taffy-dissect - dissect and count packet types within a pcap file¶
taffy-cache-info shows the details of a traffic-taffy cache file. When any of the tools are passed a -C flag, a cache file is written to speed future loading of pcap files. Normally this cache file is saved with a .taffy extension.
example usage¶
taffy-cache-info dns-traffic.pcap
===== dns-traffic.pcap ======
PCAP_DISSECTION_VERSION 7
file dns-traffic.pcap
parameters:
pcap_file dns-traffic.pcap
bin_size 1
dissector_level 10
pcap_filter None
maximum_count 0
ignore_list ['Ethernet.IP.TCP.chksum', 'Ethernet.IP.TCP.Padding.load', 'Ethernet.IP.TCP.seq', 'Ethernet.IP.ICMP.seq',
'Ethernet.IPv6.TCP.seq', 'Ethernet.IP.ICMP.chksum', 'Ethernet.IPv6.TCP.chksum', 'Ethernet.IP.TCP.DNS.id', 'Ethernet.IP.ICMP.id',
'Ethernet.IPv6.UDP.chksumEthernet.IPv6.fl', 'Ethernet.IPv6.TCP.ack', 'Ethernet.IPv6.UDP.DNS.id', 'Ethernet.IP.chksum', 'Ethernet.IP.id',
'Ethernet.IP.TCP.ack', 'Ethernet.IP.UDP.DNS.id', 'Ethernet.IP.UDP.chksum', 'Ethernet.IPv6.plen', 'Ethernet.IPv6.TCP.DNS.id']
data info:
timestamps: 83
first: 1567838478
last: 1567838559
Command Line Arguments¶
taffy-cache-info - CLI interface¶
Loads the cached data for a file to display the results about it.
taffy-cache-info [-h] [--log-level LOG_LEVEL] cache_file [cache_file ...]
taffy-cache-info positional arguments¶
cache_file- The cache file (or pcap file) to load and display information about (default:None)
taffy-cache-info options¶
--log-levelLOG_LEVEL,--llLOG_LEVEL- Define the logging verbosity level (debug, info, warning, error, fotal, critical). (default:info)
Example Usage: taffy-cache-info something.taffy