def cap_session(pcap_path):
capture = s.rdpcap(pcap_path) # TODO when go live change to session capture
first = True
curr_session = None
session_info = [0, ] * 3
for pkt in capture:
if not pkt.haslayer(s.TCP) and not pkt.haslayer(s.IP) and pkt.len <= 0:
continue
if first:
first = False
if is_client(pkt):
session_info[0] = pkt[s.IP].src
session_info[1] = pkt[s.IP].dst
session_info[2] = "TCP"
curr_session = Session(pkt, session_info, session_info[0])
else:
session_info[0] = pkt[s.IP].dst
session_info[1] = pkt[s.IP].src
session_info[2] = "TCP"
curr_session = Session(pkt, session_info, session_info[0])
else:
curr_session.update_session(pkt)
return curr_session
评论列表
文章目录
