对指定的PCAP包分析后，按照IP和PORT进行拆分PCAP

#cs ＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿

Au3 版本: 3.3.6.1

脚本作者: wozijisunfly

Email: [email protected]

QQ/TM:

脚本版本: v1.0

脚本功能: 实现读取PCAP包后，分析包信息，根据包信息中的的IP：PORT筛选，拆分数据，并保存为PCAP包。

#ce ＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿脚本开始＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿

#include <GUIConstantsEx.au3>

#include <WindowsConstants.au3>

#include <ComboConstants.au3>

#include <Winpcap.au3>

Opt('MustDeclareVars', 1)

Opt("GUICloseOnESC", 0)

Global $pcapfile,$dst_ip[1000000],$num=0,$all_ip_port,$pcap

Global $gui,$file_input,$msg,$btn_analysis,$comb,$btn_save,$scene_name,$dst_label

_create_gui()

Func _create_gui()

Local $winpcap=_PcapSetup()

If ($winpcap = -1) Then

MsgBox(0,"提示信息","无法获取或调用" & @SystemDir & "\wpcap.dll文件错误。")

Return

EndIf

Opt("GUICoordMode", 2)

Opt("GUIResizeMode", 1)

Opt("GUIOnEventMode", 1)

$gui = GUICreate("拆分PCAP文件",500,300,Default,Default)

GUISetOnEvent($GUI_EVENT_CLOSE, "_special_events")

GUISetOnEvent($GUI_EVENT_MINIMIZE, "_special_events")

GUISetOnEvent($GUI_EVENT_RESTORE, "_special_events")

$btn_analysis = GUICtrlCreateButton("选择PCAP文件",170,30,150,25)

GUICtrlSetFont(-1,12)

GUICtrlSetOnEvent($btn_analysis,"_analysis_pcap")

GUICtrlCreateLabel("建立场景名称:",-280,30,130,25)

GUICtrlSetFont(-1,12)

$scene_name = GUICtrlCreateInput("",0,-1,300,25)

GUICtrlSetFont($scene_name,12)

GUICtrlSetState($scene_name,$GUI_DISABLE)

GUICtrlCreateLabel("选择源IP:PORT信息:",-450,30,150,25)

GUICtrlSetFont(-1,12)

$comb = GUICtrlCreateCombo("",0,-1,300,45,$CBS_DROPDOWNLIST)

GUICtrlSetOnEvent($GUI_EVENT_PRIMARYDOWN,"_check_src_dst")

GUICtrlSetFont($comb,12)

GUICtrlSetState($comb,$GUI_DISABLE)

$dst_label = GUICtrlCreateLabel("",-350,5,300,30)

GUICtrlSetFont(-1,12)

GUICtrlSetColor(-1,0xd71345)

$btn_save = GUICtrlCreateButton("保存PCAP文件",-270,15,200,25)

GUICtrlSetFont($btn_save,12)

GUICtrlSetState($btn_save,$GUI_DISABLE)

GUICtrlSetOnEvent($btn_save,"_save_pcap")

GUISetState()

While 1

Sleep(10)

WEnd

EndFunc

;~ 作者：wozijisunfly

;~ 创建时间：2014-10-24

;~ 功能：获取并分析PCAP包信息

;~ 参数：PCAP包中的数据

;~ 返回值：协议、IP(src/dst)、PORT(src/dst)、SEQUENCE、数据显示

;~ 修改人：

;~ 修改内容：

;~ 修改时间：

Func MyDissector ($data)

Local $macdst=StringMid ($data,3,2)&":"&StringMid ($data,5,2)&":"&StringMid ($data,7,2)&":"&StringMid ($data,9,2)&":"&StringMid ($data,11,2)&":"&StringMid ($data,13,2)

Local $macsrc=StringMid ($data,15,2)&":"&StringMid ($data,17,2)&":"&StringMid ($data,19,2)&":"&StringMid ($data,21,2)&":"&StringMid ($data,23,2)&":"&StringMid ($data,25,2)

Local $ethertype=BinaryMid ( $data, 13 ,2 )

If $ethertype="0x0806" Then return "ARP " & $macsrc & "->" & $macdst

If $ethertype="0x0800" Then

Local $src=Number(BinaryMid ($data, 27 ,1)) & "." & Number(BinaryMid ($data, 28 ,1)) & "." & Number(BinaryMid ($data, 29 ,1)) & "." & Number(BinaryMid ($data, 30 ,1))

Local $dst=Number(BinaryMid ($data, 31 ,1)) & "." & Number(BinaryMid ($data, 32 ,1)) & "." & Number(BinaryMid ($data, 33 ,1)) & "." & Number(BinaryMid ($data, 34 ,1))

