Aggregates wireshark pdml to flows
Project description
Aggregates wireshark pdml to flows
Branch |
Build |
Coverage |
|---|---|---|
master |
||
develop |
Prerequisites
Installation
$ sudo pip install pdml2flowUsage
$ pdml2flow -h
usage: pdml2flow [-h] [-f FLOW_DEF_STR] [-t FLOW_BUFFER_TIME] [-l DATA_MAXLEN]
[-s] [-x] [-c] [-a] [-m] [-d] [-p PLUGIN_LOAD] [-0]
Aggregates wireshark pdml to flows
optional arguments:
-h, --help show this help message and exit
-f FLOW_DEF_STR Fields which define the flow, nesting with: '.'
[default: ['vlan.id', 'ip.src', 'ip.dst', 'ipv6.src',
'ipv6.dst', 'udp.stream', 'tcp.stream']]
-t FLOW_BUFFER_TIME Lenght (in seconds) to buffer a flow before writing the
packets [default: 180]
-l DATA_MAXLEN Maximum lenght of data in tshark pdml-field [default:
200]
-s Extract show names, every data leaf will now look like
{ raw : [] , show: [] } [default: False]
-x Switch to xml output [default: False]
-c Removes duplicate data when merging objects, will not
preserve order of leaves [default: False]
-a Instead of merging the frames will append them to an
array [default: False]
-m Appends flow metadata [default: False]
-d Debug mode [default: False]
-p PLUGIN_LOAD Plguins to load, installed: [] [default: []]
-0 Terminates lines with null character [default: False]Example
Sniff from interface:
$ tshark -i interface -Tpdml | pdml2flowWrite xml output
$ tshark -i interface -Tpdml | pdml2flow -xRead a .pcap file
$ tshark -r pcap_file -Tpdml | pdml2flowAggregate based on ethernet source and ethernet destination address
$ tshark -i interface -Tpdml | pdml2flow -f eth.src -f eth.dstPretty print flows using jq
$ tshark -i interface -Tpdml | pdml2flow | jqPost-process flows using FluentFlow
$ tshark -i interface -Tpdml | pdml2flow | fluentflow rules.jsUtils
The following utils are part of this project
pdml2json
Converts pdml to json
$ pdml2json -h
usage: pdml2json [-h] [-s] [-d]
Converts wireshark pdml to json
optional arguments:
-h, --help show this help message and exit
-s Extract show names, every data leaf will now look like { raw :
[] , show: [] } [default: False]
-d Debug mode [default: False]pdml2xml
Converts pdml to xml
$ pdml2xml -h
usage: pdml2xml [-h] [-s] [-d]
Converts wireshark pdml to xml
optional arguments:
-h, --help show this help message and exit
-s Extract show names, every data leaf will now look like { raw :
[] , show: [] } [default: False]
-d Debug mode [default: False]Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pdml2flow-4.0.tar.gz
(15.6 kB
view details)
File details
Details for the file pdml2flow-4.0.tar.gz.
File metadata
- Download URL: pdml2flow-4.0.tar.gz
- Upload date:
- Size: 15.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
31964eabbec3506fde2bd9b24bd0239a5ccd07b3e50f811e68e58bf3b147efe9
|
|
| MD5 |
da1cd5bb3c2d45575b06be5b11bacbc3
|
|
| BLAKE2b-256 |
4405c835ab0f171bfc29fc6e3c04aad1d4a0a8290cd6f3b40cc3d307b4e587c1
|
