LinuxQuestions.org - convert packet level pcap captures to flow level data

- Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)

- - convert packet level pcap captures to flow level data (http://www.linuxquestions.org/questions/linux-networking-3/convert-packet-level-pcap-captures-to-flow-level-data-468313/)

hedpe

07-27-2006 02:41 PM

convert packet level pcap captures to flow level data

Hey guys,

I am looking for a tool that can read through pcap format packet level data, and convert it to flow level data.

I'd give it pcap files, it would generate something like:

StartTime(seconds), EndTime(seconds), IP Protocol, Source IP, Source Port, Dst IP, Dst Port, Source Packets, Dst Packets, Source Bytes, Dst Bytes

Anyone know of any tools that can do this before I go and attempt writing something to do it?

Thanks!
George

acid_kewpie

07-27-2006 02:56 PM

ethereal does this (of course!) check the conversations option in the statistics menu. try "ipv4" and you'll get what you want in a copyable format. i *assume* tethereal can present this information as well directlythrough aconsole for batch operation etc...

All times are GMT -5. The time now is 03:26 AM.