def hcap_generate_logs(f):
generator = hcapng.parse(f)
_, header = next(generator)
conns = {}
yield (-1, ('basets', header.ts))
for ts, event in generator:
if isinstance(event, hcapng.EvNewConnection):
conns[event.stream_id] = Connection(event.source, event.dest)
yield (event.stream_id, ('create', event.source, event.dest, ts))
elif event.stream_id in conns:
if isinstance(event, hcapng.EvClose):
yield (event.stream_id, ('close', ts))
del conns[event.stream_id]
elif isinstance(event, hcapng.EvData):
try:
for packet in conns[event.stream_id].feed(
event.who, event.data):
yield (event.stream_id, ('packet', packet, event.who,
ts))
except Exception as e:
del conns[event.stream_id]
yield (event.stream_id, ('exception', e))
def hcap_generate_logs(f):
generator = hcapng.parse(f)
_, header = next(generator)
conns = {}
yield (-1, ('basets', header.ts))
for ts, event in generator:
if isinstance(event, hcapng.EvNewConnection):
conns[event.stream_id] = Connection(event.source, event.dest)
yield (event.stream_id, ('create', event.source, event.dest, ts))
elif event.stream_id in conns:
if isinstance(event, hcapng.EvClose):
yield (event.stream_id, ('close', ts))
del conns[event.stream_id]
elif isinstance(event, hcapng.EvData):
try:
for packet in conns[event.stream_id].feed(event.who, event.data):
yield (event.stream_id, ('packet', packet, event.who, ts))
except Exception as e:
del conns[event.stream_id]
yield (event.stream_id, ('exception', e))
print('<Connection source={0!r} dest={1!r}'.format(
self.p[0], self.p[1]))
if __name__ == '__main__':
import sys
from hearthy.datasource import hcapng
if len(sys.argv) < 2:
print('Usage: {0} <hcapng file>'.format(sys.argv[0]))
sys.exit(1)
import logging
logging.getLogger().setLevel(logging.DEBUG)
d = {}
with open(sys.argv[1], 'rb') as f:
parser = hcapng.parse(f)
begin = next(parser)
for ts, event in parser:
if isinstance(event, hcapng.EvClose):
if event.stream_id in d:
del d[event.stream_id]
elif isinstance(event, hcapng.EvData):
if event.stream_id in d:
try:
d[event.stream_id].feed(event.who, event.data)
except exceptions.BufferFullException:
del d[event.stream_id]
elif isinstance(event, hcapng.EvNewConnection):
d[event.stream_id] = Connection(event.source, event.dest)
self.p[0], self.p[1]))
if __name__ == '__main__':
import sys
from hearthy.datasource import hcapng
if len(sys.argv) < 2:
print('Usage: {0} <hcapng file>'.format(sys.argv[0]))
sys.exit(1)
import logging
logging.getLogger().setLevel(logging.DEBUG)
d = {}
with open(sys.argv[1], 'rb') as f:
parser = hcapng.parse(f)
begin = next(parser)
for ts, event in parser:
if isinstance(event, hcapng.EvClose):
if event.stream_id in d:
del d[event.stream_id]
elif isinstance(event, hcapng.EvData):
if event.stream_id in d:
try:
d[event.stream_id].feed(event.who, event.data)
except exceptions.BufferFullException:
del d[event.stream_id]
elif isinstance(event, hcapng.EvNewConnection):
d[event.stream_id] = Connection(event.source, event.dest)