发表新帖
发表新帖

TCP flow extraction

前端 未结
关注
5 760
长发绾君心
长发绾君心 2021-01-02 23:02

I need to extract TCP Flows with their content from dump file and then save their flow into other file each flow separately

5条回答
  • 长发绾君心
    长发绾君心 (楼主)
    2021-01-02 23:31

    You definitely want to use Bro, more specifically, its contents.bro policy. For example, given a trace that contains HTTP requests, running the following ...

    bro -r http.trace -f 'tcp and port 80' contents

    ... produces files 

    contents.[senderIP].[senderPort]-[destIP].[destPort]
contents.[destIP].[destPort]-[senderIP].[senderPort]

    for each connection, each containing the unidirectional content of the flow.

    The flow reassembly is highly robust, the process scales to very large files, and everything is customizable to your needs.

    0 讨论(0)
 看不清?
提交回复
热议问题