def pcapstream(request, task_id, conntuple):
src, sport, dst, dport, proto = conntuple.split(",")
sport, dport = int(sport), int(dport)
if enabledconf["mongodb"]:
conndata = results_db.analysis.find_one({ "info.id": int(task_id) },
{ "network.tcp": 1, "network.udp": 1, "network.sorted_pcap_id": 1 },
sort=[("_id", pymongo.DESCENDING)])
if enabledconf["elasticsearchdb"]:
conndata = es.search(
index="cuckoo-*",
doc_type="analysis",
q="info.id : \"%s\"" % task_id
)["hits"]["hits"][0]["_source"]
if not conndata:
return render_to_response("standalone_error.html",
{"error": "The specified analysis does not exist"},
context_instance=RequestContext(request))
try:
if proto == "udp": connlist = conndata["network"]["udp"]
else: connlist = conndata["network"]["tcp"]
conns = filter(lambda i: (i["sport"],i["dport"],i["src"],i["dst"]) == (sport,dport,src,dst),
connlist)
stream = conns[0]
offset = stream["offset"]
except:
return render_to_response("standalone_error.html",
{"error": "Could not find the requested stream"},
context_instance=RequestContext(request))
try:
if enabledconf["mongodb"]:
fobj = fs.get(conndata["network"]["sorted_pcap_id"])
# gridfs gridout has no fileno(), which is needed by dpkt pcap reader for NOTHING
setattr(fobj, "fileno", lambda: -1)
if enabledconf["elasticsearchdb"]:
# This will check if we have a sorted PCAP
test_pcap = conndata["network"]["sorted_pcap_sha256"]
# if we do, build out the path to it
pcap_path = os.path.join(CUCKOO_ROOT, "storage", "analyses",
task_id, "dump_sorted.pcap")
fobj = open(pcap_path, "r")
except Exception as e:
print str(e)
return render_to_response("standalone_error.html",
{"error": "The required sorted PCAP does not exist"},
context_instance=RequestContext(request))
packets = list(network.packets_for_stream(fobj, offset))
if enabledconf["elasticsearchdb"]:
fobj.close()
return HttpResponse(json.dumps(packets), content_type="application/json")
def pcapstream(request, task_id, conntuple):
"""Get packets from the task PCAP related to a certain connection.
This is possible because we sort the PCAP during processing and remember offsets for each stream.
"""
src, sport, dst, dport, proto = conntuple.split(",")
sport, dport = int(sport), int(dport)
conndata = results_db.analysis.find_one(
{
"info.id": int(task_id),
},
{
"network.tcp": 1,
"network.udp": 1,
"network.sorted_pcap_id": 1,
},
sort=[("_id", pymongo.DESCENDING)])
if not conndata:
return render_to_response(
"standalone_error.html",
{"error": "The specified analysis does not exist"},
context_instance=RequestContext(request))
try:
if proto == "udp":
connlist = conndata["network"]["udp"]
else:
connlist = conndata["network"]["tcp"]
conns = filter(lambda i: (i["sport"], i["dport"], i["src"], i["dst"]) == (sport, dport, src, dst), connlist)
stream = conns[0]
offset = stream["offset"]
except:
return render_to_response(
"standalone_error.html",
{"error": "Could not find the requested stream"},
context_instance=RequestContext(request))
try:
fobj = fs.get(conndata["network"]["sorted_pcap_id"])
# Gridfs gridout has no fileno(), which is needed by dpkt pcap reader for NOTHING.
setattr(fobj, "fileno", lambda: -1)
except:
return render_to_response(
"standalone_error.html",
{"error": "The required sorted PCAP does not exist"},
context_instance=RequestContext(request))
packets = list(network.packets_for_stream(fobj, offset))
# TODO: starting from django 1.7 we should use JsonResponse.
return HttpResponse(json.dumps(packets), content_type="application/json")
def pcapstream(request, task_id, conntuple):
"""Get packets from the task PCAP related to a certain connection.
This is possible because we sort the PCAP during processing and remember offsets for each stream.
"""
src, sport, dst, dport, proto = conntuple.split(",")
sport, dport = int(sport), int(dport)
conndata = results_db.analysis.find_one({
"info.id": int(task_id),
}, {
"network.tcp": 1,
"network.udp": 1,
"network.sorted_pcap_id": 1,
},
sort=[("_id", pymongo.DESCENDING)])
if not conndata:
return render_to_response(
"standalone_error.html",
{"error": "The specified analysis does not exist"},
context_instance=RequestContext(request))
try:
if proto == "udp":
connlist = conndata["network"]["udp"]
else:
connlist = conndata["network"]["tcp"]
conns = filter(
lambda i: (i["sport"], i["dport"], i["src"], i["dst"]) ==
(sport, dport, src, dst), connlist)
stream = conns[0]
offset = stream["offset"]
except:
return render_to_response(
"standalone_error.html",
{"error": "Could not find the requested stream"},
context_instance=RequestContext(request))
try:
fobj = fs.get(conndata["network"]["sorted_pcap_id"])
# Gridfs gridout has no fileno(), which is needed by dpkt pcap reader for NOTHING.
setattr(fobj, "fileno", lambda: -1)
except:
return render_to_response(
"standalone_error.html",
{"error": "The required sorted PCAP does not exist"},
context_instance=RequestContext(request))
packets = list(network.packets_for_stream(fobj, offset))
# TODO: starting from django 1.7 we should use JsonResponse.
return HttpResponse(json.dumps(packets), content_type="application/json")
def pcapstream(request, task_id, conntuple):
"""Get packets from the task PCAP related to a certain connection.
