Scapy wrapper for summarizing PCAP flows
Project description
Pcap_summary
This is a wrapper script for Scapy that will parse a pcap file and output a summary of the packets in the file. It will also output a summary of the protocols used in the pcap file.
Usage
Summarizing a pcap file:
pcap_summary <pcap file>
Example:
pcap_summary http.pcap
Output:
Proto Src Dst Flags Flow Size FCount RCount
------- ------------------ ----------------- ------- ----------- -------- --------
UDP 24.6.173.220:53867 75.75.75.75:53 -- 142 1 1
UDP 24.6.173.220:54997 75.75.75.75:53 -- 368 2 2
TCP 24.6.173.220:42379 174.137.42.75:80 SAPFR 14175 7 11
TCP 24.6.173.220:42380 174.137.42.75:80 SAP 7251 7 8
UDP 24.6.173.220:49643 75.75.75.75:53 -- 276 1 1
UDP 24.6.173.220:59261 75.75.75.75:53 -- 297 1 1
[...]
TCP flags are decoded as follows and added to the flow summary:
S = SYN
A = ACK
F = FIN
R = RST
P = PSH
U = URG
E = ECE
C = CWR
The flow size is the total size of the flow in bytes incremented via the IP length field.
The FCount is the number of packets for a given source and destination socket pair in one direction
The RCount is the number of packets for the given pair in the opposite direction.
Summarizing a pcap file and filtering:
pcap_summary <pcap file> <search>
Example:
pcap_summary http.pcap 174.137.42.75
Output:
Proto Src Dst Flags Flow Size FCount RCount
------- ------------------ ---------------- ------- ----------- -------- --------
TCP 24.6.173.220:42379 174.137.42.75:80 SAPFR 14175 7 11
TCP 24.6.173.220:42380 174.137.42.75:80 SAP 7251 7 8
TCP 24.6.173.220:42381 174.137.42.75:80 SAP 8126 5 7
TCP 24.6.173.220:42383 174.137.42.75:80 SAP 452 2 1
TCP 24.6.173.220:42384 174.137.42.75:80 SA 144 2 1
The search is performed by looking if the given string is present in the list formed by the flow.
Installation
Available on Pypi:
pip install pcap_summary
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pcap_summary-1.0.0.tar.gz.
File metadata
- Download URL: pcap_summary-1.0.0.tar.gz
- Upload date:
- Size: 3.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.7.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
01f3799985dabf5904ae13d1892c107fbc3176f5cc3a8f466fcc75a77391089a
|
|
| MD5 |
ffbdc8b0a868a1c553cfde2690eb04ad
|
|
| BLAKE2b-256 |
f685fbbf1514db7c9ce3e5c7fd0ecc2f443bbe750a43886bbdd6c0def8964888
|
File details
Details for the file pcap_summary-1.0.0-py3-none-any.whl.
File metadata
- Download URL: pcap_summary-1.0.0-py3-none-any.whl
- Upload date:
- Size: 3.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.7.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
00f1603cd750388fbbe7e89dd79ffc470800d7d9ca3a07e8933e6aef18293209
|
|
| MD5 |
d74555bdb57874b4a3166f60ce98e4fe
|
|
| BLAKE2b-256 |
586e0f18dfbed5aa2ab55bff566b82ff9f069dcfdb44b96efef96e470eb65dc4
|
