def _iterpayload(self, path): connection = utils.follow_tcp_stream(path) for conn, frame in connection.iteritems(): for seq, content in frame.iteritems(): if content: # Generate the content and 5-tuple yield content, conn else: # Some packets have no payload pass
def __iter__(self): for dirPath, dirNames, fileNames in os.walk(self.path): for f in fileNames: if f.split('.')[1] == 'pcap': self.pcap_list.append(os.path.join(dirPath, f)) else: # Not a pcap file pass for p in self.pcap_list: connection = utils.follow_tcp_stream(p) for five_tuple, frame in connection.iteritems(): for seq, content in frame.iteritems(): if content: # Generate the content and 5-tuple self.content.append(content) self.five_tuple.append(five_tuple) else: # Some packets have no payload pass return self
def __iter__(self): pcap_list = list() for dirPath, dirNames, fileNames in os.walk(self.path): for f in fileNames: if f.endswith('.pcap'): pcap_list.append(os.path.join(dirPath, f)) else: # Not a pcap file pass if self.protocol == 'tcp': for p in pcap_list: connection = utils.follow_tcp_stream(p) for five_tuple, frame in connection.iteritems(): for seq, content in frame.iteritems(): if content: # Generate the content and 5-tuple self.content.append(content) self.five_tuple.append(five_tuple) self.file_pointer.append(p.split('/')[-1]) else: # Some packets have no payload pass logger.info("TCP Total Connections : %s", str(len(set(self.five_tuple)))) elif self.protocol == 'udp': for p in pcap_list: connection = decoder.decode_dns_qd_name(p) for five_tuple, qd_name_list in connection.iteritems(): self.content.append(qd_name_list) self.five_tuple.append(five_tuple) self.file_pointer.append(p.split('/')[-1]) logger.info("UDP Total Connections : %s", str(len(set(self.five_tuple)))) else: logger.info("Protocol %s are not implement", self.protocol) logger.info("Total Pcap file: %s", str(len(set(pcap_list)))) return self
parser = argparse.ArgumentParser(description='''This is a packet reconstruct tool to help reconstruct the packet payload.''') parser.add_argument("-d", "--directory", type=str, help="Specify a path which place pcap file") args = parser.parse_args() def get_pcap_list(path): pcap_list = [] dirs = os.listdir(path) dirs.sort() for item in dirs: # if item.split('.')[-1] == 'pcap': pcap_list.append(item) return pcap_list if __name__ == '__main__': pcap_list = get_pcap_list(args.directory) for pcap in pcap_list: save_path = './{log}/{path}/'.format(log=args.directory, path=pcap) pcap_path = './{log}/{path}/{path2}.pcap'.format(log=args.directory, path=pcap, path2=pcap) connection = utils.follow_tcp_stream(pcap_path) utils.dump_tcp_stream_content(connection, save_path, True) udp_connection = utils.follow_udp_stream(pcap_path) utils.dump_udp_stream_content(udp_connection, save_path, True)
the packet payload.''') parser.add_argument("-d", "--directory", type=str, help="Specify a path which place pcap file") args = parser.parse_args() def get_pcap_list(path): pcap_list = [] dirs = os.listdir(path) dirs.sort() for item in dirs: # if item.split('.')[-1] == 'pcap': pcap_list.append(item) return pcap_list if __name__ == '__main__': pcap_list = get_pcap_list(args.directory) for pcap in pcap_list: save_path = './{log}/{path}/'.format(log=args.directory, path=pcap) pcap_path = './{log}/{path}/{path2}.pcap'.format(log=args.directory, path=pcap, path2=pcap) connection = utils.follow_tcp_stream(pcap_path) utils.dump_tcp_stream_content(connection, save_path, True) udp_connection = utils.follow_udp_stream(pcap_path) utils.dump_udp_stream_content(udp_connection, save_path, True)