Jump to content

Search the Community

Showing results for tags 'splitter'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Announcements and Site News
    • Administration
  • AutoIt v3
    • AutoIt Help and Support
    • AutoIt Technical Discussion
    • AutoIt Example Scripts
  • Scripting and Development
    • Developer General Discussion
    • Language Specific Discussion
  • IT Administration
    • Operating System Deployment
    • Windows Client
    • Windows Server
    • Office

Categories

  • AutoIt Team
    • Beta
    • MVP
  • AutoIt
    • Automation
    • Databases and web connections
    • Data compression
    • Encryption and hash
    • Games
    • GUI Additions
    • Hardware
    • Information gathering
    • Internet protocol suite
    • Maths
    • Media
    • PDF
    • Security
    • Social Media and other Website API
    • Windows
  • Scripting and Development
  • IT Administration
    • Operating System Deployment
    • Windows Client
    • Windows Server
    • Office

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Member Title


Location


WWW


Interests

Found 1 result

  1. Hi, I have worked on a project for a friend and it needed to retreive some data in UDP packets, it was a challenge because I didn't know anything about that packets, and after few days of work I have managed to do what I wanted. The hardest part was to set a very strict filter for the cpu usage and for the script optimisation, so here is one : ;use filters with _PcapStartCapture ;retreive only tcp packets containing AABBCCDD, at the start of 8 and with a length of 4; like the StringMid func. tcp[8:4] == 0xAABBCCDD ;8th byte from the beginning of the tcp DATA, 4bytes length; always include the 0x to specify you are dealing with hex. And some funcs to split the different data from packets : ;$hCapture is the handle returned by _PcapStartCapture ; #FUNCTION# ==================================================================================================================== ; Name...........: _TCP_Recv ; Description ...: Retreives a TCP Packet and returns its data splitted ; Syntax.........: _TCP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) ; Parameters ....: $hCapture - Capture handle ; $iInstance - Instance of the packet to retreive ; $iTimeOut - Timeout ; Return values .: Success - Array containing the packet data ; Failure - -1 (timedout) ; Author ........: FireFox (d3mon) ; Modified.......: ; Remarks .......: ; Related .......: _UDP_Recv ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _TCP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) Local $blPacketCaptured = False, $iTimer_Capture, $aPacket, $iPacket $iTimer_Capture = TimerInit() While (TimerDiff($iTimer_Capture) < $iTimeOut Or $iTimeOut = -1) $aPacket = _PcapGetPacket($hCapture) If IsArray($aPacket) Then If $iPacket = $iInstance Then Local $aTCPPacket[21] $aTCPPacket[0] = StringMid($aPacket[3], 3, 12) ;Destination Mac Address $aTCPPacket[1] = StringMid($aPacket[3], 15, 12) ;Source Mac Address $aTCPPacket[2] = StringMid($aPacket[3], 27, 4) ;Type $aTCPPacket[3] = StringMid($aPacket[3], 31, 2) ;Version & Header length $aTCPPacket[4] = StringMid($aPacket[3], 33, 2) ;Differientiated Services Field $aTCPPacket[5] = StringMid($aPacket[3], 35, 4) ;Total Length $aTCPPacket[6] = StringMid($aPacket[3], 39, 4) ;Identification $aTCPPacket[7] = StringMid($aPacket[3], 43, 4) ;Fragment offset $aTCPPacket[8] = StringMid($aPacket[3], 47, 2) ;Time to live $aTCPPacket[9] = StringMid($aPacket[3], 49, 2) ;Protocol $aTCPPacket[10] = StringMid($aPacket[3], 51, 4) ;Header checksum $aTCPPacket[11] = StringMid($aPacket[3], 55, 8) ;Source IP Address $aTCPPacket[12] = StringMid($aPacket[3], 63, 8) ;Destination IP Address $aTCPPacket[13] = StringMid($aPacket[3], 