Live traffic recording and export to pcap #134
Replies: 1 comment 1 reply
-
|
Hi @didiksudyana, NFStream is not suitable for developing a PCAP file. You will need to use WireShark/tShark or tcpdump. These are tools for capturing the traffic trace observed on your network interface card and storing them in a PCAP/PCAPNG format. I hope this clarifies your questions. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you, Prof. Adrian for answering my question. Yes, Wireshark or tcpdump can be used to export the traffic to a pcap format. In our case, we have to group all live traffic to each flow, then if the flow is finish, we need to do two things, firstly, we will extract it to pandas and analyze the traffic, then secondly, we also have to extract the finished flow to a pcap file. NFStream is very suitable for us in this case, however, we don't know how to modify the NFStream to extract the finished flow not only to the pandas, but also to a pcap. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi, I am very like with the idea of NFStream in recording the live traffic by detecting a new flow connection in a new packet, then store all of the next packets within the same flow connection. After the flow finish or exceed the timeout, NFStream then will directly export it to csv or pandas.
However, I have a question. Can we export the finished flow to pcap file, instead of only csv or pandas? Because I need the pcap file for further checking. Or can someone help me to find how to to do it?
Thank you very much.
Beta Was this translation helpful? Give feedback.
All reactions