Module: PcapTools
- Defined in:
- lib/pcap_tools.rb
Defined Under Namespace
Modules: HttpParser
Classes: TcpStream
Class Method Summary
collapse
Class Method Details
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
# File 'lib/pcap_tools.rb', line 100
def stream
rebuilded = stream.rebuild_packets
calls = []
data_out = ""
data_in = nil
k = 0
while k < rebuilded.size
begin
req = HttpParser::parse_request(rebuilded[k])
resp = k + 1 < rebuilded.size ? HttpParser::parse_response(rebuilded[k + 1]) : nil
calls << [req, resp]
rescue Exception => e
warn "Unable to parse http call : #{e}"
end
k += 2
end
calls
end
|
55
56
57
58
59
60
61
|
# File 'lib/pcap_tools.rb', line 55
def captures
calls = []
(captures).each do |tcp|
calls.concat((tcp))
end
calls
end
|
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
# File 'lib/pcap_tools.rb', line 65
def captures
packets = []
captures.each do |capture|
capture.each do |packet|
packets << PacketFu::Packet.parse(packet)
end
end
streams = []
packets.each_with_index do |packet, k|
if packet.is_a?(PacketFu::TCPPacket) && packet.tcp_flags.syn == 1 && packet.tcp_flags.ack == 0
kk = k
tcp = TcpStream.new
while kk < packets.size
packet2 = packets[kk]
if packet2.is_a?(PacketFu::TCPPacket)
if packet.tcp_dst == packet2.tcp_dst && packet.tcp_src == packet2.tcp_src
tcp.insert_tcp :out, packet2
break if packet.tcp_flags.fin == 1 || packet2.tcp_flags.fin == 1
end
if packet.tcp_dst == packet2.tcp_src && packet.tcp_src == packet2.tcp_dst
tcp.insert_tcp :in, packet2
break if packet.tcp_flags.fin == 1 || packet2.tcp_flags.fin == 1
end
end
kk += 1
end
streams << tcp
end
end
streams
end
|