Ending my hiatus, I present you pkt2flow; it takes a PCAP-file and splits it up into it’s individual TCP- and UDP-streams. It’s not my original work, but I adapted it to compile on OSX. Also, Isotopp contributed a patch for the SConstruct file to make it work with homebrew. I’m currently planning a portfile for MacPorts and are also thinking of extending the functionality so that it also works with .1q tagged frames in the PCAP.

Grab it at https://github.com/yalla/pkt2flow until the original author accepted my pull-request if you’re interested in building it for OSX.

Also I spend my time mostly on Google+ nowadays, but I plan to revive this whole thing here with more in-deep articles not suitable for Google+.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: