def parse_netconn(self, seq, netconn):
new_conn = {}
timestamp = convert_event_time(netconn.get("timestamp", None))
direction = netconn.get("direction", "true")
if direction == 'true':
new_conn['direction'] = 'Outbound'
else:
new_conn['direction'] = 'Inbound'
for ipfield in ('remote_ip', 'local_ip', 'proxy_ip'):
try:
new_conn[ipfield] = socket.inet_ntoa(struct.pack('>i', int(netconn.get(ipfield, 0))))
except:
new_conn[ipfield] = netconn.get(ipfield, '0.0.0.0')
for portfield in ('remote_port', 'local_port', 'proxy_port'):
new_conn[portfield] = int(netconn.get(portfield, 0))
new_conn['proto'] = protocols.get(int(netconn.get('proto', 0)), "Unknown")
new_conn['domain'] = netconn.get('domain', '')
return CbNetConnEvent(self.process_model, timestamp, seq, new_conn, version=2)
评论列表
文章目录
