Ask Your Question

Revision history [back]

Pcap Ordering Json data in real-time

Hi guys,

I have the necessity of reading the packs that a mobile APP sends me and I'm using:

tshark -T json host xx.xx.xx.xx

I need this for printing them in the terminal (Windows prompt) and have back the datas in JSON (datatime, text, src, basically a json dictionary with all informations).

The problem is that I need to put them in order and remove the duplicates IN REAL TIME (if not possibile, I need that faster as possible because I must use a program when the app is running).

{

"_index": "packets-2018-07-26",

"_type": "pcap_file",

"_score": null,

"_source": {

  "layers": {

    "frame": {

      "frame.interface_id": "0",

      "frame.interface_id_tree": {

        "frame.interface_name": "\\Device\\NPF_{xx}"

      },

      "frame.encap_type": "1",

      "frame.time": "Jul 26, 2018 08:53:22.589996000 W. Europe Daylight Time",

      "frame.offset_shift": "0.000000000",

      "frame.time_epoch": "1532588002.589996000",

      "frame.time_delta": "11.507337000",

      "frame.time_delta_displayed": "11.507337000",

      "frame.time_relative": "11.507536000",

      "frame.number": "3",

      "frame.len": "149",

      "frame.cap_len": "149",

      "frame.marked": "0",

      "frame.ignored": "0",

      "frame.protocols": "eth:ethertype:ip:tcp"

    },

    "eth": {

      "eth.dst": "xx.xx.xx.xx",

      "eth.dst_tree": {

        "eth.dst_resolved": "xx.xx.xx.xx",

        "eth.addr": "xx.xx.xx.xx",

        "eth.addr_resolved": "xx.xx.xx.xx",

        "eth.lg": "0",

        "eth.ig": "0"

      },

      "eth.src": "xx.xx.xx.xx",

      "eth.src_tree": {

        "eth.src_resolved": "xx.xx.xx.xx",

        "eth.addr": "xx.xx.xx.xx",

        "eth.addr_resolved": "xx.xx.xx.xx",

        "eth.lg": "0",

        "eth.ig": "0"

      },

      "eth.type": "0x00000800"

    },

    "ip": {

      "ip.version": "4",

      "ip.hdr_len": "20",

      "ip.dsfield": "0x00000000",

      "ip.dsfield_tree": {

        "ip.dsfield.dscp": "0",

        "ip.dsfield.ecn": "0"

      },

      "ip.len": "135",

      "ip.id": "0x0000c861",

      "ip.flags": "0x00004000",

      "ip.flags_tree": {

        "ip.flags.rb": "0",

        "ip.flags.df": "1",

        "ip.flags.mf": "0",

        "ip.frag_offset": "0"

      },

      "ip.ttl": "37",

      "ip.proto": "6",

      "ip.checksum": "0x000005a2",

      "ip.checksum.status": "2",

      "ip.src": "xx.xx.xx.xx",

      "ip.addr": "xx.xx.xx.xx",

      "ip.src_host": "xx.xx.xx.xx",

      "ip.host": "xx.xx.xx.xx",

      "ip.dst": "xx.xx.xx.xx",

      "ip.addr": "xx.xx.xx.xx",

      "ip.dst_host": "xx.xx.xx.xx",

      "ip.host": "xx.xx.xx.xx"

    },

    "tcp": {

      "tcp.srcport": "8080",

      "tcp.dstport": "49652",

      "tcp.port": "8080",

      "tcp.port": "49652",

      "tcp.stream": "1",

      "tcp.len": "95",

      "tcp.seq": "1",

      "tcp.nxtseq": "96",

      "tcp.ack": "1",

      "tcp.hdr_len": "20",

      "tcp.flags": "0x00000018",

      "tcp.flags_tree": {

        "tcp.flags.res": "0",

        "tcp.flags.ns": "0",

        "tcp.flags.cwr": "0",

        "tcp.flags.ecn": "0",

        "tcp.flags.urg": "0",

        "tcp.flags.ack": "1",

        "tcp.flags.push": "1",

        "tcp.flags.reset": "0",

        "tcp.flags.syn": "0",

        "tcp.flags.fin": "0",

        "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"

      },

      "tcp.window_size_value": "30016",

      "tcp.window_size": "30016",

      "tcp.window_size_scalefactor": "-1",

      "tcp.checksum": "0x0000952a",

      "tcp.checksum.status": "2",

      "tcp.urgent_pointer": "0",

      "tcp.analysis": {

        "tcp.analysis.bytes_in_flight": "95",

        "tcp.analysis.push_bytes_sent": "95"

      },

      "Timestamps": {

        "tcp.time_relative": "0.000000000",

        "tcp.time_delta": "0.000000000"

      },

      "tcp.payload": " <!-- WEB SOCKET content -->"

    }

  }

}

}

Sorry for my bad english and thank you all! I really don't know how the protocol TCP/IP works. I need to put them in order according to the datas that I find in the json array. Could someone help me, please?

click to hide/show revision 2
None

Pcap Ordering Json data in real-time

Hi guys,

I have the necessity of reading the packs that a mobile APP sends me and I'm using:

tshark -T json host xx.xx.xx.xx

I need this for printing them in the terminal (Windows prompt) and have back the datas in JSON (datatime, text, src, basically a json dictionary with all informations).

