caesar0301 / awesome-pcaptools Goto Github PK

Capinfos: https://www.wireshark.org/docs/man-pages/capinfos.html
Argus: http://qosient.com/argus/
Securityonion: is basically the Kali of Network Analysis https://securityonion.net
Networktotal: https://www.networktotal.com

The entry for bro-ids should be renamed to Zeek

https://zeek.org/
https://zeek.org/2018/10/11/renaming-the-bro-project/

The CICFlowMeter is an open source tool that generates Biflows from pcap files, and extracts more than 80 features from these flows.
CICFlowMeter is a network traffic flow generator available from here . It can be used to generate bidirectional flows, where the first packet determines the forward (source to destination) and backward (destination to source) directions, hence the statistical time-related features can be calculated separately in the forward and backward directions. Additional functionalities include, selecting features from the list of existing features, adding new features, and controlling the duration of flow timeout.
NOTE: TCP flows are usually terminated upon connection teardown (by FIN packet) while UDP flows are terminated by a flow timeout. The flow timeout value can be assigned arbitrarily by the individual scheme e.g., 600 seconds for both TCP and UDP.
https://github.com/ISCX/CICFlowMeter

This repo seems to miss a license. You could use https://github.com/sindresorhus/awesome#license as inspiration.

I need to determine the throughput available between TCP client/server based on a capture.

I would be very grateful if someone would indicate a script or tool that allows me to extract the troughput / network bandwidth from a capture pcap file and save it in a csv, txt ...

Any help will be really appreciated
Laura

Yaf is missing. It's a reliable piece of software, quite solid and able to generate flow records from pcap. This is very nice for indexing huge pcap or even doing packet capture. The recent version can even extract payloads and put in the Flow records.

https://tools.netsa.cert.org/yaf/yaf.html

Thank you for your work.

Hi !

Thanks for this database. But it's still not clear to me which tool could give me a plot of the bandwidth used over time. I think pinpointing tools that can do that would be useful.

Thanks,

Tom

Hello,

https://github.com/simsong/tcpflow

It's a complete rewrite of the original tcpflow. The tool is pretty good in TCP reassembly and avoid the classical pitfalls of tools only matching (SYN.RST/FIN).

Hope this helps.

Hi Caesar0301,

You might want to add ipsumdump in your list.

http://www.read.seas.harvard.edu/~kohler/ipsumdump/

"Ipsumdump can read packets from network interfaces, from tcpdump files, and from existing ipsumdump files. It will transparently uncompress tcpdump or ipsumdump files when necessary. It can randomly sample traffic, filter traffic based on its contents, anonymize IP addresses, and sort packets from multiple dumps by timestamp. Also, it can optionally create a tcpdump file containing actual packet data."

If you are frequently doing analysis of pcap capture, there are some nifty functions like sampling (with a probability) packets or display a one-way hash value of the payload.

I hope this helps.

Kind regards.

TraceWrangler could be added to the list, see https://www.tracewrangler.com - it does sanitization, merging, flow extraction, multi-file conversation statistics and more. Windows only though (but runs fine on Wine).

Simple and effective tool: https://github.com/wrigby/flowdump

. I have make the attempt to use made-ready tools like tcpflows, tcpslice, tcpsplit, but all these tools try to either decrease the trace volume (under requirement) or resemble the packets into flow payloads (over requirement). I have not found a simple tool to classify the packets into flows without further processing.

On verge of being invalidate by PR:
simsong/tcpflow#200

It is fast, can do a lot and can even be operated with Python!

https://www.tranalyzer.com

The screenshot url contain spaces.

Bmon
Screenshot

CBM
Screenshot