def parse_netconn(self, seq, netconn):
parts = netconn.split('|')
new_conn = {}
timestamp = convert_event_time(parts[0])
try:
new_conn['remote_ip'] = socket.inet_ntoa(struct.pack('>i', int(parts[1])))
except:
new_conn['remote_ip'] = '0.0.0.0'
new_conn['remote_port'] = int(parts[2])
new_conn['proto'] = protocols[int(parts[3])]
new_conn['domain'] = parts[4]
if parts[5] == 'true':
new_conn['direction'] = 'Outbound'
else:
new_conn['direction'] = 'Inbound'
return CbNetConnEvent(self.process_model, timestamp, seq, new_conn)
评论列表
文章目录
