def get_tcpconn(infile):
pcap_file = parse_pcap_file(infile)
conn_dict = OrderedDict()
conn_sorted = []
for tcp_pac in packet_parser.read_tcp_packet(pcap_file):
key = tcp_pac.gen_key()
# we already have this conn
if key in conn_dict:
conn_dict[key].on_packet(tcp_pac)
# conn closed.
if conn_dict[key].closed():
del conn_dict[key]
# begin tcp connection.
elif tcp_pac.syn and not tcp_pac.ack:
conn_dict[key] = TcpConnection(tcp_pac)
conn_sorted.append(conn_dict[key])
elif utils.is_request(tcp_pac.body):
# tcp init before capture, we start from a possible http request header.
conn_dict[key] = TcpConnection(tcp_pac)
conn_sorted.append(conn_dict[key])
return conn_sorted
def parse_pcap_file(file_path):
"""pcap parser.
parse a pcap file to get a list :class:`TcpPacket` objects
Args:
file_path (str): address of the Pcap file that is ready to be parsed
Returns:
list of :class:TcpPacket of found conversations in the Pcap file
Raises:
:class:FileParsingException if either file format were not recognized or file was not found
"""
conn_dict = OrderedDict()
all_packets = []
try:
with io.open(file_path, "rb") as infile:
file_format, head = get_file_format(infile)
if file_format == FileFormat.PCAP:
pcap_file = pcap.PcapFile(infile, head).read_packet
elif file_format == FileFormat.PCAP_NG:
pcap_file = pcapng.PcapngFile(infile, head).read_packet
else:
FileParsingException("unknown file format.")
for tcp_pac in packet_parser.read_tcp_packet(pcap_file):
key = tcp_pac.gen_key()
# we already have this conn
if key in conn_dict:
url = conn_dict[key].on_packet(tcp_pac)
if url is not None:
packet = TcpPacket()
packet.request = url
splited = str(key).split('-')
packet.sourceHost = splited[0].split(':')[0]
packet.destinationHost = splited[1].split(':')[0]
packet.sourcePort = splited[0].split(':')[1]
packet.destinationPort = splited[1].split(':')[1]
all_packets.append(packet)
# conn closed.
if conn_dict[key].closed():
conn_dict[key].finish()
del conn_dict[key]
# begin tcp connection.
elif tcp_pac.syn and not tcp_pac.ack:
conn_dict[key] = TcpConnection(tcp_pac)
elif utils.is_request(tcp_pac.body):
# tcp init before capture, we start from a possible http request header.
conn_dict[key] = TcpConnection(tcp_pac)
except (FileNotFoundError, FileParsingException):
raise FileParsingException("parse_pcap failed to parse " +
str(file_path))
# finish connection which not close yet
for conn in conn_dict.values():
conn.finish()
return all_packets
def parse_pcap_file(file_path):
"""pcap parser.
parse a pcap file to get a list :class:`TcpPacket` objects
Args:
file_path (str): address of the Pcap file that is ready to be parsed
Returns:
list of :class:TcpPacket of found conversations in the Pcap file
Raises:
:class:FileParsingException if either file format were not recognized or file was not found
"""
conn_dict = OrderedDict()
all_packets = []
try:
with io.open(file_path, "rb") as infile:
file_format, head = get_file_format(infile)
if file_format == FileFormat.PCAP:
pcap_file = pcap.PcapFile(infile, head).read_packet
elif file_format == FileFormat.PCAP_NG:
pcap_file = pcapng.PcapngFile(infile, head).read_packet
else:
FileParsingException("unknown file format.")
for tcp_pac in packet_parser.read_tcp_packet(pcap_file):
key = tcp_pac.gen_key()
# we already have this conn
if key in conn_dict:
url = conn_dict[key].on_packet(tcp_pac)
if url is not None:
packet = TcpPacket()
packet.request = url
splited = str(key).split('-')
packet.sourceHost = splited[0].split(':')[0]
packet.destinationHost = splited[1].split(':')[0]
packet.sourcePort = splited[0].split(':')[1]
packet.destinationPort = splited[1].split(':')[1]
all_packets.append(packet)
# conn closed.
if conn_dict[key].closed():
conn_dict[key].finish()
del conn_dict[key]
# begin tcp connection.
elif tcp_pac.syn and not tcp_pac.ack:
conn_dict[key] = TcpConnection(tcp_pac)
elif utils.is_request(tcp_pac.body):
# tcp init before capture, we start from a possible http request header.
conn_dict[key] = TcpConnection(tcp_pac)
except (FileNotFoundError, FileParsingException):
raise FileParsingException("parse_pcap failed to parse " + str(
file_path))
# finish connection which not close yet
for conn in conn_dict.values():
conn.finish()
return all_packets
def parse_pcap_file(infile):
"""
:type infile:file
"""
conn_dict = OrderedDict()
file_format, head = get_file_format(infile)
if file_format == FileFormat.PCAP:
pcap_file = pcap.PcapFile(infile, head).read_packet
elif file_format == FileFormat.PCAP_NG:
pcap_file = pcapng.PcapngFile(infile, head).read_packet
else:
print("unknown file format.", file=sys.stderr)
sys.exit(1)
_filter = config.get_filter()
for tcp_pac in packet_parser.read_tcp_packet(pcap_file):
# filter
if not (_filter.by_ip(tcp_pac.source) or _filter.by_ip(tcp_pac.dest)):
continue
if not (_filter.by_port(tcp_pac.source_port)
or _filter.by_port(tcp_pac.dest_port)):
continue
key = tcp_pac.gen_key()
# we already have this conn
if key in conn_dict:
conn_dict[key].on_packet(tcp_pac)
# conn closed.
if conn_dict[key].closed():
conn_dict[key].finish()
del conn_dict[key]
# begin tcp connection.
elif tcp_pac.syn and not tcp_pac.ack:
conn_dict[key] = TcpConnection(tcp_pac)
elif utils.is_request(tcp_pac.body):
# tcp init before capture, we start from a possible http request header.
conn_dict[key] = TcpConnection(tcp_pac)
# finish connection which not close yet
for conn in conn_dict.values():
conn.finish()
def parse_pcap_file(infile):
"""
:type infile:file
"""
conn_dict = OrderedDict()
file_format, head = get_file_format(infile)
if file_format == FileFormat.PCAP:
pcap_file = pcap.PcapFile(infile, head).read_packet
elif file_format == FileFormat.PCAP_NG:
pcap_file = pcapng.PcapngFile(infile, head).read_packet
else:
print("unknown file format.", file=sys.stderr)
sys.exit(1)
_filter = config.get_filter()
for tcp_pac in packet_parser.read_tcp_packet(pcap_file):
# filter
if not (_filter.by_ip(tcp_pac.source) or _filter.by_ip(tcp_pac.dest)):
continue
if not (_filter.by_port(tcp_pac.source_port) or _filter.by_port(tcp_pac.dest_port)):
continue
key = tcp_pac.gen_key()
# we already have this conn
if key in conn_dict:
conn_dict[key].on_packet(tcp_pac)
# conn closed.
if conn_dict[key].closed():
conn_dict[key].finish()
del conn_dict[key]
# begin tcp connection.
elif tcp_pac.syn and not tcp_pac.ack:
conn_dict[key] = TcpConnection(tcp_pac)
elif utils.is_request(tcp_pac.body):
# tcp init before capture, we start from a possible http request header.
conn_dict[key] = TcpConnection(tcp_pac)
# finish connection which not close yet
for conn in conn_dict.values():
conn.finish()
