View Code? Open in Web Editor NEW

A simple utility to classify packets into flows. It's so simple that only one task is aimed to finish. For Deep Packet Inspection or flow classification, it's so common to analyze the feature of one specific flow. I have make the attempt to use made-ready tools like tcpflows, tcpslice, tcpsplit, but all these tools try to either decrease the trace volume (under requirement) or resemble the packets into flow payloads (over requirement). I have not found a simple tool to classify the packets into flows without further processing. This is why this program is born.

Python 3.61% C 96.39%

pkt2flow's Introduction

pkt2flow

by chenxm, Shanghai Jiao Tong Univ. [email protected]

2012-12

A simple utility to classify packets into flows. It's so simple that only one task is aimed to finish.

For Deep Packet Inspection or flow classification, it's so common to analyze the feature of one specific flow. I have make the attempt to use made-ready tools like tcpflows, tcpslice, tcpsplit, but all these tools try to either decrease the trace volume (under requirement) or resemble the packets into flow payloads (over requirement). I have not found a simple tool to classify the packets into flows without further processing. This is why this program is born.

The inner function of this program behaves using the 4-tuple (src_ip, dst_ip, src_port, dst_port) to seperate the packets into TCP or UDP flows. Each flow will be saved into a pcap file named with 4-tuple and the timestamp of the first packet of the flow. The packets are saved in the order as read from the source. Any further processing like TCP resembling is not performed. The flow timeout is considered as 30 minutes which can be changed in pkt2flow.h.

How to compile

This program is structured and compiled with a tool called SCons (http://www.scons.org/). You can follow simple steps to make a compile:

Make sure you have libpcap (on Mac and Linux) in your system.
Install "Scons" that can be downloaded from its official website given above.
cd into the root folder of pkt2flow, and run scons

$ cd ./pkt2flow

$ scons

How to install (optional)

You can optionally let scons automatically handle the installation for you by providing an installation prefix, e.g.:

$ PREFIX=/usr/local
$ scons --prefix=$PREFIX install

This will build pkt2flow and install the binary to /usr/local/bin/pkt2flow. Depending on where you want to install it, you might need to use sudo or become the appropriate user.

Usage

Usage: ./pkt2flow [-huvx] [-o outdir] pcapfile

Options:
	-h	print this help and exit
	-u	also dump (U)DP flows
	-v	also dump the in(v)alid TCP flows without the SYN option
	-x	also dump non-UDP/non-TCP IP flows
	-o	(o)utput directory

Recommend Projects

digideskio / pkt2flow Goto Github PK

pkt2flow's Introduction

pkt2flow

How to compile

How to install (optional)

Usage

pkt2flow's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent