def _unpack(self, buf): """Extract into a list irc messages of a tcp streams. @buf: tcp stream data """ try: f = cStringIO.StringIO(buf) lines = f.readlines() except Exception: log.error("Failed reading tcp stream buffer") return False for element in lines: if not re.match("^:", element) is None: command = "([a-zA-Z]+|[0-9]{3})" params = "(\x20.+)" irc_server_msg = re.findall("(^:[\w+.{}!@|()]+\x20)"+command+params,element) if irc_server_msg: self._sc["prefix"] = convert_to_printable(irc_server_msg[0][0].strip()) self._sc["command"] = convert_to_printable(irc_server_msg[0][1].strip()) self._sc["params"] = convert_to_printable(irc_server_msg[0][2].strip()) self._sc["type"] = "server" self._messages.append(dict(self._sc)) else: irc_client_msg = re.findall("([a-zA-Z]+\x20)(.+[\x0a\0x0d])",element) if irc_client_msg and irc_client_msg[0][0].strip() in self.__methods_client: self._cc["command"] = convert_to_printable(irc_client_msg[0][0].strip()) self._cc["params"] = convert_to_printable(irc_client_msg[0][1].strip()) self._cc["type"] = "client" self._messages.append(dict(self._cc))
def dissect(data): """Runs all ICMP dissectors. RFC 792 @param conn: connection. @param data: payload data of protocol IP. """ picmp = {} picmp["protocol_name"] = "ICMP" picmp["layer"] = 3 # picmp["src"] = pip["src"] # picmp["dst"] = pip["dst"] picmp["type"] = data.type # Type picmp["code"] = data.code # Code picmp["checksum"] = data.sum # Checksum # Extract data from dpkg.icmp.ICMP. try: picmp["data"] = convert_to_printable(data.data.data) except: picmp["data"] = "" return picmp
def dissect(irc): __methods_client = dict.fromkeys(("PASS", "JOIN", "USER", "OPER", "MODE", "SERVICE", "QUIT", "SQUIT", "PART", "TOPIC", "NAMES", "LIST", "INVITE", "KICK", "PRIVMSG", "NOTICE", "MOTD", "LUSERS", "VERSION", "STATS", "LINKS", "TIME", "CONNECT", "TRACE", "ADMIN", "INFO", "SERVLIST", "SQUERY", "WHO", "WHOIS", "WHOWAS", "KILL", "PING", "PONG", "ERROR", "AWAY", "REHASH", "DIE", "RESTART", "SUMMON", "USERS", "WALLOPS", "USERHOST", "NICK", "ISON")) _messages = [] _sc = {} _cc = {} try: f = cStringIO.StringIO(irc) lines = f.readlines() except Exception: return False for element in lines: if not re.match("^:", element) is None: command = "([a-zA-Z]+|[0-9]{3})" params = "(\x20.+)" irc_server_msg = re.findall("(^:[\w+.{}!@|()]+\x20)"+command+params,element) if irc_server_msg: _sc["prefix"] = convert_to_printable(irc_server_msg[0][0].strip()) _sc["command"] = convert_to_printable(irc_server_msg[0][1].strip()) _sc["params"] = convert_to_printable(irc_server_msg[0][2].strip()) _sc["type"] = "server" _messages.append(dict(_sc)) else: irc_client_msg = re.findall("([a-zA-Z]+\x20)(.+[\x0a\0x0d])",element) if irc_client_msg and irc_client_msg[0][0].strip() in __methods_client: _cc["command"] = convert_to_printable(irc_client_msg[0][0].strip()) _cc["params"] = convert_to_printable(irc_client_msg[0][1].strip()) _cc["type"] = "client" _messages.append(dict(_cc)) pirc={} pirc["layer"] = 7 pirc["protocol_name"] = "IRC" pirc["messages"] = _messages return pirc