'
' xstream -  dump reassembled raw tcp stream data in/out

On Error Resume Next
 
Set Sout = WScript.StdOut
 
if WScript.Arguments.Count <>  2 then
	Sout.WriteLine "Usage: cscript xstream.vbs  input-tcpdump-file output-dir  "
	WScript.Quit
end if
 
InputTCPD  = WScript.Arguments.Item(0)
DirName    = WScript.Arguments.Item(1)
 
Dim fso
Set fso = CreateObject("Scripting.FileSystemObject")
 
If fso.FileExists("temp_cap.usnf") Then
	fso.DeleteFile "temp_cap.usnf"
End If
 
'
' Check if Directory Exists (Create if it doesnt)
'
If Not fso.FolderExists(DirName)  Then
	fso.CreateFolder (DirName)
	Sout.WriteLine "Created Output Folder " & DirName
End If
 
' Import from tcpdump (libpcap) format
Set UnsniffDB = CreateObject("Unsniff.Database")
UnsniffDB.New("temp_cap.usnf" )
UnsniffDB.Import "libpcap", InputTCPD
Sout.WriteLine "Imported tcpdump file  " & InputTCPD
 
Dim STIndex
Set STIndex = UnsniffDB.StreamIndex
For Each  ST In STIndex
With ST
	Fname = .SourceAddress & "_" & .SourcePort & "_" & .DestinationAddress & "_" & .DestinationPort 
	ExpFilePath = fso.BuildPath (DirName, Fname )
 
	Sout.WriteLine "OUT " & ExpFilePath
	.SaveToFile ExpFilePath & ".OUT.dat","out",0,-1	
 
	Sout.WriteLine "IN " & ExpFilePath
	.SaveToFile ExpFilePath & ".IN.dat","in",0,-1	
 
End With
Next
 
UnsniffDB.Close()
 
fso.DeleteFile "temp_cap.usnf"