The problem is that I need to put them in order and remove the duplicates IN REAL TIME (if not possibile, I need that faster as possible because I must use a program when the app is running).

{

  {
    "_index": "packets-2018-07-26",
  "_type": "pcap_file",
  "_score": null,
  "_source": {
    "layers": {
      "frame": {
        "frame.interface_id": "0",
        "frame.interface_id_tree": {
          "frame.interface_name": "\\Device\\NPF_{xx}"
        },
        "frame.encap_type": "1",
        "frame.time": "Jul 26, 2018 08:53:22.589996000 W. Europe Daylight Time",
        "frame.offset_shift": "0.000000000",
        "frame.time_epoch": "1532588002.589996000",
        "frame.time_delta": "11.507337000",
        "frame.time_delta_displayed": "11.507337000",
        "frame.time_relative": "11.507536000",
        "frame.number": "3",
        "frame.len": "149",
        "frame.cap_len": "149",
        "frame.marked": "0",
        "frame.ignored": "0",
        "frame.protocols": "eth:ethertype:ip:tcp"
      },
      "eth": {
        "eth.dst": "xx.xx.xx.xx",
        "eth.dst_tree": {
          "eth.dst_resolved": "xx.xx.xx.xx",
          "eth.addr": "xx.xx.xx.xx",
          "eth.addr_resolved": "xx.xx.xx.xx",
          "eth.lg": "0",
          "eth.ig": "0"
        },
        "eth.src": "xx.xx.xx.xx",
        "eth.src_tree": {
          "eth.src_resolved": "xx.xx.xx.xx",
          "eth.addr": "xx.xx.xx.xx",
          "eth.addr_resolved": "xx.xx.xx.xx",
          "eth.lg": "0",
          "eth.ig": "0"
        },
        "eth.type": "0x00000800"
      },
      "ip": {
        "ip.version": "4",
        "ip.hdr_len": "20",
        "ip.dsfield": "0x00000000",
        "ip.dsfield_tree": {
          "ip.dsfield.dscp": "0",
          "ip.dsfield.ecn": "0"
        },
        "ip.len": "135",
        "ip.id": "0x0000c861",
        "ip.flags": "0x00004000",
        "ip.flags_tree": {
          "ip.flags.rb": "0",
          "ip.flags.df": "1",
          "ip.flags.mf": "0",
          "ip.frag_offset": "0"
        },
        "ip.ttl": "37",
        "ip.proto": "6",
        "ip.checksum": "0x000005a2",
        "ip.checksum.status": "2",
        "ip.src": "xx.xx.xx.xx",
        "ip.addr": "xx.xx.xx.xx",
        "ip.src_host": "xx.xx.xx.xx",
        "ip.host": "xx.xx.xx.xx",
        "ip.dst": "xx.xx.xx.xx",
        "ip.addr": "xx.xx.xx.xx",
        "ip.dst_host": "xx.xx.xx.xx",
        "ip.host": "xx.xx.xx.xx"
      },
      "tcp": {
        "tcp.srcport": "8080",
        "tcp.dstport": "49652",
        "tcp.port": "8080",
        "tcp.port": "49652",
        "tcp.stream": "1",
        "tcp.len": "95",
        "tcp.seq": "1",
        "tcp.nxtseq": "96",
        "tcp.ack": "1",
        "tcp.hdr_len": "20",
        "tcp.flags": "0x00000018",
        "tcp.flags_tree": {
          "tcp.flags.res": "0",
          "tcp.flags.ns": "0",
          "tcp.flags.cwr": "0",
          "tcp.flags.ecn": "0",
          "tcp.flags.urg": "0",
          "tcp.flags.ack": "1",
          "tcp.flags.push": "1",
          "tcp.flags.reset": "0",
          "tcp.flags.syn": "0",
          "tcp.flags.fin": "0",
          "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
        },
        "tcp.window_size_value": "30016",
        "tcp.window_size": "30016",
        "tcp.window_size_scalefactor": "-1",
        "tcp.checksum": "0x0000952a",
        "tcp.checksum.status": "2",
        "tcp.urgent_pointer": "0",
        "tcp.analysis": {
          "tcp.analysis.bytes_in_flight": "95",
          "tcp.analysis.push_bytes_sent": "95"
        },
        "Timestamps": {
          "tcp.time_relative": "0.000000000",
          "tcp.time_delta": "0.000000000"
        },
        "tcp.payload": " <!-- WEB SOCKET content -->"

"
        }
    }
  }
  }

}

Sorry for my bad english and thank you all! I really don't know how the protocol TCP/IP works. I need to put them in order according to the datas that I find in the json array. Could someone help me, please?

click to hide/show revision 3
None

Pcap Ordering Json data in real-time

Hi guys,

I have the necessity of reading the packs that a mobile APP sends me and I'm using:

tshark -T json host xx.xx.xx.xx

I need this for printing them in the terminal (Windows prompt) and have back the datas in JSON (datatime, text, src, basically a json dictionary with all informations).

