From 9cdc6d0f530088994c0f7f27f09b9fccaf9d0c48 Mon Sep 17 00:00:00 2001
From: yulonger <yulonger@outlook.com>
Date: Wed, 17 May 2023 19:53:44 +0800
Subject: [PATCH] add:split

---
 split_by.py | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 split_by.py

diff --git a/split_by.py b/split_by.py
new file mode 100644
index 0000000..6d1ecd6
--- /dev/null
+++ b/split_by.py
@@ -0,0 +1,41 @@
+from scapy.all import *
+from scapy.layers.inet import IP, UDP, TCP
+from collections import defaultdict
+
+from scapy.plist import PacketList
+
+
+def _load_pcap(file_name: str) -> PacketList:
+    pkts = rdpcap(file_name)
+    return pkts
+
+def  _filename_gen(t:tuple):
+    proto = "UNKNOWN"
+    if t[0] == 6:
+        proto = "TCP"
+    if t[0] == 17:
+        proto = "UDP"
+    return f"{proto}_{t[1]}_{t[3]}_{t[2]}_{t[4]}"
+
+def process(packets: PacketList):
+    five_tuple_classified = defaultdict(list)
+    for pkt in packets:
+        ip_layer = pkt[IP]
+        if TCP in pkt:
+            transmission_layer = pkt[TCP]
+        elif UDP in pkt:
+            transmission_layer = pkt[UDP]
+        else:
+            continue
+        key = (ip_layer.proto, ip_layer.src, ip_layer.dst, transmission_layer.sport, transmission_layer.dport)
+        five_tuple_classified[key].append(pkt)
+
+    for key, value in five_tuple_classified.items():
+        print(key, value)
+        wrpcap(f"split_output/{_filename_gen(key)}.pcap", value)
+
+
+# path = "./facebook_audio1a.pcap"
+path = "./vpn_aim_chat1a.pcap"
+pkts = _load_pcap(path)
+process(pkts)