trafficdatasetmaker Documentation

Overview

trafficdatasetmaker is a tool that generates a set of useful datasets from raw network packet capture files.

First, it uses the pcap2csv utility to extract all header fields for all packets seen in the capture and then and does additional processing to classify packets into applications, extract PDUs, identify user sessions, connection clusters and connection pools. It finally saves datasets for packets, PDUs and L4 sessions as CSV files in the given output directory.

The application installs 2 new command line utilities.

trafficdatasetmaker is the main dataset extraction application. It does the extraction of input trace file (pcap or csv file) to create a dataset with all relevant fields for traffic modelling.

trafficdatesetmodifier is an additional utility for making modifications to an existing trafficdatasetmaker output dataset.

Note

This application supports extraction of packet ethernet, IPv4, IPv6, TCP and UDP headers. It skips non-ethernet packets, and it will perform only ethernet processing for packets that are not IPv4/IPv6 etc,.