Switch BinaryMid ($data, 24 ,1)

Case "0x01"

return "ICMP " & $src & "->" & $dst

Case "0x02"

return "IGMP " & $src & "->" & $dst

Case "0x06"

Local $srcport=Number(BinaryMid ($data, 35 ,1))*256+Number(BinaryMid ($data, 36 ,1))

Local $dstport=Number(BinaryMid ($data, 37 ,1))*256+Number(BinaryMid ($data, 38 ,1))

Local $sequence=Number(BinaryMid ($data, 39 ,1))*16777216 + Number(BinaryMid ($data, 40 ,1))*65536 + Number(BinaryMid ($data, 41 ,1))*256 + Number(BinaryMid ($data, 42 ,1))

Local $flags=BinaryMid ($data, 48 ,1)

Local $f=""

If BitAND($flags,0x01) Then $f="Fin "

If BitAND($flags,0x02) Then $f&="Syn "

If BitAND($flags,0x04) Then $f&="Rst "

If BitAND($flags,0x08) Then $f&="Psh "

If BitAND($flags,0x10) Then $f&="Ack "

If BitAND($flags,0x20) Then $f&="Urg "

If BitAND($flags,0x40) Then $f&="Ecn "

If BitAND($flags,0x80) Then $f&="Cwr "

$f=StringTrimRight(StringReplace($f," ",","),1)

return "TCP(" & $f & ")->" & $src & ":" & $srcport & "->" & $dst & ":" & $dstport

;& "->" & $sequence & "->" & BinaryToString(BinaryMid ($data,67),4)

Case "0x11"

Local $srcport=Number(BinaryMid ($data, 35 ,1))*256+Number(BinaryMid ($data, 36 ,1))

Local $dstport=Number(BinaryMid ($data, 37 ,1))*256+Number(BinaryMid ($data, 38 ,1))

return "UDP "&$src&":"&$srcport&" -> "&$dst&":"&$dstport

Case Else

return "IP "&BinaryMid ($data, 24 ,1)&" "&$src&" -> "&$dst

EndSwitch

return BinaryMid ( $data, 13 ,2 )&" "&$src&" -> "&$dst

EndIf

If $ethertype="0x8137" OR $ethertype="0x8138" OR $ethertype="0x0022" OR $ethertype="0x0025" OR $ethertype="0x002A" OR $ethertype="0x00E0" OR $ethertype="0x00FF" Then

return "IPX "&$macsrc&" -> "&$macdst

EndIf

return "["&$ethertype&"] "&$macsrc&" -> "&$macdst

EndFunc

;~ 作者：wozijisunfly

;~ 创建时间：2014-10-22

;~ 功能：点击gui窗体时反馈的信息

;~ 参数：

;~ 返回值：无

;~ 修改人：

;~ 修改内容：

;~ 修改时间：

Func _special_events()

Select

Case @GUI_CtrlId = $GUI_EVENT_CLOSE

If IsPtr($pcapfile) Then _PcapStopCaptureFile($pcapfile)

If IsPtr($pcap) Then _PcapStopCapture($pcap)

_PcapFree()

Exit

Case @GUI_CtrlId = $GUI_EVENT_MINIMIZE

Case @GUI_CtrlId = $GUI_EVENT_RESTORE

EndSelect

EndFunc ;==>SpecialEvents

;~ 作者：wozijisunfly

;~ 创建时间：2014-11-10

;~ 功能：解析PCAP文件，并返回IP：PORT信息

;~ 参数：

;~ 返回值：无

;~ 修改人：

;~ 修改内容：

;~ 修改时间：

Func _analysis_pcap()

$file_input = FileOpenDialog("PCAP路径",".","Pcap (*.pcap)",1)

If @error And $file_input == "" Then

MsgBox(0,"提示信息","没有选择PCAP文件！请选择。")

Return

Else

$pcap=_PcapStartCapture("file://" & $file_input , "" , 1)

If ($pcap=-1) Then

MsgBox(0,"提示信息","PCAP文件出错" & @CRLF & _PcapGetLastError())

Return

EndIf

If IsPtr($pcap) Then ; If $pcap is a Ptr, then the capture is running

Local $time0=TimerInit()

Local $i = 0

If FileExists(@ScriptDir & "\pcap.txt") Then

FileDelete(@ScriptDir & "\pcap.txt")

EndIf

While (TimerDiff($time0)<500)

Local $packet=_PcapGetPacket($pcap)

