def start_wireshark_capture(self,
capture_filter="",
prefix="ATT",
file_path="default"):
"""
功能描述: 开始当前网卡设备的抓包
参数:\n
capture_filter: 抓包过滤器表达式,不下发表示抓取所有包\n
perfix: 保存抓包文件的前缀\n
file_path: 保存抓包文件的路径\n
"""
if not self.wireshark_install_path:
self.wireshark_install_path = self._get_default_install_path()
str_data = u"开始启动抓包服务器……"
log.user_info(str_data)
ret = WIRESHARK_SUCCESS
capture_filter = self._check_input_str_unicode(capture_filter)
file_path = (prefix, file_path) # 将文件前缀及文件路径保存在一个字典中
popen_stdout_name = "%s_popen_stdout.txt" % attcommonfun.get_time_stamp(
)
popen_stdout_path = join(ATTROBOT_TEMP_FILE_PAHT, popen_stdout_name)
temp_packet_file_name = "%s_wireshark.pcap" % attcommonfun.get_time_stamp(
)
temp_packet_file_path = join(ATTROBOT_TEMP_FILE_PAHT,
temp_packet_file_name)
if capture_filter:
try:
t = capture_filter.encode("ASCII")
except Exception:
log_info = u"capture_filter参数输入错误,目前只支持ASCII码字符"
raise RuntimeError(log_info)
cmd = '"%s\\Tshark.exe" -i "%s" -f "%s" -w "%s" ' % (
self.wireshark_install_path, self.device_id, capture_filter,
temp_packet_file_path)
else:
cmd = '"%s\\Tshark.exe" -i "%s" -w "%s"' % (
self.wireshark_install_path, self.device_id,
temp_packet_file_path)
try:
with open(popen_stdout_path, "w") as obj_file:
popen = subprocess.Popen(cmd,
stdout=obj_file,
stderr=obj_file,
shell=True)
except Exception, e:
ret = WIRESHARK_FAIL
ret_data = u"启动抓包服务器失败,失败原因:%s" % e
def get_wireshark_flag_pid(self, pcap_file):
"""
功能描述: 获取已抓到数据报文flag_pid
参数:\n
pcap_file: 已抓到数据报文的路径\n
"""
if not self.wireshark_install_path:
self.wireshark_install_path = self._get_default_install_path()
ret = WIRESHARK_SUCCESS
popen_stdout_name = "%s_popen_stdout.txt" % attcommonfun.get_time_stamp(
)
popen_stdout_path = join(ATTROBOT_TEMP_FILE_PAHT, popen_stdout_name)
temp_packet_file_path = self._check_extension(pcap_file)
file_path = os.path.split(temp_packet_file_path)[0]
cmd = '"%s\\Tshark.exe" -r "%s" -c 10 ' % (self.wireshark_install_path,
temp_packet_file_path)
try:
with open(popen_stdout_path, "w") as obj_file:
popen = subprocess.Popen(cmd,
stdout=obj_file,
stderr=obj_file,
shell=True)
except Exception, e:
ret = WIRESHARK_FAIL
ret_data = u"启动抓包服务器失败,失败原因:%s" % e
def _creat_xml_packet_file(self, pcap_file, read_filter=""):
"""
函数功能:根据抓到的pcap文件,生成xml格式的数据文件
参数:
pcap_file 抓包生成的pcap文件路径
read_filter 读取过滤器
返回值:
xml_file_path 生成的xml文件路径
"""
temp_xml_file_name = "%s_temp_wireshark.xml" % attcommonfun.get_time_stamp(
)
temp_xml_file_path = os.path.join(ATTROBOT_TEMP_FILE_PAHT,
temp_xml_file_name)
if os.path.exists(temp_xml_file_path):
os.remove(temp_xml_file_path)
if read_filter:
if self.flag_version == 1:
cmd = '"%s\\tshark.exe" -r "%s" -Y "%s" -T "%s" -V>"%s"' % (
