PCAP ファイルから HTTP 永続接続 BODY をステッチしたいのですが、
重複する本文データが含まれています。これらのデータを削除するにはどうすればよいですか?
次の私のコード:
from mydpkt import Request
from mydpkt import Reader, Ethernet
rh_log = open('e:\\rh.pcap','rb')
rh_file = Reader(rh_log)
# p.setfilter('tcp port 80')
expect_request_switch = False
expect_respone_switch = False
body_lenth = 0
keep_alive_index = 0
body_persistent = ''
body_all = []
index = 0
for index, (ptime, pdata) in enumerate(rh_file).__iter__():
p = Ethernet(pdata)
ip = p.data
if ip.__class__.__name__ == 'IP':
dst_ip = '%d.%d.%d.%d' % tuple(map(ord, list(ip.dst)))
src_ip = '%d.%d.%d.%d' % tuple(map(ord, list(ip.src)))
tcp = ip.data
# dport = tcp.dport
if tcp.__class__.__name__ == 'TCP' and len(tcp.data) > 1:
dport = tcp.dport
sport = tcp.sport
received_string = str(tcp.data)
if expect_request_switch and expect_respone_switch and 'HTTP/1.1 200 OK' in received_string:
expect_request_switch = expect_respone_switch = False
if expect_request_switch:
if 'HTTP/1.1 100 Continue' in tcp.data:
keep_alive_index = index
expect_respone_switch = True
if (index >= (keep_alive_index + 1)) and expect_respone_switch and dport == 80:
body_persistent += received_string
body_persistent_lenth = len(body_persistent)
body_all.append(body_persistent)
expect_request_switch = False
expect_respone_switch = False
body_persistent = ''
if dport == 80 and expect_respone_switch is False: