def handleStream(tcp): ((src, sport), (dst, dport)) = parse_addr(tcp) if tcp.server.count_new > 0: data = tcp.server.data[:tcp.server.count_new] count = tcp.server.count_new direction = 'to_server' color = "RED" else: data = tcp.client.data[:tcp.client.count_new] count = tcp.client.count_new direction = 'to_client' color = "GREEN" if tcp.module_data['verbose']: chop.tsprettyprnt( color, "%s:%s -> %s:%s %i bytes (H = %0.2f)" % (src, sport, dst, dport, count, entropy(data))) if tcp.module_data['oneshot']: tcp.stream_data['data'] += data if tcp.module_data['oneshot_split']: tcp.stream_data[direction] += data if tcp.module_data['oneshot'] or tcp.module_data['oneshot_split']: return handle_bytes(data, color, direction, tcp.module_data) tcp.discard(count)
def handleStream(tcp): key = str(tcp.addr) ((src, sport), (dst, dport)) = parse_addr(tcp) if tcp.module_data["isodate"]: timestamp = packet_isodate(tcp.timestamp) else: timestamp = packet_timedate(tcp.timestamp) ps = tcp.module_data["pcap_summary"]["data"] cs = tcp.module_data["streams"][key]["data"] if tcp.server.count_new > 0: comm = { "data_to": "S", "data_len": tcp.server.count_new, "entropy": entropy(tcp.server.data[: tcp.server.count_new]), } cs["comm_order"].append(comm) cs["server_data_transfer"] += tcp.server.count_new ps["total_data_transfer"] += tcp.server.count_new tcp.discard(tcp.server.count_new) else: comm = { "data_to": "C", "data_len": tcp.client.count_new, "entropy": entropy(tcp.client.data[: tcp.client.count_new]), } cs["comm_order"].append(comm) cs["client_data_transfer"] += tcp.client.count_new ps["total_data_transfer"] += tcp.client.count_new tcp.discard(tcp.client.count_new) cs["end_time"] = timestamp cs["total_packets"] += 1 ps["total_packets"] += 1 ps["end_time"] = timestamp return
def handleStream(tcp): key = str(tcp.addr) ((src, sport), (dst, dport)) = parse_addr(tcp) if tcp.module_data['isodate']: timestamp = packet_isodate(tcp.timestamp) else: timestamp = packet_timedate(tcp.timestamp) ps = tcp.module_data['pcap_summary']['data'] cs = tcp.module_data['streams'][key]['data'] if tcp.server.count_new > 0: comm = { 'data_to': 'S', 'data_len': tcp.server.count_new, 'entropy': entropy(tcp.server.data[:tcp.server.count_new]) } cs['comm_order'].append(comm) cs['server_data_transfer'] += tcp.server.count_new ps['total_data_transfer'] += tcp.server.count_new tcp.discard(tcp.server.count_new) else: comm = { 'data_to': 'C', 'data_len': tcp.client.count_new, 'entropy': entropy(tcp.client.data[:tcp.client.count_new]) } cs['comm_order'].append(comm) cs['client_data_transfer'] += tcp.client.count_new ps['total_data_transfer'] += tcp.client.count_new tcp.discard(tcp.client.count_new) cs['end_time'] = timestamp cs['total_packets'] += 1 ps['total_packets'] += 1 ps['end_time'] = timestamp return
def handleStream(tcp): ((src, sport), (dst, dport)) = parse_addr(tcp) if tcp.server.count_new > 0: data = tcp.server.data[:tcp.server.count_new] count = tcp.server.count_new direction = 'to_server' color = "RED" else: data = tcp.client.data[:tcp.client.count_new] count = tcp.client.count_new direction = 'to_client' color = "GREEN" if tcp.module_data['verbose']: chop.tsprettyprnt( color, "%s:%s -> %s:%s %i bytes (H = %0.2f)" % (src, sport, dst, dport, count, entropy(data))) if tcp.module_data['oneshot']: tcp.stream_data['data'] += data if tcp.module_data['oneshot_split']: tcp.stream_data[direction] += data if tcp.module_data['oneshot'] or tcp.module_data['oneshot_split']: return if 'xor_key' in tcp.module_data: data = multibyte_xor(data, tcp.module_data['xor_key']) if tcp.module_data['hexdump']: data = hexdump(data) if module_data['base64']: data = b64encode(data) chop.prettyprnt(color, data) chop.json({'payload': data, 'direction': direction}) tcp.discard(count)
def handleStream(tcp): ((src, sport), (dst, dport)) = parse_addr(tcp) if tcp.server.count_new > 0: data = tcp.server.data[:tcp.server.count_new] count = tcp.server.count_new direction = 'to_server' color = "RED" else: data = tcp.client.data[:tcp.client.count_new] count = tcp.client.count_new direction = 'to_client' color = "GREEN" if tcp.module_data['verbose']: chop.tsprettyprnt(color, "%s:%s -> %s:%s %i bytes (H = %0.2f)" % (src, sport, dst, dport, count, entropy(data))) if tcp.module_data['oneshot']: tcp.stream_data['data'] += data if tcp.module_data['oneshot_split']: tcp.stream_data[direction] += data if tcp.module_data['oneshot'] or tcp.module_data['oneshot_split']: return if 'xor_key' in tcp.module_data: data = multibyte_xor(data, tcp.module_data['xor_key']) if tcp.module_data['hexdump']: data = hexdump(data) if tcp.module_data['base64']: data = b64encode(data) chop.prettyprnt(color, data) chop.json({'payload': data, 'direction': direction}) tcp.discard(count)
def handleStream(tcp): ((src, sport), (dst, dport)) = parse_addr(tcp) if tcp.server.count_new > 0: data = tcp.server.data[: tcp.server.count_new] count = tcp.server.count_new direction = "to_server" color = "RED" else: data = tcp.client.data[: tcp.client.count_new] count = tcp.client.count_new direction = "to_client" color = "GREEN" if tcp.module_data["verbose"]: chop.tsprettyprnt(color, "%s:%s -> %s:%s %i bytes (H = %0.2f)" % (src, sport, dst, dport, count, entropy(data))) if tcp.module_data["oneshot"]: tcp.stream_data["data"] += data if tcp.module_data["oneshot_split"]: tcp.stream_data[direction] += data if tcp.module_data["oneshot"] or tcp.module_data["oneshot_split"]: return handle_bytes(data, color, direction, tcp.module_data) tcp.discard(count)