Network学习11_Pcap包拆分工具pkt2flow介绍
2016-08-24 20:47
204 查看
工具地址:
https://github.com/caesar0301/pkt2flow
相关介绍:
将pcap包拆分成流的格式,拆分过后的流将以源IP、源端口、目的IP、目的端口的格式存放,一个完整的会话将保存在一个文件夹中。
A simple utility to classify packets into flows. It's so simple that only one task is aimed to finish.
For Deep Packet Inspection or flow classification, it's so common to analyze the feature of one specific flow. I have make the attempt to use made-ready tools like
but all these tools try to either decrease the trace volume (under requirement) or resemble the packets into flow payloads (over requirement). I have not found a simple tool to classify the packets into flows without further processing. This is why this program
is born.
The inner function of this program behaves using the 4-tuple (src_ip, dst_ip, src_port, dst_port) to seperate the packets into TCP or UDP flows. Each flow will be saved into a pcap file named with 4-tuple and the timestamp of the
first packet of the flow. The packets are saved in the order as read from the source. Any further processing like TCP resembling is not performed. The flow timeout is considered as 30 minutes which can be changed in pkt2flow.h.
软件编译和安装时使用到SCons工具。
This program is structured and compiled with a tool called SCons (http://www.scons.org/). You
can follow simple steps to make a compile:
Make sure you have libpcap (on Mac and Linux) in your system.
Install "Scons" that can be downloaded from its official website given above.
$ cd ./pkt2flow
$ scons
You can optionally let scons automatically handle the installation for you by providing an installation prefix, e.g.:
This will build pkt2flow and install the binary to /usr/local/bin/pkt2flow. Depending on where you want to install it, you might need to use sudo or become the appropriate user.
使用方法:
Usage: ./pkt2flow [-huvx] [-o outdir] pcapfile
示例:
./pkt2flow -uxv -o /tmp/split_pcap/pkt2flow/ /home/Skype1.pcap
感谢原作者:
chenxm, Shanghai Jiao Tong Univ. chenxm35@gmail.com
https://github.com/caesar0301/pkt2flow
相关介绍:
将pcap包拆分成流的格式,拆分过后的流将以源IP、源端口、目的IP、目的端口的格式存放,一个完整的会话将保存在一个文件夹中。
A simple utility to classify packets into flows. It's so simple that only one task is aimed to finish.
For Deep Packet Inspection or flow classification, it's so common to analyze the feature of one specific flow. I have make the attempt to use made-ready tools like
tcpflows,
tcpslice,
tcpsplit,
but all these tools try to either decrease the trace volume (under requirement) or resemble the packets into flow payloads (over requirement). I have not found a simple tool to classify the packets into flows without further processing. This is why this program
is born.
The inner function of this program behaves using the 4-tuple (src_ip, dst_ip, src_port, dst_port) to seperate the packets into TCP or UDP flows. Each flow will be saved into a pcap file named with 4-tuple and the timestamp of the
first packet of the flow. The packets are saved in the order as read from the source. Any further processing like TCP resembling is not performed. The flow timeout is considered as 30 minutes which can be changed in pkt2flow.h.
软件编译和安装时使用到SCons工具。
How to compile
This program is structured and compiled with a tool called SCons (http://www.scons.org/). Youcan follow simple steps to make a compile:
Make sure you have libpcap (on Mac and Linux) in your system.
Install "Scons" that can be downloaded from its official website given above.
cdinto the root folder of pkt2flow, and run
scons
$ cd ./pkt2flow
$ scons
How
to install (optional)
You can optionally let scons automatically handle the installation for you by providing an installation prefix, e.g.:$ PREFIX=/usr/local $ scons --prefix=$PREFIX install
This will build pkt2flow and install the binary to /usr/local/bin/pkt2flow. Depending on where you want to install it, you might need to use sudo or become the appropriate user.
使用方法:
Usage: ./pkt2flow [-huvx] [-o outdir] pcapfile
-h print this help and exit -u also dump (U)DP flows -v also dump the in(v)alid TCP flows without the SYN option -x also dump non-UDP/non-TCP IP flows -o (o)utput directory
示例:
./pkt2flow -uxv -o /tmp/split_pcap/pkt2flow/ /home/Skype1.pcap
感谢原作者:
chenxm, Shanghai Jiao Tong Univ. chenxm35@gmail.com
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- linux和Uinx下的文件拆分工具split介绍
- USBPCAP工具介绍
- J2ME学习(一)——J2ME开发工具和厂商SDK介绍
- Linux下C开发工具介绍 GCC gdb xxgdb calls calltree cproto indent gprof
- MI测试工具介绍[转帖]
- J2ME开发工具和厂商SDK介绍
- 软件测试人员必备工具介绍--如何滚屏抓取图片-SnagIt篇(图)
- J2ME开发工具和厂商SDK介绍
- 英特尔软件开发工具介绍—— Intel® VTune 可视化性能分析器
- 软件测试人员必备工具介绍--如何滚屏抓取图片-SnagIt篇(图)
- 应用Rational 工具简化基于J2EE的项目:第一部分 介绍
- 核心调试工具介绍
- MySQL数据导入导出方法与工具介绍(1- myslqimport utility)
- 一些非常好的小工具介绍
- 介绍一个ASP.NET开发工具Web Matrix
- 介绍一款强大的文档搜索工具——grep
- 随笔(二):Java开发工具介绍
- MySQL数据导入导出方法与工具介绍(2-import from sql files)
- J2ME学习(一)——J2ME开发工具和厂商SDK介绍
- 应用Rational 工具简化基于J2EE的项目:第一部分 介绍