| 数据流量包 | 您所在的位置:网站首页 › wireshark mergecap › 数据流量包 |
|
流量包往往大而繁杂,所以编写了该Python脚本辅助。 需用Linux环境,因为调用了Tcpdump。将该脚本放入pcap数据包的目录中运行,可以输入1-4。 1可以批量改名,3批量过滤,4将包合成 2可以在过滤后自动将过滤出的包合成。 在过滤选项中也有几个选择,1只过滤http流量,2只过滤ftp流量,3.同时过滤http和ftp流量,4自定义过滤,填tcpdump的语句。
代码如下: #! /usr/bin/python # -*- coding: utf-8 -*- #author:Blus import os import subprocess import re def rename(path): print "Rename ........" f_list = os.listdir(path) list2 = [] for i in f_list: if os.path.splitext(i)[1] == '.pcap': list2.append(i[0:-5]) list3=sorted(list2) #list3 = sorted(list2,key = lambda i:int(re.match(r'(\d+)',i).group())) #print list3 for i in list3: print i i=0 c="" tpath=[] for f in list3: i=i+1 ii=str(i) if len(ii)==1: ii="0"+ii c=c+ii oldname = path + f +".pcap" newname = path + str(ii)+"_"+f[-6:] +".pcap" print oldname print newname print f print f[-6:0] print "" os.rename(oldname,newname) print "Rename done." print "" def tcpdump_filter(path,cmd,path_name): path_http=path+path_name+"/" path_http2=path_http i=1 while(os.path.exists(path_http2)): path_http2=path_http[0:-1]+str(i)+"/" i=i+1 folder = os.path.exists(path_http2) if not folder: os.makedirs(path_http2) #makedirs print "New path: "+path_http2 print "" global h_path h_path=path_http2 f_list = os.listdir(path) list2 = [] for i in f_list: # os.path.splitext(): if os.path.splitext(i)[1] == '.pcap': list2.append(i[0:-5]) list3=sorted(list2) #list3 = sorted(list2,key = lambda i:int(re.match(r'(\d+)',i).group())) #print "--------show the code------" tpath=[] for f in list3: tp="tcpdump -r "+path + f +".pcap"+" -w "+path_http2+f+"_"+path_name+".pcap"+" "+cmd tpath.append(tp) print "--------begin filter-------" # os.chdir(wireshark_path) for i in tpath: print i p = subprocess.Popen(i, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) for line in p.stdout.readlines(): print line, retval = p.wait() print "--------filter done-------" print "" def merge(h_path) : if(h_path==""): h_path=os.getcwd()+"/" print "--------begin merge-------" print "-----"+h_path print "" path_merge=h_path+"merge/" path_merge2=path_merge i=1 while(os.path.exists(path_merge2)): path_merge2=path_merge[0:-1]+str(i)+"/" i=i+1 print "new path: "+path_merge2 folder = os.path.exists(path_merge2) if not folder: os.makedirs(path_merge2) #print "--- OK ---" f_list = os.listdir(path) i=0 for f in f_list: i=i+1 #print str(i)+" files" out=path_merge2+"he.pcap" #cmd="C:\\Program Files\\Wireshark\\mergecap.exe -w " + out #报错 cmd = "mergecap -w " + out print "" for i in os.listdir(h_path): if os.path.splitext(i)[1] == '.pcap': p=h_path+i print "111: "+p cmd=cmd+" "+p print "" print "-----------------------------------------" print cmd print "-----------------------------------------" print "" p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) for line in p.stdout.readlines(): print line, retval = p.wait() print "--merge done--" if __name__ == '__main__': path = os.getcwd()+"/" path_name="filter" h_path="" while(True): print "1: rename " print "2: auto-filter-merge" print "3: filter" print "4: merge" input1 = raw_input(":") if input1=="1": rename(path) if input1=="2": input2=raw_input("please input \n1: http \n2: ftp \n3: http ftp \n4: other command \n:") if input2=="1": cmd2='tcp port http' print cmd2 elif input2=="2": cmd2='tcp port ftp or ftp-data' elif input2=="3": cmd2='(port http) or (port ftp or ftp-data)' elif input2=="4": cmd2=input2 else: print "break"; break; tcpdump_filter(path,cmd2,path_name) merge(h_path) if input1=="3": input2=raw_input("please input \n1: http \n2: ftp \n3: http ftp \n4: other command") if input2=="1": cmd2='tcp port http' if input2=="2": cmd2='tcp port ftp or ftp-data' if input2=="3": cmd2='(port http) or (port ftp or ftp-data)' else: cmd2=input2 tcpdump_filter(path,cmd2,path_name) if input1=="4": merge(h_path) else: continue
|
| CopyRight 2018-2019 实验室设备网 版权所有 |