Module: PcapTools
- Defined in:
- lib/pcap_tools.rb,
lib/pcap_parser.rb
Defined Under Namespace
Modules: HttpParser, Parser
Classes: TcpStream
Class Method Summary
collapse
Class Method Details
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
# File 'lib/pcap_tools.rb', line 102
def stream
rebuilded = stream.rebuild_packets
calls = []
data_out = ""
data_in = nil
k = 0
while k < rebuilded.size
begin
req = HttpParser::parse_request(rebuilded[k])
resp = k + 1 < rebuilded.size ? HttpParser::parse_response(rebuilded[k + 1]) : nil
calls << [req, resp]
rescue Exception => e
warn "Unable to parse http call : #{e}"
end
k += 2
end
calls
end
|
57
58
59
60
61
62
63
|
# File 'lib/pcap_tools.rb', line 57
def captures
calls = []
(captures).each do |tcp|
calls.concat((tcp))
end
calls
end
|
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
# File 'lib/pcap_tools.rb', line 67
def captures
packets = []
captures.each do |capture|
capture.each do |packet|
packets << packet
end
end
streams = []
packets.each_with_index do |packet, k|
if packet.respond_to?(:type) && packet.type == "TCP" && packet.syn == 1 && packet.ack == 0
kk = k
tcp = TcpStream.new
while kk < packets.size
packet2 = packets[kk]
if packet2.respond_to?(:type) && packet.type == "TCP"
if packet.dst_port == packet2.dst_port && packet.src_port == packet2.src_port
tcp.insert_tcp :out, packet2
break if packet.fin == 1 || packet2.fin == 1
end
if packet.dst_port == packet2.src_port && packet.src_port == packet2.dst_port
tcp.insert_tcp :in, packet2
break if packet.fin == 1 || packet2.fin == 1
end
end
kk += 1
end
streams << tcp
end
end
streams
end
|