aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlns <matzeton@googlemail.com>2022-08-08 15:50:48 +0200
committerlns <matzeton@googlemail.com>2022-08-08 15:50:48 +0200
commit11206b4a71e9d65c745b004c94ecaccab13741a9 (patch)
tree39440f4996971c910f6faf68333b60a74e258267
parentc2fb6cdba52618824c82ab0aaecf6fa15fa0be06 (diff)
Use correct ACK number if midstream TCP traffic.HEADmain
* README update to reflect newly added `-b' option Signed-off-by: lns <matzeton@googlemail.com>
Diffstat
-rw-r--r--README.md3
-rwxr-xr-xTCPSplit.py6
2 files changed, 6 insertions, 3 deletions
diff --git a/README.md b/README.md
index c379a1c..6f55061 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ Split TCP segments of a stream into smaller ones using Scapy and PCAP files.
Inspired and Copy&Paste from [scapy-tcp-extractor](https://github.com/deeso/scapy-tcp-extractor).
```shell
-usage: TCPSplit.py [-h] [-o OUTPUT] [-s] [-l LENGTH] input
+usage: TCPSplit.py [-h] [-o OUTPUT] [-s] [-l LENGTH] [-b BPF] input
positional arguments:
input PCAP input file
@@ -19,6 +19,7 @@ options:
-s, --summary Print found TCP Streams to stdout
-l LENGTH, --length LENGTH
Split TCP payload every n bytes
+ -b BPF, --bpf BPF BPF filter to apply
```
You can use the `example.pcapng` which contains two TCP Streams with some ASCII content by typing:
diff --git a/TCPSplit.py b/TCPSplit.py
index 8267e74..e16504c 100755
--- a/TCPSplit.py
+++ b/TCPSplit.py
@@ -39,14 +39,16 @@ class TCPSplitStream(object):
', expected ' + str(TCPStream.TCPStream))
self.stream = tcp_stream
self.ordered_pkts = self.stream.get_order_pkts()
+ if len(self.ordered_pkts) == 0:
+ raise TCPSplitStreamException('No TCP packets found.')
self.ip2dst = scapy.all.IP(src = self.stream.src, dst = self.stream.dst)
self.ip2src = scapy.all.IP(src = self.stream.dst, dst = self.stream.src)
- if self.stream.tcp_state.syn_seen is True:
+ if self.stream.tcp_state.syn_seen is True and len(self.ordered_pkts) >= 2:
self.seq = self.ordered_pkts[0][scapy.all.TCP].seq # TCP-SYN
self.ack = self.ordered_pkts[1][scapy.all.TCP].seq # TCP-SYN-ACK
else:
self.seq = self.ordered_pkts[0][scapy.all.TCP].seq
- self.ack = self.ordered_pkts[1][scapy.all.TCP].ack
+ self.ack = self.ordered_pkts[0][scapy.all.TCP].ack
def __generate_handshake(self):
if self.stream.tcp_state.syn_seen is False:
Powered by cgit, Themed by Ted Yin.