If IsInt($packet) Then ExitLoop

$i+=1

If StringInStr(MyDissector($packet[3]),"TCP",1) Then

FileWriteLine(@ScriptDir & "\pcap.txt", $i & "->" & MyDissector($packet[3]))

EndIf

Wend

If FileExists(@ScriptDir & "\pcap.txt") Then

Dim $src_ip[10000000],$comb_data = ""

$num = 0

Local $file = FileOpen(@ScriptDir & "\pcap.txt", 0)

If $file = -1 Then

MsgBox(0,"提示信息","不能打开 " & @ScriptDir & "\pcap.txt文件，请检查。")

Return

EndIf

While 1

Local $mark = 0,$i

Local $line = FileReadLine($file)

If @error = -1 Then ExitLoop

Local $arr = StringSplit($line,"->",1)

If IsArray($arr) Then

For $i = 0 To $num

If $src_ip[$i] == $arr[3] Then

$mark = 0

ExitLoop

Else

$mark = 1

ContinueLoop

EndIf

If $mark == 1 Then

$num = $num + 1

$src_ip[$num] = $arr[3]

$dst_ip[$num] = $arr[3] & "->" & $arr[4] ;& "->" & $arr[5]

EndIf

Wend

FileClose($file)

If FileExists(@ScriptDir & "\pcap.txt") Then

FileDelete(@ScriptDir & "\pcap.txt")

EndIf

For $i = 1 To $num

$comb_data = $comb_data & "|" & $src_ip[$i]

GUICtrlSetState($btn_save,$GUI_ENABLE)

GUICtrlSetState($scene_name,$GUI_ENABLE)

GUICtrlSetState($comb,$GUI_ENABLE)

GUICtrlSetData($dst_label,"")

GUICtrlSetData($comb,"")

GUICtrlSetData($comb,$comb_data)

Else

MsgBox(0,"提示信息",@ScriptDir & "\pcap.txt文件不存在，请检查。")

Return

EndIf

Else

MsgBox(0,"提示信息","PCAP文件不能转换一个表达式到指针变量。")

Return

EndIf

EndFunc

;~ 作者：wozijisunfly

;~ 创建时间：2014-11-10

;~ 功能：选择下拉列表中的数值，回显出对应的值

;~ 参数：

;~ 返回值：无

;~ 修改人：

;~ 修改内容：

;~ 修改时间：

Func _check_src_dst()

Local $i

$all_ip_port = ""

For $i = 0 To $num

If StringInStr($dst_ip[$i],GUICtrlRead(@GUI_CtrlId)) == 1 Then

Local $gui_arr = StringSplit($dst_ip[$i],"->",1)

If IsArray($gui_arr) Then

$all_ip_port = $dst_ip[$i]

GUICtrlSetData($dst_label,"")

GUICtrlSetData($dst_label,"目的IP:PORT->" & $gui_arr[2])

GUICtrlSetFont($dst_label,12)

Else

MsgBox(0,"提示信息",$dst_ip[$i] & "解析有误，无法进行PCAP包拆分。")

Return

EndIf

ExitLoop

Else

ContinueLoop

EndIf

EndFunc

;~ 作者：wozijisunfly

;~ 创建时间：2014-11-10

;~ 功能：按照下拉列表的选择，保存PCAP文件

;~ 参数：

;~ 返回值：无

;~ 修改人：

;~ 修改内容：

;~ 修改时间：

Func _save_pcap()

If StringLen($all_ip_port) == 0 Then

MsgBox(0,"提示信息","请选择一个IP:PORT。")

Return

EndIf

Local $ip_port = StringSplit($all_ip_port,"->",1)

Local $first_ip,$first_port,$second_ip,$second_port

If IsArray($ip_port) Then

Local $first = StringSplit($ip_port[1],":")

Local $second = StringSplit($ip_port[2],":")

If IsArray($first) Then

$first_ip = $first[1]

$first_port = $first[2]

Else

MsgBox(0,"提示信息",$ip_port[1] & "解析有误，无法进行PCAP包拆分。")

Return

EndIf

If IsArray($second) Then

$second_ip = $second[1]

$second_port = $second[2]

Else

MsgBox(0,"提示信息",$ip_port[2] & "解析有误，无法进行PCAP包拆分。")

Return

EndIf

Else

MsgBox(0,"提示信息",$all_ip_port & "解析有误，无法进行PCAP包拆分")

Return

EndIf

Local $filter = "(ip src " & $first_ip & " && tcp port " & $first_port

$filter &= " && ip dst " & $second_ip & " && tcp port " & $second_port & ") || ("

