Flow Based Traffic Analysis in Python
https://stackoverflow.com/questions/7986385
-
20-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPregunta
I had previously worked in Python and I had written a script that parses through the trace files (pcap files (or) packet-capture files) and I just read through the file and display the header information from information on the source and destination addresses and ports.
I am now trying to implement the same functionality by looking at the network flow, and not through the trace files. My aim is to develop a flow based IDS using python by looking at the network flow. Does this mean I should feed the results from the tcpdump and then parse that for information or is there a better way to do this ?
Are there any libraries that can help me with this ?
How do I need to approach this problem for real-time traffic analysis ?
Any help is appreciated. Thanks !
Solución
Read about SCAPY http://www.secdev.org/projects/scapy/
