Python UDP Beispiele, networking.udp.UDP Python Beispiele

Beispiel #1

0

Datei anzeigen

def udp():
    conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
    interfaceSelection = input("Please enter the interface to sniff-> ")
    conn.bind((interfaceSelection,0))
    n = 0
    print('[UDP]')
    numberInput = input("Please enter numbers of packet to scan: ")
    number = int(numberInput)
    while True:
        while n < number:
            raw_data, addr = conn.recvfrom(65535)
            eth = Ethernet(raw_data)

            print('\nEthernet Frame:')
            print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))

            #IPv4 
            if eth.proto == 8:
                ipv4 = IPv4(eth.data)
                print(TAB_1 + 'IPv4 Packet:')
                print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
                print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))

                #UDP Segments
                if ipv4.proto == 17:
                    udp = UDP(ipv4.data)
                    print(TAB_1 + 'UDP Segment:')
                    print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
                n+=1

            else:
                print('Ethernet Data:')
                print(format_multi_line(DATA_TAB_1, eth.data))
                n+=1
        sys.exit()

Beispiel #2

0

Datei anzeigen

Datei: Runsniffer.py Projekt: trungdungit45/idsoftware

def printSniffer(eth,count,_Warning):
    el = 0
    if eth.proto == 8:
        el = 1
        #print(TAB_1 + 'ethproto=8')
        Timeeeee = datetime.datetime.now().strftime('%H%M%S').__str__()
        ipv4 = IPv4(eth.data)
        ipv4src = ipv4.src.__str__()
        ipv4target = ipv4.target.__str__()
        if ipv4.proto == 1:
            icmp = ICMP(ipv4.data)
            icmpinfo = 'Type:'+icmp.type.__str__() +'Code'+ icmp.code.__str__() +'Checksum'+ icmp.checksum.__str__()
            print('{0:5}\t{1:8}\t{2:15}\t\t{3:15}\t\t{4:8}\t{5:6}\t\t{6}'
            .format(count,Timeeeee,ipv4.src, ipv4.target,'ICMP',len(icmp.data),_Warning))
        # TCP
        elif ipv4.proto == 6:
            tcp = TCP(ipv4.data)
            tcpinfo = 'SrcPort:{}, DestPort:{}'.format(tcp.src_port, tcp.dest_port) + ' Sequence:{}, Acknowledgment:{}'.format(tcp.sequence, tcp.acknowledgment) + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh) + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin)
            if(len(tcp.data) > 0 and (tcp.src_port == 80 or tcp.dest_port == 80)):
                print('{0:5}\t{1:8}\t{2:15}\t\t{3:15}\t\t{4:8}\t{5:6}\t\t{6}'   
                .format(count,Timeeeee,ipv4.src, ipv4.target,'HTTP',len(tcp.data),_Warning))
            else:
                print('{0:5}\t{1:8}\t{2:15}\t\t{3:15}\t\t{4:8}\t{5:6}\t\t{6}'
                .format(count,Timeeeee,ipv4.src, ipv4.target,'TCP',len(tcp.data),_Warning))

        # UDP
        elif ipv4.proto == 17:
            udp = UDP(ipv4.data)
            udpinfo = 'SrcPort: {}, DestPort:{}, Length:{}'.format(udp.src_port, udp.dest_port,udp.size)
            print('{0:5}\t{1:8}\t{2:15}\t\t{3:15}\t\t{4:8}\t{5:6}\t\t{6}'
            .format(count,Timeeeee,ipv4.src, ipv4.target,'UDP',len(udp.data),_Warning))
    return el

Beispiel #3

0

Datei anzeigen

def main():
    conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))

    while True:
        raw_data, addr = conn.recvfrom(65535)
        eth = Ethernet(raw_data)
        # IPv4
        if eth.proto == 8:
            ipv4 = IPv4(eth.data)

            # ICMP
            if ipv4.proto == 1:
                icmp = ICMP(ipv4.data)

            # TCP
            elif ipv4.proto == 6:
                tcp = TCP(ipv4.data)

                if len(tcp.data) > 0:

