Tcp.stream ip.src ip.dst tcp.seq tcp.ack tcp.window_size tcp.len stdout, index_col = "frame.time_epoch", parse_dates = True, date_parser = datetime. Popen ( cmd, shell = True, stdout = subprocess. join ( f for f in display_filters ) options = "-r %s -n -T fields -Eheader=y" % filename cmd = "tshark %s %s %s " % ( options, filterspec, fieldspec ) proc = subprocess. append ( display_filter ) filterspec = "-R ' %s '" % " and ". join ( "-e %s " % f for f in fields ) display_filters = fields if strict else if display_filter : display_filters. filename: Name or full path of the PCAP file to read fields: List of fields to include as columns display_filter: Additional filter to restrict frames strict: Only include frames that contain all given fields (Default: false) timeseries: Create DatetimeIndex from frame.time_epoch (Default: false) Syntax for fields and display_filter is specified in Wireshark's Display Filter Reference: """ if timeseries : fields = + fields fieldspec = " ". Uses tshark command-line tool from Wireshark. Import subprocess import datetime import pandas as pd def read_pcap ( filename, fields =, display_filter = "", timeseries = False, strict = False ): """ Read PCAP file into Pandas DataFrame object.
0 kommentar(er)