$filter &= "ip src " & $second_ip & " && tcp port " & $second_port

$filter &= " && ip dst " & $first_ip & " && tcp port " & $first_port & ")"

$pcap = _PcapStartCapture("file://" & $file_input ,$filter,1)

Local $file = @ScriptDir & "\" & GUICtrlRead($scene_name) & "-" & $first_ip & "_" & $first_port & "-" & $second_ip & "_" & $second_port

If ($file<>"") Then

If StringLower(StringRight($file,5))<>".pcap" Then $file&=".pcap"

If FileExists($file) Then

MsgBox(0,"提示信息","已经存在了该场景的文件，若要保存请修改文件名称。")

Return

EndIf

$pcapfile=_PcapSaveToFile($pcap,$file)

If ($pcapfile=0) Then

MsgBox(0,"提示信息","保存的PCAP文件出错" & _PcapGetLastError())

Return

EndIf

If IsPtr($pcap) Then

Local $time0=TimerInit()

While (TimerDiff($time0)<500)

Local $packet=_PcapGetPacket($pcap)

If IsInt($packet) Then ExitLoop

If IsPtr($pcapfile) Then _PcapWriteLastPacket($pcapfile)

Wend

Else

MsgBox(0,"提示信息","选中的不是一个PCAP包。")

Return

EndIf

If IsPtr($pcapfile) Then _PcapStopCaptureFile($pcapfile)

if IsPtr($pcap) Then _PcapStopCapture($pcap)

MsgBox(0,"提示信息","PCAP包分析完成。",3)

Return

EndFunc

;应用定时器实现一个，动态显示的效果。主要是面对大PCAP文件来实现的小功能；

#cs ＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿

Au3 版本: 3.3.6.1

脚本作者: wozijisunfly

Email: [email protected]

QQ/TM:

脚本版本: v1.0

脚本功能: 实现读取PCAP包后，分析包信息，根据包信息中的的IP：PORT筛选，拆分数据，并保存为PCAP包。

#ce ＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿脚本开始＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿

#include <GUIConstantsEx.au3>

#include <WindowsConstants.au3>

#include <ComboConstants.au3>

#include <Timers.au3>

#include <Winpcap.au3>

Opt('MustDeclareVars', 1)

Opt("GUICloseOnESC", 0)

Global $pcapfile,$dst_ip[1000000],$num=0,$all_ip_port,$pcap

Global $gui,$file_input,$msg,$btn_analysis,$comb,$btn_save,$scene_name,$dst_label

Global $wait,$1,$num_click=1

_create_gui()

Func _create_gui()

Local $winpcap=_PcapSetup()

If ($winpcap = -1) Then

MsgBox(0,"提示信息","无法获取或调用" & @SystemDir & "\wpcap.dll文件错误。")

Return

EndIf

Opt("GUICoordMode", 2)

Opt("GUIResizeMode", 1)

Opt("GUIOnEventMode", 1)

$gui = GUICreate("拆分PCAP文件",500,300,Default,Default)

GUISetOnEvent($GUI_EVENT_CLOSE, "_special_events")

GUISetOnEvent($GUI_EVENT_MINIMIZE, "_special_events")

GUISetOnEvent($GUI_EVENT_RESTORE, "_special_events")

$btn_analysis = GUICtrlCreateButton("选择PCAP文件",170,30,150,25)

GUICtrlSetFont(-1,12)

GUICtrlSetOnEvent($btn_analysis,"_analysis_pcap")

GUICtrlCreateLabel("建立场景名称:",-280,30,130,25)

GUICtrlSetFont(-1,12)

$scene_name = GUICtrlCreateInput("",0,-1,300,25)

GUICtrlSetFont($scene_name,12)

GUICtrlSetState($scene_name,$GUI_DISABLE)

GUICtrlCreateLabel("选择源IP:PORT信息:",-450,30,150,25)

GUICtrlSetFont(-1,12)

$comb = GUICtrlCreateCombo("",0,-1,300,45,$CBS_DROPDOWNLIST + $WS_VSCROLL)

GUICtrlSetOnEvent($GUI_EVENT_PRIMARYDOWN,"_check_src_dst")

GUICtrlSetFont($comb,12)

GUICtrlSetState($comb,$GUI_DISABLE)

$dst_label = GUICtrlCreateLabel("",-350,5,300,30)

GUICtrlSetFont(-1,12)

GUICtrlSetColor(-1,0xd71345)

$btn_save = GUICtrlCreateButton("保存PCAP文件",-270,15,200,25)

GUICtrlSetFont($btn_save,12)

