def get_tcpconn(infile): pcap_file = parse_pcap_file(infile) conn_dict = OrderedDict() conn_sorted = [] for tcp_pac in packet_parser.read_tcp_packet(pcap_file): key = tcp_pac.gen_key() # we already have this conn if key in conn_dict: conn_dict[key].on_packet(tcp_pac) # conn closed. if conn_dict[key].closed(): del conn_dict[key] # begin tcp connection. elif tcp_pac.syn and not tcp_pac.ack: conn_dict[key] = TcpConnection(tcp_pac) conn_sorted.append(conn_dict[key]) elif utils.is_request(tcp_pac.body): # tcp init before capture, we start from a possible http request header. conn_dict[key] = TcpConnection(tcp_pac) conn_sorted.append(conn_dict[key]) return conn_sorted
def parse_pcap_file(file_path): """pcap parser. parse a pcap file to get a list :class:`TcpPacket` objects Args: file_path (str): address of the Pcap file that is ready to be parsed Returns: list of :class:TcpPacket of found conversations in the Pcap file Raises: :class:FileParsingException if either file format were not recognized or file was not found """ conn_dict = OrderedDict() all_packets = [] try: with io.open(file_path, "rb") as infile: file_format, head = get_file_format(infile) if file_format == FileFormat.PCAP: pcap_file = pcap.PcapFile(infile, head).read_packet elif file_format == FileFormat.PCAP_NG: pcap_file = pcapng.PcapngFile(infile, head).read_packet else: FileParsingException("unknown file format.") for tcp_pac in packet_parser.read_tcp_packet(pcap_file): key = tcp_pac.gen_key() # we already have this conn if key in conn_dict: url = conn_dict[key].on_packet(tcp_pac) if url is not None: packet = TcpPacket() packet.request = url splited = str(key).split('-') packet.sourceHost = splited[0].split(':')[0] packet.destinationHost = splited[1].split(':')[0] packet.sourcePort = splited[0].split(':')[1] packet.destinationPort = splited[1].split(':')[1] all_packets.append(packet) # conn closed. if conn_dict[key].closed(): conn_dict[key].finish() del conn_dict[key] # begin tcp connection. elif tcp_pac.syn and not tcp_pac.ack: conn_dict[key] = TcpConnection(tcp_pac) elif utils.is_request(tcp_pac.body): # tcp init before capture, we start from a possible http request header. conn_dict[key] = TcpConnection(tcp_pac) except (FileNotFoundError, FileParsingException): raise FileParsingException("parse_pcap failed to parse " + str(file_path)) # finish connection which not close yet for conn in conn_dict.values(): conn.finish() return all_packets
def parse_pcap_file(file_path): """pcap parser. parse a pcap file to get a list :class:`TcpPacket` objects Args: file_path (str): address of the Pcap file that is ready to be parsed Returns: list of :class:TcpPacket of found conversations in the Pcap file Raises: :class:FileParsingException if either file format were not recognized or file was not found """ conn_dict = OrderedDict() all_packets = [] try: with io.open(file_path, "rb") as infile: file_format, head = get_file_format(infile) if file_format == FileFormat.PCAP: pcap_file = pcap.PcapFile(infile, head).read_packet elif file_format == FileFormat.PCAP_NG: pcap_file = pcapng.PcapngFile(infile, head).read_packet else: FileParsingException("unknown file format.") for tcp_pac in packet_parser.read_tcp_packet(pcap_file): key = tcp_pac.gen_key() # we already have this conn if key in conn_dict: url = conn_dict[key].on_packet(tcp_pac) if url is not None: packet = TcpPacket() packet.request = url splited = str(key).split('-') packet.sourceHost = splited[0].split(':')[0] packet.destinationHost = splited[1].split(':')[0] packet.sourcePort = splited[0].split(':')[1] packet.destinationPort = splited[1].split(':')[1] all_packets.append(packet) # conn closed. if conn_dict[key].closed(): conn_dict[key].finish() del conn_dict[key] # begin tcp connection. elif tcp_pac.syn and not tcp_pac.ack: conn_dict[key] = TcpConnection(tcp_pac) elif utils.is_request(tcp_pac.body): # tcp init before capture, we start from a possible http request header. conn_dict[key] = TcpConnection(tcp_pac) except (FileNotFoundError, FileParsingException): raise FileParsingException("parse_pcap failed to parse " + str( file_path)) # finish connection which not close yet for conn in conn_dict.values(): conn.finish() return all_packets
def parse_pcap_file(infile): """ :type infile:file """ conn_dict = OrderedDict() file_format, head = get_file_format(infile) if file_format == FileFormat.PCAP: pcap_file = pcap.PcapFile(infile, head).read_packet elif file_format == FileFormat.PCAP_NG: pcap_file = pcapng.PcapngFile(infile, head).read_packet else: print("unknown file format.", file=sys.stderr) sys.exit(1) _filter = config.get_filter() for tcp_pac in packet_parser.read_tcp_packet(pcap_file): # filter if not (_filter.by_ip(tcp_pac.source) or _filter.by_ip(tcp_pac.dest)): continue if not (_filter.by_port(tcp_pac.source_port) or _filter.by_port(tcp_pac.dest_port)): continue key = tcp_pac.gen_key() # we already have this conn if key in conn_dict: conn_dict[key].on_packet(tcp_pac) # conn closed. if conn_dict[key].closed(): conn_dict[key].finish() del conn_dict[key] # begin tcp connection. elif tcp_pac.syn and not tcp_pac.ack: conn_dict[key] = TcpConnection(tcp_pac) elif utils.is_request(tcp_pac.body): # tcp init before capture, we start from a possible http request header. conn_dict[key] = TcpConnection(tcp_pac) # finish connection which not close yet for conn in conn_dict.values(): conn.finish()