misp-modules icon indicating copy to clipboard operation
misp-modules copied to clipboard
verified publisher icon MISP

pcap import module

Open cvandeplas opened this issue 5 years ago • 1 comments

It would be nice to have a module allowing you to upload a PCAP, which then does the

  • [ ] file extraction
  • [ ] email extraction (and related IOCs)
  • [ ] http/https
  • [ ] dns
  • [ ] ...

This module could use the code of other modules for parsing data (such as the email import module)

cvandeplas avatar May 08 '20 07:05 cvandeplas

Having something generic on top of pypcapkit would be really nice as the reassembly is supported by pypcapkit:

  • https://pypi.org/project/pypcapkit/
  • https://github.com/JarryShaw/pypcapkit

adulau avatar May 08 '20 07:05 adulau