一个用于解析pcap文件的python库

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aimafan from gravatar.com aimafan
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: ZGC-BUPT-aimafan
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

pypcaptools介绍

pypcaptools 是一个用于处理pcap文件的 Python 库,可以实现以下功能:

  1. 将流量按照session进行分隔,可以输出pcap格式或json格式。
  2. 将pcap文件导入到mysql数据库中
  3. 从mysql数据库中读取流量数据,并进行统计

安装

pip install pypcaptools

Quick Start

  1. 分流
from pypcaptools import PcapHandler

origin_pcap = "/path/dir/filename"

ph = PcapHandler(origin_pcap)
output_dir = "/path/dir/output_dir"

# 分流之后以pcap格式输出,TCP流允许从中途开始(即没有握手过程)
session_num, output_path = ph.split_flow(output_dir, tcp_from_first_packet=False, output_type="pcap")

# 分流之后以json格式输出,输出一个json文件,其中每一个单元表示一条流,TCP流必须从握手阶段开始,从中途开始的TCP流会被丢弃
session_num, output_path = ph.split_flow(output_dir, tcp_from_first_packet=True, output_type="json")
  1. 将流量分流并加入到mysql数据库中
from pypcaptools import PcapToDatabaseHandler
db_config = {
    "host": "",
    "port": 3306,
    "user": "root",
    "password": "password",
    "database": "traffic",
    "table": "table",
}

# 参数依次为 处理的pcap路径、mysql配置、应用层协议类型、访问网站/行为、采集机器、table注释
handler = PcapToDatabaseHandler(
    "test.pcap", db_config, "https", "github.com", "vultr10", "测试用数据集"
)
handler.split_flow_to_database()
  1. 统计入库的流量信息
from pypcaptools import TrafficInfo
db_config = {
    "host": "",
    "port": 3306,
    "user": "root",
    "password": "password",
    "database": "traffic",
    "table": "table",
}

traffic_info = TrafficInfo(db_config)
traffic_info.use_table("table_name")      # 这里要指定统计的table
transformed_data = traffic_info.table_columns   # 获得该table的表头和对应注释信息

traffic_num = traffic_info.count_flows("packet_length > 10 and accessed_website == 163.com")  # 获得满足条件的流的个数
website_list = traffic_info.get_value_list_unique("accessed_website")    # 获得table中的网站列表
website_list = traffic_info.get_payload("packet_length > 10")    # 获得满足特定条件的流的payload序列

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aimafan from gravatar.com aimafan
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: ZGC-BUPT-aimafan
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

2.5.2

2.5.1

2.5

2.4

2.3

2.2

2.1

2.0

1.7

1.6

1.5.1

1.5

This version

1.4.1

1.3

1.2

1.1

1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pypcaptools-1.4.1.tar.gz (9.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pypcaptools-1.4.1-py3-none-any.whl (10.5 kB view details)

Uploaded Python 3

File details

Details for the file pypcaptools-1.4.1.tar.gz.

File metadata

  • Download URL: pypcaptools-1.4.1.tar.gz
  • Upload date:
  • Size: 9.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.0.1 CPython/3.9.21

File hashes

Hashes for pypcaptools-1.4.1.tar.gz
Algorithm Hash digest
SHA256 d787530f9d18d4bd9ed36122f25186237593a18badbeb98e0c4235435804b038
MD5 21579de4aa634394223cf9f7018bb6d8
BLAKE2b-256 6eb7f2e980553458e6b9274229ace7d2aa7f3adb701cd38247f8ae046863b04d

See more details on using hashes here.

File details

Details for the file pypcaptools-1.4.1-py3-none-any.whl.

File metadata

  • Download URL: pypcaptools-1.4.1-py3-none-any.whl
  • Upload date:
  • Size: 10.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.0.1 CPython/3.9.21

File hashes

Hashes for pypcaptools-1.4.1-py3-none-any.whl
Algorithm Hash digest
SHA256 e5fcad1601e1f70b0c60e4fdc149d510d11816c519a884e8c7ab134496b42e1d
MD5 4179e3cf8a174e97ace2190f696e1893
BLAKE2b-256 5beb7bdb44689e5e1603aaf68c1c1abdace4d7b3d8fec83877a0f88595e64aab

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page