def save_data(pcap_data_class): packets = pcap_data_class.get_packets() print("Loading packet num: " + str(len(packets))) basic_data_list = [] TCP_data_list = [] UDP_data_list = [] HTTP_data_list = [] DNS_data_list = [] HTTPS_data_list = [] print("List init complete") id = db_helper.find_next_id("basic_part_data") for packet in packets: second = packet.get_packet_head().get_second_time() millisecond = packet.get_packet_head().get_millisecond_time() lens = packet.get_packet_head().get_real_len() mac_src_int = packet.get_ether_head().get_mac_src() mac_src_str = mac_process(mac_src_int) mac_dst_int = packet.get_ether_head().get_mac_dst() mac_dst_str = mac_process(mac_dst_int) ip_version = packet.get_ip_head().get_ip_version() ip_src_int = packet.get_ip_head().get_srcIP() ip_src_str = ip_process(ip_src_int) ip_dst_int = packet.get_ip_head().get_dstIP() ip_dst_str = ip_process(ip_dst_int) ip_head_len = packet.get_ip_head().get_ip_len() ttl = packet.get_ip_head().get_ttl() protocol = packet.get_ip_head().get_protocol() basic_tuple = (0, second, millisecond, lens, mac_src_str, mac_dst_str, ip_version, ip_src_str, ip_dst_str, ip_head_len, ttl, protocol) basic_data_list.append(basic_tuple) if packet.get_transport_head() is None: print("No transport protocol" + str(id)) else: if packet.get_transport_head().get_identify() == "TCP": src_port = packet.get_transport_head().get_ports()[0] dst_port = packet.get_transport_head().get_ports()[1] seq = packet.get_transport_head().get_seq() ack = packet.get_transport_head().get_ack() tcp_head_len = packet.get_transport_head().get_tcp_len() flag = hex(packet.get_transport_head().get_flag()) option_len = packet.get_transport_head().get_option_len() option_content = hex( packet.get_transport_head().get_option_content()) if packet.get_application() is not None: application = packet.get_application().get_identify() else: application = "" tcp_tuple = (id, src_port, dst_port, seq, ack, tcp_head_len, flag, option_len, option_content, application) TCP_data_list.append(tcp_tuple) if application is not None: if application == "HTTP": direction = packet.get_application().get_type() method = packet.get_application().get_method() host = packet.get_application().get_host() uri = packet.get_application().get_uri() content_type = packet.get_application( ).get_content_type() content_length = packet.get_application( ).get_content_length() if content_length is None: content_length = 0 http_tuple = (id, direction, method, host, uri, content_type, content_length) HTTP_data_list.append(http_tuple) elif application == "TLS": https_tuple = (id, ) HTTPS_data_list.append(https_tuple) elif packet.get_transport_head().get_identify() == "UDP": src_port = packet.get_transport_head().get_ports()[0] dst_port = packet.get_transport_head().get_ports()[1] udp_len = packet.get_transport_head().get_total_len() if packet.get_application() is not None: application = packet.get_application().get_identify() else: application = "" udp_tuple = (id, src_port, dst_port, udp_len, application) UDP_data_list.append(udp_tuple) if application is not None: if application == "DNS": transaction = packet.get_application().get_transaction( ) direction = packet.get_application().get_direction() domain = "" ip = "" if direction == "Request": querys = packet.get_application().get_querys() for query in querys: if query.get_type() == 1: domain = query.get_domain() break elif direction == "Response": answers = packet.get_application().get_answers() for answer in answers: if answer.get_type() == 1: domain = answer.get_domain() ip_addr = answer.get_datas() ip = ip_process(ip_addr) break else: direction = "" dns_tuple = (id, transaction, direction, domain, ip) DNS_data_list.append(dns_tuple) #DNS相关的数据填写有漏洞,目前默认填写第一个query的domain和第一个type为1的answer的ip id += 1 print("准备提交基础数据") sql = "INSERT INTO basic_part_data (Id, Second, MilliSecond, Len, Src_mac, Dst_mac, IP_version, Src_IP, Dst_IP, " \ "IP_head_len, TTL, Protocol) VALUES (%d,%d,%d,%d,%s,%s,%d,%s,%s,%d,%d,%d)" db_helper.insert_batch(sql, basic_data_list) print("准备提交TCP数据") sql = "INSERT INTO tcp_part_data (Id, Src_port, Dst_port, Seq_num, Ack_num, Tcp_head_len, Flag, Option_len, " \ "Option_content, Application) VALUES (%d,%d,%d,%d,%d,%d,%s,%d,%s,%s)" db_helper.insert_batch(sql, TCP_data_list) print("准备提交HTTP数据") sql = "INSERT INTO http_part_data (Id, Direction, Method, Host, Uri, Content_type, Content_length) " \ "VALUES (%d,%s,%s,%s,%s,%s,%d)" db_helper.insert_batch(sql, HTTP_data_list) print("准备提交HTTPS数据") sql = "INSERT INTO https_part_data (Id) VALUES (%d)" db_helper.insert_batch(sql, HTTPS_data_list) print("准备提交UDP数据") sql = "INSERT INTO udp_part_data (Id, Src_port, Dst_port, UDP_len, Application)VALUES (%d,%d,%d,%d,%s)" db_helper.insert_batch(sql, UDP_data_list) print("准备提交DNS数据") sql = "INSERT INTO dns_part_data (Id, Transaction_id, Direction, Domain, IP_address)VALUES (%d,%d,%s,%s,%s)" db_helper.insert_batch(sql, DNS_data_list)
def save_data(pcap_data_class): packets = pcap_data_class.get_packets() print("Loading packet num: " + str(len(packets))) basic_data_list = [] TCP_data_list = [] UDP_data_list = [] HTTP_data_list = [] DNS_data_list = [] HTTPS_data_list = [] print("List init complete") id = db_helper.find_next_id("basic_part_data") for packet in packets: second = packet.get_packet_head().get_second_time() millisecond = packet.get_packet_head().get_millisecond_time() lens = packet.get_packet_head().get_real_len() mac_src_int = packet.get_ether_head().get_mac_src() mac_src_str = mac_process(mac_src_int) mac_dst_int = packet.get_ether_head().get_mac_dst() mac_dst_str = mac_process(mac_dst_int) ip_version = packet.get_ip_head().get_ip_version() ip_src_int = packet.get_ip_head().get_srcIP() ip_src_str = ip_process(ip_src_int) ip_dst_int = packet.get_ip_head().get_dstIP() ip_dst_str = ip_process(ip_dst_int) ip_head_len = packet.get_ip_head().get_ip_len() ttl = packet.get_ip_head().get_ttl() protocol = packet.get_ip_head().get_protocol() basic_tuple = (0, second, millisecond, lens, mac_src_str, mac_dst_str, ip_version, ip_src_str, ip_dst_str, ip_head_len, ttl, protocol) basic_data_list.append(basic_tuple) if packet.get_transport_head().get_identify() == "TCP": src_port = packet.get_transport_head().get_ports()[0] dst_port = packet.get_transport_head().get_ports()[1] seq = packet.get_transport_head().get_seq() ack = packet.get_transport_head().get_ack() tcp_head_len = packet.get_transport_head().get_tcp_len() flag = hex(packet.get_transport_head().get_flag()) option_len = packet.get_transport_head().get_option_len() option_content = hex(packet.get_transport_head().get_option_content()) if packet.get_application() is not None: application = packet.get_application().get_identify() else: application = "" tcp_tuple = (id, src_port, dst_port, seq, ack, tcp_head_len, flag, option_len, option_content, application) TCP_data_list.append(tcp_tuple) if application is not None: if application == "HTTP": direction = packet.get_application().get_type() method = packet.get_application().get_method() host = packet.get_application().get_host() uri = packet.get_application().get_uri() content_type = packet.get_application().get_content_type() content_length = packet.get_application().get_content_length() if content_length is None: content_length = 0 http_tuple = (id, direction, method, host, uri, content_type, content_length) HTTP_data_list.append(http_tuple) else: application = "Others" id += 1 print("准备提交基础数据") sql = "INSERT INTO basic_part_data (Id, Second, MilliSecond, Len, Src_mac, Dst_mac, IP_version, Src_IP, Dst_IP, " \ "IP_head_len, TTL, Protocol) VALUES (%d,%d,%d,%d,%s,%s,%d,%s,%s,%d,%d,%d)" db_helper.insert_batch(sql, basic_data_list) print("准备提交TCP数据") sql = "INSERT INTO tcp_part_data (Id, Src_port, Dst_port, Seq_num, Ack_num, Tcp_head_len, Flag, Option_len, " \ "Option_content, Application) VALUES (%d,%d,%d,%d,%d,%d,%s,%d,%s,%s)" db_helper.insert_batch(sql, TCP_data_list) print("准备提交HTTP数据") sql = "INSERT INTO http_part_data (Id, Direction, Method, Host, Uri, Content_type, Content_length) " \ "VALUES (%d,%s,%s,%s,%s,%s,%d)" db_helper.insert_batch(sql, HTTP_data_list)