{ "info": { "author": "Ian Hutchinson", "author_email": "ihutchinson@agalmicventures.com", "bugtrack_url": null, "classifiers": [ "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python :: 3" ], "description": "\n# NanoPcap\nNanoPcap is a Python library and set of tools for working with nanosecond\nresolution PCAP data. It is designed to be minimal and require no dependencies.\n\n## Tools\n\n### `Dump`\nDumps a PCAP in either short form (1 line per packet) or long form (1 line per\nvalue).\n\n\t> NanoPcap/Tools/Dump.py -h\n\tusage: Dump.py [-h] [-d DATA_BYTES] [-l] [-j] [-o DATA_OFFSET] [-H] [-R] [-s]\n\t pcap\n\n\tPCAP Dump Diagnostic\n\n\tpositional arguments:\n\t pcap PCAP file to dump.\n\n\toptional arguments:\n\t -h, --help show this help message and exit\n\t -d DATA_BYTES, --data-bytes DATA_BYTES\n\t Show a certain number of bytes as hex for each packet\n\t record.\n\t -l, --long Enable long form which generally puts one value per\n\t line for easy diffing.\n\t -j, --json Enable JSON output with either one object per line\n\t (short mode) or one value per line (long mode).\n\t -o DATA_OFFSET, --data-offset DATA_OFFSET\n\t Offset of the data to show.\n\t -H, --no-header Do not show the header.\n\t -R, --no-records Do not show records.\n\t -s, --strict Enables strict validation rules.\n\n### `Filter`\nFilters a PCAP based on set criteria and optionally does other edits like snapshot\nlength truncation, packet deduplication, or even fuzzing like random drops and duplication.\n\n\t> NanoPcap/Tools/Filter.py -h\n\tusage: Filter.py [-h] [--strict] [-l SNAPLEN] [-o DATA_OFFSET]\n\t [-x DATA_END_OFFSET] [-H] [-R] [-a]\n\t [--required-link-type REQUIRED_LINK_TYPE]\n\t [--link-type LINK_TYPE]\n\t [--time-shift-seconds TIME_SHIFT_SECONDS] [-s START] [-e END]\n\t [-D DROP_FRACTION] [--duplicate-fraction DUPLICATE_FRACTION]\n\t [--deduplication-window DEDUPLICATION_WINDOW]\n\t input output\n\n\tPCAP Filter Tool\n\n\tpositional arguments:\n\t input PCAP file to use as input.\n\t output Output file. May include time format strings to roll\n\t the file based on packet time stamps, e.g.\n\t %Y/%m/%d/%H.pcap for hourly output files in daily\n\t folders.\n\n\toptional arguments:\n\t -h, --help show this help message and exit\n\t --strict Enables strict validation rules.\n\t -l SNAPLEN, --snaplen SNAPLEN\n\t Add a certain number of bytes for each packet record.\n\t -o DATA_OFFSET, --data-offset DATA_OFFSET\n\t Offset of the data to include.\n\t -x DATA_END_OFFSET, --data-end-offset DATA_END_OFFSET\n\t Offset from the end of the data to include.\n\t -H, --no-header Do not output the header.\n\t -R, --no-records Do not output records.\n\t -a, --append Append to the file (implies no header).\n\t --required-link-type REQUIRED_LINK_TYPE\n\t The required link type of the file being edited (e.g.\n\t 1 for Ethernet, 228 for IPv4, 229 for IPv6).\n\t --link-type LINK_TYPE\n\t A value to set the link type in the header to (e.g. 1\n\t for Ethernet, 228 for IPv4, 229 for IPv6).\n\t --time-shift-seconds TIME_SHIFT_SECONDS\n\t The amount of time in seconds to shift timestamps in\n\t the output PCAP.\n\t -s START, --start START\n\t Start time as either epoch nanoseconds or a datetime\n\t (with only microsecond resolution).\n\t -e END, --end END End time as either epoch nanoseconds or a relative\n\t offset in nanoseconds to the start (e.g. +100 would\n\t yield a 100ns PCAP).\n\t -D DROP_FRACTION, --drop-fraction DROP_FRACTION\n\t Fraction of the time to drop packagets (from 0 to 1\n\t inclusive).\n\t --duplicate-fraction DUPLICATE_FRACTION\n\t Fraction of the time to duplicate packagets (from 0 to\n\t 1 inclusive).\n\t --deduplication-window DEDUPLICATION_WINDOW\n\t Sets the number of the packets in the deduplication\n\t window (based on contents).\n\nFor example, here is how Ethernet headers (L2) were removed to generate the files in TestData:\n\n\t> NanoPcap/Tools/Filter.py --required-link-type 1 --link-type 228 -o 14 -x 4 SSH.pcap TestData/SSH_L3.pcap\n\t> NanoPcap/Tools/Filter.py --required-link-type 1 --link-type 228 -o 14 -x 4 SSH2.pcap TestData/SSH2_L3.pcap\n\nThere is also a convenience script for that transformation:\n\n\t> ./strip_ethernet_header.sh SSH.pcap TestData/SSH_L3.pcap\n\n### `Merge`\nMerges two PCAP files with potentially interleaved timestamps.\n\n\t> NanoPcap/Tools/Merge.py -h\n\tusage: Merge.py [-h] [--strict] input1 input2 output\n\n\tPCAP Filter Tool\n\n\tpositional arguments:\n\t input1 PCAP file to use as input.\n\t input2 PCAP file to use as other input.\n\t output Output file\n\n\toptional arguments:\n\t -h, --help show this help message and exit\n\t --strict Enables strict validation rules.\n\n### `Split`\nSplits a PCAP into slices with a maximum number of packets, bytes, etc.\n\n\t> NanoPcap/Tools/Split.py -h\n\tusage: Split.py [-h] [--gzip-output] [--strict] [-b MAX_BYTES]\n\t [-p MAX_PACKETS] [-l SNAPLEN] [-o DATA_OFFSET]\n\t [-x DATA_END_OFFSET] [-H] [-a]\n\t input output\n\n\tPCAP Splitting Tool\n\n\tpositional arguments:\n\t input PCAP file to use as input.\n\t output Output path -- output files will be named based on the\n\t identifying attributes.\n\n\toptional arguments:\n\t -h, --help show this help message and exit\n\t --gzip-output Enables gzip for the output files.\n\t --strict Enables strict validation rules.\n\t -b MAX_BYTES, --max-bytes MAX_BYTES\n\t The maximum number of bytes in a slice.\n\t -p MAX_PACKETS, --max-packets MAX_PACKETS\n\t The maximum number of packets in a slice.\n\t -l SNAPLEN, --snaplen SNAPLEN\n\t Add a certain number of bytes for each packet record.\n\t -o DATA_OFFSET, --data-offset DATA_OFFSET\n\t Offset of the data to include.\n\t -x DATA_END_OFFSET, --data-end-offset DATA_END_OFFSET\n\t Offset from the end of the data to include.\n\t -H, --no-header Do not output the header.\n\t -a, --append Append to the file (implies no header).\n\n### `SplitFlows`\nSplits a PCAP into multiple PCAP's, one per flow at the top layer protocol.\n\n\t> mkdir -p SplitData && NanoPcap/Tools/SplitEthernetFlows.py TestData/SSH_L3.pcap SplitData/ && ls SplitData/\n\t192.168.1.192_192.168.1.241.pcap\n\n\t> NanoPcap/Tools/SplitFlows.py -h\n\tusage: SplitFlows.py [-h] [--strict] [-l SNAPLEN] [-o DATA_OFFSET]\n\t [-x DATA_END_OFFSET] [-H] [-a] [--link-type LINK_TYPE]\n\t input output\n\n\tPCAP Filter Tool\n\n\tpositional arguments:\n\t input PCAP file to use as input.\n\t output Output path -- output files will be named based on the\n\t identifying attributes.\n\n\toptional arguments:\n\t -h, --help show this help message and exit\n\t --strict Enables strict validation rules.\n\t -l SNAPLEN, --snaplen SNAPLEN\n\t Add a certain number of bytes for each packet record.\n\t -o DATA_OFFSET, --data-offset DATA_OFFSET\n\t Offset of the data to include.\n\t -x DATA_END_OFFSET, --data-end-offset DATA_END_OFFSET\n\t Offset from the end of the data to include.\n\t -H, --no-header Do not output the header.\n\t -a, --append Append to the file (implies no header).\n\t --link-type LINK_TYPE\n\t A value to set the link type in the header to (e.g. 1\n\t for Ethernet, 228 for IPv4, 229 for IPv6).