                    # HTTP
                    if tcp.src_port == 9010 or tcp.dest_port == 9010:
                        try:
                            http = HTTP(tcp.data)
                            http_info = str(http.data).split('\n')
                            for line in http_info:
                                if 'Authorization' in line:
                                    #print(str(line))
                                    try:
                                        p = re.compile(
                                            'Authorization: Basic (([A-Za-z0-9@#$%^&+=]+)):'
                                        )
                                        if p.match(line):
                                            username = p.match(line).group(1)
                                            if (username == default_u):
                                                logdefaultcred(
                                                    ipv4.src, username)
                                            trackLogin(ipv4.src, username)
                                    except Exception as ex:
                                        print("Regex exception")
                                        print(ex)
                        except:
                            print("HTTP exception")
                    else:
                        print('\t\tTCP Data:')
                        print(format_multi_line(TAB_3, tcp.data))

            # UDP
            elif ipv4.proto == 17:
                udp = UDP(ipv4.data)
            # Other IPv4
            else:
                pass

        else:
            pass

    pcap.close()

Beispiel #4

0

Datei anzeigen

Datei: ipv6.py Projekt: srBruning/Python-Packet-Sniffer

 def __extract_extension_header(self, data):
     if self.next_header == 6:
         return TCP(data)
     elif self.next_header == 58:
         return ICMPv6(data)
     elif self.next_header == 0:
         return HopByHop(data)
     elif self.next_header == 17:
         return UDP(data)
     return None

Beispiel #5

0

Datei anzeigen

Datei: packetsniffer.py Projekt: grvsood/Network-Packet-Sniffer

def packet_sniffer():
    connection = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
                               socket.ntohs(3))
    while True:
        data, addr = connection.recvfrom(65535)
        ethernet_frame = EthernetFrame(data)
        print(ethernet_frame)

        #IPv4
        if ethernet_frame.protocal == 8:
            ipv4 = IPv4(ethernet_frame.data)
            print(ipv4)

            #ICMP
            if ipv4.protocal == 1:
                icmp = ICMP(ipv4.data)
                print(icmp)

            #TCP
            elif ipv4.protocal == 6:
                tcp = TCP(ipv4.data)
                print(tcp)

                if len(tcp.data) > 0:

                    #HTTP
                    if tcp.sourcePort == 80 or tcp.destinationPort == 80:
                        print(Tab[1] + 'HTTP Data:')
                        try:
                            http = HTTP(tcp.data)
                            http_info = str(http.data).split('\n')
                            for line in http_info:
                                print(DataTab[2] + line)
                        except:
                            print(format_multi_line(DataTab[2], tcp.data))
                    else:
                        print(Tab[1] + 'TCP Data:')
                        print(format_multi_line(DataTab[2], tcp.data))

            #UDP
            elif ipv4.protocal == 17:
                udp = UDP(ipv4.data)
                print(udp)

            #other IPv4 protocals
            else:
                print(Tab[0] + 'Other IPv4 Data:')
                print(format_multi_line(DataTab[0], ipv4.data))

        else:
            print('Ethernet Data:')
            print(format_multi_line(DataTab[0], ethernet_frame.data))

Beispiel #6

0

Datei anzeigen

Datei: Runsniff.py Projekt: trungdungit45/IDSSoftPython

def printSniffer(eth,count,_Warning):
    if eth.proto == 8:
        #sys.stdout.write(TAB_1 + 'ethproto=8')
        ipv4 = IPv4(eth.data)
        ipv4src = ipv4.src.__str__()
        ipv4target = ipv4.target.__str__()
        if ipv4.proto == 1:
            icmp = ICMP(ipv4.data)
            icmpinfo = 'Type:'+icmp.type.__str__() +'Code'+ icmp.code.__str__() +'Checksum'+ icmp.checksum.__str__()
            sys.stdout.write('{0:5}\t{1:8}\t{2:15}\t{3:15}\t{4:8}\t{5:6}\t\t{6}\n'
            .format(count.__str__(),'Timeeeee',ipv4.src, ipv4.target,'ICMP',len(icmp.data).__str__(),_Warning.__str__()))
        # TCP
        elif ipv4.proto == 6:
            tcp = TCP(ipv4.data)
            tcpinfo = 'SrcPort:{}, DestPort:{}'.format(tcp.src_port, tcp.dest_port) + ' Sequence:{}, Acknowledgment:{}'.format(tcp.sequence, tcp.acknowledgment) + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh) + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin)
            '''
            if len(tcp.data) > 0:
            
