A command line pcap file analyser tool.
Project description
jspcapy
NOTE: This repository has been officially deprecated and merged into jspcap.
jspcapy is a command line pcap file analyser tool. It supports analysis on several networking protocol headers, such as IP (both version 4 and 6), ICMP, TCP, UDP, SCTP, et al and streaming output of plist, json and tree-view text file.
Notice that the whole project works on Python versions since 3.6.
Installation
Simply run the following to install the latest from PyPI:
$ pip install jspcapy
Or install from the git repository:
$ git clone https://github.com/JarryShaw/jspcapy.git
$ python setup.py install
Usage
As it shows in the help manual, it is quite easy to use:
$ jspcapy -h
usage: jspcapy [-h] [-V] [-o file-name] [-f format] [-j] [-p] [-t] [-a] [-F]
[-v]
input-file-name
PCAP file extractor and formatted exporter
positional arguments:
input-file-name The name of input pcap file. If ".pcap" omits, it will
be automatically appended.
optional arguments:
-h, --help show this help message and exit
-V, --version show program's version number and exit
-o file-name, --output file-name
The name of input pcap file. If format extension
omits, it will be automatically appended.
-f format, --format format
Print a extraction report in the specified output
format. Available are all formats supported by
jsformat, e.g.: json, plist, and tree.
-j, --json Display extraction report as json. This will yield
"raw" output that may be used by external tools. This
option overrides all other options.
-p, --plist Display extraction report as macOS Property List
(plist). This will yield "raw" output that may be used
by external tools. This option overrides all other
options.
-t, --tree Display extraction report as tree view text. This will
yield "raw" output that may be used by external tools.
This option overrides all other options.
-a, --auto-extension If output file extension omits, append automatically.
-F, --files Split each frame into different files.
-v, --verbose Show more information.
Under most circumstances, you should indicate the name of input pcap file (extension may omit) and at least, output format (json, plist, or tree). Once format unspecified, the name of output file must have proper extension (*.json, *.plist, or *.txt), otherwise FormatError will raise.
As for verbose mode, detailed information will print while extraction (as following examples). And auto-extension flag works for the output file, to indicate whether extensions should be appended.
Samples
Here are some usage samples:
- export to a macOS Property List (
Xcodehas special support for this format)
$ jspcapy in -f plist --verbose
🚨Loading file 'in.pcap'
- Frame 1: Ethernet:IPv6:ICMPv6
- Frame 2: Ethernet:IPv6:ICMPv6
- Frame 3: Ethernet:IPv4:TCP
- Frame 4: Ethernet:IPv4:TCP
- Frame 5: Ethernet:IPv4:TCP
- Frame 6: Ethernet:IPv4:UDP
🍺Report file stored in 'out.plist'
- export to a json file (with no format specified)
$ jspcapy in -o out.json --verbose
🚨Loading file 'in.pcap'
- Frame 1: Ethernet:IPv6:ICMPv6
- Frame 2: Ethernet:IPv6:ICMPv6
- Frame 3: Ethernet:IPv4:TCP
- Frame 4: Ethernet:IPv4:TCP
- Frame 5: Ethernet:IPv4:TCP
- Frame 6: Ethernet:IPv4:UDP
🍺Report file stored in 'out.json'
- export to a text tree view file (without extension autocorrect)
$ jspcapy in -o out -f tree --verbos
🚨Loading file 'in.pcap'
- Frame 1: Ethernet:IPv6:ICMPv6
- Frame 2: Ethernet:IPv6:ICMPv6
- Frame 3: Ethernet:IPv4:TCP
- Frame 4: Ethernet:IPv4:TCP
- Frame 5: Ethernet:IPv4:TCP
- Frame 6: Ethernet:IPv4:UDP
🍺Report file stored in 'out'
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for jspcapy-0.4.0.post1-pp35-none-macosx_10_14_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6fff9855739c04d41c5e0d421e1386f42557853db6f94de8197d751dca46adf3 |
|
| MD5 | 8a947293fb86a4eaf0695cf602ecad7f |
|
| BLAKE2b-256 | 2ecc079ac84869ebdc5fe5290c3d7ba1428472a11d086818e68554042b272c44 |
Hashes for jspcapy-0.4.0.post1-pp27-none-macosx_10_14_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6d0f6224c8cfb079dc7d5b82d25fe41ce9ac2ef835e0ff2bc597021d55ae2d7e |
|
| MD5 | 374b4c20249c7d4aa7c0f0d3b59286a8 |
|
| BLAKE2b-256 | 0fb4cf7a834ed940e994743b7e2397b3e09bc830a45b79db49cc9ec5211601dc |
Hashes for jspcapy-0.4.0.post1-cp37-none-macosx_10_14_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 459a79606a52382dd2d77e70f0d99f599310fa1adafc9c97209e8cca042314c2 |
|
| MD5 | 5248c6778f17a371615fd49fe5d3d479 |
|
| BLAKE2b-256 | c0ae5dd1f0da58fdde9ce90ba73ea7cd768758004c576fb9381006fb1b6be372 |
Hashes for jspcapy-0.4.0.post1-cp36-none-macosx_10_14_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9e3573743895a3b4dab6503aed4ebd3c80bc897fc6ea5b31f27c775b3519e2b7 |
|
| MD5 | ae6f48e55d211f595fa40185edd07752 |
|
| BLAKE2b-256 | 67f76119642aba73dcec45b83cb09a9549272a9f42ae6a6aebf0b1b161c10fd9 |
Hashes for jspcapy-0.4.0.post1-cp27-none-macosx_10_14_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5be4536c5a621a8899016053d82fcffcaadd0f39a225708f3d89a361a7ebeaea |
|
| MD5 | 5c837ec2868e73d39ba79c7c3707de8f |
|
| BLAKE2b-256 | 84534fd044e1ce0acfe9d6a209b64658035d96720c521c4b4aa5d5a014e1337f |
