# tzsptap2pcap **Repository Path**: yunsangc/tzsptap2pcap ## Basic Information - **Project Name**: tzsptap2pcap - **Description**: 功能: 1、创建UDP 终端,绑定本地IP和端口号 2、通过libev io 循环接收来自外部设备发来的TZSP数据 3、根据接收数据区分外部设备,并在$pcap_path中创建以设备IP为名称的目录,如:/pcap_files/192.168.10.244 4、创建以设备IP为名称的"数据处理模块",循环解析TZSP数据包、转换成pcap格式并保存至最终文件 - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 1 - **Created**: 2025-04-23 - **Last Updated**: 2026-01-04 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # tzsptap2pcap A small tool receiving [TZSP](https://en.wikipedia.org/wiki/TZSP) encapsulated data and forwarding it to a local tap interface. Very usefull for IDS systems. ## build On linux simply do: ``` cmake . && make ``` ## run To run the tool check the usage: ``` # ./tzsptap2pcap --help Usage: tzsp2pcap [OPTION]... --help Print help and exit -V, --version Print version and exit -c, --config=STRING config files (default=`/etc/tzsp2pcap.cfg') --log_conf=STRING log config files --pcap_path=STRING directory of packet capture file (default=`/data2/captcha_files') --process_name=STRING the proccess name that will be changed to --pcap_file_size=STRING The size of single file.(eg:1000KB、10MB、1GB) (default=`1GB') --tzsp_bind_ip=STRING bind local IP addr to receive UDP TZSP package (default=`0.0.0.0') --tzsp_bind_port=INT bind local port to receive UDP TZSP package (default=`37008') --shark_bind_ip=STRING bind local IP addr to receive shark package (default=`0.0.0.0') --shark_bind_port=INT bind local port to receive shark package (default=`37010') --shark_type=INT shark package trance type 1-TCP, 2-UDP, other-UDP (default=`2') -h, --host=STRING host (default=`172.17.0.1') -p, --port=INT port (default=`1883') --keepalive=INT keepalive (default=`60') -q, --qos=INT qos class (default=`0') --subqos=INT sub qos class (default=`0') -i, --id=STRING id --clean_session clean session (default=on) -t, --topic=STRING topic --subtopic=STRING subtopic --insecure insecure (default=on) --username=STRING username --password=STRING password --cafile=STRING cafile --cert=STRING cert --key=STRING key --keypassword=STRING key password --willpayload=STRING will payload --willqos=INT will qos (default=`0') --willretain=INT will retain (default=`0') --willtopic=STRING will topic -d, --debug=INT debug level (default=`4') --daemon daemon mode (default=off) ``` ## MQTT 指令下发与解析 ###开启接收 指令下发: { "op" : "start" } #指令回应: #正常回应: { "desc" : "Start to recv TZSP and shark pkg and save file!", "op" : "start", "result" : "0" } #重复开启: { "desc" : "Start failed, another package capture is performed!", "op" : "start", "result" : "-1" } ###关闭接收 指令下发: { "op" : "stop" } #指令回应: #正常回应: { "devices" : [ { "files" : [ { "count" : "10", "path" : "/data2/captcha_files/PCAP/10.0.0.139/2025-06-18-11/11-32-57.pcap", "size" : "49312" } ], "files_count" : "1", "ipaddr" : "10.0.0.139", "pkg_type" : "SHARK" }, { "files" : [], "files_count" : "0", "ipaddr" : "10.0.0.2", "pkg_type" : "SHARK" } ], "op" : "stop", "desc" : "Stop recv PKG!", "result" : "0" } #重复关闭 { "desc" : "Stop failed, Didn't start!", "op" : "stop", "result" : "-1" } ###状态查询 指令下发: { "op" : "state" } #指令回应: #已开启无连接无数据时返回 { "desc" : "Started!", "device_count" : "0", "devices" : [], "op" : "state", "state" : "1" } #已开启有链接但没有数据时返回 { "desc" : "Started!", "device_count" : "1", "devices" : [ { "files" : [], "files_count" : "0", "ipaddr" : "10.0.0.2", "pkg_type" : "SHARK" } ], "op" : "state", "state" : "1" } #已开启并有数据传输时的数据返回 { "desc" : "Started!", "device_count" : "2", "devices" : [ { "files" : [ { "count" : "3", "path" : "/data2/captcha_files/PCAP/10.0.0.139/2025-06-18-11/11-32-57.pcap", "size" : "12336" } ], "files_count" : "1", "ipaddr" : "10.0.0.139", "pkg_type" : "SHARK" }, { "files" : [], "files_count" : "0", "ipaddr" : "10.0.0.2", "pkg_type" : "SHARK" } ], "op" : "state", "state" : "1" } #空闲时候返回 { "desc" : "Not Start!", "op" : "state", "state" : "2" }