eve2pcap - Convert packets/payloads in eve logs to pcap

Convert packets in EVE logs to pcap.

eve2pcap will convert the packets or the payloads found in an eve log file to a pcap file.

Note that payload conversion requires Scapy, and will not recreate the original packets as the headers need to be built on the fly from the available information in the eve log.


usage: idstools-eve2pcap [-h] [-o <filename>] [--payload] [--dlt DLT]
                         filenames [filenames ...]

positional arguments:

optional arguments:
  -h, --help     show this help message and exit
  -o <filename>  Output filename
  --payload      Convert payload instead of packet
  --dlt DLT