GitHub - snsl/pcap2ds: PCAP to DataSeries Conversion Tool

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
DStoXMLModule.cpp		DStoXMLModule.cpp
DStoXMLModule.hpp		DStoXMLModule.hpp
Makefile		Makefile
README		README
ds2xml.cpp		ds2xml.cpp
iscsi.cpp		iscsi.cpp
iscsi.hpp		iscsi.hpp
nfs.cpp		nfs.cpp
nfs.hpp		nfs.hpp
pcap2ds.c		pcap2ds.c
print.cpp		print.cpp
protocol.cpp		protocol.cpp
protocol.hpp		protocol.hpp
smb.cpp		smb.cpp
smb.hpp		smb.hpp

Repository files navigation

#########
1. install DataSeries

   The following packages must be installed:
   libboost-dev
   libboost-thread-mt-dev
   libboost-program-options-dev
   libxml2
   cmake
   graphviz
   bzip2
   bzip2-devel
   libbz2-dev

   Build DataSeries
   
   $ cd ~ && wget http://tesla.hpl.hp.com/opensource/deptool-bootstrap
   $ perl deptool-bootstrap tarinit http://tesla.hpl.hp.com/opensource/sources/latest-release
   $ cd ~/projects/DataSeries && perl ~/deptool-bootstrap build -t

#########
2. Build wireshark

   The following packages must be installed:
   libgnutls-dev
   libgeoip-dev
   libpcap-dev
   libgtk2.0-dev
   libglib2.0-dev
   flex
   bison

   Get latest source code from http://www.wireshark.org/download.html

   Untar source

   $ tar xvfj wireshark-1.8.0rc2.tar.bz2
   $ cd wireshark-1.8.0rc2
   $ ./configure
   $ make
   $ sudo make install

#########
3. Build pcap2ds

   Change the WIRESHARK variable in the Makefile in trace directory to
   point to the location of the wireshark source.  Fix the DATASERIES
   and LIBXML variables as well.

   # make

#########
4. Run pcap2ds

   Add DataSeries library directory to your LD_LIBRARY_PATH

   # pcap2ds [-r file.pcap][-i eth0] -w output.file

   -r and -i options can not be used together
   -r file.pcap reads PCAP info from file.pcap
   -i eth0	captures packets from interface eth0

   -w outputfile writes output to output file
   -R readfilter See http://wiki.wireshark.org/DisplayFilters for examples