


nanopcap是一个python库和一组用于处理纳秒的工具 分辨率PCAP数据。它的设计是最小的,不需要依赖性。



转储短格式(每个数据包1行)或长格式(每个数据包1行)的PCAP 价值)。

> NanoPcap/Tools/Dump.py -h
usage: Dump.py [-h] [-d DATA_BYTES] [-l] [-j] [-o DATA_OFFSET] [-H] [-R] [-s]

PCAP Dump Diagnostic

positional arguments:
  pcap                  PCAP file to dump.

optional arguments:
  -h, --help            show this help message and exit
  -d DATA_BYTES, --data-bytes DATA_BYTES
                        Show a certain number of bytes as hex for each packet
  -l, --long            Enable long form which generally puts one value per
                        line for easy diffing.
  -j, --json            Enable JSON output with either one object per line
                        (short mode) or one value per line (long mode).
  -o DATA_OFFSET, --data-offset DATA_OFFSET
                        Offset of the data to show.
  -H, --no-header       Do not show the header.
  -R, --no-records      Do not show records.
  -s, --strict          Enables strict validation rules.


根据设置的条件筛选PCAP,并可以选择执行其他编辑,如快照 长度截断、数据包重复数据消除,甚至像随机丢弃和重复那样的模糊处理。

> NanoPcap/Tools/Filter.py -h
usage: Filter.py [-h] [--strict] [-l SNAPLEN] [-o DATA_OFFSET]
                 [-x DATA_END_OFFSET] [-H] [-R] [-a]
                 [--required-link-type REQUIRED_LINK_TYPE]
                 [--link-type LINK_TYPE]
                 [--time-shift-seconds TIME_SHIFT_SECONDS] [-s START] [-e END]
                 [-D DROP_FRACTION] [--duplicate-fraction DUPLICATE_FRACTION]
                 [--deduplication-window DEDUPLICATION_WINDOW]
                 input output

PCAP Filter Tool

positional arguments:
  input                 PCAP file to use as input.
  output                Output file. May include time format strings to roll
                        the file based on packet time stamps, e.g.
                        %Y/%m/%d/%H.pcap for hourly output files in daily

optional arguments:
  -h, --help            show this help message and exit
  --strict              Enables strict validation rules.
  -l SNAPLEN, --snaplen SNAPLEN
                        Add a certain number of bytes for each packet record.
  -o DATA_OFFSET, --data-offset DATA_OFFSET
                        Offset of the data to include.
  -x DATA_END_OFFSET, --data-end-offset DATA_END_OFFSET
                        Offset from the end of the data to include.
  -H, --no-header       Do not output the header.
  -R, --no-records      Do not output records.
  -a, --append          Append to the file (implies no header).
  --required-link-type REQUIRED_LINK_TYPE
                        The required link type of the file being edited (e.g.
                        1 for Ethernet, 228 for IPv4, 229 for IPv6).
  --link-type LINK_TYPE
                        A value to set the link type in the header to (e.g. 1
                        for Ethernet, 228 for IPv4, 229 for IPv6).
  --time-shift-seconds TIME_SHIFT_SECONDS
                        The amount of time in seconds to shift timestamps in
                        the output PCAP.
  -s START, --start START
                        Start time as either epoch nanoseconds or a datetime
                        (with only microsecond resolution).
  -e END, --end END     End time as either epoch nanoseconds or a relative
                        offset in nanoseconds to the start (e.g. +100 would
                        yield a 100ns PCAP).
                        Fraction of the time to drop packagets (from 0 to 1
  --duplicate-fraction DUPLICATE_FRACTION
                        Fraction of the time to duplicate packagets (from 0 to
                        1 inclusive).
  --deduplication-window DEDUPLICATION_WINDOW
                        Sets the number of the packets in the deduplication
                        window (based on contents).


> NanoPcap/Tools/Filter.py --required-link-type 1 --link-type 228 -o 14 -x 4 SSH.pcap TestData/SSH_L3.pcap
> NanoPcap/Tools/Filter.py --required-link-type 1 --link-type 228 -o 14 -x 4 SSH2.pcap TestData/SSH2_L3.pcap


> ./strip_ethernet_header.sh SSH.pcap TestData/SSH_L3.pcap



> NanoPcap/Tools/Merge.py -h
usage: Merge.py [-h] [--strict] input1 input2 output

PCAP Filter Tool

positional arguments:
  input1      PCAP file to use as input.
  input2      PCAP file to use as other input.
  output      Output file

optional arguments:
  -h, --help  show this help message and exit
  --strict    Enables strict validation rules.



