From: <ma...@us...> - 2012-02-13 10:45:37
|
Revision: 1319 http://scstudio.svn.sourceforge.net/scstudio/?rev=1319&view=rev Author: madzin Date: 2012-02-13 10:45:31 +0000 (Mon, 13 Feb 2012) Log Message: ----------- Add pcap2z120 short tutorial with example Added Paths: ----------- trunk/tools/pcap2z120/examples/ trunk/tools/pcap2z120/examples/README trunk/tools/pcap2z120/examples/example1.pcap Added: trunk/tools/pcap2z120/examples/README =================================================================== --- trunk/tools/pcap2z120/examples/README (rev 0) +++ trunk/tools/pcap2z120/examples/README 2012-02-13 10:45:31 UTC (rev 1319) @@ -0,0 +1,46 @@ +Following text is a tutorial how to work with pcap2z120 script. +All presented examples were tested at machine with Linux 3.0.0-14, TShark 1.6.2 +and SCStudio svn revision 1318. + +The usege: +python ../pcap2z120.py [pcap file with a trafic] [tshark filter options] + + +At the following example, we use a example1.pcap (captured by Wireshark) file and we would be interested only in http protocol. + +$ python ../pcap2z120.py example1.pcap http +Warning: Message lable violates Z120 recomendation. The label includes special symbol, e.g. space, ?, /, (, &, etc. +mscdocument FILE; +msc traffic; +147.251.54.181: instance; +209.85.148.105: instance; +199.7.51.72: instance; +147.251.54.181: out 'HTTP 1006 GET / HTTP/1.1',0 to 209.85.148.105; +209.85.148.105: in 'HTTP 1006 GET / HTTP/1.1',0 from 147.251.54.181; +209.85.148.105: out 'HTTP 540 HTTP/1.1 302 Found (text/html)',1 to 147.251.54.181; +147.251.54.181: in 'HTTP 540 HTTP/1.1 302 Found (text/html)',1 from 209.85.148.105; +147.251.54.181: out 'OCSP 574 Request',2 to 199.7.51.72; +199.7.51.72: in 'OCSP 574 Request',2 from 147.251.54.181; +199.7.51.72: out 'OCSP 1491 Response',3 to 147.251.54.181; +147.251.54.181: in 'OCSP 1491 Response',3 from 199.7.51.72; +147.251.54.181: endinstance; +209.85.148.105: endinstance; +199.7.51.72: endinstance; +endmsc; + + +To get compatible textual MSC file with SCStudio, use command + +$ python ../pcap2z120.py example1.pcap http > scstudio_import_file.mpr +Warning: Message lable violates Z120 recomendation. The label includes special symbol, e.g. space, ?, /, (, &, etc. + +The script prints a Warning to stderr but the file scstudio_import_file.mpr contains a MSC diagram +which could be easily imported into SCStudio. + +In case you do not want to use any filter, set filter to "" (not working in Windows) + +$ python ../pcap2z120.py example1.pcap "" + +Another filter examples: +all messages where source IP addres is 147.251.54.181 -- $ python ../pcap2z120.py example1.pcap "ip.src==147.251.54.181" +interested in http protocol and only messages where source IP addres is 147.251.54.181 -- $ python ../pcap2z120.py example1.pcap "ip.src==147.251.54.181 && http" Added: trunk/tools/pcap2z120/examples/example1.pcap =================================================================== (Binary files differ) Property changes on: trunk/tools/pcap2z120/examples/example1.pcap ___________________________________________________________________ Added: svn:mime-type + application/octet-stream This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |