def _iterpayload(self, path):
connection = utils.follow_tcp_stream(path)
for conn, frame in connection.iteritems():
for seq, content in frame.iteritems():
if content:
# Generate the content and 5-tuple
yield content, conn
else:
# Some packets have no payload
pass
def _iterpayload(self, path):
connection = utils.follow_tcp_stream(path)
for conn, frame in connection.iteritems():
for seq, content in frame.iteritems():
if content:
# Generate the content and 5-tuple
yield content, conn
else:
# Some packets have no payload
pass
def __iter__(self):
for dirPath, dirNames, fileNames in os.walk(self.path):
for f in fileNames:
if f.split('.')[1] == 'pcap':
self.pcap_list.append(os.path.join(dirPath, f))
else:
# Not a pcap file
pass
for p in self.pcap_list:
connection = utils.follow_tcp_stream(p)
for five_tuple, frame in connection.iteritems():
for seq, content in frame.iteritems():
if content:
# Generate the content and 5-tuple
self.content.append(content)
self.five_tuple.append(five_tuple)
else:
# Some packets have no payload
pass
return self
def __iter__(self):
for dirPath, dirNames, fileNames in os.walk(self.path):
for f in fileNames:
if f.split('.')[1] == 'pcap':
self.pcap_list.append(os.path.join(dirPath, f))
else:
# Not a pcap file
pass
for p in self.pcap_list:
connection = utils.follow_tcp_stream(p)
for five_tuple, frame in connection.iteritems():
for seq, content in frame.iteritems():
if content:
# Generate the content and 5-tuple
self.content.append(content)
self.five_tuple.append(five_tuple)
else:
# Some packets have no payload
pass
return self
def __iter__(self):
pcap_list = list()
for dirPath, dirNames, fileNames in os.walk(self.path):
for f in fileNames:
if f.endswith('.pcap'):
pcap_list.append(os.path.join(dirPath, f))
else:
# Not a pcap file
pass
if self.protocol == 'tcp':
for p in pcap_list:
connection = utils.follow_tcp_stream(p)
for five_tuple, frame in connection.iteritems():
for seq, content in frame.iteritems():
if content:
# Generate the content and 5-tuple
self.content.append(content)
self.five_tuple.append(five_tuple)
self.file_pointer.append(p.split('/')[-1])
else:
# Some packets have no payload
pass
logger.info("TCP Total Connections : %s",
str(len(set(self.five_tuple))))
elif self.protocol == 'udp':
for p in pcap_list:
connection = decoder.decode_dns_qd_name(p)
for five_tuple, qd_name_list in connection.iteritems():
self.content.append(qd_name_list)
self.five_tuple.append(five_tuple)
self.file_pointer.append(p.split('/')[-1])
logger.info("UDP Total Connections : %s",
str(len(set(self.five_tuple))))
else:
logger.info("Protocol %s are not implement", self.protocol)
logger.info("Total Pcap file: %s", str(len(set(pcap_list))))
return self
def __iter__(self):
pcap_list = list()
for dirPath, dirNames, fileNames in os.walk(self.path):
for f in fileNames:
if f.endswith('.pcap'):
pcap_list.append(os.path.join(dirPath, f))
else:
# Not a pcap file
pass
if self.protocol == 'tcp':
for p in pcap_list:
connection = utils.follow_tcp_stream(p)
for five_tuple, frame in connection.iteritems():
for seq, content in frame.iteritems():
if content:
# Generate the content and 5-tuple
self.content.append(content)
self.five_tuple.append(five_tuple)
self.file_pointer.append(p.split('/')[-1])
else:
# Some packets have no payload
pass
logger.info("TCP Total Connections : %s",
str(len(set(self.five_tuple))))
elif self.protocol == 'udp':
for p in pcap_list:
connection = decoder.decode_dns_qd_name(p)
for five_tuple, qd_name_list in connection.iteritems():
self.content.append(qd_name_list)
self.five_tuple.append(five_tuple)
self.file_pointer.append(p.split('/')[-1])
logger.info("UDP Total Connections : %s",
str(len(set(self.five_tuple))))
else:
logger.info("Protocol %s are not implement", self.protocol)
logger.info("Total Pcap file: %s", str(len(set(pcap_list))))
return self
parser = argparse.ArgumentParser(description='''This is a packet reconstruct
tool to help reconstruct
the packet payload.''')
parser.add_argument("-d", "--directory", type=str,
help="Specify a path which place pcap file")
args = parser.parse_args()
def get_pcap_list(path):
pcap_list = []
dirs = os.listdir(path)
dirs.sort()
for item in dirs:
# if item.split('.')[-1] == 'pcap':
pcap_list.append(item)
return pcap_list
if __name__ == '__main__':
pcap_list = get_pcap_list(args.directory)
for pcap in pcap_list:
save_path = './{log}/{path}/'.format(log=args.directory,
path=pcap)
pcap_path = './{log}/{path}/{path2}.pcap'.format(log=args.directory,
path=pcap, path2=pcap)
connection = utils.follow_tcp_stream(pcap_path)
utils.dump_tcp_stream_content(connection, save_path, True)
udp_connection = utils.follow_udp_stream(pcap_path)
utils.dump_udp_stream_content(udp_connection, save_path, True)
the packet payload.''')
parser.add_argument("-d",
"--directory",
type=str,
help="Specify a path which place pcap file")
args = parser.parse_args()
def get_pcap_list(path):
pcap_list = []
dirs = os.listdir(path)
dirs.sort()
for item in dirs:
# if item.split('.')[-1] == 'pcap':
pcap_list.append(item)
return pcap_list
if __name__ == '__main__':
pcap_list = get_pcap_list(args.directory)
for pcap in pcap_list:
save_path = './{log}/{path}/'.format(log=args.directory, path=pcap)
pcap_path = './{log}/{path}/{path2}.pcap'.format(log=args.directory,
path=pcap,
path2=pcap)
connection = utils.follow_tcp_stream(pcap_path)
utils.dump_tcp_stream_content(connection, save_path, True)
udp_connection = utils.follow_udp_stream(pcap_path)
utils.dump_udp_stream_content(udp_connection, save_path, True)
