Pcap Ordering Json data in real-time
Hi guys,
I have the necessity of reading the packs that a mobile APP sends me and I'm using:
tshark -T json host xx.xx.xx.xx
I need this for printing them in the terminal (Windows prompt) and have back the datas in JSON (datatime, text, src, basically a json dictionary with all informations).
The problem is that I need to put them in order and remove the duplicates IN REAL TIME (if not possibile, I need that faster as possible because I must use a program when the app is running).
{
"_index": "packets-2018-07-26",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "\\Device\\NPF_{xx}"
},
"frame.encap_type": "1",
"frame.time": "Jul 26, 2018 08:53:22.589996000 W. Europe Daylight Time",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1532588002.589996000",
"frame.time_delta": "11.507337000",
"frame.time_delta_displayed": "11.507337000",
"frame.time_relative": "11.507536000",
"frame.number": "3",
"frame.len": "149",
"frame.cap_len": "149",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp"
},
"eth": {
"eth.dst": "xx.xx.xx.xx",
"eth.dst_tree": {
"eth.dst_resolved": "xx.xx.xx.xx",
"eth.addr": "xx.xx.xx.xx",
"eth.addr_resolved": "xx.xx.xx.xx",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "xx.xx.xx.xx",
"eth.src_tree": {
"eth.src_resolved": "xx.xx.xx.xx",
"eth.addr": "xx.xx.xx.xx",
"eth.addr_resolved": "xx.xx.xx.xx",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "135",
"ip.id": "0x0000c861",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "37",
"ip.proto": "6",
"ip.checksum": "0x000005a2",
"ip.checksum.status": "2",
"ip.src": "xx.xx.xx.xx",
"ip.addr": "xx.xx.xx.xx",
"ip.src_host": "xx.xx.xx.xx",
"ip.host": "xx.xx.xx.xx",
"ip.dst": "xx.xx.xx.xx",
"ip.addr": "xx.xx.xx.xx",
"ip.dst_host": "xx.xx.xx.xx",
"ip.host": "xx.xx.xx.xx"
},
"tcp": {
"tcp.srcport": "8080",
"tcp.dstport": "49652",
"tcp.port": "8080",
"tcp.port": "49652",
"tcp.stream": "1",
"tcp.len": "95",
"tcp.seq": "1",
"tcp.nxtseq": "96",
"tcp.ack": "1",
"tcp.hdr_len": "20",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "30016",
"tcp.window_size": "30016",
"tcp.window_size_scalefactor": "-1",
"tcp.checksum": "0x0000952a",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.analysis": {
"tcp.analysis.bytes_in_flight": "95",
"tcp.analysis.push_bytes_sent": "95"
},
"Timestamps": {
"tcp.time_relative": "0.000000000",
"tcp.time_delta": "0.000000000"
},
"tcp.payload": " <!-- WEB SOCKET content -->"
}
}
}
}
Sorry for my bad english and thank you all! I really ...
add a comment