def packetHandler(pkt): global mac global icmp_pkt_arr global udp_pkt_arr global tcp_pkt_arr global node pprint.pprint(pkt) if pkt.haslayer(IP): ip = pkt.getlayer(IP) ether = pkt.getlayer(Ether) if ip.dst != None and func.inSubnet( ip.dst) and ether.src != mac: # removing data from AP if pkt.lastlayer().haslayer(ICMP): if icmp_pkt_arr == 0: icmp_pkt_arr = time.time() else: timeSeen = time.time() if timeSeen - icmp_pkt_arr <= func.tau(): d.warning('[+] Possible ICMP Flood detected') icmp_pkt_arr = timeSeen icmp.process(pkt, node, timeSeen) else: # reset d.default('[-] Resetting icmp_pkt_arr') icmp_pkt_arr = 0 if pkt.lastlayer().haslayer(UDP): if udp_pkt_arr == 0: udp_pkt_arr = time.time() else: timeSeen = time.time() if timeSeen - udp_pkt_arr <= func.tau(): d.warning('[+] Possible UDP Flood detected') udp_pkt_arr = timeSeen udp.process(pkt, node, timeSeen) else: # reset d.default('[-] Resetting udp_pkt_arr') udp_pkt_arr = 0 if pkt.lastlayer().haslayer(TCP): if tcp_pkt_arr == 0: tcp_pkt_arr = time.time() else: timeSeen = time.time() if timeSeen - tcp_pkt_arr <= func.tau(): d.warning('[+] Possible TCP Flood detected') tcp_pkt_arr = timeSeen syn.process(pkt, node, timeSeen) else: # reset d.default('[-] Resetting tcp_pkt_arr') tcp_pkt_arr = 0
def packetHandler(pkt): global mac if pkt.haslayer(IP): ip = pkt.getlayer(IP) ether = pkt.getlayer(Ether) if ip.dst != None and func.inSubnet( ip.dst) and ether.src != mac: # removing data from AP if pkt.lastlayer().haslayer(ICMP): icmp.process(pkt) if pkt.lastlayer().haslayer(UDP): udp.process(pkt) if pkt.lastlayer().haslayer(TCP): syn.process(pkt)
def packetHandler(pkt): global mac global scenario #d.warning(pprint.pformat(pkt)) # passing model as second param scenario = model global t_start if pkt.haslayer(IP): ip = pkt.getlayer(IP) ether = pkt.getlayer(Ether) if ip.dst != None and func.inSubnet( ip.dst) and ether.src != mac: # removing data from AP if pkt.haslayer(ICMP): icmp.process(pkt, scenario, t_start) if pkt.haslayer(UDP): udp.process(pkt, scenario, t_start) if pkt.haslayer(TCP): tcp.process(pkt, scenario, t_start)
def decode(pkt): decoded_pkt = [] # EAPOL if pkt.haslayer(EAPOL): ether_frame = pkt.getlayer(Ether) if func.inSubnet(ether_frame.src): decoded_pkt.append({ 'ip': '0.0.0.0', 'mac': ether_frame.src, 'time': time.time(), 'acq': 'eapol', 'valid': 2 }) decoded_pkt.append({ 'ip': '0.0.0.0', 'mac': ether_frame.dst, 'time': time.time(), 'acq': 'eapol', 'valid': 2 }) # DHCP if pkt.haslayer(DHCP): dhcp_frame = pkt.getlayer(DHCP) ether_frame = pkt.getlayer(Ether) if dhcp_frame.server_id != None and func.inSubnet( dhcp_frame.requested_addr): valid = arp.metric(dhcp_frame.requested_addr) decoded_pkt.append({ 'ip': dhcp_frame.requested_addr, 'mac': ether_frame.src, 'time': time.time(), 'acq': 'dhcp', 'valid': valid }) # IP if pkt.haslayer(IP): ip_frame = pkt.getlayer(IP) ether_frame = pkt.getlayer(Ether) valid = arp.metric(ip_frame.src) valid2 = arp.metric(ip_frame.dst) if func.inSubnet(ip_frame.src): decoded_pkt.append({ 'ip': ip_frame.src, 'mac': ether_frame.src, 'time': time.time(), 'acq': 'ip', 'valid': valid }) if func.inSubnet(ip_frame.dst): decoded_pkt.append({ 'ip': ip_frame.dst, 'mac': ether_frame.dst, 'time': time.time(), 'acq': 'ip', 'valid': valid2 }) # ARP if pkt.haslayer(ARP): arp_frame = pkt.getlayer(ARP) valid = arp.metric(arp_frame.psrc) if func.inSubnet(arp_frame.psrc): decoded_pkt.append({ 'ip': arp_frame.psrc, 'mac': arp_frame.hwsrc, 'time': time.time(), 'acq': 'arp', 'valid': valid }) log.warning(str(decoded_pkt)) if len(decoded_pkt) > 0: return json.dumps(decoded_pkt[0]) return None