self.tshark_install_path, pcap_file, read_filter, "pdml",
temp_xml_file_path)
else:
cmd = '"%s\\tshark.exe" -r "%s" -R "%s" -T "%s" -V>"%s"' % (
self.tshark_install_path, pcap_file, read_filter, "pdml",
temp_xml_file_path)
else:
cmd = '"%s\\tshark.exe" -r "%s" -T "%s" -V>"%s"' % (
self.tshark_install_path, pcap_file, "pdml",
temp_xml_file_path)
self._run_cmd(cmd)
return temp_xml_file_path
def _creat_new_pcap_file(self, pcap_file_path, read_filter=""):
"""
函数功能:通过tshark.exe在原pcap的基础上生成新的pcap文件
参数:
read_filter 读过滤器
返回:
file_path 经过过滤后的pcap文件路径
"""
new_pcap_file_name = "%s_new_wireshark.pcap" % attcommonfun.get_time_stamp(
)
new_pcap_file_path = os.path.join(ATTROBOT_TEMP_FILE_PAHT,
new_pcap_file_name)
if read_filter:
if self.flag_version == 1:
cmd = '"%s\\tshark.exe" -r "%s" -Y "%s" -w "%s"' % (
self.tshark_install_path, pcap_file_path, read_filter,
new_pcap_file_path)
else:
cmd = '"%s\\tshark.exe" -r "%s" -R "%s" -w "%s"' % (
self.tshark_install_path, pcap_file_path, read_filter,
new_pcap_file_path)
else:
cmd = '"%s\\tshark.exe" -r "%s" -w "%s"' % (
self.tshark_install_path, pcap_file_path, new_pcap_file_path)
self._run_cmd(cmd)
return new_pcap_file_path
def _run_cmd(self, cmd):
"""
函数功能:运行cmd进程
参数:
cmd cmd命令
返回值:无
"""
err_data = ""
if cmd:
popen_stdout_name = "%s_popen_stdout.txt" % attcommonfun.get_time_stamp(
)
popen_stdout_path = os.path.join(ATTROBOT_TEMP_FILE_PAHT,
popen_stdout_name)
try:
with open(popen_stdout_path, "w") as obj_file:
popen = subprocess.Popen(cmd,
stdout=obj_file,
stderr=obj_file,
shell=True)
# 判断经常是否运行完毕
self._check_popen_run_over(popen)
# 判断多进程是否执行成功
self._check_popen_succeed(popen_stdout_path)
except Exception, e:
# 针对异常中给出cmd命令中包含中文的错误信息!
if hasattr(e, "start") and hasattr(e, "end"):
err_data = u"运行cmd命令失败,失败原因:参数 %s 非法(%s)!" % (
cmd[e.start:e.end], e)
else:
err_data = u"运行cmd命令失败,失败原因:%s" % e
try:
with open(popen_stdout_path, "w") as obj_file:
popen = subprocess.Popen(cmd,
stdout=obj_file,
stderr=obj_file,
shell=True)
except Exception, e:
ret = WIRESHARK_FAIL
ret_data = u"启动抓包服务器失败,失败原因:%s" % e
else:
ret, ret_data = self._check_start(popen, popen_stdout_path,
temp_packet_file_path)
if ret == WIRESHARK_SUCCESS:
log.user_info(ret_data)
flag_pid = "%s_%s" % (attcommonfun.get_time_stamp(), popen.pid)
# 储存改抓包的数据,以便后续使用
dict_data = {}
dict_data["popen"] = popen
dict_data["file_path"] = file_path
dict_data["temp_packet_file_path"] = temp_packet_file_path
dict_data["popen_stdout_path"] = popen_stdout_path
self.dict_process_obj.update({flag_pid: dict_data})
cmd_pid_with_tshark_path = os.path.join(ATTROBOT_TEMP_FILE_PAHT,
"cmd_pid_with_tshark.txt")
try:
with open(cmd_pid_with_tshark_path, "a+") as file_obj:
file_obj.write("%s\n" % popen.pid)