applicationlayer

와샥은 winpcap라이브러리에서 제공하는 아래의 함수를 사용하여 패킷을 수집한다.

pcap_findalldevs() 랜카드 선택

pcap_freealldevs() 랜카드 제거

pcap_open_live() 선택된 랜카드로 수집할 패킷 사이즈 등 결정

pcap_loop() 프로그램 무한루프 결정

pcap_handle() 수집된 패킷 출력 형태 결정

wireshark export packet details-All expanded 에 대한 파싱스크립트

 

* HTTP GET *

==========================================================================================

if( $#ARGV < 0 )
  { die "Supply a file name, please.\n"; }
if( $#ARGV > 0 )
  { die "Too many parameter.\n"; }

$fileName = shift( @ARGV );

if( -d $fileName )
  { die "$fileName is a directory.\n"; }

-e $fileName || die "$fileName is not exist.\n";

-T $fileName || die "$fileName is not a text file.\n";

open( fileHandle, $fileName ) || die "Cannot open $fileName.\n";
$matching = 0;
$i=1;
while($aLine =<fileHandle>)
{
  if($aLine =~/^\s*?GET \//)
  {
    print $i.'.'.$aLine;
    $i = $i+1;
  }
}
close(fileHandle);
==========================================================================================

 

* HTTP Header *

==========================================================================================

if( $#ARGV < 0 )
  { die "Supply a file name, please.\n"; }
if( $#ARGV > 0 )
  { die "Too many parameter.\n"; }

$fileName = shift( @ARGV );

if( -d $fileName )
  { die "$fileName is a directory.\n"; }

-e $fileName || die "$fileName is not exist.\n";

-T $fileName || die "$fileName is not a text file.\n";

open( fileHandle, $fileName ) || die "Cannot open $fileName.\n";
$matching = 0;
$i=0;
while($aLine =<fileHandle>)
{
  if($aLine =~/^\s{4}\\r\\n/)
  {

    $matching = 0;
  }
  if($matching == 1)
  {
    print $i.'.'.$aLine;

   }
  if($aLine =~/Request Version: HTTP\/1\./)
  {
    $matching = 1;
    $i = $i+1;
  }

}
close(fileHandle);

==========================================================================================