Extracting Window Values and Schedules in a Network Dump

2

The following network dump (PCAP file format) results from the capture of a denial of service attack in the lab:

I would like to extract the time (unix time) and window value (win) and save it to a text file in the following format:

schedule, win

Is it possible with Python?

#!/usr/bin/env python

from scapy.all import *
import dpkt



filename='ataques.pcap'

a = rdpcap(filename)
    
asked by anonymous 28.05.2017 / 07:10

2 answers

2

Use the pycapfile library:

> pip install pypcapfile

Usage:

>>> from pcapfile import savefile
>>> testcap = open('ataques.pcap', 'rb')
>>> capfile = savefile.load_savefile(testcap, verbose=True)

The information you need is in capfile.packets . Make a capfile.packets[0].__dir__() to get the properties you want. I believe timestamp is one of them.

    
28.05.2017 / 07:21
2

The simplest way is with tshark:

tshark -r "1.pcap" -Tfields -e frame.time_epoch -e tcp.window_size_value >> arquivo.txt
    
28.05.2017 / 16:31