Converts a PCAP file to a PANDAS or SFRAME data frame
Tshark
PANDAS
SFRAME (optional)
This script creates a dataframe out of the PCAP for the specified protocol.
pcap2frame.py --h
usage: pcap2frame.py [-h] --pcap PCAP --protocol PROTOCOL [--utc] [--sframe]
optional arguments:
-h, --help show this help message and exit
--pcap PCAP input file
--protocol PROTOCOL tcp,udp,icmp or ipv6
--utc convert timestamps to UTC
--sframe PANDAS (default) or SFRAME
pcap2frame.py --pcap UDP_53413.PCAP --protocol udp
2017-05-04 22:26:16 Processing: UDP_53413.PCAP
2017-05-04 22:26:19 Creating: UDP_53413_UDP.PANDAS
[u'protocol', u'source_ip', u'source_port', u'dest_ip', u'dest_port', u'frame_length', u'info', u'date', u'time']