\n\n### `Summary`\nSummarizes a PCAP. For example:\n\n\t> NanoPcap/Tools/Summary.py TestData/SSH_L3.pcap -u\n\tEpoch times: 1472402096321502000 - 1472402096321652000 (150000ns) (2016-08-28 16:34:56.321501 - 2016-08-28 16:34:56.321651)\n\n\tName Count Total Average Std Dev Min 25th % 50th % 75th % 95th % 99th % 99.9th % Max\n\tIncluded Length 21 8.6K 421.43 502.94 34 34 102 582 1482 1482 1482 1482\n\tOriginal Length 21 8.6K 421.43 502.94 34 34 102 582 1482 1482 1482 1482\n\tInterpacket Time (ns) 20 150.0us 7.5us 20.9us 0.0 0.0 1.0us 1.0us 74.0us 74.0us 74.0us 74.0us\n\tPacket Rate (pps) 20 133.3K 13.5K 1.0M inf inf inf inf inf inf\n\tData Rate (Bps) 20 448.7K 539.8M inf inf inf inf inf inf\n\nOr without units:\n\n\t> NanoPcap/Tools/Summary.py TestData/SSH_L3.pcap\n\tEpoch times: 1472402096321502000 - 1472402096321652000 (150000ns) (2016-08-28 16:34:56.321501 - 2016-08-28 16:34:56.321651)\n\n\tName Count Total Average Std Dev Min 25th % 50th % 75th % 95th % 99th % 99.9th % Max\n\tIncluded Length 21 8850.0 421.43 502.94 34 34 102 582 1482 1482 1482 1482\n\tOriginal Length 21 8850.0 421.43 502.94 34 34 102 582 1482 1482 1482 1482\n\tInterpacket Time (ns) 20 150000.0 7500.0 20884.2 0.0 0.0 1000.0 1000.0 74000.0 74000.0 74000.0 74000.0\n\tPacket Rate (pps) 20 133333.3 13513.5 1000000.0 inf inf inf inf inf inf\n\tData Rate (Bps) 20 459459.5 566000000.0 inf inf inf inf inf inf\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/AgalmicVentures/NanoPcap", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "NanoPcap", "package_url": "https://pypi.org/project/NanoPcap/", "platform": "", "project_url": "https://pypi.org/project/NanoPcap/", "project_urls": { "Homepage": "https://github.com/AgalmicVentures/NanoPcap" }, "release_url": "https://pypi.org/project/NanoPcap/0.0.1/", "requires_dist": null, "requires_python": "", "summary": "PCAP tools and parsing library with nanosecond support and without dependencies", "version": "0.0.1" }, "last_serial": 5235564, "releases": { "0.0.1": [ { "comment_text": "", "digests": { "md5": "0a9bfe5b640f9f2169827d48e06cb71b", "sha256": "33ddada504c4fc3053d9701fbe59e621f7cbf54740e5b05727809d3f6416602a" }, "downloads": -1, "filename": "NanoPcap-0.0.1-py3-none-any.whl", "has_sig": false, "md5_digest": "0a9bfe5b640f9f2169827d48e06cb71b", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 11598, "upload_time": "2019-05-07T00:32:06", "url": "https://files.pythonhosted.org/packages/72/fc/13109bd4733680da109602c82eacc26eee66b1f1dd23615802cda6c9d89a/NanoPcap-0.0.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "4c6fb666a3d54719e946942ac8030587", "sha256": "8b128e0803fe41024f71b76d9babebbdad7e1679faf38fce374f934a216cb8e8" }, "downloads": -1, "filename": "NanoPcap-0.0.1.tar.gz", "has_sig": false, "md5_digest": "4c6fb666a3d54719e946942ac8030587", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10126, "upload_time": "2019-05-07T00:32:08", "url": "https://files.pythonhosted.org/packages/5b/68/3c55ac3073ff235d520c5dfa0dfc8a9e4ca5449c5df99443002d3c1198f3/NanoPcap-0.0.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "0a9bfe5b640f9f2169827d48e06cb71b", "sha256": "33ddada504c4fc3053d9701fbe59e621f7cbf54740e5b05727809d3f6416602a" }, "downloads": -1, "filename": "NanoPcap-0.0.1-py3-none-any.whl", "has_sig": false, "md5_digest": "0a9bfe5b640f9f2169827d48e06cb71b", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 11598, "upload_time": "2019-05-07T00:32:06", "url": "https://files.pythonhosted.org/packages/72/fc/13109bd4733680da109602c82eacc26eee66b1f1dd23615802cda6c9d89a/NanoPcap-0.0.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "4c6fb666a3d54719e946942ac8030587", "sha256": "8b128e0803fe41024f71b76d9babebbdad7e1679faf38fce374f934a216cb8e8" }, "downloads": -1, "filename": "NanoPcap-0.0.1.tar.gz", "has_sig": false, "md5_digest": "4c6fb666a3d54719e946942ac8030587", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10126, "upload_time": "2019-05-07T00:32:08", "url": "https://files.pythonhosted.org/packages/5b/68/3c55ac3073ff235d520c5dfa0dfc8a9e4ca5449c5df99443002d3c1198f3/NanoPcap-0.0.1.tar.gz" } ] }