                #HTTP
                if tcp.src_port == 80 or tcp.dest_port == 80:
                    sys.stdout.write(TAB_2 + 'HTTP Data:')
                    try:
                        http = HTTP(tcp.data)
                        http_info = str(http.data).split('\n')
                        for line in http_info:
                            sys.stdout.write(DATA_TAB_3 + str(line))
                    except:
                        sys.stdout.write(format_multi_line(DATA_TAB_3, tcp.data))
                else:
                    sys.stdout.write(TAB_2 + 'TCP Data:')
                    #sys.stdout.write(format_multi_line(DATA_TAB_3, tcp.data))
            '''
            sys.stdout.write('{0:5}\t{1:8}\t{2:15}\t{3:15}\t{4:8}\t{5:6}\t\t{6}\n'
            .format(count,'Timeeeee',ipv4.src, ipv4.target,'TCP',len(tcp.data),_Warning))       
        # UDP
        elif ipv4.proto == 17:
            #sys.stdout.write(TAB_1 + 'ethproto=17')
            udp = UDP(ipv4.data)
            udpinfo = 'SrcPort: {}, DestPort:{}, Length'.format(udp.src_port, udp.dest_port,udp.size)
            #sys.stdout.write(TAB_1 + 'UDP Segment:')
            #sys.stdout.write(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port,udp.size))
            sys.stdout.write('{0:5}\t{1:8}\t{2:15}\t{3:15}\t{4:8}\t{5:6}\t\t{6}\n'
            .format(count,'Timeeeee',ipv4.src, ipv4.target,'UDP',len(udp.data),_Warning))
        # Other IPv4
        else:
            sys.stdout.write(TAB_1 + 'Other IPv4 Data:')
            sys.stdout.write(format_multi_line(DATA_TAB_2, ipv4.data))

    else:
        sys.stdout.write('Ethernet Data: = Protocol != 8  {}\n'.format(eth.proto))

Beispiel #7

0

Datei anzeigen

    def __extract_data(self, data):

        # ICMP
        if self.proto == 1:
            return ICMP(data)
        # TCP
        elif self.proto == 6:
            return TCP(data)

        # UDP
        elif self.proto == 17:
            return UDP(data)
        # Other IPv4
        else:
            format_multi_line('', data)

Beispiel #8

0

Datei anzeigen

Datei: sniffer.py Projekt: igorncruz/TCC

def main():
    pcap = Pcap('capture.pcap')
    conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
    packageManager = PackageManager()
    print("\nSniffer iniciado...\n")

    while True:
        raw_data, addr = conn.recvfrom(65535)
        pcap.write(raw_data)
        receivedDatetimePacket = time.time()
        eth = Ethernet(raw_data)

        # IPv4
        if eth.proto == 8:
            ipv4 = IPv4(eth.data)

            # ICMP
            if ipv4.proto == 1:
                icmp = ICMP(ipv4.data)
                # print(format_multi_line(DATA_TAB_3, icmp.data))

            # TCP
            elif ipv4.proto == 6:
                tcp = TCP(ipv4.data)

                if len(tcp.data) > 0:

                    # HTTP
                    # if tcp.src_port == 8080 or tcp.dest_port == 8080:
                    if tcp.dest_port == 8080:
                        packageManager.receivePackage(eth,
                                                      receivedDatetimePacket)

            # UDP
            elif ipv4.proto == 17:
                # print('\n\n\n\n\nERRO UDP: + ' + str(ipv4.data))
                udp = UDP(ipv4.data)

    pcap.close()

