diff options
| author | lns <matzeton@googlemail.com> | 2022-08-07 17:05:18 +0200 |
|---|---|---|
| committer | lns <matzeton@googlemail.com> | 2022-08-07 17:05:18 +0200 |
| commit | c2fb6cdba52618824c82ab0aaecf6fa15fa0be06 (patch) | |
| tree | 32292e2052f2dfaad960de3eb783c99e64996e30 | |
| parent | 3dde54a04e4b599eb23d215479a208f341342261 (diff) | |
Add BPF support.
Signed-off-by: lns <matzeton@googlemail.com>
| -rwxr-xr-x | TCPSplit.py | 6 | ||||
| -rw-r--r-- | TCPStreamExtractor.py | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/TCPSplit.py b/TCPSplit.py index 391d0a9..8267e74 100755 --- a/TCPSplit.py +++ b/TCPSplit.py @@ -196,9 +196,11 @@ if __name__ == '__main__': parser.add_argument('-l', '--length', type=int, help='Split TCP payload every n bytes', default=MAX_BYTES_PER_PACKET) + parser.add_argument('-b', '--bpf', type=str, help='BPF filter to apply', + default=None) args = parser.parse_args() - tse = TCPStreamExtractor.TCPStreamExtractor(args.input) + tse = TCPStreamExtractor.TCPStreamExtractor(args.input, None, True, None, args.bpf) if args.summary is True: printStreams(tse) @@ -211,4 +213,6 @@ if __name__ == '__main__': all_streams += tss.split() if args.output is not None: + if len(all_streams) == 0: + raise TCPSplitStreamException('No TCP streams found.') scapy.all.wrpcap(args.output, all_streams) diff --git a/TCPStreamExtractor.py b/TCPStreamExtractor.py index d6dc10a..7acf693 100644 --- a/TCPStreamExtractor.py +++ b/TCPStreamExtractor.py @@ -56,10 +56,10 @@ def thread_maintanence(timer_val, stream_extractor, timeout=1000): class TCPStreamExtractor: def __init__(self, filename, packet_list=None, process_packets=True, - outputdir=None, pcap_filters=None): + outputdir=None, bpf_filter=None): self.filename = filename - self.pcap_filter = pcap_filters + self.bpf_filter = bpf_filter self.outputdir=outputdir if not self.outputdir is None: @@ -72,7 +72,7 @@ class TCPStreamExtractor: self.packet_list = packet_list if packet_list is None: - self.packet_list =scapy.utils.rdpcap(filename) + self.packet_list = scapy.all.sniff(offline=filename, filter=self.bpf_filter, quiet=True) self.pkt_num = 0 # a stream is mapped under two flow keys |