Scapy wrapper for summarizing PCAP flows

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for craigarms from gravatar.com craigarms

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

Author: Craig ARMSTRONG

Tags scapy, pcap, summary

Requires: Python >=3.7

Classifiers

Project description

Pcap_summary, 3.7, 3.8, 3.9, 3.10

Pcap_summary

This is a wrapper script for Scapy that will parse a pcap file and output a summary of the packets in the file. It will also output a summary of the protocols used in the pcap file.

Usage

Summarizing a pcap file:

pcap_summary <pcap file>

Example:

    pcap_summary http.pcap

Output:

Proto    Src                 Dst                Flags      Flow Size    FCount    RCount
-------  ------------------  -----------------  -------  -----------  --------  --------
UDP      24.6.173.220:53867  75.75.75.75:53     --               142         1         1
UDP      24.6.173.220:54997  75.75.75.75:53     --               368         2         2
TCP      24.6.173.220:42379  174.137.42.75:80   SAPFR          14175         7        11
TCP      24.6.173.220:42380  174.137.42.75:80   SAP             7251         7         8
UDP      24.6.173.220:49643  75.75.75.75:53     --               276         1         1
UDP      24.6.173.220:59261  75.75.75.75:53     --               297         1         1
[...]

TCP flags are decoded as follows and added to the flow summary:

S = SYN
A = ACK
F = FIN
R = RST
P = PSH
U = URG
E = ECE
C = CWR

The flow size is the total size of the flow in bytes incremented via the IP length field.

The FCount is the number of packets for a given source and destination socket pair in one direction
The RCount is the number of packets for the given pair in the opposite direction.

Summarizing a pcap file and filtering:

pcap_summary <pcap file> <search>

Example:

    pcap_summary http.pcap 174.137.42.75

Output:

Proto    Src                 Dst               Flags      Flow Size    FCount    RCount
-------  ------------------  ----------------  -------  -----------  --------  --------
TCP      24.6.173.220:42379  174.137.42.75:80  SAPFR          14175         7        11
TCP      24.6.173.220:42380  174.137.42.75:80  SAP             7251         7         8
TCP      24.6.173.220:42381  174.137.42.75:80  SAP             8126         5         7
TCP      24.6.173.220:42383  174.137.42.75:80  SAP              452         2         1
TCP      24.6.173.220:42384  174.137.42.75:80  SA               144         2         1

The search is performed by looking if the given string is present in the list formed by the flow.

Installation

Available on Pypi:

pip install pcap_summary

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for craigarms from gravatar.com craigarms

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

Author: Craig ARMSTRONG

Tags scapy, pcap, summary

Requires: Python >=3.7

Classifiers

Release history Release notifications | RSS feed

This version

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pcap_summary-1.0.0.tar.gz (3.2 kB view hashes)

Uploaded Source

Built Distribution

pcap_summary-1.0.0-py3-none-any.whl (3.8 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page