https://github.com/virb3/tcp-packet-parser

A PCAP analyzer that filters TCP packets and dumps them with appropriate labels
https://github.com/virb3/tcp-packet-parser

analyzer dump filter label packet parser pcap tcp

Last synced: 5 months ago
JSON representation

A PCAP analyzer that filters TCP packets and dumps them with appropriate labels

• Host: GitHub
• URL: https://github.com/virb3/tcp-packet-parser
• Owner: ViRb3
• Archived: true
• Created: 2020-06-19T18:27:53.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2023-04-08T22:21:10.000Z (about 3 years ago)
• Last Synced: 2025-04-23T00:31:55.083Z (about 1 year ago)
• Topics: analyzer, dump, filter, label, packet, parser, pcap, tcp
• Language: Go
• Size: 8.79 KB
• Stars: 3
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# TCP Packet Parser

> A PCAP analyzer that filters TCP packets and dumps them with appropriate labels.

## Introduction

When reverse-engineering custom TCP protocols, you usually begin with a log of the

communication (e.g.WireShark). You then label each client and server TCP packet, and

finally reconstruct the application-level packets from those individual packets.

This project aims to automate all of this work for you.

## Features

- Parses a PCAP file (can be exported from WireShark)

- Given IP addresses and/or ports as hints:

  - Distinguishes client and server communication

  - Merges consequent, same-source packets into a single packet

  - Performs packet re-ordering based on TCP sequence id

- Creates dump of new packets

## Limitations

- Client-server detection works only on serial communication

## Requirements

- Requires a `libpcap`-compatible library - `libpcap-dev` on Linux, or [npcap](https://nmap.org/npcap/) on Windows

## Download

Check out the [Releases](https://github.com/ViRb3/tcp-packet-parser/releases).

## Usage

```bash

$ ./tcp-packet-parser -help

```

```bash

  -clientIp string

        Optional client IP filter for packets.

  -clientPort uint

        Optional client port filter for packets.

  -destDir string

        Destination directory where to dump packets. (default "capture-dump")

  -pcapFile string

        Pcap file to parse. (default "capture.pcap")

  -serverIp string

        Optional server IP filter for packets.

  -serverPort uint

        Optional server port filter for packets.

```

### Example 1

The following command will filter all packets that contain the

port `1234` and dump them with appropriate client-server labels.

```bash

$ ./tcp-packet-parser -pcapFile "capture.pcap" -serverPort 1234

```

### Example 2

The following command will do the same as before, except that

the client-server labels will be inverted.

```bash

$ ./tcp-packet-parser -pcapFile "capture.pcap" -clientPort 1234

```