A command line pcap file analyser tool.
Project description
jspcapy
NOTE: This repository has been officially deprecated and merged into jspcap
.
jspcapy
is a command line pcap file analyser tool. It supports analysis on several networking protocol headers, such as IP
(both version 4 and 6), ICMP
, TCP
, UDP
, SCTP
, et al and streaming output of plist
, json
and tree-view text
file.
Notice that the whole project works on Python versions since 3.6.
Installation
Simply run the following to install the latest from PyPI:
$ pip install jspcapy
Or install from the git repository:
$ git clone https://github.com/JarryShaw/jspcapy.git
$ python setup.py install
Usage
As it shows in the help manual, it is quite easy to use:
$ jspcapy -h
usage: jspcapy [-h] [-V] [-o file-name] [-f format] [-j] [-p] [-t] [-a] [-F]
[-v]
input-file-name
PCAP file extractor and formatted exporter
positional arguments:
input-file-name The name of input pcap file. If ".pcap" omits, it will
be automatically appended.
optional arguments:
-h, --help show this help message and exit
-V, --version show program's version number and exit
-o file-name, --output file-name
The name of input pcap file. If format extension
omits, it will be automatically appended.
-f format, --format format
Print a extraction report in the specified output
format. Available are all formats supported by
jsformat, e.g.: json, plist, and tree.
-j, --json Display extraction report as json. This will yield
"raw" output that may be used by external tools. This
option overrides all other options.
-p, --plist Display extraction report as macOS Property List
(plist). This will yield "raw" output that may be used
by external tools. This option overrides all other
options.
-t, --tree Display extraction report as tree view text. This will
yield "raw" output that may be used by external tools.
This option overrides all other options.
-a, --auto-extension If output file extension omits, append automatically.
-F, --files Split each frame into different files.
-v, --verbose Show more information.
Under most circumstances, you should indicate the name of input pcap file (extension may omit) and at least, output format (json
, plist
, or tree
). Once format unspecified, the name of output file must have proper extension (*.json
, *.plist
, or *.txt
), otherwise FormatError
will raise.
As for verbose
mode, detailed information will print while extraction (as following examples). And auto-extension
flag works for the output file, to indicate whether extensions should be appended.
Samples
Here are some usage samples:
- export to a macOS Property List (
Xcode
has special support for this format)
$ jspcapy in -f plist --verbose
🚨Loading file 'in.pcap'
- Frame 1: Ethernet:IPv6:ICMPv6
- Frame 2: Ethernet:IPv6:ICMPv6
- Frame 3: Ethernet:IPv4:TCP
- Frame 4: Ethernet:IPv4:TCP
- Frame 5: Ethernet:IPv4:TCP
- Frame 6: Ethernet:IPv4:UDP
🍺Report file stored in 'out.plist'
- export to a json file (with no format specified)
$ jspcapy in -o out.json --verbose
🚨Loading file 'in.pcap'
- Frame 1: Ethernet:IPv6:ICMPv6
- Frame 2: Ethernet:IPv6:ICMPv6
- Frame 3: Ethernet:IPv4:TCP
- Frame 4: Ethernet:IPv4:TCP
- Frame 5: Ethernet:IPv4:TCP
- Frame 6: Ethernet:IPv4:UDP
🍺Report file stored in 'out.json'
- export to a text tree view file (without extension autocorrect)
$ jspcapy in -o out -f tree --verbos
🚨Loading file 'in.pcap'
- Frame 1: Ethernet:IPv6:ICMPv6
- Frame 2: Ethernet:IPv6:ICMPv6
- Frame 3: Ethernet:IPv4:TCP
- Frame 4: Ethernet:IPv4:TCP
- Frame 5: Ethernet:IPv4:TCP
- Frame 6: Ethernet:IPv4:UDP
🍺Report file stored in 'out'
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for jspcapy-0.4.0.post2-pp35-none-macosx_10_14_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9f99a3488c3cf4e5a02a07dc9a5b1d0d95687843f903434c8c8325b20a49298a |
|
MD5 | cff492e77034675cd88d240d758bf73f |
|
BLAKE2b-256 | b0ece97740f99690bd7ed5d0d8d6a67c0d1add704c0409c9757fc94d42760d4b |
Hashes for jspcapy-0.4.0.post2-pp27-none-macosx_10_14_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4ac38b87c465d383251ea76b852e19d8c90eb211c527a961067ee56ae302ea4b |
|
MD5 | c59ed8f6511c17c0f0359fd629d439d6 |
|
BLAKE2b-256 | ba639863969f102d6ecebff2c511f1c969e7c0e5e8a2398af167b2c0fca39e8c |
Hashes for jspcapy-0.4.0.post2-cp37-none-macosx_10_14_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7d7e5e10d5ddcef5155a35e841105bf0a4eab95441b6583bd0c7edb9f9201f96 |
|
MD5 | f21460f497862db4924d9cf8fad4735d |
|
BLAKE2b-256 | 195b798864740122ff5c2071ab5e05f230e1851976c50438f6cd7407bb9e2952 |
Hashes for jspcapy-0.4.0.post2-cp36-none-macosx_10_14_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | bff213326b27277372e527717e1db39317061cf2a4f14f9c06905d77332f5358 |
|
MD5 | fc940f84dd3d9df232916bdd78d5211a |
|
BLAKE2b-256 | 34fe5f8b0addd152c2d5082d672c98683ce736af5e45a4b632b0a991da2ecd7b |
Hashes for jspcapy-0.4.0.post2-cp27-none-macosx_10_14_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a1e39be8ebe8cd6017225f4b80daef04e3330a7f532bf4dcc80dbcd4e4e860ba |
|
MD5 | 147d9f3f0a3d43b767d908735bc3b39a |
|
BLAKE2b-256 | 698e434d5177736128f9beb2e4b629b816bd1abbdae3d3c52d71b34d14c9928b |