Convert StarOS "monitor subscriber" or "monitor protocol" ASCII dump to PCAP
Project description
mon2pcap
mon2pcap is a program for converting Cisco's StarOS "monitor subscriber" or "monitor protocol" text based packet captures to PCAP.
This program will work only if the PDU Hexdump switch (X or A) is enabled.
Disclaimer
This program comes with no guarantees whatsoever.
The hexdump in the monsub does NOT represent a full packet, hence:
⚠️ All data-link layer protocols are generated, the MACs there are bogus.
⚠️ All non-IP packets data-link, network and transport protocols are bogus.
⚠️ If it's IP packet, the ports are correct (most of the time) but the transport level protocol is bogus.
The layers had to be generated for wireshark and other tools working with pcap file formats to properly dissect them.
Installation
Prerequisites
- Python 3.8.1 or newer
⚠️ Installers usually ask to add Python toPATH, do it now and you will avoid headaches later. - pip - The Python Package Installer
- mon2pcap installation:
$ pip install mon2pcap
Usage
$ mon2pcap --help
usage: mon2pcap [-h] -i <infile> [-o <outfile>]
[-e {GTPC,GTPCv2,GTPU,RADIUS,USERL3,USERL3_IPV6,CSS,DIAMETER,RANAP...}]
[-s] [-v] [-d]
Convert StarOS "monitor subscriber" or "monitor protocol" ASCII dump to PCAP
options:
-h, --help show this help message and exit
-i <infile>, --input <infile>
input file
-o <outfile>, --output <outfile>
output file
-e {GTPC,GTPCv2,GTPU,RADIUS,USERL3,USERL3_IPV6,CSS,DIAMETER,RANAP...}
exclude one or more protocols
-s, --skip-malformed Skip malformed packets
-v, --version show program's version number and exit
-d, --debug debug level logging
$ mon2pcap -i test_mon_sub.txt
100%|██████████████████████████████████████████████████████| 1746/1746 [00:00<00:00, 237876.14 lines/s]
PCAP generated at "test_mon_sub.pcap"
Found #14 valid packets
========================
GTPC : 4
DIAMETER : 4
PFCP : 4
GTPP : 2
Ignored : 4
Implemented protocols
SPGW/GGSN/SAEGW:
GTPC (24)ON by defaultEGTPC (74)ON by defaultRadius Auth (13)ON by defaultRadiu Acct (14)ON by defaultEC Diameter (36)ON by defaultGTPU (26)OFF by defaultUser L3 (19)OFF by defaultCSS Data (34)OFF by defaultIPSec IKEv2 (40)OFF by defaultDNS Client (70)OFF by defaultL2TP (21)ON by defaultRadius COA (31)OFF by defaultDHCP (28)OFF by defaultL3 Tunnel (33)OFF by default //tested with GREPFCP (49)ON by defaultGTPP (27)ON by defaultLMISF (39)OFF by default
MME/SGSN:
GTPC (24)ON by defaultS1AP (81)ON by defaultDIAMETER (36)ON by defaultRANAP (56)OFF by defaultBSSGP (59)OFF by defaultTCAP (54)OFF by defaultSCCP (53)OFF by defaultSLS (94)ON by defaultSCTP (51)OFF by default
Changelog
License
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file mon2pcap-1.0.6.tar.gz.
File metadata
- Download URL: mon2pcap-1.0.6.tar.gz
- Upload date:
- Size: 27.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.5.1 CPython/3.11.4 Darwin/22.5.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 027641e785e044200cdb611d5d9f5e3e091f325ba15e4c3c7134a52d6541a42d |
|
| MD5 | 57b573ccf24b0ac7009de1da1a53c2c1 |
|
| BLAKE2b-256 | 98a4c763b18eeaa4654fabbdb063bb48357d0271e6531b9e631a96fbb04cc8ba |
Provenance
File details
Details for the file mon2pcap-1.0.6-py3-none-any.whl.
File metadata
- Download URL: mon2pcap-1.0.6-py3-none-any.whl
- Upload date:
- Size: 28.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.5.1 CPython/3.11.4 Darwin/22.5.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d7ccd36cdc24e3e1e8967f20213a88286bdaa53aa3f60ef9bd4286163828f57c |
|
| MD5 | 3da133846ceb23bc3325e665edade259 |
|
| BLAKE2b-256 | 2f85de32ad9661c477648d538cce8871572456745bf168104b37cb25c39be3a2 |
