forked from zecke/pcap-diff
-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathflatten_sctp.py
35 lines (28 loc) · 1.03 KB
/
flatten_sctp.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/usr/bin/python
"""
(C) Copyright 2016-2017 Holger Hans Peter Freyther
GNU AGPLv3+
"""
from scapy.all import rdpcap, Ether, IP, SCTP, SCTPChunkData, wrpcap
import sys
inp_fn = sys.argv[1] if len(sys.argv) > 1 else "input.pcap"
out_fn = sys.argv[2] if len(sys.argv) > 2 else "output.pcap"
pcap = rdpcap(inp_fn)
pkts = []
i = 0
seq = 0
for pkt in pcap:
ip = pkt['IP']
layer = ip.payload
while layer.name != 'NoPayload':
if layer.name == 'SCTP':
sport = layer.sport
dport = layer.dport
tag = layer.tag
if layer.name == 'SCTPChunkData':
# re-create the chunkdata as I don't find the routine to just have this data...
pkts.append(Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data))
seq = seq + 1
layer = layer.payload
i = i + 1
wrpcap(out_fn, pkts)