def testParse(self):
"""Tests the Parse function."""
parser = pcap.PcapParser()
storage_writer = self._ParseFile(['test.pcap'], parser)
# PCAP information:
# Number of streams: 96 (TCP: 47, UDP: 39, ICMP: 0, Other: 10)
#
# For each stream 2 events are generated one for the start
# and one for the end time.
self.assertEqual(storage_writer.number_of_events, 192)
events = list(storage_writer.GetEvents())
# Test stream 3 (event 6).
# Protocol: TCP
# Source IP: 192.168.195.130
# Dest IP: 63.245.217.43
# Source Port: 1038
# Dest Port: 443
# Stream Type: SSL
# Starting Packet: 4
# Ending Packet: 6
event = events[6]
self.assertEqual(event.packet_count, 3)
self.assertEqual(event.protocol, 'TCP')
self.assertEqual(event.source_ip, '192.168.195.130')
self.assertEqual(event.dest_ip, '63.245.217.43')
self.assertEqual(event.dest_port, 443)
self.assertEqual(event.source_port, 1038)
self.assertEqual(event.stream_type, 'SSL')
self.assertEqual(event.first_packet_id, 4)
self.assertEqual(event.last_packet_id, 6)
# Test stream 6 (event 12).
# Protocol: UDP
# Source IP: 192.168.195.130
# Dest IP: 192.168.195.2
# Source Port: 55679
# Dest Port: 53
# Stream Type: DNS
# Starting Packet: 4
# Ending Packet: 6
# Protocol Data: DNS Query for wpad.localdomain
event = events[12]
self.assertEqual(event.packet_count, 5)
self.assertEqual(event.protocol, 'UDP')
self.assertEqual(event.source_ip, '192.168.195.130')
self.assertEqual(event.dest_ip, '192.168.195.2')
self.assertEqual(event.dest_port, 53)
self.assertEqual(event.source_port, 55679)
self.assertEqual(event.stream_type, 'DNS')
self.assertEqual(event.first_packet_id, 11)
self.assertEqual(event.last_packet_id, 1307)
self.assertEqual(event.protocol_data,
'DNS Query for wpad.localdomain')
expected_message = (
'Source IP: 192.168.195.130 '
'Destination IP: 192.168.195.2 '
'Source Port: 55679 '
'Destination Port: 53 '
'Protocol: UDP '
'Type: DNS '
'Size: 380 '
'Protocol Data: DNS Query for wpad.localdomain '
'Stream Data: \'\\xb8\\x9c\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00'
'\\x00\\x00\\x04wpad\\x0blocaldomain\\x00\\x00\\x01\\x00\\x01\\xb8'
'\\x9c\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x04wpa\' '
'First Packet ID: 11 '
'Last Packet ID: 1307 '
'Packet Count: 5')
expected_short_message = ('Type: DNS ' 'First Packet ID: 11')
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
pre_obj = event.PreprocessObject()
self._parser = pcap.PcapParser(pre_obj)
def setUp(self):
"""Makes preparations before running an individual test."""
self._parser = pcap.PcapParser()
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._parser = pcap.PcapParser()
def testParse(self):
"""Tests the Parse function."""
parser_object = pcap.PcapParser()
test_file = self._GetTestFilePath([u'test.pcap'])
event_queue_consumer = self._ParseFile(parser_object, test_file)
event_objects = self._GetEventObjectsFromQueue(event_queue_consumer)
# PCAP information:
# Number of streams: 96 (TCP: 47, UDP: 39, ICMP: 0, Other: 10)
#
# For each stream 2 event objects are generated one for the start
# and one for the end time.
self.assertEqual(len(event_objects), 192)
# Test stream 3 (event object 6).
# Protocol: TCP
# Source IP: 192.168.195.130
# Dest IP: 63.245.217.43
# Source Port: 1038
# Dest Port: 443
# Stream Type: SSL
# Starting Packet: 4
# Ending Packet: 6
event_object = event_objects[6]
self.assertEqual(event_object.packet_count, 3)
self.assertEqual(event_object.protocol, u'TCP')
self.assertEqual(event_object.source_ip, u'192.168.195.130')
self.assertEqual(event_object.dest_ip, u'63.245.217.43')
self.assertEqual(event_object.dest_port, 443)
self.assertEqual(event_object.source_port, 1038)
self.assertEqual(event_object.stream_type, u'SSL')
self.assertEqual(event_object.first_packet_id, 4)
self.assertEqual(event_object.last_packet_id, 6)
# Test stream 6 (event object 12).
# Protocol: UDP
# Source IP: 192.168.195.130
# Dest IP: 192.168.195.2
# Source Port: 55679
# Dest Port: 53
# Stream Type: DNS
# Starting Packet: 4
# Ending Packet: 6
# Protocol Data: DNS Query for wpad.localdomain
event_object = event_objects[12]
self.assertEqual(event_object.packet_count, 5)
self.assertEqual(event_object.protocol, u'UDP')
self.assertEqual(event_object.source_ip, u'192.168.195.130')
self.assertEqual(event_object.dest_ip, u'192.168.195.2')
self.assertEqual(event_object.dest_port, 53)
self.assertEqual(event_object.source_port, 55679)
self.assertEqual(event_object.stream_type, u'DNS')
self.assertEqual(event_object.first_packet_id, 11)
self.assertEqual(event_object.last_packet_id, 1307)
self.assertEqual(
event_object.protocol_data, u'DNS Query for wpad.localdomain')
expected_msg = (
u'Source IP: 192.168.195.130 '
u'Destination IP: 192.168.195.2 '
u'Source Port: 55679 '
u'Destination Port: 53 '
u'Protocol: UDP '
u'Type: DNS '
u'Size: 380 '
u'Protocol Data: DNS Query for wpad.localdomain '
u'Stream Data: \'\\xb8\\x9c\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00'
u'\\x00\\x00\\x04wpad\\x0blocaldomain\\x00\\x00\\x01\\x00\\x01\\xb8'
u'\\x9c\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x04wpa\' '
u'First Packet ID: 11 '
u'Last Packet ID: 1307 '
u'Packet Count: 5')
expected_msg_short = (
u'Type: DNS '
u'First Packet ID: 11')
self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short)
