def recv_flow(self, flow): if self.raw: if flow.state == dsniff.FLOW_START: flow.save['rawf'] = open('/tmp/%s.flow' % id(flow), 'wb') elif flow.state == dsniff.FLOW_END: flow.save['rawf'].close() if flow.client.data: self._grep_data(flow, flow.client.data, '>') elif flow.server.data: self._grep_data(flow, flow.server.data, '<') class NgrepProgram(dsniff.Program): def getopt(self, argv): super(NgrepProgram, self).getopt(argv) if self.args: dsniff.config['ngrep'] = { 'pat':re.compile(self.args.pop(0)) } if __name__ == '__main__': dsniff.set_usage('%prog [options] [pattern [filter]]') dsniff.add_option('-x', dest='ngrep.hex', action='store_true', help='hexdump output') dsniff.add_option('-k', dest='ngrep.kill', action='store_true', help='kill matching TCP connections') dsniff.add_option('-q', dest='ngrep.quiet', action='store_true', help='no content output') dsniff.add_option('-n', dest='ngrep.noheader', action='store_true', help='no header output') dsniff.add_option('-r', dest='ngrep.raw', action='store_true', help='raw output') dsniff.main()
self._grep_data(flow, flow.client.data, '>') elif flow.server.data: self._grep_data(flow, flow.server.data, '<') class NgrepProgram(dsniff.Program): def getopt(self, argv): super(NgrepProgram, self).getopt(argv) if self.args: dsniff.config['ngrep'] = {'pat': re.compile(self.args.pop(0))} if __name__ == '__main__': dsniff.set_usage('%prog [options] [pattern [filter]]') dsniff.add_option('-x', dest='ngrep.hex', action='store_true', help='hexdump output') dsniff.add_option('-k', dest='ngrep.kill', action='store_true', help='kill matching TCP connections') dsniff.add_option('-q', dest='ngrep.quiet', action='store_true', help='no content output') dsniff.add_option('-n', dest='ngrep.noheader', action='store_true', help='no header output') dsniff.add_option('-r', dest='ngrep.raw',
try: self.cache = cPickle.load(open(self.filename)) print >>sys.stderr, 'loaded %s entries from %s' % (len(self.cache), self.filename) except IOError: self.cache = {} self.subscribe('pcap', 'arp[6:2] = 2', self.recv_pkt) def teardown(self): cPickle.dump(self.cache, open(self.filename, 'wb')) print >>sys.stderr, 'saved %s entries to %s' % (len(self.cache), self.filename) def recv_pkt(self, pc, pkt): arp = dpkt.ethernet.Ethernet(pkt).arp try: old = self.cache[arp.spa] if old != arp.sha: self.cache[arp.spa] = arp.sha print 'CHANGE: %s is-at %s (was-at %s)' % \ (dnet.ip_ntoa(arp.spa), dnet.eth_ntoa(arp.sha), dnet.eth_ntoa(old)) except KeyError: self.cache[arp.spa] = arp.sha print 'NEW: %s is-at %s' % (dnet.ip_ntoa(arp.spa), dnet.eth_ntoa(arp.sha)) if __name__ == '__main__': dsniff.add_option('-f', dest='arpwatch.filename', default='/var/run/arpwatch.pkl', help='cache file') dsniff.main()
except IOError: self.cache = {} self.subscribe('pcap', 'arp[6:2] = 2', self.recv_pkt) def teardown(self): cPickle.dump(self.cache, open(self.filename, 'wb')) print >> sys.stderr, 'saved %s entries to %s' % (len( self.cache), self.filename) def recv_pkt(self, pc, pkt): arp = dpkt.ethernet.Ethernet(pkt).arp try: old = self.cache[arp.spa] if old != arp.sha: self.cache[arp.spa] = arp.sha print 'CHANGE: %s is-at %s (was-at %s)' % \ (dnet.ip_ntoa(arp.spa), dnet.eth_ntoa(arp.sha), dnet.eth_ntoa(old)) except KeyError: self.cache[arp.spa] = arp.sha print 'NEW: %s is-at %s' % (dnet.ip_ntoa( arp.spa), dnet.eth_ntoa(arp.sha)) if __name__ == '__main__': dsniff.add_option('-f', dest='arpwatch.filename', default='/var/run/arpwatch.pkl', help='cache file') dsniff.main()