idstools.scripts.eve2pcap module

Convert packets in EVE logs to pcap.

eve2pcap will convert the packets or the payloads found in an eve log file to a pcap file.

Note that payload conversion requires Scapy, and will not recreate the original packets as the headers need to be built on the fly from the available information in the eve log.

class idstools.scripts.eve2pcap.Pcap(pcap_t)[source]

Bases: object

dump_fopen(fileno)[source]

Not quite a direct wrapper around pcap_dump_fopen - instead of a file pointer, take a file descriptor.

dump_open(filename)[source]
get_err()[source]
classmethod open_dead(linktype, snaplen)[source]
class idstools.scripts.eve2pcap.PcapDumper(pcap_dumper_t)[source]

Bases: object

Minimal wrapper around pcap_dumper_t.

close()[source]
dump(pkthdr, packet)[source]
idstools.scripts.eve2pcap.eve2pcap(event)[source]
idstools.scripts.eve2pcap.main()[source]
idstools.scripts.eve2pcap.parse_timestamp(timestamp)[source]
idstools.scripts.eve2pcap.payload2packet(event)[source]
class idstools.scripts.eve2pcap.pcap_pkthdr[source]

Bases: _ctypes.Structure

Internal class representing struct pcap_pkthdr.

caplen

Structure/Union member

pktlen

Structure/Union member

ts_sec

Structure/Union member

ts_usec

Structure/Union member