Metadata-Version: 1.0
Name: pdml2flow
Version: 2.4
Summary: Aggregates wireshark pdml to flows
Home-page: https://github.com/Enteee/pdml2flow
Author: Mischa Lehmann
Author-email: ducksource@duckpond.ch
License: Apache 2.0
Description: pdml2flow |PyPI version|
        ========================
        
        *Aggregates wireshark pdml to flows*
        
        +-----------+--------------------------+-----------------------------+
        | Branch    | Build                    | Coverage                    |
        +===========+==========================+=============================+
        | master    | |Build Status master|    | |Coverage Status master|    |
        +-----------+--------------------------+-----------------------------+
        | develop   | |Build Status develop|   | |Coverage Status develop|   |
        +-----------+--------------------------+-----------------------------+
        
        Prerequisites
        -------------
        
        -  `python <https://www.python.org/>`__:
        -  3.4
        -  3.5
        -  3.5-dev
        -  nightly
        -  `pip <https://pypi.python.org/pypi/pip>`__
        
        Installation
        ------------
        
        .. code:: shell
        
                $ sudo pip install pdml2flow
        
        Usage
        -----
        
        .. code:: shell
        
            $ pdml2flow -h
            usage: pdml2flow [-h] [-f FLOW_DEF_STR] [-t FLOW_BUFFER_TIME] [-l DATA_MAXLEN]
                             [-s] [-x] [-c] [-a] [-m] [-d]
        
            Aggregates wireshark pdml to flows
        
            optional arguments:
              -h, --help           show this help message and exit
              -f FLOW_DEF_STR      Fields which define the flow, nesting with: '.'
                                   [default: ['vlan.id', 'ip.src', 'ip.dst', 'ipv6.src',
                                   'ipv6.dst', 'udp.stream', 'tcp.stream']]
              -t FLOW_BUFFER_TIME  Lenght (in seconds) to buffer a flow before writing the
                                   packets [default: 180]
              -l DATA_MAXLEN       Maximum lenght of data in tshark pdml-field [default:
                                   200]
              -s                   Extract show names, every data leave will now look like
                                   { raw : [] , show: [] } [default: False]
              -x                   Switch to xml output [default: False]
              -c                   Removes duplicate data when merging objects, will not
                                   preserve order of leaves [default: False]
              -a                   Instaead of merging the frames will append them to an
                                   array [default: False]
              -m                   Appends flow metadata [default: False]
              -d                   Debug mode [default: False]
        
        Example
        -------
        
        Sniff from interface:
        
        .. code:: shell
        
            $ tshark -i interface -Tpdml | pdml2flow
        
        Write xml output
        
        .. code:: shell
        
            $ tshark -i interface -Tpdml | pdml2flow -x
        
        Read a .pcap file
        
        .. code:: shell
        
            $ tshark -r pcap_file -Tpdml | pdml2flow
        
        Aggregate based on ethernet source and ethernet destination address
        
        .. code:: shell
        
            $ tshark -i interface -Tpdml | pdml2flow -f eth.src -f eth.dst
        
        Pretty print flows using `jq <https://stedolan.github.io/jq/>`__
        
        .. code:: shell
        
            $ tshark -i interface -Tpdml | pdml2flow | jq
        
        Post-process flows using
        `FluentFlow <https://github.com/t-moe/FluentFlow>`__
        
        .. code:: shell
        
            $ tshark -i interface -Tpdml | pdml2flow | fluentflow rules.js
        
        Utils
        -----
        
        The following utils are part of this project
        
        pdml2json
        ~~~~~~~~~
        
        *Converts pdml to json*
        
        .. code:: shell
        
            $ pdml2json -h
            usage: pdml2json [-h] [-s] [-d]
        
            Converts wireshark pdml to json
        
            optional arguments:
              -h, --help  show this help message and exit
              -s          Extract show names, every data leave will now look like { raw :
                          [] , show: [] } [default: False]
              -d          Debug mode [default: False]
        
        pdml2xml
        ~~~~~~~~
        
        *Converts pdml to xml*
        
        .. code:: shell
        
            $ pdml2xml -h
            usage: pdml2xml [-h] [-s] [-d]
        
            Converts wireshark pdml to xml
        
            optional arguments:
              -h, --help  show this help message and exit
              -s          Extract show names, every data leave will now look like { raw :
                          [] , show: [] } [default: False]
              -d          Debug mode [default: False]
        
        .. |PyPI version| image:: https://badge.fury.io/py/pdml2flow.svg
           :target: https://badge.fury.io/py/pdml2flow
        .. |Build Status master| image:: https://travis-ci.org/Enteee/pdml2flow.svg?branch=master
           :target: https://travis-ci.org/Enteee/pdml2flow
        .. |Coverage Status master| image:: https://coveralls.io/repos/github/Enteee/pdml2flow/badge.svg?branch=master
           :target: https://coveralls.io/github/Enteee/pdml2flow?branch=master
        .. |Build Status develop| image:: https://travis-ci.org/Enteee/pdml2flow.svg?branch=develop
           :target: https://travis-ci.org/Enteee/pdml2flow
        .. |Coverage Status develop| image:: https://coveralls.io/repos/github/Enteee/pdml2flow/badge.svg?branch=develop
           :target: https://coveralls.io/github/Enteee/pdml2flow?branch=develop
        
Keywords: wireshark pdml flow aggregation
Platform: UNKNOWN
