unable to decode when HTTP response spans multiple packets in live capture

[alext234]

When capturing live from an interface, when the response is longer than a packet, the program is not able to assemble them before perform JSON decoding.

To reproduce the issue:

• Run rpc sniffer at a terminal as root or sudo to capture lo interface

./rpc-sniffer.py lo

• Run the Testnet tests section of this repo:
  https://github.com/alext234/crypto-zombies-l5#testnet-tests

• The following error can be seen

ERROR:root:Unterminated string starting at: line 1 column 999 (char 998)
ERROR:root:packet dump: 
###[ Ethernet ]###
  dst       = 00:00:00:00:00:00
  src       = 00:00:00:00:00:00
  type      = 0x800
###[ IP ]###
     version   = 4
     ihl       = 5
     tos       = 0x0
     len       = 1870
     id        = 50776
     flags     = DF
     frag      = 0
     ttl       = 64
     proto     = tcp
     chksum    = 0x6f4f
     src       = 127.0.0.1
     dst       = 127.0.0.1
     \options   \
###[ TCP ]###
        sport     = 8545
        dport     = 35264
        seq       = 2136898898
        ack       = 3728611127
        dataofs   = 8
        reserved  = 0
        flags     = PA
        window    = 126
        chksum    = 0x543
        urgptr    = 0
        options   = [('NOP', None), ('NOP', None), ('Timestamp', (4195176729, 4195176727))]
###[ Raw ]###
           load      = 'HTTP/1.1 200 OK\r\nContent-Type: application/json\r\nVary: Origin\r\nDate: Wed, 04 Apr 2018 12:15:25 GMT\r\nContent-Length: 1694\r\n\r\n{"jsonrpc":"2.0","id":1,"result":{"blockHash":"0x5f81391fe9a3666e5c27e54aa08ae491fbbee3213ab89c6a21f6a1be861492b8","blockNumber":"0x26","contractAddress":null,"cumulativeGasUsed":"0x25129","from":"0x96f59288d6aa448ed8ffbc1f6412faf0728fa338","gasUsed":"0x25129","logs":[{"address":"0xbbbdbf92246abbc4a10c206d2291f84a76f78f78","topics":["0x88f026aacbbecc90c18411df4b1185fd8d9be2470f1962f192bf84a27d0704b7"],"data":"0x0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000110b05b286048800000000000000000000000000000000000000000000000000000000000000026231000000000000000000000000000000000000000000000000000000000000","blockNumber":"0x26","transactionHash":"0xb5f3e78e97cdbf0b362400b9c764be1cf2fb619670f001efd1e18acce9425c27","transactionIndex":"0x0","blockHash":"0x5f81391fe9a3666e5c27e54aa08ae491fbbee3213ab89c6a21f6a1be861492b8","logIndex":"0x0","removed":false}],"logsBloom":"0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000004000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000100000000000000000000'

which shows that HTTP load is incomplete and the remaining data is in subsequent packet(s). rpc-sniffer should assemble multiple TCP packets in this case.

[alext234]

A precursor to solving this problem could be to have a project (different repo) that uses scapy to generate a pcap file that has HTTP response that spans multiple TCP packets