recs-fromtcpdump
Usage: recs-fromtcpdump <file1> <file2> ... Runs tcpdump and puts out records, one for each packet. Expects pcap files. Will put the name of the originating capture file in the 'file' field. Will parse packet types: ethernet, ip, udp, arp, tcp The type key will indicate the highest level parsed. DNS information will be parsed for TCP or UDP packets that are from or to port 53. The parsed representation of the packet for each valid level will be placed in the corresponding key. For instance, for a tcp packet, there will be information in the keys 'ethernet', 'ip', and 'tcp' By default, data output is suppressed due to poor interaction with terminal programs. Flags will be parsed into hash of strings Possible IP flags: congestion, dont_fragment, more_fragments Poassible TCP flags: ACK, CWR, ECE, FIN, PSH, RST, SYN, URG ARP opcodes will be matched Possible opcodes: ARP_REPLY, ARP_REQUEST, RARP_REPLY, RARP_REQUEST Creating a pcap file: Run a tcpdump command with -w FILE to produce a pcap file. For instance: sudo tcpdump -w /var/tmp/capture.pcap Optionally, include all the data and timing information: sudo tcpdump -w capture.pcap -s4096 -S -tt See 'man tcpdump' for more information. Arguments --data Include raw data bytes of deepest packet level --filename-key|fk <keyspec> Add a key with the source filename (if no filename is applicable will put NONE) Help Options: --help This help screen Examples Get records for all packets recs-fromtcpdump capture.pcap
See App::RecordStream for an overview of the scripts and the system
Run recs examples or see App::RecordStream::Manual::Examples for a set of simple recs examples
recs examples
Run recs story or see App::RecordStream::Manual::Story for a humorous introduction to RecordStream
recs story
Every command has a --help mode available to print out usage and examples for the particular command, just like the output above.
--help
To install App::RecordStream, copy and paste the appropriate command in to your terminal.
cpanm
cpanm App::RecordStream
CPAN shell
perl -MCPAN -e shell install App::RecordStream
For more information on module installation, please visit the detailed CPAN module installation guide.