Support importing PCAP files
See original GitHub issuePrerequisites
- [ X] Put an X between the brackets on this line if you have done all of the following:
- Running the latest version of Constellation
- Attached the Support Package via
Help
>Support Package
- Checked the FAQs: https://github.com/constellation-app/constellation/wiki/FAQ
- Checked that your issue isn’t already filed: https://github.com/constellation-app/constellation/issues
- Checked that there is not already a module that provides the described functionality: https://github.com/constellation-app/constellation/wiki/Catalogue-of-Repositories
Description
v2.0.0-rc2 Unable to import pcap files directly from wireshark
Steps to Reproduce
- Capture files in wireshark and save
- Use File>Import to attempt to upload .pcap files
- No option in File>Import
- If attempt is made through the >File>Open then it is not read correctly
Expected behaviour: [What you expect to happen] File to open much the same as a .csv would
Actual behaviour: [What actually happens] If an attempt is made ot open te file through the File>Open path the follwoing is displayed:
If the user selects proceed, the following is displayed:
Reproduces how often: [What percentage of the time does it reproduce?] 100%
Additional Information
Any additional information, configuration or data that might be necessary to reproduce the issue.
Issue Analytics
- State:
- Created 3 years ago
- Comments:12
Top Results From Across the Web
Import .pcap Files - ADM Help Centers
Select a .pcap file stored in the file system. For REST services, select a specific URI space to import the data into. In...
Read more >8.3. Import PCAP dumps - Trisul Documentation
Trisul is capable of importing giant packet capture (PCAP) dumpfiles. The key capabilties of Trisul' PCAP import feature are: File or directory including...
Read more >so-import-pcap — Security Onion 2.3 documentation
so-import-pcap will import one or more pcaps into Security Onion and preserve original timestamps. It will do the following: ... In addition to...
Read more >Import and export PCAP files with nanosecond timestamps
A workaround, for now, is to directly use tcpdump ( --time-stamp-precision=nano ) or tshark ( --time-stamp-type <type> ) for capturing packets.
Read more >PCAP Files - TechDocs
Select Menu > Capture > Import PCAP. · Click New. · For Import from, specify the import device. · Indicate whether to share...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Have started initially, by prototyping the pkts library (https://github.com/aboutsip/pkts) which produced the following results with the first sample dataset I downloaded - fuzz-2006-06-26-2594.pcap:
However I have found some other sameple files throwing exceptions, which seems to relate potentially to packets not identified as TCP or UDP in Wireshark … although I need to confirm this.
There are other libraries worth trying, such as https://sourceforge.net/projects/jnetpcap/ which I intend to try before moving on to diagnose any pkts errors.
https://stackoverflow.com/questions/26978618/java-pcap-file-parser-library describes a few of the packages.
I tried including jnetpcap - it doesn’t reside in either of the current configured repos (central.maven.org, or repo.osgeo.org, but in https://clojars.org/repo/). I tried configuring this repo in ivysettings.xml and ivy.xml, but I get errors indicating the required package “<dependency org="jnetpcap" name="jnetpcap" rev="1.4.r1425-1g"/>” cant be found. I’m unsure why as manually entering the url indicted in the netbeans install log does resolve to valid files.
Again, thank you for this work @serpens24 and to also contributing it to the ACSC Cyber repo (https://github.com/AustralianCyberSecurityCentre/constellation_cyber_plugins/pull/4). I’ll look to create a new version of Constellation and the Cyber version soon.