The problem is that I need to put them in order and remove the duplicates IN REAL TIME (if not possibile, I need that faster as possible because I must use a program when the app is running).

  {
    "_index": "packets-2018-07-26",
    "_type": "pcap_file",
    "_score": null,
    "_source": {
      "layers": {
        "frame": {
          "frame.interface_id": "0",
          "frame.interface_id_tree": {
            "frame.interface_name": "\\Device\\NPF_{xx}"
          },
          "frame.encap_type": "1",
          "frame.time": "Jul 26, 2018 08:53:22.589996000 W. Europe Daylight Time",
          "frame.offset_shift": "0.000000000",
          "frame.time_epoch": "1532588002.589996000",
          "frame.time_delta": "11.507337000",
          "frame.time_delta_displayed": "11.507337000",
          "frame.time_relative": "11.507536000",
          "frame.number": "3",
          "frame.len": "149",
          "frame.cap_len": "149",
          "frame.marked": "0",
          "frame.ignored": "0",
          "frame.protocols": "eth:ethertype:ip:tcp"
        },
        "eth": {
          "eth.dst": "xx.xx.xx.xx",
          "eth.dst_tree": {
            "eth.dst_resolved": "xx.xx.xx.xx",
            "eth.addr": "xx.xx.xx.xx",
            "eth.addr_resolved": "xx.xx.xx.xx",
            "eth.lg": "0",
            "eth.ig": "0"
          },
          "eth.src": "xx.xx.xx.xx",
          "eth.src_tree": {
            "eth.src_resolved": "xx.xx.xx.xx",
            "eth.addr": "xx.xx.xx.xx",
            "eth.addr_resolved": "xx.xx.xx.xx",
            "eth.lg": "0",
            "eth.ig": "0"
          },
          "eth.type": "0x00000800"
        },
        "ip": {
          "ip.version": "4",
          "ip.hdr_len": "20",
          "ip.dsfield": "0x00000000",
          "ip.dsfield_tree": {
            "ip.dsfield.dscp": "0",
            "ip.dsfield.ecn": "0"
          },
          "ip.len": "135",
          "ip.id": "0x0000c861",
          "ip.flags": "0x00004000",
          "ip.flags_tree": {
            "ip.flags.rb": "0",
            "ip.flags.df": "1",
            "ip.flags.mf": "0",
            "ip.frag_offset": "0"
          },
          "ip.ttl": "37",
          "ip.proto": "6",
          "ip.checksum": "0x000005a2",
          "ip.checksum.status": "2",
          "ip.src": "xx.xx.xx.xx",
          "ip.addr": "xx.xx.xx.xx",
          "ip.src_host": "xx.xx.xx.xx",
          "ip.host": "xx.xx.xx.xx",
          "ip.dst": "xx.xx.xx.xx",
          "ip.addr": "xx.xx.xx.xx",
          "ip.dst_host": "xx.xx.xx.xx",
          "ip.host": "xx.xx.xx.xx"
        },
        "tcp": {
          "tcp.srcport": "8080",
          "tcp.dstport": "49652",
          "tcp.port": "8080",
          "tcp.port": "49652",
          "tcp.stream": "1",
          "tcp.len": "95",
          "tcp.seq": "1",
          "tcp.nxtseq": "96",
          "tcp.ack": "1",
          "tcp.hdr_len": "20",
          "tcp.flags": "0x00000018",
          "tcp.flags_tree": {
            "tcp.flags.res": "0",
            "tcp.flags.ns": "0",
            "tcp.flags.cwr": "0",
            "tcp.flags.ecn": "0",
            "tcp.flags.urg": "0",
            "tcp.flags.ack": "1",
            "tcp.flags.push": "1",
            "tcp.flags.reset": "0",
            "tcp.flags.syn": "0",
            "tcp.flags.fin": "0",
            "tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
          },
          "tcp.window_size_value": "30016",
          "tcp.window_size": "30016",
          "tcp.window_size_scalefactor": "-1",
          "tcp.checksum": "0x0000952a",
          "tcp.checksum.status": "2",
          "tcp.urgent_pointer": "0",
          "tcp.analysis": {
            "tcp.analysis.bytes_in_flight": "95",
            "tcp.analysis.push_bytes_sent": "95"
          },
          "Timestamps": {
            "tcp.time_relative": "0.000000000",
            "tcp.time_delta": "0.000000000"
          },
          "tcp.payload": " "
<!-- WEB SOCKET content -->"
        }
      }
    }
  }

Sorry for my bad english and thank you all! I really don't know how the protocol TCP/IP works. I need to put them in order according to the datas that I find in the json array. Could someone help me, please?