Clarification of tshark usage

This commit is contained in:
Alexandre Dulaunoy 2015-01-11 00:03:36 +01:00
parent 411e39b501
commit 3a5ac67b8b

View file

@ -32,6 +32,12 @@ cd capture
ls -1 . | parallel --gnu "cat {1} | tshark -E header=yes -E separator=, -Tfields -e http.server -r {1} | python ./bin/import.py -f {1} " ls -1 . | parallel --gnu "cat {1} | tshark -E header=yes -E separator=, -Tfields -e http.server -r {1} | python ./bin/import.py -f {1} "
``` ```
You can add additional attributes like any fields from the dissectors available within tshark (tshark -G fields). You can add additional fields in the command above. This will update the redis data structure. Then when you have enough attributes, you can dump a graph out of the relationships between the attributes and the malware packet captures.
```shell
python ./bin/graph.py
```
## Redis data structure ## Redis data structure
![An overview of the Redis data structure used in MalwareClassifier](https://raw.github.com/adulau/MalwareClassifier/master/doc/redis-datastruct.png) ![An overview of the Redis data structure used in MalwareClassifier](https://raw.github.com/adulau/MalwareClassifier/master/doc/redis-datastruct.png)