def __init__(self, pcapfilename, importLayer=5): # l5msgs = PCAPImporter.readFile(pcap, importLayer=absLayer).values() # type: List[AbstractMessage] self.importLayer = importLayer self.packets = rdpcap(pcapfilename) self._messages = SortedTypedList(AbstractMessage) self._rawmessages = SortedTypedList(AbstractMessage) for pkt in self.packets: # type: Packet self.packetHandler(pkt)
def readMessages(self, filePathList, delimitor=b"\n"): """Read all the messages found in the specified filePathList and given a delimitor. :param filePathList: paths of the file to parse :type filePathList: a list of :class:`str` :param delimitor: the delimitor used to find messages in the same file :type delimitor: :class:`str` :return: a sorted list of messages :rtype: a :class:`netzob.Common.Utils.SortedTypedList.SortedTypedList` of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage` """ # Verify the existence of input files errorMessageList = [] for filePath in filePathList: try: fp = open(filePath) fp.close() except IOError as e: errorMessage = _("Error while trying to open the " + "file {0}.").format(filePath) if e.errno == errno.EACCES: errorMessage = _( "Error while trying to open the file " + "{0}, more permissions are required for " + "reading it.").format(filePath) errorMessageList.append(errorMessage) self._logger.warn(errorMessage) if errorMessageList != []: raise NetzobImportException("File", "\n".join(errorMessageList)) self.messages = SortedTypedList(AbstractMessage) for filePath in filePathList: self.__readMessagesFromFile(filePath, delimitor) return self.messages
def __init__(self, messages=None, _id=None, applicativeData=None, name="Session"): """ :parameter messages: the messages exchanged in the current session :type data: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage.AbstractMessage` :parameter _id: the unique identifier of the session :type _id: :class:`uuid.UUID` :keyword applicativeData: a list of :class:`netzob.Model.Vocabulary.ApplicaticeData.ApplicativeData` """ self.__messages = SortedTypedList(AbstractMessage) self.__applicativeData = TypedList(ApplicativeData) if messages is None: messages = [] self.messages = messages if _id is None: _id = uuid.uuid4() self.id = _id if applicativeData is None: applicativeData = [] self.applicativeData = applicativeData self.name = name
def readMessages(self, filePathList, bpfFilter="", importLayer=5, nbPackets=0): """Read all messages from a list of PCAP files. A BPF filter can be set to limit the captured packets. The layer of import can also be specified: - When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet). - If layer=3, we capture at the network level (such as IP). - If layer=4, we capture at the transport layer (such as TCP or UDP). - If layer=5, we capture at the applicative layer (such as the TCP or UDP payload). Finally, the number of packets to capture can be specified. :param filePathList: the messages to cluster. :type filePathList: a list of :class:`str` :param bpfFilter: a string representing a BPF filter. :type bpfFilter: :class:`str` :param importLayer: an integer representing the protocol layer to start importing. :type importLayer: :class:`int` :param nbPackets: the number of packets to import :type nbPackets: :class:`int` :return: a list of captured messages :rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage` """ # Verify the existence of input files errorMessageList = [] for filePath in filePathList: try: fp = open(filePath) fp.close() except IOError as e: errorMessage = _("Error while trying to open the " + "file {0}.").format(filePath) if e.errno == errno.EACCES: errorMessage = _( "Error while trying to open the file " + "{0}, more permissions are required for " + "reading it.").format(filePath) errorMessageList.append(errorMessage) self._logger.warn(errorMessage) if errorMessageList != []: raise NetzobImportException("PCAP", "\n".join(errorMessageList)) # Verify the expected import layer availableLayers = [1, 2, 3, 4, 5] if not importLayer in availableLayers: raise Exception( "Only layers level {0} are available.".format(availableLayers)) self.importLayer = importLayer # Call the method that does the import job for each PCAP file self.messages = SortedTypedList(AbstractMessage) for filePath in filePathList: self.__readMessagesFromFile(filePath, bpfFilter, nbPackets) return self.messages
def __init__(self, name=None): self.id = uuid.uuid4() self.name = name self.description = "" self.__fields = TypedList(AbstractField) self.__parent = None self.__encodingFunctions = SortedTypedList(EncodingFunction) self.__visualizationFunctions = TypedList(VisualizationFunction) self.__transformationFunctions = TypedList(TransformationFunction) self._variable = None
def readMessages(self, filePathList, bpfFilter="", importLayer=5, nbPackets=0, mergePacketsInFlow=False, ): """Read all messages from a list of PCAP files. A BPF filter can be set to limit the captured packets. The layer of import can also be specified: - When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet). - If layer=3, we capture at the network level (such as IP). - If layer=4, we capture at the transport layer (such as TCP or UDP). - If layer=5, we capture at the applicative layer (such as the TCP or UDP payload). Finally, the number of packets to capture can be specified. :param filePathList: the messages to cluster. :type filePathList: a list of :class:`str` :param bpfFilter: a string representing a BPF filter. :type bpfFilter: :class:`str` :param importLayer: an integer representing the protocol layer to start importing. :type importLayer: :class:`int` :param nbPackets: the number of packets to import :type nbPackets: :class:`int` :param mergePacketsInFlow: if True, consecutive packets with same source and destination ar merged (i.e. to mimic a flow) :type mergePacketsInFlow: :class:`bool` :return: a list of captured messages :rtype: a list of :class:`netzob.Model.Vocabulary.Messages.AbstractMessage` """ # Verify the existence of input files errorMessageList = [] for filePath in filePathList: try: fp = open(filePath) fp.close() except IOError as e: errorMessage = _("Error while trying to open the " + "file {0}.").format(filePath) if e.errno == errno.EACCES: errorMessage = _("Error while trying to open the file " + "{0}, more permissions are required for " + "reading it.").format(filePath) errorMessageList.append(errorMessage) self._logger.warn(errorMessage) if errorMessageList != []: raise NetzobImportException("PCAP", "\n".join(errorMessageList)) # Verify the expected import layer availableLayers = [1, 2, 3, 4, 5] if importLayer not in availableLayers: raise Exception( "Only layers level {0} are available.".format(availableLayers)) self.importLayer = importLayer # Call the method that does the import job for each PCAP file self.messages = SortedTypedList(AbstractMessage) for filePath in filePathList: self.__readMessagesFromFile(filePath, bpfFilter, nbPackets) #Create a session and attribute it to messages: session = Session(list(self.messages.values()),name=filePath) for message in self.messages.values(): message.session = session # if requested, we merge consecutive messages that share same source and destination if mergePacketsInFlow: mergedMessages = SortedTypedList(AbstractMessage) previousMessage = None for message in self.messages.values(): if previousMessage is not None and message.source == previousMessage.source and message.destination == previousMessage.destination: previousMessage.data += message.data else: mergedMessages.add(message) previousMessage = message self.messages = mergedMessages return self.messages
def clearEncodingFunctions(self): """Remove all the encoding functions attached to the current element""" self.__encodingFunctions = SortedTypedList(EncodingFunction) for child in self.fields: child.clearEncodingFunctions()