A command line pcap file analyser tool.
Project description
jspcapy
NOTE: This repository has been officially deprecated and merged into jspcap
.
jspcapy
is a command line pcap file analyser tool. It supports analysis on several networking protocol headers, such as IP
(both version 4 and 6), ICMP
, TCP
, UDP
, SCTP
, et al and streaming output of plist
, json
and tree-view text
file.
Notice that the whole project works on Python versions since 3.6.
Installation
Simply run the following to install the latest from PyPI:
$ pip install jspcapy
Or install from the git repository:
$ git clone https://github.com/JarryShaw/jspcapy.git
$ python setup.py install
Usage
As it shows in the help manual, it is quite easy to use:
$ jspcapy -h
usage: jspcapy [-h] [-V] [-o file-name] [-f format] [-j] [-p] [-t] [-a] [-F]
[-v]
input-file-name
PCAP file extractor and formatted exporter
positional arguments:
input-file-name The name of input pcap file. If ".pcap" omits, it will
be automatically appended.
optional arguments:
-h, --help show this help message and exit
-V, --version show program's version number and exit
-o file-name, --output file-name
The name of input pcap file. If format extension
omits, it will be automatically appended.
-f format, --format format
Print a extraction report in the specified output
format. Available are all formats supported by
jsformat, e.g.: json, plist, and tree.
-j, --json Display extraction report as json. This will yield
"raw" output that may be used by external tools. This
option overrides all other options.
-p, --plist Display extraction report as macOS Property List
(plist). This will yield "raw" output that may be used
by external tools. This option overrides all other
options.
-t, --tree Display extraction report as tree view text. This will
yield "raw" output that may be used by external tools.
This option overrides all other options.
-a, --auto-extension If output file extension omits, append automatically.
-F, --files Split each frame into different files.
-v, --verbose Show more information.
Under most circumstances, you should indicate the name of input pcap file (extension may omit) and at least, output format (json
, plist
, or tree
). Once format unspecified, the name of output file must have proper extension (*.json
, *.plist
, or *.txt
), otherwise FormatError
will raise.
As for verbose
mode, detailed information will print while extraction (as following examples). And auto-extension
flag works for the output file, to indicate whether extensions should be appended.
Samples
Here are some usage samples:
- export to a macOS Property List (
Xcode
has special support for this format)
$ jspcapy in -f plist --verbose
🚨Loading file 'in.pcap'
- Frame 1: Ethernet:IPv6:ICMPv6
- Frame 2: Ethernet:IPv6:ICMPv6
- Frame 3: Ethernet:IPv4:TCP
- Frame 4: Ethernet:IPv4:TCP
- Frame 5: Ethernet:IPv4:TCP
- Frame 6: Ethernet:IPv4:UDP
🍺Report file stored in 'out.plist'
- export to a json file (with no format specified)
$ jspcapy in -o out.json --verbose
🚨Loading file 'in.pcap'
- Frame 1: Ethernet:IPv6:ICMPv6
- Frame 2: Ethernet:IPv6:ICMPv6
- Frame 3: Ethernet:IPv4:TCP
- Frame 4: Ethernet:IPv4:TCP
- Frame 5: Ethernet:IPv4:TCP
- Frame 6: Ethernet:IPv4:UDP
🍺Report file stored in 'out.json'
- export to a text tree view file (without extension autocorrect)
$ jspcapy in -o out -f tree --verbos
🚨Loading file 'in.pcap'
- Frame 1: Ethernet:IPv6:ICMPv6
- Frame 2: Ethernet:IPv6:ICMPv6
- Frame 3: Ethernet:IPv4:TCP
- Frame 4: Ethernet:IPv4:TCP
- Frame 5: Ethernet:IPv4:TCP
- Frame 6: Ethernet:IPv4:UDP
🍺Report file stored in 'out'
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for jspcapy-0.4.0.post1-pp35-none-macosx_10_14_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6fff9855739c04d41c5e0d421e1386f42557853db6f94de8197d751dca46adf3 |
|
MD5 | 8a947293fb86a4eaf0695cf602ecad7f |
|
BLAKE2b-256 | 2ecc079ac84869ebdc5fe5290c3d7ba1428472a11d086818e68554042b272c44 |
Hashes for jspcapy-0.4.0.post1-pp27-none-macosx_10_14_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6d0f6224c8cfb079dc7d5b82d25fe41ce9ac2ef835e0ff2bc597021d55ae2d7e |
|
MD5 | 374b4c20249c7d4aa7c0f0d3b59286a8 |
|
BLAKE2b-256 | 0fb4cf7a834ed940e994743b7e2397b3e09bc830a45b79db49cc9ec5211601dc |
Hashes for jspcapy-0.4.0.post1-cp37-none-macosx_10_14_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 459a79606a52382dd2d77e70f0d99f599310fa1adafc9c97209e8cca042314c2 |
|
MD5 | 5248c6778f17a371615fd49fe5d3d479 |
|
BLAKE2b-256 | c0ae5dd1f0da58fdde9ce90ba73ea7cd768758004c576fb9381006fb1b6be372 |
Hashes for jspcapy-0.4.0.post1-cp36-none-macosx_10_14_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9e3573743895a3b4dab6503aed4ebd3c80bc897fc6ea5b31f27c775b3519e2b7 |
|
MD5 | ae6f48e55d211f595fa40185edd07752 |
|
BLAKE2b-256 | 67f76119642aba73dcec45b83cb09a9549272a9f42ae6a6aebf0b1b161c10fd9 |
Hashes for jspcapy-0.4.0.post1-cp27-none-macosx_10_14_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5be4536c5a621a8899016053d82fcffcaadd0f39a225708f3d89a361a7ebeaea |
|
MD5 | 5c837ec2868e73d39ba79c7c3707de8f |
|
BLAKE2b-256 | 84534fd044e1ce0acfe9d6a209b64658035d96720c521c4b4aa5d5a014e1337f |