History

Huey 4a9a683850 first		2024-06-29 14:23:18 +08:00
..
0_Tool	first	2024-06-29 14:23:18 +08:00
1_Pcap	first	2024-06-29 14:23:18 +08:00
2_Flow	first	2024-06-29 14:23:18 +08:00
3_Packet	first	2024-06-29 14:23:18 +08:00
1-1_ProcessFlow.py	first	2024-06-29 14:23:18 +08:00
1_Pcap2Flow.ps1	first	2024-06-29 14:23:18 +08:00
2_Flow2Packet.py	first	2024-06-29 14:23:18 +08:00
3_Packet2Image.py	first	2024-06-29 14:23:18 +08:00
README.md	first	2024-06-29 14:23:18 +08:00

README.md

Pcap-To-Img

A Modified version of USTC-TK2016 Tools

For Windows only

Before Preprocessing

Convert PcapNG Files to Pcap Files

If you are using PcapNG (.pcapng) Files

Sometimes pcapng will also shown as .pcap file.

editcap program is available from Wireshark.
Usage of editcap

editcap -F libpcap dump.pcapng dump.pcap

Please see How To handle PcapNG files for more detail.

Usage of Tools

SplitCap : https://www.netresec.com/?page=SplitCap
finddupe : https://www.sentex.ca/~mwandel/finddupe/

Run Powershell as Administrator

set-ExecutionPolicy RemoteSigned

Preprocessing

Split Pcap files into Flows

.\1_Pcap2Flow.ps1

python .\2_Flow2Packet.py

usage: 2_Flow2Packet.py [-h] --packet PACKET --byte BYTE [--limit LIMIT]

Selecting Parameter of Packets and Bytes.

optional arguments:
  -h, --help       show this help message and exit
  --packet PACKET  number of required packets
  --byte BYTE      number of trimmed byte
  --limit LIMIT    only extract packets from the largest N flows

python .\3_Packet2Image.py