Data Science Team Lead at WhiteHat Security, Trustee at Farset Labs and Vault Artist Studios
PCap files are a pain; weird format, difficult to parse viserally even if you have the ‘right’ tools handy. Wouldn’t it be easier to be able to ‘see’ the network flow, like it is in all the textbooks?
Well now you can!
In playing with NS-3, I came across this problem, and googled for a solution. Now here’s an end-to-end ‘I have pcap files and want to make them pretty’ solution.
Assume you have…
a ~/bin directory on your users $PATH
Get ‘er dun
sudo apt-get install mscgen subversion tshark
svn checkout http://pcap2msc.googlecode.com/svn/trunk/ pcap2msc-read-only; ln -s ~/src/pcap2msc-read-only/pcap2msc ~/bin/
cd <where yo' pcaps at!>/
pcap2msc <whatever.pcap> all
This is ugly but it shows you what the individual packets are…
Then Pump the same thing into mscgen
pcap2msc <whatever.pcap> all | mscgen -T png -o <whatever.png>