将XML数据传输到新的XML格式

时间:2014-08-28 17:22:17

标签: xml xpath transfer

我目前有一个PDML文件,我希望从中提取信息并将其放入新的XML文件中。

数据包在PDML格式中如下所示:

 <packet>
  <proto name="geninfo" pos="0" showname="General information" size="58">
   <field name="num" pos="0" show="22" showname="Number" value="16" size="58"/>
   <field name="len" pos="0" show="58" showname="Frame Length" value="3a" size="58"/>
   <field name="caplen" pos="0" show="58" showname="Captured Length" value="3a" size="58"/>
   <field name="timestamp" pos="0" show="Aug 26, 2014 19:15:06.203826000 GMT Daylight Time" showname="Captured Time" value="1409076906.203826000" size="58"/>
  </proto>
  <proto name="frame" showname="Frame 22: 58 bytes on wire (464 bits), 58 bytes captured (464 bits)" size="58" pos="0">
   <field name="frame.encap_type" showname="Encapsulation type: Ethernet (1)" size="0" pos="0" show="1"/>
   <field name="frame.time" showname="Arrival Time: Aug 26, 2014 19:15:06.203826000 GMT Daylight Time" size="0" pos="0" show="&quot;Aug 26, 2014 19:15:06.203826000 GMT Daylight Time&quot;"/>
   <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
   <field name="frame.time_epoch" showname="Epoch Time: 1409076906.203826000 seconds" size="0" pos="0" show="1409076906.203826000"/>
   <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.001294000 seconds" size="0" pos="0" show="0.001294000"/>
   <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.001294000 seconds" size="0" pos="0" show="0.001294000"/>
   <field name="frame.time_relative" showname="Time since reference or first frame: 3.484800000 seconds" size="0" pos="0" show="3.484800000"/>
   <field name="frame.number" showname="Frame Number: 22" size="0" pos="0" show="22"/>
   <field name="frame.len" showname="Frame Length: 58 bytes (464 bits)" size="0" pos="0" show="58"/>
   <field name="frame.cap_len" showname="Capture Length: 58 bytes (464 bits)" size="0" pos="0" show="58"/>
   <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/>
   <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/>
   <field name="frame.protocols" showname="Protocols in frame: eth:ethertype:ip:tcp" size="0" pos="0" show="eth:ethertype:ip:tcp"/>
  </proto>
  <proto name="eth" showname="Ethernet II, Src: 78:e4:00:f9:ea:83 (78:e4:00:f9:ea:83), Dst: 98:8b:5d:b9:50:70 (98:8b:5d:b9:50:70)" size="14" pos="0">
   <field name="eth.dst" showname="Destination: 98:8b:5d:b9:50:70 (98:8b:5d:b9:50:70)" size="6" pos="0" show="98:8b:5d:b9:50:70" value="988b5db95070">
   <field name="eth.dst_resolved" showname="Destination (resolved): 98:8b:5d:b9:50:70" hide="yes" size="6" pos="0" show="98:8b:5d:b9:50:70" value="988b5db95070"/>
   <field name="eth.addr" showname="Address: 98:8b:5d:b9:50:70 (98:8b:5d:b9:50:70)" size="6" pos="0" show="98:8b:5d:b9:50:70" value="988b5db95070"/>
   <field name="eth.addr_resolved" showname="Address (resolved): 98:8b:5d:b9:50:70" hide="yes" size="6" pos="0" show="98:8b:5d:b9:50:70" value="988b5db95070"/>
   <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="988b5d"/>
   <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="988b5d"/>
   </field>
   <field name="eth.src" showname="Source: 78:e4:00:f9:ea:83 (78:e4:00:f9:ea:83)" size="6" pos="6" show="78:e4:00:f9:ea:83" value="78e400f9ea83">
   <field name="eth.src_resolved" showname="Source (resolved): 78:e4:00:f9:ea:83" hide="yes" size="6" pos="6" show="78:e4:00:f9:ea:83" value="78e400f9ea83"/>
   <field name="eth.addr" showname="Address: 78:e4:00:f9:ea:83 (78:e4:00:f9:ea:83)" size="6" pos="6" show="78:e4:00:f9:ea:83" value="78e400f9ea83"/>
   <field name="eth.addr_resolved" showname="Address (resolved): 78:e4:00:f9:ea:83" hide="yes" size="6" pos="6" show="78:e4:00:f9:ea:83" value="78e400f9ea83"/>
   <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="78e400"/>
   <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="78e400"/>
   </field>
   <field name="eth.type" showname="Type: IP (0x0800)" size="2" pos="12" show="2048" value="0800"/>
</proto>
<proto name="ip" showname="Internet Protocol Version 4, Src: 192.168.1.211 (192.168.1.211), Dst: 192.168.1.254 (192.168.1.254)" size="20" pos="14">
  <field name="ip.version" showname="Version: 4" size="1" pos="14" show="4" value="45"/>