GUICtrlSetState($btn_save,$GUI_DISABLE)

GUICtrlSetOnEvent($btn_save,"_save_pcap")

$wait = GUICtrlCreateLabel("正在拆分PCAP包，请耐心等待",-230,10,215,25)

GUICtrlSetFont(-1,12)

GUICtrlSetColor(-1,0xd71345)

GUICtrlSetState(-1,$GUI_HIDE)

$1 = GUICtrlCreateLabel("",0,-1,60,25)

GUICtrlSetFont(-1,15)

GUICtrlSetState(-1,$GUI_HIDE)

GUISetState()

While 1

Sleep(10)

WEnd

EndFunc

;~ 作者：wozijisunfly

;~ 创建时间：2014-10-24

;~ 功能：获取并分析PCAP包信息

;~ 参数：PCAP包中的数据

;~ 返回值：协议、IP(src/dst)、PORT(src/dst)、SEQUENCE、数据显示

;~ 修改人：

;~ 修改内容：

;~ 修改时间：

Func MyDissector ($data)

Local $macdst=StringMid ($data,3,2)&":"&StringMid ($data,5,2)&":"&StringMid ($data,7,2)&":"&StringMid ($data,9,2)&":"&StringMid ($data,11,2)&":"&StringMid ($data,13,2)

Local $macsrc=StringMid ($data,15,2)&":"&StringMid ($data,17,2)&":"&StringMid ($data,19,2)&":"&StringMid ($data,21,2)&":"&StringMid ($data,23,2)&":"&StringMid ($data,25,2)

Local $ethertype=BinaryMid ( $data, 13 ,2 )

If $ethertype="0x0806" Then return "ARP " & $macsrc & "->" & $macdst

If $ethertype="0x0800" Then

Local $src=Number(BinaryMid ($data, 27 ,1)) & "." & Number(BinaryMid ($data, 28 ,1)) & "." & Number(BinaryMid ($data, 29 ,1)) & "." & Number(BinaryMid ($data, 30 ,1))

Local $dst=Number(BinaryMid ($data, 31 ,1)) & "." & Number(BinaryMid ($data, 32 ,1)) & "." & Number(BinaryMid ($data, 33 ,1)) & "." & Number(BinaryMid ($data, 34 ,1))

Switch BinaryMid ($data, 24 ,1)

Case "0x01"

return "ICMP " & $src & "->" & $dst

Case "0x02"

return "IGMP " & $src & "->" & $dst

Case "0x06"

Local $srcport=Number(BinaryMid ($data, 35 ,1))*256+Number(BinaryMid ($data, 36 ,1))

Local $dstport=Number(BinaryMid ($data, 37 ,1))*256+Number(BinaryMid ($data, 38 ,1))

Local $sequence=Number(BinaryMid ($data, 39 ,1))*16777216 + Number(BinaryMid ($data, 40 ,1))*65536 + Number(BinaryMid ($data, 41 ,1))*256 + Number(BinaryMid ($data, 42 ,1))

Local $flags=BinaryMid ($data, 48 ,1)

Local $f=""

If BitAND($flags,0x01) Then $f="Fin "

If BitAND($flags,0x02) Then $f&="Syn "

If BitAND($flags,0x04) Then $f&="Rst "

If BitAND($flags,0x08) Then $f&="Psh "

If BitAND($flags,0x10) Then $f&="Ack "

If BitAND($flags,0x20) Then $f&="Urg "

If BitAND($flags,0x40) Then $f&="Ecn "

If BitAND($flags,0x80) Then $f&="Cwr "

$f=StringTrimRight(StringReplace($f," ",","),1)

return "TCP(" & $f & ")->" & $src & ":" & $srcport & "->" & $dst & ":" & $dstport

;& "->" & $sequence & "->" & BinaryToString(BinaryMid ($data,67),4)

Case "0x11"

Local $srcport=Number(BinaryMid ($data, 35 ,1))*256+Number(BinaryMid ($data, 36 ,1))

Local $dstport=Number(BinaryMid ($data, 37 ,1))*256+Number(BinaryMid ($data, 38 ,1))

return "UDP "&$src&":"&$srcport&" -> "&$dst&":"&$dstport

Case Else

return "IP "&BinaryMid ($data, 24 ,1)&" "&$src&" -> "&$dst

EndSwitch

return BinaryMid ( $data, 13 ,2 )&" "&$src&" -> "&$dst

EndIf

If $ethertype="0x8137" OR $ethertype="0x8138" OR $ethertype="0x0022" OR $ethertype="0x0025" OR $ethertype="0x002A" OR $ethertype="0x00E0" OR $ethertype="0x00FF" Then

return "IPX "&$macsrc&" -> "&$macdst

EndIf

return "["&$ethertype&"] "&$macsrc&" -> "&$macdst

EndFunc

;~ 作者：wozijisunfly

;~ 创建时间：2014-10-22

;~ 功能：点击gui窗体时反馈的信息

;~ 参数：

;~ 返回值：无

;~ 修改人：

;~ 修改内容：

;~ 修改时间：

Func _special_events()

