Class for holding and reassembling pieces of a connection. A Blob holds the packets and reassembled data for traffic moving in one direction in a connection, before direction changes. def __init__(self, first_packet, direction) Args: connection: The Connection obj
| 1421 | |
| 1422 | # TODO: Rename this "TCPBlob" and then have a more generic "Blob" class it inherits from. |
| 1423 | class Blob(object): |
| 1424 | """ |
| 1425 | Class for holding and reassembling pieces of a connection. |
| 1426 | |
| 1427 | A Blob holds the packets and reassembled data for traffic moving in one |
| 1428 | direction in a connection, before direction changes. |
| 1429 | |
| 1430 | def __init__(self, first_packet, direction) |
| 1431 | |
| 1432 | Args: |
| 1433 | connection: The Connection object that this Blob comes from. (Used for validating packets.) |
| 1434 | first_packet: the first Packet object to initialize Blob |
| 1435 | |
| 1436 | Attributes: |
| 1437 | addr: .addr attribute of the first packet |
| 1438 | ts: timestamp of the first packet |
| 1439 | starttime: datetime for first packet |
| 1440 | endtime: datetime of last packet |
| 1441 | sip: source IP |
| 1442 | smac: source MAC address |
| 1443 | sport: source port |
| 1444 | sipcc: country code of source IP |
| 1445 | sipasn: ASN of source IP |
| 1446 | dip: dest IP |
| 1447 | dmac: dest MAC address |
| 1448 | dport: dest port |
| 1449 | dipcc: country code of dest IP |
| 1450 | dipasn: ASN of dest IP |
| 1451 | protocol: text version of protocol in layer-3 header |
| 1452 | direction: direction of the blob - |
| 1453 | 'cs' for client-to-server, 'sc' for server-to-client |
| 1454 | ack_sequence_numbers: set of ACK numbers from the receiver for #################################### |
| 1455 | collected data packets |
| 1456 | packets: list of all packets in the blob |
| 1457 | hidden (bool): Used to indicate that a Blob should not be passed to |
| 1458 | next plugin. Can theoretically be overruled in, say, a |
| 1459 | connection_handler to force a Blob to be passed to next |
| 1460 | plugin. |
| 1461 | """ |
| 1462 | |
| 1463 | # max offset before wrap, default is MAXINT32 for TCP sequence numbers |
| 1464 | MAX_OFFSET = 0xffffffff |
| 1465 | |
| 1466 | CLIENT_TO_SERVER = 'cs' |
| 1467 | SERVER_TO_CLIENT = 'sc' |
| 1468 | |
| 1469 | def __init__(self, connection: Connection, first_packet): |
| 1470 | self.connection = connection |
| 1471 | self.addr = first_packet.addr |
| 1472 | self.ts = first_packet.ts |
| 1473 | self.starttime = first_packet.ts |
| 1474 | self.endtime = first_packet.ts |
| 1475 | self.sip = first_packet.sip |
| 1476 | self.smac = first_packet.smac |
| 1477 | self.sport = first_packet.sport |
| 1478 | self.sipcc = first_packet.sipcc |
| 1479 | self.sipasn = first_packet.sipasn |
| 1480 | self.dip = first_packet.dip |