Beispiel #9

0

Datei anzeigen

Datei: views.py Projekt: root79-glit/BlueWhale

def index(request):
    answer = ''

    answer += '<head><style>table, th, td {border: 1px solid black;border-collapse: collapse;}</style></head><body><table><tr><th>Time Stamp</th><th>Destination MAC</th><th>Source MAC</th><th>Protocol</th><th>IP Version</th><th>IP Header Length</th><th>TTL</th><th>Protocol</th><th>Source IP</th><th>Target IP</th><th>Source Port</th><th>Destination Port</th><th>Length</th></tr>'
    for raw_data in range(5):
        data, addr = s.recvfrom(65565)
        pcap.write(data)
        unpacked = struct.unpack('@ I H H i I I I I I I I', data[:40])
        timestamp = time.strftime('%Y-%m-%d %H:%M:%S',
                                  time.localtime(unpacked))
        eth = Ethernet(raw_data)
        ipv4 = IPv4(eth.data)
        icmp = ICMP(ipv4.data)
        tcp = TCP(ipv4.data)
        udp = UDP(ipv4.data)

        answer += '<tr><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th></tr>'.format(
            timestamp, eth.dest_mac, eth.src_mac, eth.proto, ipv4.version,
            ipv4.header_length, ipv4.ttl, ipv4.proto, ipv4.src, ipv4.target,
            tcp.src_port, tcp.dest_port, udp.src_port, udp.dest_port, udp.size)

    answer += '</table></body>'

    return HttpResponse(answer)

Beispiel #10

0

Datei anzeigen

Datei: hop_by_hop.py Projekt: srBruning/Python-Packet-Sniffer

 def __extract_extension_header(self, data):
     if self.next_header == 58:
         return ICMPv6(data)
     elif self.next_header == 17:
         return UDP(data)
     return byteDataToString(data)

Beispiel #11

0

Datei anzeigen

def main():

    pcap = Pcap('capture.pcap')
    conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
    info =""
    Data=""
   # if StartCapture==1:
    Tstart=int(round(time.time() * 1000))
   #StartCapture=0
    while True:
        raw_data, addr = conn.recvfrom(65535)
        l=[]
        l.append(Tstart-int(round(time.time() * 1000)))

        pcap.write(raw_data)
        eth = Ethernet(raw_data)

        #print('\nEthernet Frame:')
        Data+="\nEthernet Frame:"+TAB_1 + "Destination:"+str(eth.dest_mac)+"Source: "+str(eth.src_mac)+"Protocol: "+str(eth.proto)
        #print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))

        # IPv4
        if eth.proto == 8:
            ipv4 = IPv4(eth.data)
            Data += TAB_2 + 'Protocol: ' + str(ipv4.proto) + ' Source:' + str(ipv4.src) + 'Target:' + str(ipv4.target)
         #   print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
            l.append(ipv4.src)
            l.append(ipv4.target)
          #  print(TAB_1 + 'IPv4 Packet:')
           # print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
            Data+=TAB_1 + 'IPv4 Packet:'+TAB_2 + 'Version:'+str(ipv4.version)+'Header Length:'+ str(ipv4.header_length)+'TTL:'+str(ipv4.ttl)
            l.append(ipv4.header_length)

            # ICMP
            if ipv4.proto == 1:
                icmp = ICMP(ipv4.data)
                l.append('ICMP')
            #    print(TAB_1 + 'ICMP Packet:')
             #   print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
              #  print(TAB_2 + 'ICMP Data:')
               # print(format_multi_line(DATA_TAB_3, icmp.data))
                Data+=TAB_1 + 'ICMP Packet:'+TAB_2 + 'Type: '+str(icmp.type)+"Code:"+str(icmp.code)+"Checksum:"+str( icmp.checksum)+TAB_2 + 'ICMP Data:'+str(format_multi_line(DATA_TAB_3, icmp.data))
                l.append(icmp.data)
                l.append(" ")

