NETCAP
OverviewGitHubHomepageGoDoc
Search…
v0.5
Overview
Audit Records
Specification
Installation
Quickstart
Configuration
Bash Completion
Packet Collection
Audit Record Labeling
HTTP Proxy
USB Capture
Payload Capture
Distributed Collection
Workers
Filtering and Export
Data Compression
Internals
Metrics
Resolvers
TLS Fingerprinting
Reassembly
Deep Packet Inspection
Live Capture
Maltego Integration
Logging
Packet Contexts
Industrial Control Systems
File Extraction
Email Extraction
Device Profiles
Python Integration
Changelog
Troubleshooting
Unit Tests
Extension
Downloads
Docker Containers
FAQ
Contributing
License
Powered By GitBook
Python Integration
Read Netcap Audit records from Python

Source Code

The Python library for interacting with netcap audit records has been published here:
GitHub - dreadl0ck/pynetcap: Access to NETCAP audit records from Python
GitHub

Usage

Read into python dictionary

Currently it is possible to retrieve the audit records as python dictionary:
1
#!/usr/bin/python
2
​
3
import pynetcap as nc
4
​
5
reader = nc.NCReader('pcaps/HTTP.ncap.gz')
6
​
7
reader.read(dataframe=False)
8
print("RECORDS:")
9
print(reader.records)
Copied!

Read into pandas dataframe

Retrieving the audit records as pandas dataframe:
1
#!/usr/bin/python
2
​
3
import pynetcap as nc
4
​
5
reader = nc.NCReader('pcaps/HTTP.ncap.gz')
6
​
7
reader.read(dataframe=True)
8
print("[INFO] completed reading the audit record file:", reader.filepath)
9
print("DATAFRAME:")
10
print(reader.df)
Copied!
Previous
Device Profiles
Next
Changelog
Last modified 3yr ago
Copy link
Contents
Source Code
Usage
Read into python dictionary
Read into pandas dataframe