PcapFileEx.Flows.HTTP1.Analyzer (pcap_file_ex v0.5.5)

View Source

HTTP/1.x request/response analyzer.

Parses TCP segments to reconstruct HTTP/1.x exchanges.

Features

  • Automatic client/server detection (first to send request)
  • Request/response pairing
  • Chunked transfer encoding support
  • Content-Length body reassembly
  • Body decoding via PcapFileEx.HTTP.Content

Example

{:ok, flows} = HTTP1.Analyzer.analyze(tcp_segments)

Enum.each(flows, fn flow ->
  IO.puts("Flow: #{flow.flow.from} -> #{flow.flow.server}")
  Enum.each(flow.exchanges, fn ex ->
    IO.puts("  #{ex.request.method} #{ex.request.path} -> #{ex.response.status}")
  end)
end)

Summary

Types

segment()

Functions

analyze(segments, opts \\ [])

Analyzes TCP segments to extract HTTP/1.x flows.

Types

segment()

@type segment() :: %{
  flow_key: {{tuple(), non_neg_integer()}, {tuple(), non_neg_integer()}},
  direction: :a_to_b | :b_to_a,
  data: binary(),
  timestamp: DateTime.t()
}

Functions

analyze(segments, opts \\ [])

@spec analyze(
  [segment()],
  keyword()
) :: {:ok, [PcapFileEx.Flows.HTTP1.Flow.t()]}

Analyzes TCP segments to extract HTTP/1.x flows.

Parameters

  • segments - List of TCP segments from TCPExtractor
  • opts - Options:
    • :decode_content - Whether to decode bodies (default: true)
    • :hosts_map - Map of IP strings to hostnames
    • :decoders - List of custom decoder specs (see PcapFileEx.Flows.Decoder)
    • :keep_binary - When true, preserve original binary in multipart parts' body_binary field when custom decoders are invoked (default: false)

Returns

{:ok, flows} where flows is a list of HTTP1.Flow.t()