            # TCP
            elif ipv4.proto == 6:
                tcp = TCP(ipv4.data)
                #print(TAB_1 + 'TCP Segment:')
                l.append('TCP')
                #print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
                info+=str(tcp.src_port)+"->"+str(tcp.dest_port)+"ACK="+str(tcp.flag_ack)+"len ="+str(len(tcp.data))
                #print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
                #print(TAB_2 + 'Flags:')
                #print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
                #print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
                Data+=TAB_1 + 'TCP Segment:'+TAB_2 + 'Source Port:'+str(tcp.src_port)+"Destination Port:"+str( tcp.dest_port)+TAB_2 + 'Sequence:'+str(tcp.sequence)+" Acknowledgment:"+str(tcp.acknowledgment)
                Data+=TAB_2 + 'Flags:'+TAB_3 + 'URG:'+str(tcp.flag_urg)+'ACK'+str(tcp.flag_ack)+'PSH'+str(tcp.flag_psh)+TAB_3 + 'RST:'+str(tcp.flag_rst)+'SYN'+str(tcp.flag_syn)+'FIN'+str(tcp.flag_fin)
                l.append(tcp.data)
                l.append(info)
                if len(tcp.data) > 0:

                    # HTTP
                    if tcp.src_port == 80 or tcp.dest_port == 80:
                        Data+=TAB_2 + 'HTTP Data:'
                 #       print(TAB_2 + 'HTTP Data:')
                        try:
                            http = HTTP(tcp.data)
                            http_info = str(http.data).split('\n')
                            for line in http_info:
                                Data+=DATA_TAB_3 + str(line)
                  #              print(DATA_TAB_3 + str(line))
                        except:
                   #         print(format_multi_line(DATA_TAB_3, tcp.data))
                            Data+=format_multi_line(DATA_TAB_3, tcp.data)
                    else:
                    #    print(TAB_2 + 'TCP Data:')
                     #   print(format_multi_line(DATA_TAB_3, tcp.data))
                        Data+=TAB_2 + 'TCP Data:'+format_multi_line(DATA_TAB_3, tcp.data)

            # UDP
            elif ipv4.proto == 17:
                udp = UDP(ipv4.data)
                l.append('UDB')
                #print(TAB_1 + 'UDP Segment:')
                #print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
                Data+=TAB_1 + 'UDP Segment:'+TAB_2 + 'Source Port:'+str(udp.src_port)+'Destination Port:'+str( udp.dest_port)+'Length'+str(udp.size)
                info += str(udp.src_port) + "->" +str (udp.dest_port) + "len =" + str(udp.size) # + "ACK=" + str(udp.flag_ack)
                l.append(0)
                l.append(info)

            # Other IPv4
            else:
                #print(TAB_1 + 'Other IPv4 Data:')
                l.append('other')
                l.append(0)
                l.append('other')
                #print(format_multi_line(DATA_TAB_2, ipv4.data))
                Data+=TAB_1 + 'Other IPv4 Data:'+format_multi_line(DATA_TAB_2, ipv4.data)

        else:
            #print('Ethernet Data:')
            #print(format_multi_line(DATA_TAB_1, eth.data))
            l.append(" ")#src
            l.append(" ")#target
            l.append(" ")#Hlength
            l.append(" ")#protocol
            Data+='Ethernet Data:'+format_multi_line(DATA_TAB_1, eth.data)
            l.append(format_multi_line(DATA_TAB_1, eth.data))#hex
            l.append(" ")  # info
        l.append(Data)
        temp=l[3]
        l[3]=l[4]
        l[4]=temp
        temp2=l[5]
        l[5]=l[6]
        l[6]=l[7]
        l[7]=temp2
        print (*l ,sep=',')
        info=""
        Data=""


    pcap.close()

Beispiel #12

0

Datei anzeigen

Datei: sniffer.py Projekt: Mimossaaa/packetto

def main():
    conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
    interfaceSelection = input("Please enter the interface to sniff-> ")
    conn.bind((interfaceSelection, 0))
    n = 0
    print('[ALL]')
    numberInput = input("Please enter numbers of packet to scan: ")
    number = int(numberInput)
    while True:
        while n < number:
            raw_data, addr = conn.recvfrom(65535)
            eth = Ethernet(raw_data)

            print('\nEthernet Frame:')
            print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
                eth.dest_mac, eth.src_mac, eth.proto))

            #IPv4
            if eth.proto == 8:
                ipv4 = IPv4(eth.data)
                print(TAB_1 + 'IPv4 Packet:')
                print(TAB_2 +
                      'Version: {}, Header Length: {}, TTL: {},'.format(
                          ipv4.version, ipv4.header_length, ipv4.ttl))
                print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
                    ipv4.proto, ipv4.src, ipv4.target))

                #ICMP
                if ipv4.proto == 1:
                    icmp = ICMP(ipv4.data)
                    print(TAB_1 + 'ICMP Packet:')
                    print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(
                        icmp.type, icmp.code, icmp.checksum))
                    print(TAB_2 + 'ICMP Data:')
                    print(format_multi_line(DATA_TAB_3, icmp.data))

                #TCP Segments
                elif ipv4.proto == 6:
                    tcp = TCP(ipv4.data)
                    print(TAB_1 + 'TCP Segment:')
                    print(TAB_2 +
                          'Source Port: {}, Destination Port: {}'.format(
                              tcp.src_port, tcp.dest_port))
                    print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
                        tcp.sequence, tcp.acknowledgment))
                    print(TAB_2 + 'Flags:')
                    print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
                        tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
                    print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
                        tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))

                    if len(tcp.data) > 0:

                        # HTTP
                        if tcp.src_port == 80 or tcp.dest_port == 80:
                            print(TAB_2 + 'HTTP Data:')
                            try:
                                http = HTTP(tcp.data)
                                http_info = str(http.data).split('\n')
                                for line in http_info:
                                    print(DATA_TAB_3 + str(line))
                            except:
                                print(format_multi_line(DATA_TAB_3, tcp.data))
                        else:
                            print(TAB_2 + 'TCP Data:')
                            print(format_multi_line(DATA_TAB_3, tcp.data))

                #UDP Segments
                elif ipv4.proto == 17:
                    udp = UDP(ipv4.data)
                    print(TAB_1 + 'UDP Segment:')
                    print(TAB_2 +
                          'Source Port: {}, Destination Port: {}, Length: {}'.
                          format(udp.src_port, udp.dest_port, udp.size))

                # Other IPv4
                else:
                    print(TAB_1 + 'Other IPv4 Data:')
                    print(format_multi_line(DATA_TAB_2, ipv4.data))
                n += 1

            else:
                print('Ethernet Data:')
                print(format_multi_line(DATA_TAB_1, eth.data))
                n += 1
        sys.exit()

Beispiel #13

0

Datei anzeigen

Datei: sniffer.py Projekt: kaysiz/Python-Packet-Sniffer

def main():
    pcap = Pcap('capture.pcap')
    conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    conn.bind(('127.0.0.1', 2055))
    conn.listen(5)
    while True:
        raw_data, addr = conn.recvfrom(65535)
        pcap.write(raw_data)
        eth = Ethernet(raw_data)

        print('\nEthernet Frame:')
        print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
            eth.dest_mac, eth.src_mac, eth.proto))

        # IPv4
        if eth.proto == 8:
            ipv4 = IPv4(eth.data)
            # print(TAB_1 + 'IPv4 Packet:')
            # print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
            # print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
            # # ICMP
            # if ipv4.proto == 1:
            #     icmp = ICMP(ipv4.data)
            #     print(TAB_1 + 'ICMP Packet:')
            #     print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
            #     print(TAB_2 + 'ICMP Data:')
            #     print(format_multi_line(DATA_TAB_3, icmp.data))

            # # TCP
            # elif ipv4.proto == 6:
            #     tcp = TCP(ipv4.data)
            #     if tcp.dest_port == 2055:
            #         print(TAB_1 + 'TCP Segment:')
            #         print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
            #         print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
            #         print(TAB_2 + 'Flags:')
            #         print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
            #         print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))

            #         if len(tcp.data) > 0:
            #             print(TAB_2 + 'TCP Data:')
            #             print(format_multi_line(DATA_TAB_3, tcp.data))

