Download Latest Version
dedup.pl (1.3 kB)
Get an email when there's a new version of pcap-dedup
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| readme-0.1.txt | 2011-02-27 | 1.2 kB | |
| dedup.exe | 2011-02-27 | 1.5 MB | |
| dedup.pl | 2011-02-27 | 1.3 kB | |
| Totals: 3 Items | 1.5 MB | 0 |
Over the last 10 years I've written this perl script at least 3 times. I uploaded to Sourceforge so I never have to write it again. This tool is meant to do just one thing: remove duplicate IP packets in PCAP files. It keeps track of all flows (src->dst) and up to the last 10 IP IDs. If it sees a duplicate IP ID, the packet is not kept. Pretty simple, but makes life a lot easier if you end up looking through captures a lot that have duplicated packets due to port mirroring, taps, etc. There are easy ways to do this if you know for sure that every single packet is duplicated once using wireshark filters. But, more often I have found that some flows are duplicated once, some twice, and some not at all. This tool is meant to fix that problem. I have included a perl script and also an executable that I created with perl2exe for my peers that don't mess with perl and don't want to install the perl interpreter and required libraries. pcap-dedup.pl requirements - The NetPacket module is required - usage ./pcap-dedup.pl (source filename) (destination filename) pcap-dedup.exe requirements - No modules required - usage pcap-dedup.exe (source filename) (destination filename)