1

PCAP ファイルから HTTP 永続接続 BODY をステッチしたいのですが、
重複する本文データが含まれています。これらのデータを削除するにはどうすればよいですか?

私のコード part1 part2

次の私のコード:

from mydpkt import Request
from mydpkt import Reader, Ethernet

rh_log = open('e:\\rh.pcap','rb')
rh_file = Reader(rh_log)
# p.setfilter('tcp port 80')
expect_request_switch = False
expect_respone_switch = False
body_lenth = 0
keep_alive_index = 0
body_persistent = ''
body_all = []
index = 0
for index, (ptime, pdata) in enumerate(rh_file).__iter__():
    p = Ethernet(pdata)
    ip = p.data
    if ip.__class__.__name__ == 'IP':
        dst_ip = '%d.%d.%d.%d' % tuple(map(ord, list(ip.dst)))
        src_ip = '%d.%d.%d.%d' % tuple(map(ord, list(ip.src)))
        tcp = ip.data
        # dport = tcp.dport
        if tcp.__class__.__name__ == 'TCP' and len(tcp.data) > 1:
            dport = tcp.dport
            sport = tcp.sport
            received_string = str(tcp.data)
            if expect_request_switch and expect_respone_switch and 'HTTP/1.1 200 OK' in received_string:
       expect_request_switch = expect_respone_switch = False
            if expect_request_switch:
                if 'HTTP/1.1 100 Continue' in tcp.data:
                    keep_alive_index = index
                    expect_respone_switch = True
                if (index >= (keep_alive_index + 1)) and expect_respone_switch and dport == 80:
                    body_persistent += received_string
                    body_persistent_lenth = len(body_persistent)
                    body_all.append(body_persistent)
                    expect_request_switch = False
                    expect_respone_switch = False

body_persistent = ''

            if dport == 80 and expect_respone_switch is False:
4

0 に答える 0