            # UDP
            if ipv4.proto == 17:
                udp = UDP(ipv4.data)
                if udp.dest_port == 2055:
                    print(TAB_1 + 'UDP Segment:')
                    print(TAB_2 +
                          'Source Port: {}, Destination Port: {}, Length: {}'.
                          format(udp.src_port, udp.dest_port, udp.size))

            # Other IPv4
            else:
                print(TAB_1 + 'Other IPv4 Data:')
                # print(format_multi_line(DATA_TAB_2, ipv4.data))
                print(binascii.hexlify(ipv4.data))

        else:
            print('Ethernet Dataffgf:')
            print(format_multi_line(DATA_TAB_1, eth.data))

    pcap.close()

Beispiel #14

0

Datei anzeigen

Datei: Runsniffer.py Projekt: trungdungit45/idsoftware

def checkSniffer(eth, _listFrameEth):
    _WarningEth = 0
    listblackip1 = blackIP()
    listblackip = listblackip1.readIP()
    if eth.proto == 8:
        ipv4 = IPv4(eth.data)
        ipsource = ipv4.src
        ipdesti = ipv4.target
        proto = ipv4.proto
        _tcpsrc_port = 0
        _tcpdest_port = 0
        _tcplendata = 0
        if ipv4.proto != 6:
            flagfin = 0
            flagsyn = 0
            flagrst = 0
            flagpsh = 0
            flagack = 0
            flagurg = 0
        else:
            tcp = TCP(ipv4.data)
            flagfin = int(tcp.flag_fin)
            flagsyn = int(tcp.flag_syn)
            flagrst = int(tcp.flag_rst)
            flagpsh = int(tcp.flag_psh)
            flagack = int(tcp.flag_ack)
            flagurg = int(tcp.flag_urg)
            _tcpsrc_port = tcp.src_port
            _tcpdest_port = tcp.dest_port
            _tcpldata = tcp.data
        if (ipv4.proto == 6 and _tcpsrc_port == 80 or _tcpdest_port == 80):
            _WarningEth = checkSqlInjection(HTTP(tcp.data)).check
        elif ipsource == ipdesti:
            _WarningEth = checkLandAttack(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn, flagrst, flagpsh, flagack, flagurg).check
        elif (proto == 1):
            icmp = ICMP(ipv4.data)
            _lenicmp = len(icmp.data)
            _WarningEth = checkpingofDead(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn, flagrst, flagpsh, flagack, flagurg, _lenicmp).check
        elif(_WarningEth == 0 and proto == 6):
            if (flagfin == 1 
            and flagurg == 1 
            and flagpsh == 1 
            and proto == 6):
                _WarningEth = checkXmasScan(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn ,flagrst ,flagpsh, flagack, flagurg).check
            elif(flagfin == 1 
            and proto == 6):
                _WarningEth = checkFINScan(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn ,flagrst ,flagpsh, flagack, flagurg).check
            elif(flagfin == 0
            and flagsyn == 0
            and flagrst == 0
            and flagpsh == 0
            and flagack == 0
            and flagurg == 0
            and proto == 6):
                _WarningEth = checkNULLScan(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn ,flagrst ,flagpsh, flagack, flagurg).check
        elif(ipv4.proto ==17 and len(UDP(ipv4.data).data) == 0):
            _WarningEth = checkUDPscan(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn ,flagrst ,flagpsh, flagack, flagurg).check
        RefeshlistFrame(_listFrameEth, ipsource, ipdesti, proto,flagfin, flagsyn ,flagrst ,flagpsh ,flagack ,flagurg)
        AddtoFrame(_listFrameEth, ipsource, ipdesti, 1, proto, flagfin, flagsyn ,flagrst ,flagpsh ,flagack ,flagurg)
        if(_WarningEth != 0):
            inBlackIP = 0
            for x in range(0,len(listblackip)):
                if ipsource + '\n' == listblackip[x]:
                    inBlackIP = 1
            if (inBlackIP == 0):
                Ip = blackIP()
                Ip.appendIP(ipsource+'\n')
        elif(len(listblackip) > 0 and _WarningEth == 0):
            for x in range(0,len(listblackip)):
                if ipsource + '\n' == listblackip[x]:
                    _WarningEth = 99
                if ipdesti + '\n' == listblackip[x]:
                    _WarningEth = 98
        #printFrame(_listFrameEth)
    return _WarningEth