  <field name="ip.hdr_len" showname="Header Length: 20 bytes" size="1" pos="14" show="20" value="45"/>
  <field name="ip.dsfield" showname="Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))" size="1" pos="15" show="0" value="00">
  <field name="ip.dsfield.dscp" showname="0000 00.. = Differentiated Services Codepoint: Default (0x00)" size="1" pos="15" show="0" value="0" unmaskedvalue="00"/>
  <field name="ip.dsfield.ecn" showname=".... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)" size="1" pos="15" show="0" value="0" unmaskedvalue="00"/>
  </field>
  <field name="ip.len" showname="Total Length: 44" size="2" pos="16" show="44" value="002c"/>
  <field name="ip.id" showname="Identification: 0xdf54 (57172)" size="2" pos="18" show="57172" value="df54"/>
  <field name="ip.flags" showname="Flags: 0x00" size="1" pos="20" show="0" value="00">
  <field name="ip.flags.rb" showname="0... .... = Reserved bit: Not set" size="1" pos="20" show="0" value="00"/>
  <field name="ip.flags.df" showname=".0.. .... = Don&apos;t fragment: Not set" size="1" pos="20" show="0" value="00"/>
  <field name="ip.flags.mf" showname="..0. .... = More fragments: Not set" size="1" pos="20" show="0" value="00"/>
  </field>
  <field name="ip.frag_offset" showname="Fragment offset: 0" size="2" pos="20" show="0" value="0000"/>
  <field name="ip.ttl" showname="Time to live: 52" size="1" pos="22" show="52" value="34"/>
  <field name="ip.proto" showname="Protocol: TCP (6)" size="1" pos="23" show="6" value="06"/>
  <field name="ip.checksum" showname="Header checksum: 0x2256 [validation disabled]" size="2" pos="24" show="8790" value="2256">
  <field name="ip.checksum_good" showname="Good: False" size="2" pos="24" show="0" value="2256"/>
  <field name="ip.checksum_bad" showname="Bad: False" size="2" pos="24" show="0" value="2256"/>
  </field>
  <field name="ip.src" showname="Source: 192.168.1.211 (192.168.1.211)" size="4" pos="26" show="192.168.1.211" value="c0a801d3"/>
  <field name="ip.addr" showname="Source or Destination Address: 192.168.1.211 (192.168.1.211)" hide="yes" size="4" pos="26" show="192.168.1.211" value="c0a801d3"/>
  <field name="ip.src_host" showname="Source Host: 192.168.1.211" hide="yes" size="4" pos="26" show="192.168.1.211" value="c0a801d3"/>
  <field name="ip.host" showname="Source or Destination Host: 192.168.1.211" hide="yes" size="4" pos="26" show="192.168.1.211" value="c0a801d3"/>
  <field name="ip.dst" showname="Destination: 192.168.1.254 (192.168.1.254)" size="4" pos="30" show="192.168.1.254" value="c0a801fe"/>
  <field name="ip.addr" showname="Source or Destination Address: 192.168.1.254 (192.168.1.254)" hide="yes" size="4" pos="30" show="192.168.1.254" value="c0a801fe"/>
  <field name="ip.dst_host" showname="Destination Host: 192.168.1.254" hide="yes" size="4" pos="30" show="192.168.1.254" value="c0a801fe"/>
  <field name="ip.host" showname="Source or Destination Host: 192.168.1.254" hide="yes" size="4" pos="30" show="192.168.1.254" value="c0a801fe"/>
  <field name="" show="Source GeoIP: Unknown" size="4" pos="26" value="c0a801d3"/>
  <field name="" show="Destination GeoIP: Unknown" size="4" pos="30" value="c0a801fe"/>
</proto>
<proto name="tcp" showname="Transmission Control Protocol, Src Port: 59634 (59634), Dst Port: 199 (199), Seq: 0, Len: 0" size="24" pos="34">
  <field name="tcp.srcport" showname="Source Port: 59634 (59634)" size="2" pos="34" show="59634" value="e8f2"/>
  <field name="tcp.dstport" showname="Destination Port: 199 (199)" size="2" pos="36" show="199" value="00c7"/>
  <field name="tcp.port" showname="Source or Destination Port: 59634" hide="yes" size="2" pos="34" show="59634" value="e8f2"/>
  <field name="tcp.port" showname="Source or Destination Port: 199" hide="yes" size="2" pos="36" show="199" value="00c7"/>
  <field name="tcp.stream" showname="Stream index: 0" size="0" pos="34" show="0"/>
  <field name="tcp.len" showname="TCP Segment Len: 0" size="1" pos="46" show="0" value="60"/>
  <field name="tcp.seq" showname="Sequence number: 0    (relative sequence number)" size="4" pos="38" show="0" value="1d78544a"/>
  <field name="tcp.ack" showname="Acknowledgment number: 0" size="4" pos="42" show="0" value="00000000"/>
