extract_from_tshark.py:
authorJanus Varmarken <varmarken@gmail.com>
Thu, 26 Oct 2017 05:00:04 +0000 (22:00 -0700)
committerJanus Varmarken <varmarken@gmail.com>
Thu, 26 Oct 2017 05:00:04 +0000 (22:00 -0700)
- apply Shuba's fix: do not skip packets that do not have a comment.
- include src ip and src port in output

extract_from_tshark.py

index a66b556..7c1270f 100644 (file)
@@ -100,6 +100,10 @@ def change_file(fpath):
                 new_packet["dst_ip"] = layers[json_key_ip][json_key_ip + ".dst"]\r
                 new_packet["dst_port"] = int(layers[json_key_tcp][json_key_tcp + ".dstport"])\r
 \r
                 new_packet["dst_ip"] = layers[json_key_ip][json_key_ip + ".dst"]\r
                 new_packet["dst_port"] = int(layers[json_key_tcp][json_key_tcp + ".dstport"])\r
 \r
+                # JV: Also include src so we can see what device initiates the traffic\r
+                new_packet["src_ip"] = layers[json_key_ip][json_key_ip + ".src"]\r
+                new_packet["src_port"] = int(layers[json_key_tcp][json_key_tcp + ".srcport"])\r
+\r
                 # Go through all HTTP fields and extract the ones that are needed\r
                 http_data = layers[json_key_http]\r
                 for http_key in http_data:\r
                 # Go through all HTTP fields and extract the ones that are needed\r
                 http_data = layers[json_key_http]\r
                 for http_key in http_data:\r
@@ -149,17 +153,6 @@ def change_file(fpath):
 \r
                 new_packet["ts"] = layers[json_key_frame][json_key_frame_ts]\r
 \r
 \r
                 new_packet["ts"] = layers[json_key_frame][json_key_frame_ts]\r
 \r
-                # Now extract and parse the packet comment\r
-                if (json_key_pkt_comment not in layers or\r
-                            json_key_frame_comment not in layers[json_key_pkt_comment]):\r
-                    print "WARNING: no packet comment found!" + frame_num\r
-                    continue\r
-\r
-                comment = layers[json_key_pkt_comment][json_key_frame_comment]\r
-                comment_data = json.loads(comment)\r
-                for key in comment_data:\r
-                    new_packet[str(key)] = str(comment_data[key])\r
-\r
                 # Create a unique key for each packet to keep consistent with ReCon\r
                 # Also good in case packets end up in different files\r
                 data[str(uuid.uuid4())] = new_packet\r
                 # Create a unique key for each packet to keep consistent with ReCon\r
                 # Also good in case packets end up in different files\r
                 data[str(uuid.uuid4())] = new_packet\r