Select

Case @GUI_CtrlId = $GUI_EVENT_CLOSE

If IsPtr($pcapfile) Then _PcapStopCaptureFile($pcapfile)

If IsPtr($pcap) Then _PcapStopCapture($pcap)

_PcapFree()

_Timer_KillAllTimers($gui)

Exit

Case @GUI_CtrlId = $GUI_EVENT_MINIMIZE

Case @GUI_CtrlId = $GUI_EVENT_RESTORE

EndSelect

EndFunc ;==>SpecialEvents

;~ 作者：wozijisunfly

;~ 创建时间：2014-11-10

;~ 功能：解析PCAP文件，并返回IP：PORT信息

;~ 参数：

;~ 返回值：无

;~ 修改人：

;~ 修改内容：

;~ 修改时间：

Func _analysis_pcap()

$file_input = FileOpenDialog("PCAP路径",".","Pcap (*.pcap)| Pcap (*.cap)",1)

If @error And $file_input == "" Then

MsgBox(0,"提示信息","没有选择PCAP文件！请选择。")

Return

Else

GUICtrlSetState($scene_name,$GUI_DISABLE)

GUICtrlSetState($btn_save,$GUI_DISABLE)

GUICtrlSetState($comb,$GUI_DISABLE)

GUICtrlSetState($btn_analysis,$GUI_DISABLE)

$pcap=_PcapStartCapture("file://" & $file_input , "" , 1)

If ($pcap=-1) Then

MsgBox(0,"提示信息","PCAP文件出错" & @CRLF & _PcapGetLastError())

Return

EndIf

If IsPtr($pcap) Then ; If $pcap is a Ptr, then the capture is running

Local $time0=TimerInit()

Local $i

Dim $src_ip[10000000],$comb_data = ""

Local $timeset = _Timer_SetTimer($gui, 1000, "__point2")

$num = 0

While (TimerDiff($time0)<5000000)

Local $packet=_PcapGetPacket($pcap)

If IsInt($packet) Then ExitLoop

Local $mark = 0

Local $ips = MyDissector($packet[3])

If StringInStr($ips,"TCP",1) Then

Local $arr = StringSplit($ips,"->",1)

If IsArray($arr) Then

For $i = 0 To $num

If $src_ip[$i] == $arr[2] Then

$mark = 0

ExitLoop

Else

$mark = 1

ContinueLoop

EndIf

If $mark == 1 Then

$num = $num + 1

$src_ip[$num] = $arr[2]

$dst_ip[$num] = $arr[2] & "->" & $arr[3]

EndIf

Wend

For $i = 1 To $num

$comb_data = $comb_data & "|" & $src_ip[$i]

GUICtrlSetState($btn_save,$GUI_ENABLE)

GUICtrlSetState($scene_name,$GUI_ENABLE)

GUICtrlSetState($comb,$GUI_ENABLE)

GUICtrlSetState($btn_analysis,$GUI_ENABLE)

GUICtrlSetData($dst_label,"")

GUICtrlSetData($comb,"")

GUICtrlSetData($comb,$comb_data)

_Timer_KillAllTimers($gui)

$num_click=1

Else

MsgBox(0,"提示信息","PCAP文件不能转换一个表达式到指针变量。")

_Timer_KillAllTimers($gui)

$num_click=1

GUICtrlSetData($dst_label,"")

Return

EndIf

EndFunc

;~ 作者：wozijisunfly

;~ 创建时间：2014-11-10

;~ 功能：选择下拉列表中的数值，回显出对应的值

;~ 参数：

;~ 返回值：无

;~ 修改人：

;~ 修改内容：

;~ 修改时间：

Func _check_src_dst()

Local $i

$all_ip_port = ""

For $i = 0 To $num

If StringInStr($dst_ip[$i],GUICtrlRead(@GUI_CtrlId)) == 1 Then

Local $gui_arr = StringSplit($dst_ip[$i],"->",1)

If IsArray($gui_arr) Then

$all_ip_port = $dst_ip[$i]

GUICtrlSetData($dst_label,"")

GUICtrlSetData($dst_label,"目的IP:PORT->" & $gui_arr[2])