  <field name="tcp.hdr_len" showname="Header Length: 24 bytes" size="1" pos="46" show="24" value="60"/>
  <field name="tcp.flags" showname=".... 0000 0000 0010 = Flags: 0x002 (SYN)" size="2" pos="46" show="2" value="2" unmaskedvalue="6002">
  <field name="tcp.flags.res" showname="000. .... .... = Reserved: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="60"/>
  <field name="tcp.flags.ns" showname="...0 .... .... = Nonce: Not set" size="1" pos="46" show="0" value="0" unmaskedvalue="60"/>
  <field name="tcp.flags.cwr" showname=".... 0... .... = Congestion Window Reduced (CWR): Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="02"/>
  <field name="tcp.flags.ecn" showname=".... .0.. .... = ECN-Echo: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="02"/>
  <field name="tcp.flags.urg" showname=".... ..0. .... = Urgent: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="02"/>
  <field name="tcp.flags.ack" showname=".... ...0 .... = Acknowledgment: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="02"/>
  <field name="tcp.flags.push" showname=".... .... 0... = Push: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="02"/>
  <field name="tcp.flags.reset" showname=".... .... .0.. = Reset: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="02"/>
  <field name="tcp.flags.syn" showname=".... .... ..1. = Syn: Set" size="1" pos="47" show="1" value="1" unmaskedvalue="02">
  <field name="_ws.expert" showname="Expert Info (Chat/Sequence): Connection establish request (SYN): server port 199" size="0" pos="47">
  <field name="tcp.connection.syn" showname="Connection establish request (SYN): server port 199" size="0" pos="0" show="" value=""/>
  <field name="_ws.expert.message" showname="Message: Connection establish request (SYN): server port 199" hide="yes" size="0" pos="0" show="Connection establish request (SYN): server port 199"/>
  <field name="_ws.expert.severity" showname="Severity level: Chat" size="0" pos="0" show="2097152"/>
  <field name="_ws.expert.group" showname="Group: Sequence" size="0" pos="0" show="33554432"/>
  </field>
  </field>
  <field name="tcp.flags.fin" showname=".... .... ...0 = Fin: Not set" size="1" pos="47" show="0" value="0" unmaskedvalue="02"/>
  </field>
  <field name="tcp.window_size_value" showname="Window size value: 1024" size="2" pos="48" show="1024" value="0400"/>
  <field name="tcp.window_size" showname="Calculated window size: 1024" size="2" pos="48" show="1024" value="0400"/>
  <field name="tcp.checksum" showname="Checksum: 0xb388 [validation disabled]" size="2" pos="50" show="45960" value="b388">
  <field name="tcp.checksum_good" showname="Good Checksum: False" size="2" pos="50" show="0" value="b388"/>
  <field name="tcp.checksum_bad" showname="Bad Checksum: False" size="2" pos="50" show="0" value="b388"/>
  </field>
  <field name="tcp.urgent_pointer" showname="Urgent pointer: 0" size="2" pos="52" show="0" value="0000"/>
  <field name="tcp.options" showname="Options: (4 bytes), Maximum segment size" size="4" pos="54" show="02:04:05:b4" value="020405b4">
  <field name="tcp.options.mss" showname="Maximum segment size: 1460 bytes" size="4" pos="54" show="" value="">
  <field name="tcp.option_kind" showname="Kind: Maximum Segment Size (2)" size="1" pos="54" show="2" value="02"/>
  <field name="tcp.option_len" showname="Length: 4" size="1" pos="55" show="4" value="04"/>
  <field name="tcp.options.mss_val" showname="MSS Value: 1460" size="2" pos="56" show="1460" value="05b4"/>
  </field>
  </field>
</proto>
</packet>

pdml文件的根目录是<pdml>

正如您所看到的那样,它需要大量无法使用的数据。

我需要检索的数据可以在数据包的这些位置找到:

 "pdml/packet/proto/field[@name='ip.src']/@show"
 "pdml/packet/proto/field[@name='ip.dst']/@show"
 "pdml/packet/proto/field[@name='tcp.dstport']/@show"
 "pdml/packet/proto/field[@name='tcp.flags]/@showname"

在提取这些信息的同时创建新xml文件的最佳方法是什么?

最好是树看起来像这样:

<packet name= [@name='ip.src']/@show.value>
  <destination> [@name='ip.dst']/@show.value </destination>
  <tcpport> [@name='tcp.dstport']/@show.value </tcpport>
  <flag> [@name='tcp.flags]/@showname.value </flag>
</packet>

有些人可能会注意到新的数据包样式看起来与psml类似,但有一点不同之处在于psml不包含稍后需要的目标端口号。这需要自动完成,因为原始的xml文件非常庞大,因此手动更改或输入此文件可能需要数小时甚至几天。

任何帮助,指针,软件都会很棒。

感谢。

0 个答案:

没有答案