This is possible because we sort the PCAP during processing
and remember offsets for each stream.
"""
src, sport, dst, dport, proto = conntuple.split(",")
sport, dport = int(sport), int(dport)
conndata = results_db.analysis.find_one(
{
"info.id": int(task_id),
},
{
"network.tcp": 1,
"network.udp": 1,
"network.sorted_pcap_id": 1,
},
sort=[("_id", pymongo.DESCENDING)])
if not conndata:
return render(request, "standalone_error.html", {
"error": "The specified analysis does not exist",
})
try:
if proto == "udp":
connlist = conndata["network"]["udp"]
else:
connlist = conndata["network"]["tcp"]
conns = filter(lambda i:
(i["sport"],
i["dport"],
i["src"],
i["dst"]) == (sport, dport, src, dst), connlist)
stream = conns[0]
offset = stream["offset"]
except:
return render(request, "standalone_error.html", {
"error": "Could not find the requested stream",
})
try:
fobj = fs.get(conndata["network"]["sorted_pcap_id"])
setattr(fobj, "fileno", lambda: -1)
except:
return render(request, "standalone_error.html", {
"error": "The required sorted PCAP does not exist",
})
packets = list(network.packets_for_stream(fobj, offset))
return JsonResponse(packets, safe=False)
def pcapstream(request, task_id, conntuple):
"""Get packets from the task PCAP related to a certain connection.
This is possible because we sort the PCAP during processing
and remember offsets for each stream.
"""
src, sport, dst, dport, proto = conntuple.split(",")
sport, dport = int(sport), int(dport)
conndata = results_db.analysis.find_one({
"info.id": int(task_id),
}, {
"network.tcp": 1,
"network.udp": 1,
"network.sorted_pcap_id": 1,
},
sort=[("_id", pymongo.DESCENDING)])
if not conndata:
return render(request, "standalone_error.html", {
"error": "The specified analysis does not exist",
})
try:
if proto == "udp":
connlist = conndata["network"]["udp"]
else:
connlist = conndata["network"]["tcp"]
conns = filter(
lambda i: (i["sport"], i["dport"], i["src"], i["dst"]) ==
(sport, dport, src, dst), connlist)
stream = conns[0]
offset = stream["offset"]
except:
return render(request, "standalone_error.html", {
"error": "Could not find the requested stream",
})
try:
fobj = fs.get(conndata["network"]["sorted_pcap_id"])
setattr(fobj, "fileno", lambda: -1)
except:
return render(request, "standalone_error.html", {
"error": "The required sorted PCAP does not exist",
})
packets = list(network.packets_for_stream(fobj, offset))
return JsonResponse(packets, safe=False)
def pcapstream(request, task_id, conntuple):
src, sport, dst, dport, proto = conntuple.split(",")
sport, dport = int(sport), int(dport)
conndata = results_db.analysis.find_one({"info.id": int(task_id)}, {
"network.tcp": 1,
"network.udp": 1,
"network.sorted_pcap_id": 1
},
sort=[("_id", pymongo.DESCENDING)])
if not conndata:
return render_to_response(
"standalone_error.html",
{"error": "The specified analysis does not exist"},
context_instance=RequestContext(request))
try:
if proto == "udp": connlist = conndata["network"]["udp"]
else: connlist = conndata["network"]["tcp"]
conns = filter(
lambda i: (i["sport"], i["dport"], i["src"], i["dst"]) ==
(sport, dport, src, dst), connlist)
stream = conns[0]
offset = stream["offset"]
except:
return render_to_response(
"standalone_error.html",
{"error": "Could not find the requested stream"},
context_instance=RequestContext(request))
try:
fobj = fs.get(conndata["network"]["sorted_pcap_id"])
# gridfs gridout has no fileno(), which is needed by dpkt pcap reader for NOTHING
setattr(fobj, "fileno", lambda: -1)
except:
return render_to_response(
"standalone_error.html",
{"error": "The required sorted PCAP does not exist"},
context_instance=RequestContext(request))
packets = list(network.packets_for_stream(fobj, offset))
return HttpResponse(json.dumps(packets), content_type="application/json")
def pcapstream(request, task_id, conntuple):
src, sport, dst, dport, proto = conntuple.split(",")
sport, dport = int(sport), int(dport)
conndata = results_db.analysis.find_one({ "info.id": int(task_id) },
{ "network.tcp": 1, "network.udp": 1, "network.sorted_pcap_id": 1 },
sort=[("_id", pymongo.DESCENDING)])
if not conndata:
return render_to_response("standalone_error.html",
{"error": "The specified analysis does not exist"},
context_instance=RequestContext(request))
try:
if proto == "udp": connlist = conndata["network"]["udp"]
else: connlist = conndata["network"]["tcp"]
conns = filter(lambda i: (i["sport"],i["dport"],i["src"],i["dst"]) == (sport,dport,src,dst),
connlist)
stream = conns[0]
offset = stream["offset"]
except:
return render_to_response("standalone_error.html",
{"error": "Could not find the requested stream"},
context_instance=RequestContext(request))
try:
fobj = fs.get(conndata["network"]["sorted_pcap_id"])
# gridfs gridout has no fileno(), which is needed by dpkt pcap reader for NOTHING
setattr(fobj, "fileno", lambda: -1)
except:
return render_to_response("standalone_error.html",
{"error": "The required sorted PCAP does not exist"},
context_instance=RequestContext(request))
packets = list(network.packets_for_stream(fobj, offset))
return HttpResponse(json.dumps(packets), content_type="application/json")
