 |
Myra Canyon
v0.0.1-768
network control
|
|
|
Myra Canyon
v0.0.1-768
network control
|
|
Detect and examine HTTP packets. More...
Functions | |
| bool | examine (Flow &flow, const Myra::PktInfo &info) |
| Examine a packet for HTTP, and mark the flow if found. More... | |
| bool | examine_port (Flow &flow, const Myra::PktInfo &info) |
| Port based exam for HTTP and HTTPS. More... | |
Detect and examine HTTP packets.
| bool Myra::Traffic::HTTP::examine | ( | Myra::Flow & | flow, |
| const Myra::PktInfo & | info | ||
| ) |
Examine a packet for HTTP, and mark the flow if found.
true if this exam needs to be called again for the given flow false if this exam never needs to be called again Unlike most other traffic exams, this one will continue to be called even after the flow has been identified so it can continue to extract URLs from any keep-alive connections.
Plain text (usually port 80) HTTP requests look like this:
-> flow #2376685098650096535: Unknown+FlowStart+IP+IPv4+TCP: 10.0.1.3:57936->209.52.189.88:80 -> flow #2376685098650096535: TCP payload: number of bytes: 256 0: 47 45 54 20 2f 63 68 72 6f 6d 65 2f 70 72 6f 66 69 6c 65 5f 61 76 61 74 61 72 73 2f 61 76 61 74 - GET /chrome/profile_avatars/avat 20: 61 72 5f 67 65 6e 65 72 69 63 2e 70 6e 67 20 48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 77 - ar_generic.png HTTP/1.1..Host: w 40: 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 - ww.gstatic.com..Connection: keep
| bool Myra::Traffic::HTTP::examine_port | ( | Flow & | flow, |
| const Myra::PktInfo & | info | ||
| ) |
Port based exam for HTTP and HTTPS.
This is a port-based exam. Look for ports 80, 8080, or 443.
1.8.8