def sniff(handler):
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
IP = "0.0.0.0"
PORT = 53
sock.bind((IP, PORT))
while True:
try:
data, addr = sock.recvfrom(65536)
query = dns.DNS(data)
for qname in query.qd:
handler(qname.name + '.')
except:
sock.shutdown()
sock.close()
def run(self):
# receive data and send for analysis
print '[%s] [Power] Running' %(time.ctime())
sleeps = 0
while 1:
try:
k = self.in_queue.qsize()
meta,data = self.in_queue.get_nowait() # if something in queue, get it
self.analyze(meta,dns.DNS(data)) # then analyze it
except: # if nothing in queue sleep .5 sec
#print '[%s] [Power] Error - Queue Size: %s' %(time.ctime(),k)
sleeps += .5 # this prevents resource hogging
time.sleep(.5)
if sleeps > 300 and settings['blips'] == 'On': # every 5 slept minutes, update blips
print '[%s] [Power] Checking for blips updates' %(time.ctime())
self.DOMAIN_TREE.update()
sleeps = 0
def parse_dns(udp_data: bytes) -> str:
"""
Parse a DNS packet from a .pcap file
udp_data: data from an UDP packet
"""
dns_p = dns.DNS(udp_data)
msg_q = 'DNS [op={} name={}{}{}]'
msg_r = 'DNS [op={} name={} type={} addr={}]'
msg = msg_q if dns_p.qr == dns.DNS_Q else msg_r
op = 'Query' if dns_p.qr == dns.DNS_Q else 'Response'
aa = ''
name = ''
tp = ''
addr = ''
if dns_p.qr == dns.DNS_Q:
name = dns_p.qd[0].name
if dns_p.rcode == dns.DNS_RCODE_NOERR and len(dns_p.an) >= 1:
ans = dns_p.an[0]
if ans.type == dns.DNS_CNAME:
name = ans.cname
tp = 'CNAME'
if ans.type == dns.DNS_A:
name = ans.name
addr = socket.inet_ntoa(ans.ip)
tp = 'A'
if ans.type == dns.DNS_PTR:
name = ans.ptrname
tp = 'PTR'
return msg.format(op, name, tp, addr)