flow. Once selected, a new window will open asking you which hash algorithum you want to use(MD5, SHA1, SHA256). Once you are done picking a hash, it will ask for folder to save the files in.
If there are files in the flow, they should be hashed accordingly in the save folder.