Module: PcapTools
- Defined in:
- lib/pcap_tools.rb
Defined Under Namespace
Modules: HttpParser
Classes: TcpStream
Class Method Summary
collapse
Class Method Details
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
# File 'lib/pcap_tools.rb', line 106
def stream
rebuilded = stream.rebuild_packets
calls = []
data_out = ""
data_in = nil
k = 0
while k < rebuilded.size
begin
req = HttpParser::parse_request(rebuilded[k])
resp = k + 1 < rebuilded.size ? HttpParser::parse_response(rebuilded[k + 1]) : nil
calls << [req, resp]
rescue Exception => e
warn "Unable to parse http call : #{e}"
end
k += 2
end
calls
end
|
61
62
63
64
65
66
67
|
# File 'lib/pcap_tools.rb', line 61
def captures
calls = []
(captures).each do |tcp|
calls.concat((tcp))
end
calls
end
|
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
# File 'lib/pcap_tools.rb', line 71
def captures
packets = []
captures.each do |capture|
capture.each do |packet|
packets << PacketFu::Packet.parse(packet)
end
end
streams = []
packets.each_with_index do |packet, k|
if packet.is_a?(PacketFu::TCPPacket) && packet.tcp_flags.syn == 1 && packet.tcp_flags.ack == 0
kk = k
tcp = TcpStream.new
while kk < packets.size
packet2 = packets[kk]
if packet2.is_a?(PacketFu::TCPPacket)
if packet.tcp_dst == packet2.tcp_dst && packet.tcp_src == packet2.tcp_src
tcp.insert_tcp :out, packet2
break if packet.tcp_flags.fin == 1 || packet2.tcp_flags.fin == 1
end
if packet.tcp_dst == packet2.tcp_src && packet.tcp_src == packet2.tcp_dst
tcp.insert_tcp :in, packet2
break if packet.tcp_flags.fin == 1 || packet2.tcp_flags.fin == 1
end
end
kk += 1
end
streams << tcp
end
end
streams
end
|
.load_mutliple_files(dir) ⇒ Object
55
56
57
|
# File 'lib/pcap_tools.rb', line 55
def load_mutliple_files dir
Dir.glob(dir).sort{|a, b| File.new(a).mtime <=> File.new(b).mtime}.map{|file| PacketFu::PcapFile.file_to_array(file)}
end
|