1
The following network dump (PCAP format file) is the result of capturing a denial of service attack in the laboratory:
I would like to extract the time (Unix time) and the window value (win) and save in a text file, in the following format:
hours, win
It is possible with Python?
#!/usr/bin/env python
from scapy.all import *
import dpkt
filename='ataques.pcap'
a = rdpcap(filename)
2
Use the library pycapfile:
> pip install pypcapfile
Use:
>>> from pcapfile import savefile
>>> testcap = open('ataques.pcap', 'rb')
>>> capfile = savefile.load_savefile(testcap, verbose=True)
The information you need is at capfile.packets. Make a capfile.packets[0].__dir__() to get the properties you want. I believe that timestamp be one of them.
1
The simplest way is with tshark:
tshark -r "1.pcap" -Tfields -e frame.time_epoch -e tcp.window_size_value >> arquivo.txt
Browser other questions tagged python python-3.x security-guard python-2.7
You are not signed in. Login or sign up in order to post.
once extracted the timestamp and the window, such as saving them separated by commas in a text file?
– Ed S
So I don’t know what the window and time fields are in this file. I would need them to assemble an example of how to save.
– Leonel Sanches da Silva
https://pastebin.com/5zEuaQcf https://ibb.co/jzYDXa Time Stamp I found but win it seems that pycapfile does not show!
– Ed S
Is inside
packet, probably.– Leonel Sanches da Silva