Extracting Window and Time values from a network dump

Asked

Viewed 159 times

1

The following network dump (PCAP format file) is the result of capturing a denial of service attack in the laboratory:

Ataques

I would like to extract the time (Unix time) and the window value (win) and save in a text file, in the following format:

hours, win

It is possible with Python?

#!/usr/bin/env python

from scapy.all import *
import dpkt



filename='ataques.pcap'

a = rdpcap(filename)

2 answers

2

Use the library pycapfile:

> pip install pypcapfile

Use:

>>> from pcapfile import savefile
>>> testcap = open('ataques.pcap', 'rb')
>>> capfile = savefile.load_savefile(testcap, verbose=True)

The information you need is at capfile.packets. Make a capfile.packets[0].__dir__() to get the properties you want. I believe that timestamp be one of them.

  • once extracted the timestamp and the window, such as saving them separated by commas in a text file?

  • So I don’t know what the window and time fields are in this file. I would need them to assemble an example of how to save.

  • https://pastebin.com/5zEuaQcf https://ibb.co/jzYDXa Time Stamp I found but win it seems that pycapfile does not show!

  • Is inside packet, probably.

1

The simplest way is with tshark:

tshark -r "1.pcap" -Tfields -e frame.time_epoch -e tcp.window_size_value >> arquivo.txt

Browser other questions tagged

You are not signed in. Login or sign up in order to post.