https://github.com/nagy/denoise-pcap
Filtering Internet background noise from network captures
https://github.com/nagy/denoise-pcap
network pcap
Last synced: 5 months ago
JSON representation
Filtering Internet background noise from network captures
- Host: GitHub
- URL: https://github.com/nagy/denoise-pcap
- Owner: nagy
- License: agpl-3.0
- Created: 2023-10-21T19:27:03.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2023-10-21T19:46:30.000Z (over 2 years ago)
- Last Synced: 2025-05-16T23:33:50.776Z (about 1 year ago)
- Topics: network, pcap
- Language: Hy
- Homepage:
- Size: 23.4 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.org
- License: LICENSE
Awesome Lists containing this project
README
#+title: Denoise PCAP
#+author: Daniel Nagy
#+startup: noinlineimages content
#+options: html-postamble:nil toc:nil
Internet Background Noise is a term that identifies packets between
interconnected networks, which are not both parties intent to this
communication. This can include port scans and misconfigured devices. Persisting
and analyzing this noise in a file of captured packets, can burden the workflow
of forensic analysts because clearer communication flow are obstructed.
* Installation
In the directory of the prebuilt artifacts, there is a =denoise_pcap= executable
file. You can install that somewhere into your =PATH=, for example in
=/usr/bin/=.
* Usage
#+begin_src sh
denoise_pcap [filter]
#+end_src
The default =filter= is =is_noise=, which should provide a sensible default set.
To get a list of other filters, run:
#+begin_src sh
denoise_pcap --list
#+end_src
* Custom Filter
To write your own filters, you have to write them in a separate file and put that on your =PYTHONPATH=:
#+begin_src sh
cat > /tmp/mymodule.hy <