IT20140816

parent 196c7035
import pyshark
import sqlite3
def create_database(pcap_file, db_file):
# Read the pcap file
pcap = pyshark.FileCapture(pcap_file)
# Connect to the SQLite database
conn = sqlite3.connect(db_file)
cursor = conn.cursor()
# Create a table to store the event flow information
cursor.execute('''CREATE TABLE IF NOT EXISTS event_flow
(source_ip TEXT, destination_ip TEXT)''')
# Iterate over the packets in the pcap file
for packet in pcap:
# Check if the packet has an IP layer
if 'IP' in packet:
ip_layer = packet['IP']
src_ip = ip_layer.src
dst_ip = ip_layer.dst
# Insert the event flow data into the table
cursor.execute("INSERT INTO event_flow VALUES (?, ?)", (src_ip, dst_ip))
# Commit the changes and close the database connection
conn.commit()
conn.close()
# Usage example
pcap_file = 'capture.pcap'
db_file = 'event_flow.db'
create_database(pcap_file, db_file)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment