{"id":19715305,"url":"https://github.com/shramos/pcap-splitter","last_synced_at":"2025-08-08T20:18:00.406Z","repository":{"id":51447490,"uuid":"191632520","full_name":"shramos/pcap-splitter","owner":"shramos","description":"Pcap-splitter allows you to split a pcap file into subsets of pcap files based on sessions, flows, ip addresses, number of bytes, number of network packets...","archived":false,"fork":false,"pushed_at":"2019-06-12T19:32:23.000Z","size":9,"stargazers_count":65,"open_issues_count":0,"forks_count":12,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-23T01:08:42.105Z","etag":null,"topics":["bpf","filter","flow","flows","ip","network","pcap","pcap-splitter","session","split","tcpdump","traffic","wireshark"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shramos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-06-12T19:30:11.000Z","updated_at":"2025-02-20T06:25:32.000Z","dependencies_parsed_at":"2022-08-20T12:20:22.317Z","dependency_job_id":null,"html_url":"https://github.com/shramos/pcap-splitter","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/shramos/pcap-splitter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shramos%2Fpcap-splitter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shramos%2Fpcap-splitter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shramos%2Fpcap-splitter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shramos%2Fpcap-splitter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shramos","download_url":"https://codeload.github.com/shramos/pcap-splitter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shramos%2Fpcap-splitter/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269482592,"owners_count":24424403,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-08T02:00:09.200Z","response_time":72,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bpf","filter","flow","flows","ip","network","pcap","pcap-splitter","session","split","tcpdump","traffic","wireshark"],"created_at":"2024-11-11T22:37:58.026Z","updated_at":"2025-08-08T20:18:00.373Z","avatar_url":"https://github.com/shramos.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Pcap-splitter\nPcap-splitter allows you to split a _.pcap_ file into subsets of _.pcap_ files based on sessions, flows, ip addresses, number of bytes, number of network packets...\n\nTo perform these actions, Pcap-splitter makes use of the PcapSplitter tool belonging to the suite [PcapPlusPlus](https://github.com/seladb/PcapPlusPlus).\n\n# Installation\n### System Requirements\nFor Pcap-splitter to work, the installation of the suite PcapPlusPlus is required in the system. To carry out the installation, you can follow the set of steps detailed below or make use of the [installation manual](http://seladb.github.io/PcapPlusPlus-Doc/download.html).\n```shell\nsudo apt-get install libpcap-dev\ngit clone https://github.com/seladb/PcapPlusPlus.git\n./configure-linux.sh\nmake all\nsudo make install\n```\nYou can also install PcapPlusPlus in any other operating system by downloading [the binaries](https://github.com/seladb/PcapPlusPlus/releases/) and adding them to the path.\n\n### Installation of Pcap-splitter\nTo install Pcap-splitter execute the following code:\n```shell\npip install pcap-splitter\n```\n\n# User's manual\nOnce PcapPlusPlus is installed in the operating system, you can start using pcap-splitter as shown below.\n\n* Example 1\n```python\n\u003e\u003e\u003e from pcap_splitter.splitter import PcapSplitter\n\n\u003e\u003e\u003e ps = PcapSplitter(\"network_traffic.pcap\")\n\u003e\u003e\u003e print(ps.split_by_session(\"dest_pcaps_folder\"))\nStarted...\nFinished. Read and written 27290 packets to 250 files\n```\n* Example 2\n```python\n\u003e\u003e\u003e from pcap_splitter.splitter import PcapSplitter\n\n\u003e\u003e\u003e ps = PcapSplitter(\"network_traffic.pcap\")\n\u003e\u003e\u003e print(ps.split_by_session(\"dest_pcaps_folder\", pkts_bpf_filter=\"dst port 80\"))\nStarted...\nFinished. Read and written 120 packets to 11 files\n```\n* Example 3\n```python\n\u003e\u003e\u003e from pcap_splitter.splitter import PcapSplitter\n\n\u003e\u003e\u003e ps = PcapSplitter(\"network_traffic.pcap\")\n\u003e\u003e\u003e print(ps.split_by_count(100, \"dest_pcaps_folder\"))\nStarted...\nFinished. Read and written 27290 packets to 273 files\n```\n# Relevant methods\n**`split_by_size(self, size_bytes, dest_path, pkts_bpf_filter=\"\")`**  \nSplit files by size in bytes.\n\n**`split_by_count(self, count_pkts, dest_path, pkts_bpf_filter=\"\")`**   \nSplit files by packet count.  \n\n**`split_by_client_ip(self, dest_path, pkts_bpf_filter=\"\")`**   \nSplit files by client IP, meaning all connections with the same client IP will be in the same file.  \n\n**`split_by_server_ip(self, dest_path, pkts_bpf_filter=\"\")`**   \nsplit files by server IP, meaning all connections with the same server IP will be in the same file. \n\n**`split_by_server_port(self, dest_path, pkts_bpf_filter=\"\")`**    \nSplit files by IP src and dst (2-tuple), meaning all connections with the same IPs will be in the same file.  \n\n**`split_by_ip_src_dst(self, dest_path, pkts_bpf_filter=\"\")`**   \nSplit files by IP src and dst (2-tuple), meaning all connections with the same IPs will be in the same file.  \n\n**`split_by_session(self, dest_path, pkts_bpf_filter=\"\")`**   \nSplit files by connection (5-tuple), meaning all packets of a connection will be in the same file.  \n\n**`split_by_filter(self, bpf_filter, dest_path, pkts_bpf_filter=\"\")`**   \nSplit file into two files: one that contains all packets matching the given BPF filter (file #0) and one that contains the rest of the packets (file #1). \n\n**`split_by_round_robin(self, n_files, dest_path, pkts_bpf_filter=\"\")`**   \nSplit the file in a round-robin manner - each packet to a different file.\n\n# Contact\nshramos(at)protonmail(dot)com","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshramos%2Fpcap-splitter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshramos%2Fpcap-splitter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshramos%2Fpcap-splitter/lists"}