資源簡介
利用Python快速分析數據包的完整性,提示數據包缺少步驟,按照源端口目的端口源ip和目的ip進行分流
代碼片段和文件信息
#!/usr/bin/python
#coding=utf-8
import?dpkt
import?datetime
import?socket
import?os
from?dpkt.compat?import?compat_ord
from?dpkt.compat?import?BytesIO?iteritems
import?ConfigParser
import?codecs
import?sys
import?zlib
from?dpkt.gzip?import?Gzip
import?getopt
import?gzip?binascii
from?cStringIO?import?StringIO?
global?inIp
global?inUrl
global?inKeyword
default_encoding=“utf-8“
if(default_encoding!=sys.getdefaultencoding()):
????reload(sys)
????sys.setdefaultencoding(default_encoding)
class?CResult:
????def?__init__(self?seq=0?ack?=?0?three?=?0?gets=0?regets=0?oks=0rsts=0?bands=0?allblock=0keys=0str1=‘‘gzipflag=0?block=0?url=‘‘?get_seq=0?fszip=0):
????????self.seq?=?seq
????????self.ack?=?ack
????????self.three?=?three
????????self.url?=?url
????????self.gets?=?gets
????????self.regets?=?regets
????????self.block?=?block
????????self.allblock?=?allblock
????????self.str1?=?str1
????????self.gzipflag?=?gzipflag
????????self.oks?=?oks
????????self.keys?=?keys
????????self.rsts?=?rsts
????????self.bands?=?bands
????????self.get_seq?=?get_seq
????????self.fszip?=?fszip
def?readConfig():
????cp?=?ConfigParser.SafeConfigParser()
????with?codecs.open(‘myapp.conf‘?‘r‘?‘utf-8‘)?as?f:
????????cp.readfp(f)
????return?cp
????
????
def?inet_to_str(inet):
????#?First?try?ipv4?and?then?ipv6
????return?socket.inet_ntoa(inet)
???
def?gzdecode(c_data):??
????buf?=?StringIO(c_data)??
????f?=?gzip.GzipFile(mode?=?‘rb‘?fileobj?=?buf)??
????try:??
????????r_data?=?f.read()??
????finally:??
????????f.close()??
????return?r_data
????
???
def?printResult(dic?urlSet):
????gets=0
????regets=0
????three=0
????oks=0
????fins=0
????rsts=0
????bands=0
????allblock?=?0
????flownum=0
????keys?=?0
????zipfalsenum?=?0
????global?inIp
????global?inUrl
????global?inKeyword
????url?=?inUrl
????if?url.startswith(“http://“):
????????url?=?url[7:]
????ipconf?=?inIp
????keyword?=?inKeyword
????if(?len(keyword)?>?0?):
????????keyword_utf8=keyword.encode(‘utf-8‘)???
????????keyutflen=len(keyword_utf8)
????????key_gbk=keyword.encode(‘gbk‘)
????????keygbklen=len(key_gbk)
?????
????print?u“TCP流條數:????“len(dic)
????if(len(url)?==?0):
????????if(len(urlSet)?==?0):
????????????print?u“未發現url“
????????
????????for?tmpurl?in?urlSet:
????????????for?val?in?dic.values():
????????????????if?val.url?==?tmpurl:
????????????????????gets?=?gets?+?val.gets
????????????????????regets?=?regets?+?val.regets
????????????????????if?val.three?==?7:
????????????????????????three?=???three?+?1
????????????????????oks?=?oks?+?val.oks
????????????????????rsts?=?rsts?+?val.rsts
????????????????????bands?=?bands?+?val.bands
????????????????????allblock?=?allblock?+?val.allblock
????????????????????flownum?=?flownum?+?1
????????????????
????????????print?“+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++“
????????????print?u“URL:?“?+?tmpurl
????????????if(flownum?>?three):
????????????????print?“+++??“?u“三步握手丟失“.ljust(30)?+?str(flownum-three)
????????????elif?three?==?0:
???屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????目錄???????????0??2017-10-10?10:43??pcapanalysis\
?????文件??????115253??2017-05-15?16:03??pcapanalysis\dpkt-1.9.1.tar.gz
?????目錄???????????0??2017-10-10?10:43??pcapanalysis\parserpcap\
?????文件???????14613??2017-07-03?15:09??pcapanalysis\parserpcap\parserpcap.py
?????文件?????????450??2017-07-03?15:23??pcapanalysis\pre_install_patch.sh
- 上一篇:泰坦尼克python數據分析
- 下一篇:Python爬取房價信息
評論
共有 條評論
川公網安備 51152502000135號