Tools: add README to pcap2flow tool

Lukas955 · Lukas955 · commit 806a1f9ce506 · 2019-07-23T10:48:36.000+02:00
diff --git a/src/tools/pcap2flow/README.rst b/src/tools/pcap2flow/README.rst
@@ -0,0 +1,61 @@
+pcap2flow
+=========
+
+Simple tool for extracting NetFlow v5/v9 and IPFIX packets from a PCAP file and
+exporting them to a collector.
+
+The PCAP file can contain capture of multiple sessions between exporters and
+one or more collectors. To preserve original Transport Sessions (and avoid
+mixing packets together), the tool creates a new independent session to the
+newly specified collector for each original TS.
+
+All non-flow packets in the file are automatically ignored.
+
+Dependencies
+------------
+
+- python3
+- `python3-scapy <pypi.org/project/scapy/>`_
+
+Parameters
+----------
+
+:``-h``:
+    Show help message and exit
+:``-i FILE``:
+    PCAP file with NetFlow/IPFIX packets
+:``-d ADDR``:
+    Destination IP address or hostname (default: 127.0.0.1)
+:``-p PORT``:
+    Destination port number (default: 4739)
+:``-t TYPE``:
+    Connection type (options: TCP/UDP, default: UDP)
+:``-4``:
+    Force the tool to send flows to an IPv4 address only
+:``-6``:
+    Force the tool to send flows to an IPv6 address only
+:``-v``:
+    Increase verbosity
+
+Examples
+--------
+
+Replay packets over UDP to a collector listening on localhost (port 4739):
+
+.. code:: bash
+
+    ./pcap2flow -i data.pcap
+
+Replay packets over TCP to a collector on example.org (port 3000):
+
+.. code:: bash
+
+    ./pcap2flow -i data.pcap -d example.org -p 3000 -t TCP
+
+Note
+----
+
+The only purpose of this tool is to test the collector and its plugins on
+previously captured flow packets. Performance of the tool is not ideal and it's
+not itendent to be used in producion environment.
+
diff --git a/src/tools/pcap2flow/pcap2flow.py b/src/tools/pcap2flow/pcap2flow.py
@@ -180,7 +180,7 @@ def arg_check_port(value):
         description="Simple tool for replaying NetFlow v5/v9 and IPFIX packets to a collector.",
     )
     parser.add_argument("-i", dest="file",    help="PCAP with NetFlow/IPFIX packets", required=True)
-    parser.add_argument("-d", dest="addr",    help="Destination IP address (default: %(default)s)",
+    parser.add_argument("-d", dest="addr",    help="Destination IP address or hostname (default: %(default)s)",
         default="127.0.0.1")
     parser.add_argument("-p", dest="port",    help="Destination port number (default: %(default)d)",
         default=4739, type=arg_check_port)

Original file line number	Diff line number	Diff line change
`@@ -180,7 +180,7 @@ def arg_check_port(value):`
`180`	`180`	`description="Simple tool for replaying NetFlow v5/v9 and IPFIX packets to a collector.",`
`181`	`181`	`)`
`182`	`182`	`parser.add_argument("-i", dest="file", help="PCAP with NetFlow/IPFIX packets", required=True)`
`183`		`- parser.add_argument("-d", dest="addr", help="Destination IP address (default: %(default)s)",`
	`183`	`+ parser.add_argument("-d", dest="addr", help="Destination IP address or hostname (default: %(default)s)",`
`184`	`184`	`default="127.0.0.1")`
`185`	`185`	`parser.add_argument("-p", dest="port", help="Destination port number (default: %(default)d)",`
`186`	`186`	`default=4739, type=arg_check_port)`