MCPcopy Index your code
hub / github.com/USArmyResearchLab/Dshell / Blob

Class Blob

dshell/core.py:1423–1980  ·  view source on GitHub ↗

Class for holding and reassembling pieces of a connection. A Blob holds the packets and reassembled data for traffic moving in one direction in a connection, before direction changes. def __init__(self, first_packet, direction) Args: connection: The Connection obj

Source from the content-addressed store, hash-verified

1421
1422# TODO: Rename this "TCPBlob" and then have a more generic "Blob" class it inherits from.
1423class Blob(object):
1424 """
1425 Class for holding and reassembling pieces of a connection.
1426
1427 A Blob holds the packets and reassembled data for traffic moving in one
1428 direction in a connection, before direction changes.
1429
1430 def __init__(self, first_packet, direction)
1431
1432 Args:
1433 connection: The Connection object that this Blob comes from. (Used for validating packets.)
1434 first_packet: the first Packet object to initialize Blob
1435
1436 Attributes:
1437 addr: .addr attribute of the first packet
1438 ts: timestamp of the first packet
1439 starttime: datetime for first packet
1440 endtime: datetime of last packet
1441 sip: source IP
1442 smac: source MAC address
1443 sport: source port
1444 sipcc: country code of source IP
1445 sipasn: ASN of source IP
1446 dip: dest IP
1447 dmac: dest MAC address
1448 dport: dest port
1449 dipcc: country code of dest IP
1450 dipasn: ASN of dest IP
1451 protocol: text version of protocol in layer-3 header
1452 direction: direction of the blob -
1453 'cs' for client-to-server, 'sc' for server-to-client
1454 ack_sequence_numbers: set of ACK numbers from the receiver for ####################################
1455 collected data packets
1456 packets: list of all packets in the blob
1457 hidden (bool): Used to indicate that a Blob should not be passed to
1458 next plugin. Can theoretically be overruled in, say, a
1459 connection_handler to force a Blob to be passed to next
1460 plugin.
1461 """
1462
1463 # max offset before wrap, default is MAXINT32 for TCP sequence numbers
1464 MAX_OFFSET = 0xffffffff
1465
1466 CLIENT_TO_SERVER = 'cs'
1467 SERVER_TO_CLIENT = 'sc'
1468
1469 def __init__(self, connection: Connection, first_packet):
1470 self.connection = connection
1471 self.addr = first_packet.addr
1472 self.ts = first_packet.ts
1473 self.starttime = first_packet.ts
1474 self.endtime = first_packet.ts
1475 self.sip = first_packet.sip
1476 self.smac = first_packet.smac
1477 self.sport = first_packet.sport
1478 self.sipcc = first_packet.sipcc
1479 self.sipasn = first_packet.sipasn
1480 self.dip = first_packet.dip

Callers 1

blobsMethod · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected