TCP流抽取 [英] TCP flow extraction

问题描述

我需要从转储文件中提取 TCP 流及其内容，然后将它们的流分别保存到每个流的其他文件中

I need to extract TCP Flows with their content from dump file and then save their flow into other file each flow separately

推荐答案

你肯定想使用 Bro，更多具体来说，它的 contents.bro 政策.例如，给定一个包含 HTTP 请求的跟踪，运行以下...

You definitely want to use Bro, more specifically, its contents.bro policy. For example, given a trace that contains HTTP requests, running the following ...

bro -r http.trace -f 'tcp and port 80' contents

...生成文件

contents.[senderIP].[senderPort]-[destIP].[destPort]
contents.[destIP].[destPort]-[senderIP].[senderPort] 

对于每个连接，每个连接都包含流的单向内容.

for each connection, each containing the unidirectional content of the flow.

流程重组非常稳健，流程可扩展到非常大的文件，并且一切都可以根据您的需求进行定制.

The flow reassembly is highly robust, the process scales to very large files, and everything is customizable to your needs.

这篇关于TCP流抽取的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！