Skip to content

daisu-mi/pcap2csv

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits

src

src

 
 

AUTHORS

AUTHORS

 
 

COPYING

COPYING

 
 

ChangeLog

ChangeLog

 
 

INSTALL

INSTALL

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

Makefile.am

Makefile.am

 
 

Makefile.in

Makefile.in

 
 

NEWS

NEWS

 
 

README

README

 
 

README.md

README.md

 
 

aclocal.m4

aclocal.m4

 
 

bootstrap

bootstrap

 
 

compile

compile

 
 

config.h.in

config.h.in

 
 

configure

configure

 
 

configure.in

configure.in

 
 

depcomp

depcomp

 
 

install-sh

install-sh

 
 

missing

missing

 
 

routerview.pfx2as

routerview.pfx2as

 
 

Repository files navigation

pcap2csv

PCAP2CSV is a simple command line program which outputs CSV formatted data from raw PCAP packet capture data. Each packet recorded in the PCAP file is transformed to one line data, aligned by the following format.

Number Row Name Type Description
1 tv_sec long Recorded time (tv_sec) in the PCAP file.
2 tv_usec long Recorded time (tv_usec) in the PCAP file.
3 counter long Sequence number in the PCAP file.
4 srcip char Source IPv4/IPv6 address.
5 dstip char Destination IPv4/IPv6 address.
6 srcasn int Source AS Number.
7 dstasn int Destination AS Number.
8 sport/type int Source TCP or UDP Portnumber, or ICMP type.
9 dport/code int Destination TCP or UDP Portnumber, or ICMP code.
10 proto int IP Proto (TCP, UDP or ICMP).
11-266 bag-of-Fs int Bag of Fields (x00, x01, x02 .... x0F, x10 .... Xfe, Xff).

If you want to convert IP address to asnumber, please prepare CAIDA's Routeviews Prefix to AS mappings Dataset (pfx2as) for IPv4 and IPv6. The latest version only supports to convert IPv4 addresses to AS Numbers.

Compile

  • You may need pcap librarly and headers to compile.
  • % ./configure
  • % make
  • % sudo make install

Usage

  • r : read PCAP data
  • i : read from NIC
  • c : max number to read
  • l : lookup AS number from IP address with routeview dataset
  • x : dump data field with a bag-of-fields algorithm (1byte)
  • X : dump data field with a bag-of-fields algorithm (2bytes)
  • R : regularize dumped data (calculate average)

Use cases

  1. Read 100 packets from a pcap file
    % p2c -r pcap.cap -c 100
  2. Read from NIC
    % sudo p2c -i eth0
  3. Try aslookup option
    % (wget http://data.caida.org/datasets/routing/routeviews-prefix2as/.... && gunzip (filename).pfx2as.gz)
    % p2c -r pcap.cap -l filename.pfx2as
  4. Bug-of-Field option to analyze layer 7 payloads
    % p2c -r pcap.cap -x 7
  5. Bug-of-Field option to analyze other portion
    % p2c -r pcap.cap -x 0 # observe L3 Header, L4 Header, and L7 payloads
    % p2c -r pcap.cap -x 3 # observe L3 Header
    % p2c -r pcap.cap -x 4 # observe L4 Header
    % p2c -r pcap.cap -x 7 # observe L7 Payloads
    % p2c -r pcap.cap -X 7 -R # observe L7 Payloads (2bytes) and regularize

binary2csv

Binary2CSV is a Bug-of-Field parser for any files (as well as txt)

Use cases

  1. Read from files
    % b2c -r README.md

About

No description, website, or topics provided.

Resources

Readme

License

BSD-2-Clause, BSD-2-Clause licenses found

Licenses found

BSD-2-Clause
LICENSE
BSD-2-Clause
COPYING
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages