From e68170482450d9ce393e9204a2545146ec6d9207 Mon Sep 17 00:00:00 2001
From: Janus Varmarken <varmarken@gmail.com>
Date: Wed, 25 Oct 2017 22:00:04 -0700
Subject: [PATCH] extract_from_tshark.py: - apply Shuba's fix: do not skip
packets that do not have a comment. - include src ip and src port in output
---
extract_from_tshark.py | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/extract_from_tshark.py b/extract_from_tshark.py
index a66b556..7c1270f 100644
--- a/extract_from_tshark.py
+++ b/extract_from_tshark.py
@@ -100,6 +100,10 @@ def change_file(fpath):
new_packet["dst_ip"] = layers[json_key_ip][json_key_ip + ".dst"]
new_packet["dst_port"] = int(layers[json_key_tcp][json_key_tcp + ".dstport"])
+ # JV: Also include src so we can see what device initiates the traffic
+ new_packet["src_ip"] = layers[json_key_ip][json_key_ip + ".src"]
+ new_packet["src_port"] = int(layers[json_key_tcp][json_key_tcp + ".srcport"])
+
# Go through all HTTP fields and extract the ones that are needed
http_data = layers[json_key_http]
for http_key in http_data:
@@ -149,17 +153,6 @@ def change_file(fpath):
new_packet["ts"] = layers[json_key_frame][json_key_frame_ts]
- # Now extract and parse the packet comment
- if (json_key_pkt_comment not in layers or
- json_key_frame_comment not in layers[json_key_pkt_comment]):
- print "WARNING: no packet comment found!" + frame_num
- continue
-
- comment = layers[json_key_pkt_comment][json_key_frame_comment]
- comment_data = json.loads(comment)
- for key in comment_data:
- new_packet[str(key)] = str(comment_data[key])
-
# Create a unique key for each packet to keep consistent with ReCon
# Also good in case packets end up in different files
data[str(uuid.uuid4())] = new_packet
--
2.34.1