GUICtrlSetFont($dst_label,12)

Else

MsgBox(0,"提示信息",$dst_ip[$i] & "解析有误，无法进行PCAP包拆分。")

Return

EndIf

ExitLoop

Else

ContinueLoop

EndIf

EndFunc

;~ 作者：wozijisunfly

;~ 创建时间：2014-11-10

;~ 功能：按照下拉列表的选择，保存PCAP文件

;~ 参数：

;~ 返回值：无

;~ 修改人：

;~ 修改内容：

;~ 修改时间：

Func _save_pcap()

GUICtrlSetState($scene_name,$GUI_DISABLE)

GUICtrlSetState($btn_save,$GUI_DISABLE)

GUICtrlSetState($comb,$GUI_DISABLE)

GUICtrlSetState($btn_analysis,$GUI_DISABLE)

Local $timeset = _Timer_SetTimer($gui, 1000, "__point1")

If StringLen($all_ip_port) == 0 Then

MsgBox(0,"提示信息","请选择一个IP:PORT。")

_Timer_KillAllTimers($gui)

GUICtrlSetState($btn_save,$GUI_ENABLE)

GUICtrlSetState($scene_name,$GUI_ENABLE)

GUICtrlSetState($comb,$GUI_ENABLE)

GUICtrlSetState($btn_analysis,$GUI_ENABLE)

GUICtrlSetState($wait,$GUI_HIDE)

GUICtrlSetState($1,$GUI_HIDE)

Return

EndIf

Local $ip_port = StringSplit($all_ip_port,"->",1)

Local $first_ip,$first_port,$second_ip,$second_port

If IsArray($ip_port) Then

Local $first = StringSplit($ip_port[1],":")

Local $second = StringSplit($ip_port[2],":")

If IsArray($first) Then

$first_ip = $first[1]

$first_port = $first[2]

Else

MsgBox(0,"提示信息",$ip_port[1] & "解析有误，无法进行PCAP包拆分。")

_Timer_KillAllTimers($gui)

GUICtrlSetState($btn_save,$GUI_ENABLE)

GUICtrlSetState($scene_name,$GUI_ENABLE)

GUICtrlSetState($comb,$GUI_ENABLE)

GUICtrlSetState($btn_analysis,$GUI_ENABLE)

GUICtrlSetState($wait,$GUI_HIDE)

GUICtrlSetState($1,$GUI_HIDE)

Return

EndIf

If IsArray($second) Then

$second_ip = $second[1]

$second_port = $second[2]

Else

MsgBox(0,"提示信息",$ip_port[2] & "解析有误，无法进行PCAP包拆分。")

_Timer_KillAllTimers($gui)

GUICtrlSetState($btn_save,$GUI_ENABLE)

GUICtrlSetState($scene_name,$GUI_ENABLE)

GUICtrlSetState($comb,$GUI_ENABLE)

GUICtrlSetState($btn_analysis,$GUI_ENABLE)

GUICtrlSetState($wait,$GUI_HIDE)

GUICtrlSetState($1,$GUI_HIDE)

Return

EndIf

Else

MsgBox(0,"提示信息",$all_ip_port & "解析有误，无法进行PCAP包拆分")

_Timer_KillAllTimers($gui)

GUICtrlSetState($btn_save,$GUI_ENABLE)

GUICtrlSetState($scene_name,$GUI_ENABLE)

GUICtrlSetState($comb,$GUI_ENABLE)

GUICtrlSetState($btn_analysis,$GUI_ENABLE)

GUICtrlSetState($wait,$GUI_HIDE)

GUICtrlSetState($1,$GUI_HIDE)

Return

EndIf

Local $filter = "(ip src " & $first_ip & " && tcp port " & $first_port

$filter &= " && ip dst " & $second_ip & " && tcp port " & $second_port & ") || ("

$filter &= "ip src " & $second_ip & " && tcp port " & $second_port

$filter &= " && ip dst " & $first_ip & " && tcp port " & $first_port & ")"

$pcap = _PcapStartCapture("file://" & $file_input ,$filter,1)

Local $file = @ScriptDir & "\" & GUICtrlRead($scene_name) & "-" & $first_ip & "_" & $first_port & "-" & $second_ip & "_" & $second_port

If ($file<>"") Then

If StringLower(StringRight($file,5))<>".pcap" Then $file&=".pcap"

If FileExists($file) Then

MsgBox(0,"提示信息","已经存在了该场景的文件，若要保存请修改文件名称。")

_Timer_KillAllTimers($gui)

