Skip to content

The Output

Jump to bottom
Srinivas P G edited this page May 18, 2019 · 2 revisions

Traffic/Filter Image

  • Each image visualized through PcapXray is also saved as a png file in the Report directory.
  • Image name having the type of traffic and filter settings ==>
<pcap-filename>_<traffic-chosen>_<filter-from>_<filter-to>.png

Packet Details

  • Packet details are stored in file <pcap-filename>_packet_details.txt
  • Packet details are stored specific to the STREAM as the key ==> FROM-IP/TO-IP/PORT
  • Structure of each stream data has
{
FROM-IP/TO-IP/PORT: { # Stream Name
  Ethernet: { # Mac address 
     dst: "...",
     src: "..."
  },
  Payload: { # Payload if present 
     forward: ["...", "...", "..." ],
     reverse: ["...", "...", "..." ]
  }
 }
}

Device Details

  • Device details (LAN) are stored in <pcap-filename>_device_details.txt
  • Data Structure
deviceDetails: {
  < mac-address >: {
    "device_vendor": "...",
    "ip": "...",
    "node": "...",
    "vendor_address": [
      "...",
      "...",
      "..."
    ]
  }
}

Communication Details

  • Device details (LAN) are stored in <pcap-filename>_communication_details.txt
  • Data Structure
Destination DNS:
{ ip: 
   {
    mac: "...",
    domain_name: "..."
   }, 
   ...
} 
 
# Malicious
Malicious Traffic: [<Destination DNS Nodes>]

# Tor
Tor Nodes: [..., ..., ..., ...] # Tor Nodes ( node 1 ) details from consensus
Tor Traffic: [<Destination DNS Nodes>]

Lan Hosts: Similar to device details
Clone this wiki locally