def handle_lite_tcp_session(lite_tcp_session): unpacked_content = list(lite_tcp_session.packets()) try: for http_session, c, r, conn, revconn in parse_session( unpacked_content): direction_hint = None for i in range(0, len(http_session) - 1): http_request = http_session[i] http_response = http_session[i + 1] #assert isinstance(http_request,HTTPRequest) or isinstance(http_request,HTTPResponse) if isinstance(http_request, HTTPRequest) and isinstance( http_response, HTTPResponse): print_results(printing.http_stream, http_request, http_response) if direction_hint is None: direction_hint = http_response.directed_key ssl_parsed = False #HACK for SB. Change to config file. if direction_hint is None: src, sport, dst, dport = TCPSession.split_key( conn.directed_key) if (dst[:3] == "10." or dst[:2] == "fd") and not (src[:3] == "10." or src[:2] == "fd"): direction_hint = revconn.directed_key src, sport, dst, dport = TCPSession.split_key( revconn.directed_key) if (dst[:3] == "10." or dst[:2] == "fd") and not (src[:3] == "10." or src[:2] == "fd"): direction_hint = conn.directed_key if printing.debug_stream: print_tcp_session(conn.content + revconn.content, c, r, direction_hint, lite_tcp_session.num) http_session = None #tcp_session=None conn.cleanup() revconn.cleanup() unpacked_content = None c = None r = None except (SeqException) as e: #except (SeqException,SSLSkipError) as e: print >> sys.stderr, e
def print_results(http_stream,http_request,http_response): request_start_time=http_request.start_packet.ts request_end_time=http_request.finish_packet.ts response_start_time=http_response.start_packet.ts response_end_time=http_response.finish_packet.ts response_start_acked=http_response.start_acked_by if response_start_acked: response_start_acked="%lf" % response_start_acked.ts response_end_acked=http_response.finish_acked_by if response_end_acked: response_end_acked="%lf" % response_end_acked.ts request_start_acked=http_request.start_acked_by if request_start_acked: request_start_acked="%lf" % request_start_acked.ts request_end_acked=http_request.finish_acked_by if request_end_acked: request_end_acked="%lf" % request_end_acked.ts request_metrics = "%s\t%s\t%s" % (http_request.num_packets, http_request.total_len, http_request.real_len) response_metrics = "%s\t%s\t%s" % (http_response.num_packets, http_response.total_len, http_response.real_len) server,server_port,client,client_port = TCPSession.split_key(http_response.directed_key) server_as = None server_24 = None client_as = None client_24 = None if http_request.user_agent: http_request.user_agent=http_request.user_agent.replace('\000','') http_request.uri=http_request.uri.replace('\000','') http_request.user_agent=http_request.user_agent.replace('"','') http_request.uri=http_request.uri.replace('"','') http_request.user_agent=http_request.user_agent.replace('\t',' ') http_request.uri=http_request.uri.replace('\t',' ') r = (server,server_port,client,client_port,http_request.method,http_request.uri,http_response.method,http_response.status,http_response.reqid,\ request_start_time,request_end_time,response_start_time,response_end_time,response_start_acked,response_end_acked,\ request_start_acked,request_end_acked,http_request.retransmits,http_request.false_retransmits,http_request.keepalive_retransmits, http_response.retransmits, http_response.false_retransmits, http_response.keepalive_retransmits, \ http_request.min_rtt, http_request.median_rtt, http_request.max_rtt, http_response.min_rtt, http_response.median_rtt, http_response.max_rtt,\ http_request.avg_retr_time, http_response.avg_retr_time,\ request_metrics,response_metrics,http_request.user_agent,http_request.host, server_as,server_24,client_as,client_24) def fmt(t): if t is float: return "%lf" % t else: return str(t) r = map(fmt, r) print >> http_stream, '\t'.join(r)
def __str__(self): try: r = str(len(self.content())) except (RecordClassError) as err: r = str(err) src, sport, dst, dport = TCPSession.split_key(self.direction()) return "\t".join([str(s) for s in (src, sport, dst, dport, len(self.packets), r, self.first.ts, self.last.ts)])
def __str__(self): try: r = str(len(self.content())) except (RecordClassError) as err: r = str(err) src, sport, dst, dport = TCPSession.split_key(self.direction()) return '\t'.join([ str(s) for s in (src, sport, dst, dport, len(self.packets), r, self.first.ts, self.last.ts) ])
def print_tcp_session(packets, connection_stream, reverse_connection_stream, direction_hint, num): packets = sorted(packets, key=lambda x: x[1].ts) prev_packet = None if direction_hint: server, server_port, client, client_port = TCPSession.split_key( direction_hint) print >> debug_stream, "server: %s:%s <-> client %s:%s" % ( server, server_port, client, client_port) for seq, tcp in packets: prefix = '' if prev_packet is not None: ts_delta = int((tcp.ts - prev_packet.ts) * 1000) if ts_delta > 5: prefix = ".." + str(ts_delta) + ".." prefix = "%10s" % prefix if getattr(tcp, 'unknown_start', False): prefix = '>' + prefix else: prefix = ' ' + prefix print >> debug_stream, prefix, print_packet(debug_stream, tcp, direction_hint) prev_packet = tcp if connection_stream: for real, seq, data, comment in connection_stream: l = len(data) data = [c for c in data[:1000] if c >= ' ' and c < 'z'] data = ''.join(data) print >> debug_stream, "->", real, seq, comment, l, "[ " + data[: 100] + " ]" if reverse_connection_stream: for real, seq, data, comment in reverse_connection_stream: l = len(data) data = [c for c in data if c >= ' ' and c < 'z'] data = ''.join(data) print >> debug_stream, "<-", real, seq, comment, l, "[ " + data[: 100] + " ]" print >> debug_stream, ""
def print_tcp_session(packets,connection_stream,reverse_connection_stream,direction_hint, num): packets = sorted(packets, key = lambda x: x[1].ts) prev_packet = None if direction_hint: server,server_port,client,client_port = TCPSession.split_key(direction_hint) print >> debug_stream, "server: %s:%s <-> client %s:%s" % (server,server_port,client,client_port) for seq,tcp in packets: prefix = '' if prev_packet is not None: ts_delta = int((tcp.ts - prev_packet.ts)*1000) if ts_delta > 5: prefix = ".." + str(ts_delta) + ".." prefix = "%10s" % prefix if getattr(tcp,'unknown_start',False): prefix = '>' + prefix else: prefix = ' ' + prefix print >> debug_stream, prefix, print_packet(debug_stream,tcp,direction_hint) prev_packet=tcp if connection_stream: for real,seq,data,comment in connection_stream: l = len(data) data = [ c for c in data[:1000] if c>=' ' and c < 'z' ] data = ''.join(data) print >> debug_stream, "->", real, seq, comment, l, "[ "+data[:100]+" ]" if reverse_connection_stream: for real,seq,data,comment in reverse_connection_stream: l = len(data) data = [ c for c in data if c>=' ' and c < 'z' ] data = ''.join(data) print >> debug_stream, "<-", real, seq, comment, l, "[ "+data[:100]+" ]" print >> debug_stream, ""
def print_packet(file, tcp, direction_hint=None): if direction_hint is None: display_key = TCPSession.split_key(tcp.connection.directed_key) display_key = " %s : %s -> %s : %s " % display_key else: if direction_hint==tcp.connection.directed_key: display_key = " --> " else: display_key = " <-- " string_flags = tcp_flags(tcp.flags) retr = ' ' if tcp.retransmit_original is not None: retr = 'R' if 'A' in string_flags: ack = tcp.adjusted_ack else: ack='' acked=getattr(tcp,'acked_by',None) if acked is not None: acked=acked.num sacked=getattr(tcp,'acked_sacked_by',None) if sacked is not None: sacked=sacked.num if sacked == acked: sacked = '' else: sacked = "/"+str(sacked) acked = str(acked) sacked_acked='' if len(tcp.data)>0 or 'S' in string_flags: sacked_acked=acked+sacked rtt = tcp.rtt if rtt is not None and abs(rtt)>1000: rtt = str(rtt/1000)+'s' rtt = "[%4s]" % rtt else: rtt='' adjusted_sack=getattr(tcp,'adjusted_sack', '') print >> file, "%10d %7s %f %ls %4d %4s %7ds %7sa %5s %10s %s" % (tcp.num, rtt, tcp.ts, display_key, len(tcp.data), string_flags, getattr(tcp,'adjusted_seq',-1), ack, retr, sacked_acked, adjusted_sack), partof = getattr(tcp,'partof',None) if partof is not None: for http, partkind in partof.iteritems(): print >> file, "%2s" % partkind, print >> file, http.method, if hasattr(http,'status'): print >> file, http.status, if hasattr(http,'uri'): print >> file, http.uri, if getattr(http,'reqid',None): print >> file, http.reqid, print >> file, ""
def print_results(http_stream, http_request, http_response): request_start_time = http_request.start_packet.ts request_end_time = http_request.finish_packet.ts response_start_time = http_response.start_packet.ts response_end_time = http_response.finish_packet.ts response_start_acked = http_response.start_acked_by if response_start_acked: response_start_acked = "%lf" % response_start_acked.ts response_end_acked = http_response.finish_acked_by if response_end_acked: response_end_acked = "%lf" % response_end_acked.ts request_start_acked = http_request.start_acked_by if request_start_acked: request_start_acked = "%lf" % request_start_acked.ts request_end_acked = http_request.finish_acked_by if request_end_acked: request_end_acked = "%lf" % request_end_acked.ts request_metrics = "%s\t%s\t%s" % (http_request.num_packets, http_request.total_len, http_request.real_len) response_metrics = "%s\t%s\t%s" % (http_response.num_packets, http_response.total_len, http_response.real_len) server, server_port, client, client_port = TCPSession.split_key( http_response.directed_key) server_as = None server_24 = None client_as = None client_24 = None if http_request.user_agent: http_request.user_agent = http_request.user_agent.replace('\000', '') http_request.uri = http_request.uri.replace('\000', '') http_request.user_agent = http_request.user_agent.replace('"', '') http_request.uri = http_request.uri.replace('"', '') http_request.user_agent = http_request.user_agent.replace('\t', ' ') http_request.uri = http_request.uri.replace('\t', ' ') r = (server,server_port,client,client_port,http_request.method,http_request.uri,http_response.method,http_response.status,http_response.reqid,\ request_start_time,request_end_time,response_start_time,response_end_time,response_start_acked,response_end_acked,\ request_start_acked,request_end_acked,http_request.retransmits,http_request.false_retransmits,http_request.keepalive_retransmits, http_response.retransmits, http_response.false_retransmits, http_response.keepalive_retransmits, \ http_request.min_rtt, http_request.median_rtt, http_request.max_rtt, http_response.min_rtt, http_response.median_rtt, http_response.max_rtt,\ http_request.avg_retr_time, http_response.avg_retr_time,\ request_metrics,response_metrics,http_request.user_agent,http_request.host, server_as,server_24,client_as,client_24) def fmt(t): if t is float: return "%lf" % t else: return str(t) r = map(fmt, r) print >> http_stream, '\t'.join(r)
def print_packet(file, tcp, direction_hint=None): if direction_hint is None: display_key = TCPSession.split_key(tcp.connection.directed_key) display_key = " %s : %s -> %s : %s " % display_key else: if direction_hint == tcp.connection.directed_key: display_key = " --> " else: display_key = " <-- " string_flags = tcp_flags(tcp.flags) retr = ' ' if tcp.retransmit_original is not None: retr = 'R' if 'A' in string_flags: ack = tcp.adjusted_ack else: ack = '' acked = getattr(tcp, 'acked_by', None) if acked is not None: acked = acked.num sacked = getattr(tcp, 'acked_sacked_by', None) if sacked is not None: sacked = sacked.num if sacked == acked: sacked = '' else: sacked = "/" + str(sacked) acked = str(acked) sacked_acked = '' if len(tcp.data) > 0 or 'S' in string_flags: sacked_acked = acked + sacked rtt = tcp.rtt if rtt is not None and abs(rtt) > 1000: rtt = str(rtt / 1000) + 's' rtt = "[%4s]" % rtt else: rtt = '' adjusted_sack = getattr(tcp, 'adjusted_sack', '') print >> file, "%10d %7s %f %ls %4d %4s %7ds %7sa %5s %10s %s" % ( tcp.num, rtt, tcp.ts, display_key, len(tcp.data), string_flags, getattr(tcp, 'adjusted_seq', -1), ack, retr, sacked_acked, adjusted_sack), partof = getattr(tcp, 'partof', None) if partof is not None: for http, partkind in partof.iteritems(): print >> file, "%2s" % partkind, print >> file, http.method, if hasattr(http, 'status'): print >> file, http.status, if hasattr(http, 'uri'): print >> file, http.uri, if getattr(http, 'reqid', None): print >> file, http.reqid, print >> file, ""