My new tool simple_tcp_stats.py is a Python program that reads pcap files and produces simple statistics for each TCP connection.
For the moment, it calculates the entropy of the data (without packet reassembling) of each TCP connection (both directions) and reports this with a CSV file:
ConnectionID;head;Size;Entropy
192.168.10.10:50236-96.126.103.196:80;’GET ‘;364;5.42858024035
192.168.10.10:50235-96.126.103.196:80;’GET ‘;426;5.46464090792
96.126.103.196:80-192.168.10.10:50235;’HTTP’;3308;6.06151478505
96.126.103.196:80-192.168.10.10:50236;’HTTP’;493;6.73520107812
simple_tcp_stats_V0_0_1.zip (https)
MD5: 606DB4208BBC5908D9F32A68DDF90AC6
SHA256: 68B275C58736AE450D23BEA82CC1592936E541E00726D8ED95F5CA8ACB02B7CE
Didier Stevens 
[…] New Tool: simple_tcp_stats.py […]
Pingback by Overview of Content Published in October | Didier Stevens — Friday 1 November 2019 @ 0:00