Exemplo n.º 1
0
def parse_pcap_file(file_path):
    """pcap parser.

    parse a pcap file to get a list :class:`TcpPacket` objects

    Args:
        file_path (str): address of the Pcap file that is ready to be parsed
    Returns:
        list of :class:TcpPacket of found conversations in the Pcap file
    Raises:
        :class:FileParsingException if either file format were not recognized or file was not found
    """
    conn_dict = OrderedDict()
    all_packets = []
    try:
        with io.open(file_path, "rb") as infile:
            file_format, head = get_file_format(infile)
            if file_format == FileFormat.PCAP:
                pcap_file = pcap.PcapFile(infile, head).read_packet
            elif file_format == FileFormat.PCAP_NG:
                pcap_file = pcapng.PcapngFile(infile, head).read_packet
            else:
                FileParsingException("unknown file format.")
            for tcp_pac in packet_parser.read_tcp_packet(pcap_file):
                key = tcp_pac.gen_key()
                # we already have this conn
                if key in conn_dict:
                    url = conn_dict[key].on_packet(tcp_pac)
                    if url is not None:
                        packet = TcpPacket()
                        packet.request = url
                        splited = str(key).split('-')
                        packet.sourceHost = splited[0].split(':')[0]
                        packet.destinationHost = splited[1].split(':')[0]
                        packet.sourcePort = splited[0].split(':')[1]
                        packet.destinationPort = splited[1].split(':')[1]
                        all_packets.append(packet)
                    # conn closed.
                    if conn_dict[key].closed():
                        conn_dict[key].finish()
                        del conn_dict[key]
                # begin tcp connection.
                elif tcp_pac.syn and not tcp_pac.ack:
                    conn_dict[key] = TcpConnection(tcp_pac)
                elif utils.is_request(tcp_pac.body):
                    # tcp init before capture, we start from a possible http request header.
                    conn_dict[key] = TcpConnection(tcp_pac)
    except (FileNotFoundError, FileParsingException):
        raise FileParsingException("parse_pcap failed to parse " +
                                   str(file_path))
    # finish connection which not close yet
    for conn in conn_dict.values():
        conn.finish()
    return all_packets
Exemplo n.º 2
0
def parse_pcap_file(file_path):
    """pcap parser.

    parse a pcap file to get a list :class:`TcpPacket` objects

    Args:
        file_path (str): address of the Pcap file that is ready to be parsed
    Returns:
        list of :class:TcpPacket of found conversations in the Pcap file
    Raises:
        :class:FileParsingException if either file format were not recognized or file was not found
    """
    conn_dict = OrderedDict()
    all_packets = []
    try:
        with io.open(file_path, "rb") as infile:
            file_format, head = get_file_format(infile)
            if file_format == FileFormat.PCAP:
                pcap_file = pcap.PcapFile(infile, head).read_packet
            elif file_format == FileFormat.PCAP_NG:
                pcap_file = pcapng.PcapngFile(infile, head).read_packet
            else:
                FileParsingException("unknown file format.")
            for tcp_pac in packet_parser.read_tcp_packet(pcap_file):
                key = tcp_pac.gen_key()
                # we already have this conn
                if key in conn_dict:
                    url = conn_dict[key].on_packet(tcp_pac)
                    if url is not None:
                        packet = TcpPacket()
                        packet.request = url
                        splited = str(key).split('-')
                        packet.sourceHost = splited[0].split(':')[0]
                        packet.destinationHost = splited[1].split(':')[0]
                        packet.sourcePort = splited[0].split(':')[1]
                        packet.destinationPort = splited[1].split(':')[1]
                        all_packets.append(packet)
                    # conn closed.
                    if conn_dict[key].closed():
                        conn_dict[key].finish()
                        del conn_dict[key]
                # begin tcp connection.
                elif tcp_pac.syn and not tcp_pac.ack:
                    conn_dict[key] = TcpConnection(tcp_pac)
                elif utils.is_request(tcp_pac.body):
                    # tcp init before capture, we start from a possible http request header.
                    conn_dict[key] = TcpConnection(tcp_pac)
    except (FileNotFoundError, FileParsingException):
        raise FileParsingException("parse_pcap failed to parse " + str(
            file_path))
    # finish connection which not close yet
    for conn in conn_dict.values():
        conn.finish()
    return all_packets