eve2pcap

Convert packets in EVE logs to pcap.

eve2pcap will convert the packets or the payloads found in an eve log file to a pcap file.

Note that payload conversion requires Scapy, and will not recreate the original packets as the headers need to be built on the fly from the available information in the eve log.

Usage

usage: idstools-eve2pcap [-h] [-o <filename>] [--payload] [--dlt DLT]
                         filenames [filenames ...]

positional arguments:
  filenames

optional arguments:
  -h, --help     show this help message and exit
  -o <filename>  Output filename
  --payload      Convert payload instead of packet
  --dlt DLT