From 11206b4a71e9d65c745b004c94ecaccab13741a9 Mon Sep 17 00:00:00 2001
From: lns <matzeton@googlemail.com>
Date: Mon, 8 Aug 2022 15:50:48 +0200
Subject: Use correct ACK number if midstream TCP traffic.

 * README update to reflect newly added `-b' option

Signed-off-by: lns <matzeton@googlemail.com>
---
 README.md   | 3 ++-
 TCPSplit.py | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index c379a1c..6f55061 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ Split TCP segments of a stream into smaller ones using Scapy and PCAP files.
 Inspired and Copy&Paste from [scapy-tcp-extractor](https://github.com/deeso/scapy-tcp-extractor).
 
 ```shell
-usage: TCPSplit.py [-h] [-o OUTPUT] [-s] [-l LENGTH] input
+usage: TCPSplit.py [-h] [-o OUTPUT] [-s] [-l LENGTH] [-b BPF] input
 
 positional arguments:
   input                 PCAP input file
@@ -19,6 +19,7 @@ options:
   -s, --summary         Print found TCP Streams to stdout
   -l LENGTH, --length LENGTH
                         Split TCP payload every n bytes
+  -b BPF, --bpf BPF     BPF filter to apply
 ```
 
 You can use the `example.pcapng` which contains two TCP Streams with some ASCII content by typing:
diff --git a/TCPSplit.py b/TCPSplit.py
index 8267e74..e16504c 100755
--- a/TCPSplit.py
+++ b/TCPSplit.py
@@ -39,14 +39,16 @@ class TCPSplitStream(object):
                             ', expected ' + str(TCPStream.TCPStream))
         self.stream = tcp_stream
         self.ordered_pkts = self.stream.get_order_pkts()
+        if len(self.ordered_pkts) == 0:
+            raise TCPSplitStreamException('No TCP packets found.')
         self.ip2dst = scapy.all.IP(src = self.stream.src, dst = self.stream.dst)
         self.ip2src = scapy.all.IP(src = self.stream.dst, dst = self.stream.src)
-        if self.stream.tcp_state.syn_seen is True:
+        if self.stream.tcp_state.syn_seen is True and len(self.ordered_pkts) >= 2:
             self.seq = self.ordered_pkts[0][scapy.all.TCP].seq # TCP-SYN
             self.ack = self.ordered_pkts[1][scapy.all.TCP].seq # TCP-SYN-ACK
         else:
             self.seq = self.ordered_pkts[0][scapy.all.TCP].seq
-            self.ack = self.ordered_pkts[1][scapy.all.TCP].ack
+            self.ack = self.ordered_pkts[0][scapy.all.TCP].ack
 
     def __generate_handshake(self):
         if self.stream.tcp_state.syn_seen is False:
-- 
cgit v1.2.3