xs.vbs
'
' xstream -  dump reassembled raw tcp stream data in/out

On Error Resume Next
 
Set Sout = WScript.StdOut
 
if WScript.Arguments.Count <>  2 then
	Sout.WriteLine "Usage: cscript xstream.vbs  input-tcpdump-file output-dir  "
	WScript.Quit
end if
 
InputTCPD  = WScript.Arguments.Item(0)
DirName    = WScript.Arguments.Item(1)
 
Dim fso
Set fso = CreateObject("Scripting.FileSystemObject")
 
If fso.FileExists("temp_cap.usnf") Then
	fso.DeleteFile "temp_cap.usnf"
End If
 
'
' Check if Directory Exists (Create if it doesnt)
'
If Not fso.FolderExists(DirName)  Then
	fso.CreateFolder (DirName)
	Sout.WriteLine "Created Output Folder " & DirName
End If
 
' Import from tcpdump (libpcap) format
Set UnsniffDB = CreateObject("Unsniff.Database")
UnsniffDB.New("temp_cap.usnf" )
UnsniffDB.Import "libpcap", InputTCPD
Sout.WriteLine "Imported tcpdump file  " & InputTCPD
 
Dim STIndex
Set STIndex = UnsniffDB.StreamIndex
For Each  ST In STIndex
With ST
	Fname = .SourceAddress & "_" & .SourcePort & "_" & .DestinationAddress & "_" & .DestinationPort 
	ExpFilePath = fso.BuildPath (DirName, Fname )
 
	Sout.WriteLine "OUT " & ExpFilePath
	.SaveToFile ExpFilePath & ".OUT.dat","out",0,-1	
 
	Sout.WriteLine "IN " & ExpFilePath
	.SaveToFile ExpFilePath & ".IN.dat","in",0,-1	
 
End With
Next
 
UnsniffDB.Close()
 
fso.DeleteFile "temp_cap.usnf"
unsniff/samples/xs/vbs.txt · Last modified: 2014/09/11 23:23 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki