Skip to content

Latest commit

 

History

History

pcap

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
pcap2Ts.py
pcap2Ts.py
 
 
pcap2csv.sh
pcap2csv.sh
 
 
requirements.txt
requirements.txt
 
 

README.md

Ingest PCAP data to Timesketch

made-with-python made-with-bash

Following scripts can assist you with converting PCAPs to CSV and then get them transformed into new CSVs which can be ingested into Google's Timesketch platform. These were tested on Ubuntu 20.04 LTS.

Prerequisites

PCAP to CSV conversion is carried out using Tshark
Pandas Python package is required

Information

pip install -r requirements.txt
pcap2csv.sh - Bulk converts PCAPs in a folder to CSVs. Data extracted from the PCAP is restricted to fields that are of use.

chmod a+x pcap2csv.sh <br/>
./pcap2csv.sh <br/>

pcap2Ts.py - Bulk processes CSVs generated from pcap2csv.sh and generates new CSVs that can be ingested directly into Timesketch.

chmod a+x pcap2Ts.py <br/>
./pcap2Ts.py --path PATHTOYOURCSVs <br/>