> NanoPcap/Tools/Split.py -h
usage: Split.py [-h] [--gzip-output] [--strict] [-b MAX_BYTES]
                [-p MAX_PACKETS] [-l SNAPLEN] [-o DATA_OFFSET]
                [-x DATA_END_OFFSET] [-H] [-a]
                input output

PCAP Splitting Tool

positional arguments:
  input                 PCAP file to use as input.
  output                Output path -- output files will be named based on the
                        identifying attributes.

optional arguments:
  -h, --help            show this help message and exit
  --gzip-output         Enables gzip for the output files.
  --strict              Enables strict validation rules.
  -b MAX_BYTES, --max-bytes MAX_BYTES
                        The maximum number of bytes in a slice.
  -p MAX_PACKETS, --max-packets MAX_PACKETS
                        The maximum number of packets in a slice.
  -l SNAPLEN, --snaplen SNAPLEN
                        Add a certain number of bytes for each packet record.
  -o DATA_OFFSET, --data-offset DATA_OFFSET
                        Offset of the data to include.
  -x DATA_END_OFFSET, --data-end-offset DATA_END_OFFSET
                        Offset from the end of the data to include.
  -H, --no-header       Do not output the header.
  -a, --append          Append to the file (implies no header).



> mkdir -p SplitData && NanoPcap/Tools/SplitEthernetFlows.py TestData/SSH_L3.pcap SplitData/ && ls SplitData/

> NanoPcap/Tools/SplitFlows.py -h
usage: SplitFlows.py [-h] [--strict] [-l SNAPLEN] [-o DATA_OFFSET]
                     [-x DATA_END_OFFSET] [-H] [-a] [--link-type LINK_TYPE]
                     input output

PCAP Filter Tool

positional arguments:
  input                 PCAP file to use as input.
  output                Output path -- output files will be named based on the
                        identifying attributes.

optional arguments:
  -h, --help            show this help message and exit
  --strict              Enables strict validation rules.
  -l SNAPLEN, --snaplen SNAPLEN
                        Add a certain number of bytes for each packet record.
  -o DATA_OFFSET, --data-offset DATA_OFFSET
                        Offset of the data to include.
  -x DATA_END_OFFSET, --data-end-offset DATA_END_OFFSET
                        Offset from the end of the data to include.
  -H, --no-header       Do not output the header.
  -a, --append          Append to the file (implies no header).
  --link-type LINK_TYPE
                        A value to set the link type in the header to (e.g. 1
                        for Ethernet, 228 for IPv4, 229 for IPv6).



> NanoPcap/Tools/Summary.py TestData/SSH_L3.pcap -u
Epoch times: 1472402096321502000 - 1472402096321652000 (150000ns) (2016-08-28 16:34:56.321501 - 2016-08-28 16:34:56.321651)

Name                      Count    Total  Average  Std Dev      Min   25th %   50th %   75th %   95th %   99th % 99.9th %      Max
Included Length              21     8.6K   421.43   502.94       34       34      102      582     1482     1482     1482     1482
Original Length              21     8.6K   421.43   502.94       34       34      102      582     1482     1482     1482     1482
Interpacket Time (ns)        20  150.0us    7.5us   20.9us      0.0      0.0    1.0us    1.0us   74.0us   74.0us   74.0us   74.0us
Packet Rate (pps)            20            133.3K             13.5K     1.0M      inf      inf      inf      inf      inf      inf
Data Rate (Bps)              20                              448.7K   539.8M      inf      inf      inf      inf      inf      inf


> NanoPcap/Tools/Summary.py TestData/SSH_L3.pcap
Epoch times: 1472402096321502000 - 1472402096321652000 (150000ns) (2016-08-28 16:34:56.321501 - 2016-08-28 16:34:56.321651)

Name                          Count            Total        Average        Std Dev            Min         25th %         50th %         75th %         95th %         99th %       99.9th %            Max
Included Length                  21           8850.0         421.43         502.94             34             34            102            582           1482           1482           1482           1482
Original Length                  21           8850.0         421.43         502.94             34             34            102            582           1482           1482           1482           1482
Interpacket Time (ns)            20         150000.0         7500.0        20884.2            0.0            0.0         1000.0         1000.0        74000.0        74000.0        74000.0        74000.0
Packet Rate (pps)                20                        133333.3                       13513.5      1000000.0            inf            inf            inf            inf            inf            inf
Data Rate (Bps)                  20                                                      459459.5    566000000.0            inf            inf            inf            inf            inf            inf

欢迎加入QQ群-->: 979659372 Python中文网_新手群


在java Swing中检测重叠对象   java JAXB,xs:any和targetNamespace   JavaFX中的java按钮操作以错误的顺序执行   java Android显示所有已安装应用的应用选择器   在Java中,有没有比仿射变换更有效的旋转图像的方法?   java Play 2.4.6,为测试中的字节码增强配置生成设置   java无法在片段中的图像滑块中获取图像   在java中尝试MD5哈希   Android studio应用程序能否读取Java桌面应用程序序列化的数据类?   无法强制转换java自定义类   自定义Arraylist中的java Split 2列csv字符串   java Spring自定义请求上下文   java在安卓应用程序运行期间,如何检查网络状态是否发生变化?   java是否应该更改HTTP客户端以获得来自服务器的异步响应?   java使用TableModel来保存和处理数据,或者让它只显示对象(内容)   java如何获取麦克风/扬声器名称?   java Android从另一个类更新布局   通过Java RXTX与空调制解调器进行串行到串行通信?