wanted: lightweight, cross-platform, non-libpcap based pcap file reader!
So I know that there are various wrappers for Perl/Ruby/Python (and even Java) for accessing the pcap files created by tcpdump, Ethereal/Wireshark, Snort, and pretty much every sensible out network packet capture tool out there, but having to install just the right version of libpcap on your Windows/OSX/Linux box and hope your distribution, package management system (i.e. Fink/DarwinPorts) is compatible is a real pain…
So several years ago, I started writing a pure C# pcap file reader, but I didn’t get very far. All I want is the ability to meaninfully process the files. No nead to read packets off the wire. Different problem.
So one option I’ve blogged about before is to use PDML output but that is slow and xml files created are huge. Other than that the only idea I’ve got is to use/modify jNetStream with script some their APIs with JRuby or Jython.
Any better ideas?
Author: Matt Franz
Posted: September 2nd, 2006 under Development Tools.
Comments: 2
Comments
Comment from Jeff Dell
Time: September 5, 2006, 8:03 am
There are a few tools that do this:
pcapper: a Python based tool that reads pcap files without the need for external C libraries. http://www.schrp.org/tools/
pypcap: a python based extension module for libpcap. http://www.monkey.org/~dugsong/pypcap/
pcanal: an open source c# tool that ported packetnt.dll to c#. http://www.codeproject.com/csharp/pacanal.asp
Comment from Erik Hjelmvik
Time: June 13, 2007, 4:51 am
Well I know this blog post is a bit old and that Matt is no longer with Digital Bond.
Anyhow, I have been working on a network monitoring tool called NetworkMiner (programmed in .NET C#) for some time now. And the latest releases of NetworkMiner also has the feature to load, parse and analyse pcap files. This functionality is something that I havn’t seen any other .NET application do before, not that it is hard to do though.
The application and source code is freely available at:
http://sourceforge.net/projects/networkminer
Write a comment