The following network dump (PCAP file format) results from the capture of a denial of service attack in the lab:
I would like to extract the time (unix time) and window value (win) and save it to a text file in the following format:
schedule, win
Is it possible with Python?
#!/usr/bin/env python
from scapy.all import *
import dpkt
filename='ataques.pcap'
a = rdpcap(filename)
Use the pycapfile library:
> pip install pypcapfile
Usage:
>>> from pcapfile import savefile
>>> testcap = open('ataques.pcap', 'rb')
>>> capfile = savefile.load_savefile(testcap, verbose=True)
The information you need is in capfile.packets . Make a capfile.packets[0].__dir__() to get the properties you want. I believe timestamp is one of them.
The simplest way is with tshark:
tshark -r "1.pcap" -Tfields -e frame.time_epoch -e tcp.window_size_value >> arquivo.txt