This tool aims to resolve a segmentation fault behavior generated by nPrint (present until version 1.2.1) when nPrint files are converted back to PCAP.
Requirements
- nPrint 1.2.1 (at least)
- Scapy (tested on Scapy 2.5)
- Python 3 (tested on Python 3.11.7)
- Pandas (tested on Pandas 2.1.4)
This error may (or may not) occur with different nprint files.
For instance, it does happens with port80.pcap file if we try to rebuild it into a PCAP file, but it does not happen to port443.pcap.
Currently, our tool supports the following protocols and cases:
- IPv4/TCP
- IPv4/UDP
Note: if your input nPrint file contains the flag -e, we parse the Ethernet protocol fields with the columns containing eth_. Otherwise, MAC addresses are uniquely assigned to each IP throughout the file.
In addition, the checksum is optional. This happens because there is no need to recalculate if the input nPrint file has the correct checksums (for example, IPv4, TCP, UDP). If you want to use the following flags individually (or together):
-4or--checksum-ipv4to calculate the IPv4 checksum-tor--checksum-tcpto calculate the TCP checksum-uor--checksum-udpto calculate the UDP checksum-vor--verify-nprintto verify and correct malformed columns: (i) ...,0,-1,0, ...,0,-1,1, ...,1,-1,0, and/or ...,1,-1,1cases; (ii) correct IPv4 type; (iii) correct IPv4/TCP/UDP total length, and other fields. NOTE: Some functions were adapted from NetDiffusion reconstructions script-oor--outputthe PCAP filename to be generated is mandatory after this flag - e.g., python nPrint2PCAP... -o .pcap
Usage:
python nPrint2PCAP_scapy_version.py -n examples/<filename>.npt -o <filename>.pcap -u -t -4 -v