[netsa-tools-discuss] Where are the entropy fields in the rw files?
Richard Graham
rickhg12hs at gmail.com
Fri Jan 7 21:02:15 EST 2022
Hello,
After recompiling yaf so that it has the entropy capability, I don't
know how to find it in the resulting rw files.
I produced the rw file with:
rwp2yaf2silk --in=./CTU-13-Dataset-pcaps.txt
--out=./SiLK_Data/CTU-13-Dataset/botnet-capture.rw
--yaf-args="--caplist --max-payload 1000 --udp-payload
--force-read-all --mac --flow-stats --metadata-export --applabel
--ndpi --plugin-name=/usr/local/lib/yaf/dpacketplugin.la,/usr/local/lib/yaf/dhcp_fp_plugin.la
--entropy --log SiLK_Data/CTU-13-Dataset/yaf.log --verbose --p0fprint"
--rwipfix2silk-args="--log-destination=SiLK_Data/CTU-13-Dataset/rwipfix2silk.log
--log-flags=all"
The command completes without error, but I'm not sure how to specify
the entropy field for rwstats, etc. Looking at the records with
python, I don't see the entropy field.
Is the entropy field in the rw file? How do I access it?
Thanks and regards,
R
More information about the netsa-tools-discuss
mailing list