eve2pcap - Convert packets/payloads in eve logs to pcap¶
Convert packets in EVE logs to pcap.
eve2pcap will convert the packets or the payloads found in an eve log file to a pcap file.
Note that payload conversion requires Scapy, and will not recreate the original packets as the headers need to be built on the fly from the available information in the eve log.
Usage¶
usage: idstools-eve2pcap [-h] [-o <filename>] [--payload] [--dlt DLT]
filenames [filenames ...]
positional arguments:
filenames
options:
-h, --help show this help message and exit
-o <filename> Output filename
--payload Convert payload instead of packet
--dlt DLT