def __init__(self, pcapfilename, importLayer=5):
# l5msgs = PCAPImporter.readFile(pcap, importLayer=absLayer).values() # type: List[AbstractMessage]
self.importLayer = importLayer
self.packets = rdpcap(pcapfilename)
self._messages = SortedTypedList(AbstractMessage)
self._rawmessages = SortedTypedList(AbstractMessage)
for pkt in self.packets: # type: Packet
self.packetHandler(pkt)
def readMessages(self, filePathList, delimitor=b"\n"):
"""Read all the messages found in the specified filePathList and given a delimitor.
:param filePathList: paths of the file to parse
:type filePathList: a list of :class:`str`
:param delimitor: the delimitor used to find messages in the same file
:type delimitor: :class:`str`
:return: a sorted list of messages
:rtype: a :class:`netzob.Common.Utils.SortedTypedList.SortedTypedList` of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
# Verify the existence of input files
errorMessageList = []
for filePath in filePathList:
try:
fp = open(filePath)
fp.close()
except IOError as e:
errorMessage = _("Error while trying to open the " +
"file {0}.").format(filePath)
if e.errno == errno.EACCES:
errorMessage = _(
"Error while trying to open the file " +
"{0}, more permissions are required for " +
"reading it.").format(filePath)
errorMessageList.append(errorMessage)
self._logger.warn(errorMessage)
if errorMessageList != []:
raise NetzobImportException("File", "\n".join(errorMessageList))
self.messages = SortedTypedList(AbstractMessage)
for filePath in filePathList:
self.__readMessagesFromFile(filePath, delimitor)
return self.messages
def __init__(self,
messages=None,
_id=None,
applicativeData=None,
name="Session"):
"""
:parameter messages: the messages exchanged in the current session
:type data: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage.AbstractMessage`
:parameter _id: the unique identifier of the session
:type _id: :class:`uuid.UUID`
:keyword applicativeData: a list of :class:`netzob.Model.Vocabulary.ApplicaticeData.ApplicativeData`
"""
self.__messages = SortedTypedList(AbstractMessage)
self.__applicativeData = TypedList(ApplicativeData)
if messages is None:
messages = []
self.messages = messages
if _id is None:
_id = uuid.uuid4()
self.id = _id
if applicativeData is None:
applicativeData = []
self.applicativeData = applicativeData
self.name = name
def readMessages(self,
filePathList,
bpfFilter="",
importLayer=5,
nbPackets=0):
"""Read all messages from a list of PCAP files. A BPF filter
can be set to limit the captured packets. The layer of import
can also be specified:
- When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
- If layer=3, we capture at the network level (such as IP).
- If layer=4, we capture at the transport layer (such as TCP or UDP).
- If layer=5, we capture at the applicative layer (such as the TCP or UDP payload).
Finally, the number of packets to capture can be specified.
:param filePathList: the messages to cluster.
:type filePathList: a list of :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
:param nbPackets: the number of packets to import
:type nbPackets: :class:`int`
:return: a list of captured messages
:rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
# Verify the existence of input files
errorMessageList = []
for filePath in filePathList:
try:
fp = open(filePath)
fp.close()
except IOError as e:
errorMessage = _("Error while trying to open the " +
"file {0}.").format(filePath)
if e.errno == errno.EACCES:
errorMessage = _(
"Error while trying to open the file " +
"{0}, more permissions are required for " +
"reading it.").format(filePath)
errorMessageList.append(errorMessage)
self._logger.warn(errorMessage)
if errorMessageList != []:
raise NetzobImportException("PCAP", "\n".join(errorMessageList))
# Verify the expected import layer
availableLayers = [1, 2, 3, 4, 5]
if not importLayer in availableLayers:
raise Exception(
"Only layers level {0} are available.".format(availableLayers))
self.importLayer = importLayer
# Call the method that does the import job for each PCAP file
self.messages = SortedTypedList(AbstractMessage)
for filePath in filePathList:
self.__readMessagesFromFile(filePath, bpfFilter, nbPackets)
return self.messages
def __init__(self, name=None):
self.id = uuid.uuid4()
self.name = name
self.description = ""
self.__fields = TypedList(AbstractField)
self.__parent = None
self.__encodingFunctions = SortedTypedList(EncodingFunction)
self.__visualizationFunctions = TypedList(VisualizationFunction)
self.__transformationFunctions = TypedList(TransformationFunction)
self._variable = None
def readMessages(self,
filePathList,
bpfFilter="",
importLayer=5,
nbPackets=0,
mergePacketsInFlow=False,
):
"""Read all messages from a list of PCAP files. A BPF filter
can be set to limit the captured packets. The layer of import
can also be specified:
- When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
- If layer=3, we capture at the network level (such as IP).
- If layer=4, we capture at the transport layer (such as TCP or UDP).
- If layer=5, we capture at the applicative layer (such as the TCP or UDP payload).
Finally, the number of packets to capture can be specified.
:param filePathList: the messages to cluster.
:type filePathList: a list of :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
:param nbPackets: the number of packets to import
:type nbPackets: :class:`int`
:param mergePacketsInFlow: if True, consecutive packets with same source and destination ar merged (i.e. to mimic a flow)
:type mergePacketsInFlow: :class:`bool`
:return: a list of captured messages
:rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage`
"""
# Verify the existence of input files
errorMessageList = []
for filePath in filePathList:
try:
fp = open(filePath)
fp.close()
except IOError as e:
errorMessage = _("Error while trying to open the "
+ "file {0}.").format(filePath)
if e.errno == errno.EACCES:
errorMessage = _("Error while trying to open the file " +
"{0}, more permissions are required for "
+ "reading it.").format(filePath)
errorMessageList.append(errorMessage)
self._logger.warn(errorMessage)
if errorMessageList != []:
raise NetzobImportException("PCAP", "\n".join(errorMessageList))
# Verify the expected import layer
availableLayers = [1, 2, 3, 4, 5]
if importLayer not in availableLayers:
raise Exception(
"Only layers level {0} are available.".format(availableLayers))
self.importLayer = importLayer
# Call the method that does the import job for each PCAP file
self.messages = SortedTypedList(AbstractMessage)
for filePath in filePathList:
self.__readMessagesFromFile(filePath, bpfFilter, nbPackets)
#Create a session and attribute it to messages:
session = Session(list(self.messages.values()),name=filePath)
for message in self.messages.values():
message.session = session
# if requested, we merge consecutive messages that share same source and destination
if mergePacketsInFlow:
mergedMessages = SortedTypedList(AbstractMessage)
previousMessage = None
for message in self.messages.values():
if previousMessage is not None and message.source == previousMessage.source and message.destination == previousMessage.destination:
previousMessage.data += message.data
else:
mergedMessages.add(message)
previousMessage = message
self.messages = mergedMessages
return self.messages
def clearEncodingFunctions(self):
"""Remove all the encoding functions attached to the current element"""
self.__encodingFunctions = SortedTypedList(EncodingFunction)
for child in self.fields:
child.clearEncodingFunctions()