71, 4) ;Source port $aTCPPacket[14] = StringMid($aPacket[3], 75, 4) ;Destination port $aTCPPacket[15] = StringMid($aPacket[3], 79, 8) ;Sequence number $aTCPPacket[16] = StringMid($aPacket[3], 87, 8) ;Acknowledgment number $aTCPPacket[17] = StringMid($aPacket[3], 95, 4) ;Flags $aTCPPacket[18] = StringMid($aPacket[3], 99, 4) ;Window size value $aTCPPacket[19] = StringMid($aPacket[3], 103, 4) ;Checksum ;107 to 110 = NULL data $aTCPPacket[20] = StringTrimLeft($aPacket[3], 110) ;Data Return $aTCPPacket EndIf $iPacket += 1 EndIf Sleep(50) WEnd Return -1 EndFunc ;==>_TCP_Recv ; #FUNCTION# ==================================================================================================================== ; Name...........: _UDP_Recv ; Description ...: Retreives an UDP Packet and returns its data splitted ; Syntax.........: _UDP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) ; Parameters ....: $hCapture - Capture handle ; $iInstance - Instance of the packet to retreive ; $iTimeOut - Timeout ; Return values .: Success - Array containing the packet data ; Failure - -1 (timedout) ; Author ........: FireFox (d3mon) ; Modified.......: ; Remarks .......: ; Related .......: _TCP_Recv ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _UDP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) Local $blPacketCaptured = False, $iTimer_Capture, $aPacket, $iPacket $iTimer_Capture = TimerInit() While (TimerDiff($iTimer_Capture) < $iTimeOut Or $iTimeOut = -1) $aPacket = _PcapGetPacket($hCapture) If IsArray($aPacket) Then If $iPacket = $iInstance Then Local $aUDPPacket[18] $aUDPPacket[0] = StringMid($aPacket[3], 3, 12) ;Source Mac Address $aUDPPacket[1] = StringMid($aPacket[3], 15, 12) ;Destination Mac Address $aUDPPacket[2] = StringMid($aPacket[3], 27, 4) ;Type $aUDPPacket[3] = StringMid($aPacket[3], 31, 2) ;Version & Header length $aUDPPacket[4] = StringMid($aPacket[3], 33, 2) ;Differientiated Services Field $aUDPPacket[5] = StringMid($aPacket[3], 35, 4) ;Total Length $aUDPPacket[6] = StringMid($aPacket[3], 39, 4) ;Identification $aUDPPacket[7] = StringMid($aPacket[3], 43, 4) ;Fragment offset $aUDPPacket[8] = StringMid($aPacket[3], 47, 2) ;Time to live $aUDPPacket[9] = StringMid($aPacket[3], 49, 2) ;Protocol $aUDPPacket[10] = StringMid($aPacket[3], 51, 4) ;Header checksum $aUDPPacket[11] = StringMid($aPacket[3], 55, 8) ;Source IP Address $aUDPPacket[12] = StringMid($aPacket[3], 63, 8) ;Destination IP Address $aUDPPacket[13] = StringMid($aPacket[3], 71, 4) ;Source port $aUDPPacket[14] = StringMid($aPacket[3], 75, 4) ;Destination port $aUDPPacket[15] = StringMid($aPacket[3], 79, 4) ;Length $aUDPPacket[16] = StringMid($aPacket[3], 83, 4) ;Checksum $aUDPPacket[17] = StringTrimLeft($aPacket[3], 86) ;Data Return $aUDPPacket EndIf $iPacket += 1 EndIf Sleep(50) WEnd Return -1 EndFunc ;==>_UDP_Recv ;for example convert the packet's source/dest IP Address to text ; #FUNCTION# ==================================================================================================================== ; Name...........: _HexIPAddressToText ; Description ...: Converts Hex IP Adress to text ; Syntax.........: _HexIPAddressToText($vhexIPAddress) ; Parameters ....: $vIPAddress - IP Address v4 (string, int) ; Return values .: Success - Converted IP Address ; Author ........: FireFox (d3mon) ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _HexIPAddressToText($vhexIPAddress) Local $sIPAddress For $iOffset = 1 To 8 Step 2 $sIPAddress &= Dec(StringMid($vhexIPAddress, $iOffset, 2)) & "." Next Return StringTrimRight($sIPAddress, 1) EndFunc ;==>_UDP_DecodeIPAddress Ops, almost forgot the Winpcap UDF available here : http://opensource.grisambre.net/pcapau3/ PS : If you find this helpful, please "like"/rate this post. Enjoy
×
×
  • Create New...