2 个不稳定版本

0.4.0	2024 年 3 月 15 日
0.2.0	2023 年 3 月 18 日

#1532 在网络编程

每月 39 次下载

BSD-3-Clause

24KB
533 行

流提取器

流提取器是一个小工具，它可以读取 PCAP 文件，搜索其中的 TCP 和 UDP 流，并将每个流写入单独的新 PCAP 文件。

用法

Usage: stream-extractor <COMMAND>

Commands:
  extract  Extract TCP and UDP streams from a PCAP
  scan     Scan the PCAP and search for an IP or Port
  list     List all of the PCAP communication info
  help     Print this message or the help of the given subcommand(s)

Options:
  -h, --help     Print help
  -V, --version  Print version

提取

Usage: stream-extractor extract [OPTIONS] --input <INPUT>

Options:
  -i, --input <INPUT>    Input pcap file to extract TCP and UDP streams from
  -o, --output <OUTPUT>  Output name template [default: output_]
  -p, --port <PORT>      Filter output files to ones that contain the specified port number
      --ip <IP>          Filter output files to ones that contain the specified IP address
  -v, --verbose          Enable verbose mode to print stream info for each output PCAP file
  -h, --help             Print help

扫描

Usage: stream-extractor scan [OPTIONS] --input <INPUT>

Options:
  -i, --input <INPUT>  Input pcap file to scan
  -p, --port <PORT>    Search PCAP to see if this port number is present
      --ip <IP>        Search PCAP to see if this IP address is present
  -m, --mac <MAC>      Search PCAP to see if this MAC address is present
  -c, --count          Count how many times the search terms are present
  -v, --verbose        Enable to print verbose connection info
  -h, --help           Print help

列表

Usage: stream-extractor list [OPTIONS] --input <INPUT>

Options:
  -i, --input <INPUT>  Input pcap file to list
  -c, --count          Count how many communications are present
  -p, --ports          List the port numbers present
      --ip             List the IP addresses present
  -m, --mac            List the MAC addresses present
  -v, --verbose        Print all connection statistics
  -h, --help           Print help

过滤器选项 --port、--ip 和 --mac 可用，允许您仅写入与过滤器值匹配的检测到的流。这可以帮助简化识别您可能感兴趣的特定流的步骤。

示例

stream-extractor extract --ip 192.168.110.10 -p 80 -i sample/test.pcap
Packets processed: 21933, Streams detected: 662
Filtering streams by communications including port: 80
 + Found 3 matching streams
Filtering streams by communications including IP address: 192.168.110.10
 + Found 1 matching streams
Number of streams that matched filters: 1
Writing output file: 1

构建

要构建 stream-extractor，请执行

cargo build

从 cargo 安装

要从 cargo 构建并安装，请执行

cargo install stream-extractor

示例 PCAP 文件位于 sample/。

依赖项

~4–6MB
~102K SLoC