afterglow icon indicating copy to clipboard operation
afterglow copied to clipboard
verified publisher icon zrlram

tcpdump2csv parser

Open noiala opened this issue 11 years ago • 5 comments

Hi, I'm trying to run this parser but I can't get it working by following the code comment and user guide wiki (davix). To capture pcaps I used the tcpdump -w option to create a file. Then the command from the tcpdump2csv usage comment: tcpdump -vttttnnelr /tmp/log.tcpdump | tcpdump2csv.pl ["field list"] Also tried the one provided by the davix afterglow user guide page: tcpdump -vttttnneli eth0 | tcpdump2csv.pl “sip dip dport” > sniff.csv In this last case, nothing is output to the csv file.

I'm running all of this over the new Davix image version (oct 2014).

Thx

noiala avatar Oct 22 '14 09:10 noiala

Yeah, I need to fix that wiki entry. The tcpdump parser relies on a specific version of tcpdump and won’t work otherwise.

In fact, I just fixed the wiki entry. Let me know if that works for you.

Thanks for your feedback.

Raffy

Raffael Marty ceo @ pixlcloud http://pixlcloud.com @raffaelmarty http://raffy.ch

On Oct 22, 2014, at 2:36 AM, noiala [email protected] wrote:

Hi, I'm trying to run this parser but I can't get it working by following the code comment and user guide wiki (davix). To capture pcaps I used the tcpdump -w option to create a file. Then the command from the tcpdump2csv usage comment: tcpdump -vttttnnelr /tmp/log.tcpdump | tcpdump2csv.pl ["field list"] Also tried the one provided by the davix user guide page: tcpdump -vttttnneli eth0 | tcpdump2csv.pl “sip dip dport” > sniff.csv In this last case, nothing is output to the csv file.

I'm running all of this over the new Davix image version (oct 2014).

Thx

— Reply to this email directly or view it on GitHub.

zrlram avatar Oct 22 '14 16:10 zrlram

Nice. It works now! Thx. I'm reading the book and running most of the tools with Davix..so I'll probably find some other outdated stuff. Cheers!

noiala avatar Oct 22 '14 18:10 noiala

Cool, keep me posted.

Thanks

Raffael

Raffael Marty ceo @ pixlcloud http://pixlcloud.com @raffaelmarty http://raffy.ch

On Oct 22, 2014, at 11:38 AM, noiala [email protected] wrote:

Nice. It works now! Thx. I'm reading the book and running most of the tools with Davix..so I'll probably find some other outdated stuff. Cheers!

— Reply to this email directly or view it on GitHub.

zrlram avatar Oct 22 '14 19:10 zrlram

where is the wiki entry? can you provide the fix here instead?

gregtampa avatar Feb 23 '16 22:02 gregtampa

What are you trying to do? Parse PCAP output into a graph? Then use this wiki: https://github.com/secviz/davix/wiki/User-Guide:-AfterGlow - Don't use tcpdump. Use tshark. If you have to use tcpdump, you'll have to probably fix the parser line.

zrlram avatar Feb 24 '16 00:02 zrlram