diff options
| -rw-r--r-- | README.md | 3 | ||||
| -rwxr-xr-x | TCPSplit.py | 6 |
2 files changed, 6 insertions, 3 deletions
@@ -7,7 +7,7 @@ Split TCP segments of a stream into smaller ones using Scapy and PCAP files. Inspired and Copy&Paste from [scapy-tcp-extractor](https://github.com/deeso/scapy-tcp-extractor). ```shell -usage: TCPSplit.py [-h] [-o OUTPUT] [-s] [-l LENGTH] input +usage: TCPSplit.py [-h] [-o OUTPUT] [-s] [-l LENGTH] [-b BPF] input positional arguments: input PCAP input file @@ -19,6 +19,7 @@ options: -s, --summary Print found TCP Streams to stdout -l LENGTH, --length LENGTH Split TCP payload every n bytes + -b BPF, --bpf BPF BPF filter to apply ``` You can use the `example.pcapng` which contains two TCP Streams with some ASCII content by typing: diff --git a/TCPSplit.py b/TCPSplit.py index 8267e74..e16504c 100755 --- a/TCPSplit.py +++ b/TCPSplit.py @@ -39,14 +39,16 @@ class TCPSplitStream(object): ', expected ' + str(TCPStream.TCPStream)) self.stream = tcp_stream self.ordered_pkts = self.stream.get_order_pkts() + if len(self.ordered_pkts) == 0: + raise TCPSplitStreamException('No TCP packets found.') self.ip2dst = scapy.all.IP(src = self.stream.src, dst = self.stream.dst) self.ip2src = scapy.all.IP(src = self.stream.dst, dst = self.stream.src) - if self.stream.tcp_state.syn_seen is True: + if self.stream.tcp_state.syn_seen is True and len(self.ordered_pkts) >= 2: self.seq = self.ordered_pkts[0][scapy.all.TCP].seq # TCP-SYN self.ack = self.ordered_pkts[1][scapy.all.TCP].seq # TCP-SYN-ACK else: self.seq = self.ordered_pkts[0][scapy.all.TCP].seq - self.ack = self.ordered_pkts[1][scapy.all.TCP].ack + self.ack = self.ordered_pkts[0][scapy.all.TCP].ack def __generate_handshake(self): if self.stream.tcp_state.syn_seen is False: |