def handleStream(tcp):
((src, sport), (dst, dport)) = parse_addr(tcp)
if tcp.server.count_new > 0:
data = tcp.server.data[:tcp.server.count_new]
count = tcp.server.count_new
direction = 'to_server'
color = "RED"
else:
data = tcp.client.data[:tcp.client.count_new]
count = tcp.client.count_new
direction = 'to_client'
color = "GREEN"
if tcp.module_data['verbose']:
chop.tsprettyprnt(
color, "%s:%s -> %s:%s %i bytes (H = %0.2f)" %
(src, sport, dst, dport, count, entropy(data)))
if tcp.module_data['oneshot']:
tcp.stream_data['data'] += data
if tcp.module_data['oneshot_split']:
tcp.stream_data[direction] += data
if tcp.module_data['oneshot'] or tcp.module_data['oneshot_split']:
return
handle_bytes(data, color, direction, tcp.module_data)
tcp.discard(count)
def handleStream(tcp):
key = str(tcp.addr)
((src, sport), (dst, dport)) = parse_addr(tcp)
if tcp.module_data["isodate"]:
timestamp = packet_isodate(tcp.timestamp)
else:
timestamp = packet_timedate(tcp.timestamp)
ps = tcp.module_data["pcap_summary"]["data"]
cs = tcp.module_data["streams"][key]["data"]
if tcp.server.count_new > 0:
comm = {
"data_to": "S",
"data_len": tcp.server.count_new,
"entropy": entropy(tcp.server.data[: tcp.server.count_new]),
}
cs["comm_order"].append(comm)
cs["server_data_transfer"] += tcp.server.count_new
ps["total_data_transfer"] += tcp.server.count_new
tcp.discard(tcp.server.count_new)
else:
comm = {
"data_to": "C",
"data_len": tcp.client.count_new,
"entropy": entropy(tcp.client.data[: tcp.client.count_new]),
}
cs["comm_order"].append(comm)
cs["client_data_transfer"] += tcp.client.count_new
ps["total_data_transfer"] += tcp.client.count_new
tcp.discard(tcp.client.count_new)
cs["end_time"] = timestamp
cs["total_packets"] += 1
ps["total_packets"] += 1
ps["end_time"] = timestamp
return
def handleStream(tcp):
key = str(tcp.addr)
((src, sport), (dst, dport)) = parse_addr(tcp)
if tcp.module_data['isodate']:
timestamp = packet_isodate(tcp.timestamp)
else:
timestamp = packet_timedate(tcp.timestamp)
ps = tcp.module_data['pcap_summary']['data']
cs = tcp.module_data['streams'][key]['data']
if tcp.server.count_new > 0:
comm = {
'data_to': 'S',
'data_len': tcp.server.count_new,
'entropy': entropy(tcp.server.data[:tcp.server.count_new])
}
cs['comm_order'].append(comm)
cs['server_data_transfer'] += tcp.server.count_new
ps['total_data_transfer'] += tcp.server.count_new
tcp.discard(tcp.server.count_new)
else:
comm = {
'data_to': 'C',
'data_len': tcp.client.count_new,
'entropy': entropy(tcp.client.data[:tcp.client.count_new])
}
cs['comm_order'].append(comm)
cs['client_data_transfer'] += tcp.client.count_new
ps['total_data_transfer'] += tcp.client.count_new
tcp.discard(tcp.client.count_new)
cs['end_time'] = timestamp
cs['total_packets'] += 1
ps['total_packets'] += 1
ps['end_time'] = timestamp
return
def handleStream(tcp):
((src, sport), (dst, dport)) = parse_addr(tcp)
if tcp.server.count_new > 0:
data = tcp.server.data[:tcp.server.count_new]
count = tcp.server.count_new
direction = 'to_server'
color = "RED"
else:
data = tcp.client.data[:tcp.client.count_new]
count = tcp.client.count_new
direction = 'to_client'
color = "GREEN"
if tcp.module_data['verbose']:
chop.tsprettyprnt(
color, "%s:%s -> %s:%s %i bytes (H = %0.2f)" %
(src, sport, dst, dport, count, entropy(data)))
if tcp.module_data['oneshot']:
tcp.stream_data['data'] += data
if tcp.module_data['oneshot_split']:
tcp.stream_data[direction] += data
if tcp.module_data['oneshot'] or tcp.module_data['oneshot_split']:
return
if 'xor_key' in tcp.module_data:
data = multibyte_xor(data, tcp.module_data['xor_key'])
if tcp.module_data['hexdump']:
data = hexdump(data)
if module_data['base64']:
data = b64encode(data)
chop.prettyprnt(color, data)
chop.json({'payload': data, 'direction': direction})
tcp.discard(count)
def handleStream(tcp):
((src, sport), (dst, dport)) = parse_addr(tcp)
if tcp.server.count_new > 0:
data = tcp.server.data[:tcp.server.count_new]
count = tcp.server.count_new
direction = 'to_server'
color = "RED"
else:
data = tcp.client.data[:tcp.client.count_new]
count = tcp.client.count_new
direction = 'to_client'
color = "GREEN"
if tcp.module_data['verbose']:
chop.tsprettyprnt(color, "%s:%s -> %s:%s %i bytes (H = %0.2f)" % (src, sport, dst, dport, count, entropy(data)))
if tcp.module_data['oneshot']:
tcp.stream_data['data'] += data
if tcp.module_data['oneshot_split']:
tcp.stream_data[direction] += data
if tcp.module_data['oneshot'] or tcp.module_data['oneshot_split']:
return
if 'xor_key' in tcp.module_data:
data = multibyte_xor(data, tcp.module_data['xor_key'])
if tcp.module_data['hexdump']:
data = hexdump(data)
if tcp.module_data['base64']:
data = b64encode(data)
chop.prettyprnt(color, data)
chop.json({'payload': data, 'direction': direction})
tcp.discard(count)
def handleStream(tcp):
((src, sport), (dst, dport)) = parse_addr(tcp)
if tcp.server.count_new > 0:
data = tcp.server.data[: tcp.server.count_new]
count = tcp.server.count_new
direction = "to_server"
color = "RED"
else:
data = tcp.client.data[: tcp.client.count_new]
count = tcp.client.count_new
direction = "to_client"
color = "GREEN"
if tcp.module_data["verbose"]:
chop.tsprettyprnt(color, "%s:%s -> %s:%s %i bytes (H = %0.2f)" % (src, sport, dst, dport, count, entropy(data)))
if tcp.module_data["oneshot"]:
tcp.stream_data["data"] += data
if tcp.module_data["oneshot_split"]:
tcp.stream_data[direction] += data
if tcp.module_data["oneshot"] or tcp.module_data["oneshot_split"]:
return
handle_bytes(data, color, direction, tcp.module_data)
tcp.discard(count)
