synap5e/main.py

## main.py
#!/usr/bin/env python2
# encoding: utf-8

import sys, time, binascii, struct
import pdb
import scapy.all as scapy
from scapy.all import IP, TCP
from hexdump import hexdump

import hsproto_pb2 as hsproto
from follow_tcp_stream import follow_tcp_stream

FIN = 0x01
SYN = 0x02
RST = 0x04
PSH = 0x08
ACK = 0x10
URG = 0x20
ECE = 0x40
CWR = 0x80

if __name__ == "__main__":
	packets = scapy.rdpcap(sys.argv[1])

	ports = [1119]

	streams = []
	for pkt in packets:
		if TCP in pkt and \
			(pkt[TCP].sport in ports or pkt[TCP].dport in ports) and \
			pkt[TCP].flags == SYN:

			stream = follow_tcp_stream(pkt, packets)
			if stream:
				streams.append(stream)

	for stream in streams:
		print repr(stream), "at", time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(stream[0].time)), len(stream)

	#for stream in streams:
	if True:
		stream = packets
		client = stream[0][IP].src
		server = stream[0][IP].dst

		buffers = {
			client : bytearray(),
			server : bytearray()
		}

		for pkt in stream:
			src = pkt[IP].src
			if not type(pkt[TCP].payload) is scapy.NoPayload and not type(pkt[TCP].payload) is scapy.Padding:
				b = buffers[src]

				b += pkt[TCP].payload.load

				if len(b) < 2:
					continue

				headerlen, = struct.unpack('>H', b[:2])

				if len(b) < 2 + headerlen:
					continue

				headerdata = b[2:2+headerlen]

				header = hsproto.bnet_protocol_Header()
				header.ParseFromString(str(headerdata))

				if len(b) < 2 + headerlen + header.size:
					print "waiting on %d bytes for client but only have %d" % (2 + headerlen + header.size, len(b))
					#pdb.set_trace()
					continue

				data = b[2+headerlen:2+headerlen+header.size]

				buffers[src] = b[2+headerlen+header.size:]

				print "%s -> %s" % (src, pkt[IP].dst)
				hexdump(str(b[:2+headerlen]))
				print header

				# if header.service_id == 254:
				# 	# response
				# else:

				hexdump(str(data))
				print '\n'


		# print "%s -> %s" % (client, server)
		# print hexdump(str(buffers[client]))

		# print "%s -> %s" % (server, client)
		# print hexdump(str(buffers[server]))
	#!/usr/bin/env python2
	# encoding: utf-8

	import sys, time, binascii, struct
	import pdb
	import scapy.all as scapy
	from scapy.all import IP, TCP
	from hexdump import hexdump

	import hsproto_pb2 as hsproto
	from follow_tcp_stream import follow_tcp_stream

	FIN = 0x01
	SYN = 0x02
	RST = 0x04
	PSH = 0x08
	ACK = 0x10
	URG = 0x20
	ECE = 0x40
	CWR = 0x80

	if __name__ == "__main__":
	packets = scapy.rdpcap(sys.argv[1])

	ports = [1119]

	streams = []
	for pkt in packets:
	if TCP in pkt and \
	(pkt[TCP].sport in ports or pkt[TCP].dport in ports) and \
	pkt[TCP].flags == SYN:

	stream = follow_tcp_stream(pkt, packets)
	if stream:
	streams.append(stream)

	for stream in streams:
	print repr(stream), "at", time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(stream[0].time)), len(stream)

	#for stream in streams:
	if True:
	stream = packets
	client = stream[0][IP].src
	server = stream[0][IP].dst

	buffers = {
	client : bytearray(),
	server : bytearray()
	}

	for pkt in stream:
	src = pkt[IP].src
	if not type(pkt[TCP].payload) is scapy.NoPayload and not type(pkt[TCP].payload) is scapy.Padding:
	b = buffers[src]

	b += pkt[TCP].payload.load

	if len(b) < 2:
	continue

	headerlen, = struct.unpack('>H', b[:2])

	if len(b) < 2 + headerlen:
	continue

	headerdata = b[2:2+headerlen]

	header = hsproto.bnet_protocol_Header()
	header.ParseFromString(str(headerdata))

	if len(b) < 2 + headerlen + header.size:
	print "waiting on %d bytes for client but only have %d" % (2 + headerlen + header.size, len(b))
	#pdb.set_trace()
	continue

	data = b[2+headerlen:2+headerlen+header.size]

	buffers[src] = b[2+headerlen+header.size:]

	print "%s -> %s" % (src, pkt[IP].dst)
	hexdump(str(b[:2+headerlen]))
	print header

	# if header.service_id == 254:
	# # response
	# else:

	hexdump(str(data))
	print '\n'



	# print "%s -> %s" % (client, server)
	# print hexdump(str(buffers[client]))

	# print "%s -> %s" % (server, client)
	# print hexdump(str(buffers[server]))