Pcap Ordering Json data in real-time
I have the necessity of reading the packs that a mobile APP sends me and I'm using:
tshark -T json host xx.xx.xx.xx
I need this for printing them in the terminal (Windows prompt) and have back the datas in JSON (datatime, text, src, basically a json dictionary with all informations).
The problem is that I need to put them in order and remove the duplicates IN REAL TIME (if not possibile, I need that faster as possible because I must use a program when the app is running).
I really don't know how the protocol TCP/IP works. I need to put them in order according to the datas that I find in the json array. Could someone help me, please?
{
"_index": "packets-2018-07-26",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.interface_id": "0",
"frame.interface_id_tree": {
"frame.interface_name": "\\Device\\NPF_{xx}"
},
"frame.encap_type": "1",
"frame.time": "Jul 26, 2018 08:53:22.589996000 W. Europe Daylight Time",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "1532588002.589996000",
"frame.time_delta": "11.507337000",
"frame.time_delta_displayed": "11.507337000",
"frame.time_relative": "11.507536000",
"frame.number": "3",
"frame.len": "149",
"frame.cap_len": "149",
"frame.marked": "0",
"frame.ignored": "0",
"frame.protocols": "eth:ethertype:ip:tcp"
},
"eth": {
"eth.dst": "xx.xx.xx.xx",
"eth.dst_tree": {
"eth.dst_resolved": "xx.xx.xx.xx",
"eth.addr": "xx.xx.xx.xx",
"eth.addr_resolved": "xx.xx.xx.xx",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.src": "xx.xx.xx.xx",
"eth.src_tree": {
"eth.src_resolved": "xx.xx.xx.xx",
"eth.addr": "xx.xx.xx.xx",
"eth.addr_resolved": "xx.xx.xx.xx",
"eth.lg": "0",
"eth.ig": "0"
},
"eth.type": "0x00000800"
},
"ip": {
"ip.version": "4",
"ip.hdr_len": "20",
"ip.dsfield": "0x00000000",
"ip.dsfield_tree": {
"ip.dsfield.dscp": "0",
"ip.dsfield.ecn": "0"
},
"ip.len": "135",
"ip.id": "0x0000c861",
"ip.flags": "0x00004000",
"ip.flags_tree": {
"ip.flags.rb": "0",
"ip.flags.df": "1",
"ip.flags.mf": "0",
"ip.frag_offset": "0"
},
"ip.ttl": "37",
"ip.proto": "6",
"ip.checksum": "0x000005a2",
"ip.checksum.status": "2",
"ip.src": "xx.xx.xx.xx",
"ip.addr": "xx.xx.xx.xx",
"ip.src_host": "xx.xx.xx.xx",
"ip.host": "xx.xx.xx.xx",
"ip.dst": "xx.xx.xx.xx",
"ip.addr": "xx.xx.xx.xx",
"ip.dst_host": "xx.xx.xx.xx",
"ip.host": "xx.xx.xx.xx"
},
"tcp": {
"tcp.srcport": "8080",
"tcp.dstport": "49652",
"tcp.port": "8080",
"tcp.port": "49652",
"tcp.stream": "1",
"tcp.len": "95",
"tcp.seq": "1",
"tcp.nxtseq": "96",
"tcp.ack": "1",
"tcp.hdr_len": "20",
"tcp.flags": "0x00000018",
"tcp.flags_tree": {
"tcp.flags.res": "0",
"tcp.flags.ns": "0",
"tcp.flags.cwr": "0",
"tcp.flags.ecn": "0",
"tcp.flags.urg": "0",
"tcp.flags.ack": "1",
"tcp.flags.push": "1",
"tcp.flags.reset": "0",
"tcp.flags.syn": "0",
"tcp.flags.fin": "0",
"tcp.flags.str": "\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7AP\u00c2\u00b7\u00c2\u00b7\u00c2\u00b7"
},
"tcp.window_size_value": "30016",
"tcp.window_size": "30016",
"tcp.window_size_scalefactor": "-1",
"tcp.checksum": "0x0000952a",
"tcp.checksum.status": "2",
"tcp.urgent_pointer": "0",
"tcp.analysis": {
"tcp.analysis.bytes_in_flight": "95",
"tcp.analysis.push_bytes_sent": "95"
},
"Timestamps": {
"tcp.time_relative": "0.000000000",
"tcp.time_delta": "0.000000000"
},
"tcp.payload": " <!-- WEB SOCKET content -->"
}
}
}
}
Sorry for my bad english and thank you all!
asked on Stack Overflow Jul 26, 2018 by 
CuriousPanda
CuriousPanda0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0