GUICtrlSetState($btn_save,$GUI_ENABLE)

GUICtrlSetState($scene_name,$GUI_ENABLE)

GUICtrlSetState($comb,$GUI_ENABLE)

GUICtrlSetState($btn_analysis,$GUI_ENABLE)

GUICtrlSetState($wait,$GUI_HIDE)

GUICtrlSetState($1,$GUI_HIDE)

Return

EndIf

$pcapfile=_PcapSaveToFile($pcap,$file)

If ($pcapfile=0) Then

MsgBox(0,"提示信息","保存的PCAP文件出错" & _PcapGetLastError())

_Timer_KillAllTimers($gui)

GUICtrlSetState($btn_save,$GUI_ENABLE)

GUICtrlSetState($scene_name,$GUI_ENABLE)

GUICtrlSetState($comb,$GUI_ENABLE)

GUICtrlSetState($btn_analysis,$GUI_ENABLE)

GUICtrlSetState($wait,$GUI_HIDE)

GUICtrlSetState($1,$GUI_HIDE)

Return

EndIf

If IsPtr($pcap) Then

Local $time0=TimerInit()

While (TimerDiff($time0)<5000000)

Local $packet=_PcapGetPacket($pcap)

If IsInt($packet) Then ExitLoop

If IsPtr($pcapfile) Then _PcapWriteLastPacket($pcapfile)

Wend

Else

MsgBox(0,"提示信息","选中的不是一个PCAP包。")

_Timer_KillAllTimers($gui)

GUICtrlSetState($btn_save,$GUI_ENABLE)

GUICtrlSetState($scene_name,$GUI_ENABLE)

GUICtrlSetState($comb,$GUI_ENABLE)

GUICtrlSetState($btn_analysis,$GUI_ENABLE)

GUICtrlSetState($wait,$GUI_HIDE)

GUICtrlSetState($1,$GUI_HIDE)

Return

EndIf

If IsPtr($pcapfile) Then _PcapStopCaptureFile($pcapfile)

if IsPtr($pcap) Then _PcapStopCapture($pcap)

GUICtrlSetState($btn_save,$GUI_ENABLE)

GUICtrlSetState($scene_name,$GUI_ENABLE)

GUICtrlSetState($comb,$GUI_ENABLE)

GUICtrlSetState($btn_analysis,$GUI_ENABLE)

_Timer_KillAllTimers($gui)

GUICtrlSetState($wait,$GUI_HIDE)

GUICtrlSetState($1,$GUI_HIDE)

$num_click=1

MsgBox(0,"提示信息","PCAP包分析完成。",3)

Return

EndFunc

Func __point1($hWnd, $Msg, $iIDTimer, $dwTime)

#forceref $hWnd, $Msg, $iIDTimer, $dwTime

GUICtrlSetState($wait,$GUI_SHOW)

GUICtrlSetState($1,$GUI_SHOW)

Local $i,$point=""

For $i = 1 To $num_click

$point = $point & "."

If $num_click == 7 Then

$num_click = 1

$point = "."

ExitLoop

Else

ContinueLoop

EndIf

$num_click = $num_click + 1

GUICtrlSetData($1,"")

GUICtrlSetData($1,$point)

GUICtrlSetFont($1,15)

EndFunc

Func __point2($hWnd, $Msg, $iIDTimer, $dwTime)

#forceref $hWnd, $Msg, $iIDTimer, $dwTime

Local $i,$point=""

For $i = 1 To $num_click

$point = $point & "."

If $num_click == 7 Then

$num_click = 1

$point = "."

ExitLoop

Else

ContinueLoop

EndIf

$num_click = $num_click + 1

GUICtrlSetData($dst_label,"")

GUICtrlSetData($dst_label,"正在解析PCAP包 " & $point)

GUICtrlSetFont($dst_label,12)

EndFunc

对指定的PCAP包分析后，按照IP和PORT进行拆分PCAP

继续阅读

autoit基础 String 字符串处理

autoit基础 Send 通过运行启动记事本

autoit基础 Run 执行cmd命令

autoit基础 Return 示例

autoit基础 RegRead 读取注册表

autoit基础 MsgBox helloworld

autoit基础 IniWrite 创建ini文件

autoit基础 RegEnumKey 读取注册表

autoit基础 IniRead 读取ini配置文件中的数据

autoit基础 IniDelete 删除ini配置文件中的数据

autoit基础 ProcessList 查看进程列表

autoit基础 If 判断语句

AutoItLibrary安装问题解决

AutoIT - 加域工具

Robot Framework经验谈 -- 将已有库运行为Remote库的例子