convert packet level pcap captures to flow level data

hedpe · 07-27-2006, 02:41 PM

Hey guys,

I am looking for a tool that can read through pcap format packet level data, and convert it to flow level data.

I'd give it pcap files, it would generate something like:

StartTime(seconds), EndTime(seconds), IP Protocol, Source IP, Source Port, Dst IP, Dst Port, Source Packets, Dst Packets, Source Bytes, Dst Bytes

Anyone know of any tools that can do this before I go and attempt writing something to do it?

Thanks!
George

acid_kewpie · 07-27-2006, 02:56 PM

ethereal does this (of course!) check the conversations option in the statistics menu. try "ipv4" and you'll get what you want in a copyable format. i *assume* tethereal can present this information as well directlythrough aconsole for batch operation etc...