Beispiel #15

0

Datei anzeigen

Datei: sniffer.py Projekt: coolwaze/neural-intrusion-detection

def main():

    timed_packets_tcp = []
    timed_packets_udp = []
    pcap = Pcap('capture.pcap')
    conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))

    while True:
        raw_data, addr = conn.recvfrom(65535)
        pcap.write(raw_data)
        eth = Ethernet(raw_data)

        # print('\nEthernet Frame:')
        # print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))

        # Get count feature
        # Analyze the packets for last two seconds.

        # IPv4
        if eth.proto == 8:
            ipv4 = IPv4(eth.data)
            # print(TAB_1 + 'IPv4 Packet:')
            # print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
            # print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))

            # ICMP
            if ipv4.proto == 1:
                icmp = ICMP(ipv4.data)

                # print(TAB_1 + 'ICMP Packet:')
                # print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
                # print(TAB_2 + 'ICMP Data:')
                # print(format_multi_line(DATA_TAB_3, icmp.data))

            # TCP
            elif ipv4.proto == 6:
                tcp = TCP(ipv4.data)
                protocol_type = 6
                print(TAB_1 + 'TCP Segment:')
                print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
                    tcp.src_port, tcp.dest_port))
                print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
                    tcp.sequence, tcp.acknowledgment))
                print(TAB_2 + 'Flags:')
                print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
                    tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
                print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
                    tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))

                try:
                    service = get_service_from_port(tcp.dest_port)
                except:
                    try:
                        service = get_service_from_port(tcp.src_port)
                    except:
                        service = "private"

                timed_packets_tcp, same_host_count, same_service_count, same_srv_rate, diff_srv_rate, diff_host_rate, land = two_sec_analysis_tcp(
                    timed_packets_tcp, eth.dest_mac, eth.src_mac, tcp.src_port,
                    tcp.dest_port, tcp.sequence, tcp.acknowledgment,
                    tcp.flag_urg)

                classify(sess, protocol_type, service, land, same_host_count,
                         same_service_count, tcp.flag_urg, same_srv_rate,
                         diff_srv_rate, diff_host_rate)
                # if tcp.flag_urg == 0 and tcp.flag_ack == 0 and tcp.flag_psh == 0 and  tcp.flag_rst == 0 and tcp.flag_syn == 1 and tcp.flag_fin == 0:
                #     print("SYN Request Sent!")
                #     print("connection started")
                #     pass
                # elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and  tcp.flag_rst == 0 and tcp.flag_syn == 1 and tcp.flag_fin == 0:
                #     print("SYN-ACK Request Sent!")
                #     pass
                # elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and  tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
                #     print("ACK Request Sent!")
                #     pass

                # elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and  tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
                #     print("ACK Request Sent!")
                #     pass

                # elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and  tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
                #     print("ACK Request Sent!")
                #     pass

                # elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and  tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
                #     print("ACK Request Sent!")
                #     pass

                # if len(tcp.data) > 0:
                #     # HTTP
                #     if tcp.src_port == 80 or tcp.dest_port == 80:
                #         # print(TAB_2 + 'HTTP Data:')
                #         try:
                #             http = HTTP(tcp.data)
                #             http_info = str(http.data).split('\n')
                #             for line in http_info:
                #                 print(DATA_TAB_3 + str(line))
                #         except:
                #             print("")
                #             # print(format_multi_line(DATA_TAB_3, tcp.data))
                #     else:
                #         print("")
                #         # print(TAB_2 + 'TCP Data:')
                #         # print(format_multi_line(DATA_TAB_3, tcp.data))

            # UDP
            elif ipv4.proto == 17:
                udp = UDP(ipv4.data)
                protocol_type = 17
                service = 'other'
                print(TAB_1 + 'UDP Segment:')
                print(TAB_2 +
                      'Source Port: {}, Destination Port: {}, Length: {}'.
                      format(udp.src_port, udp.dest_port, udp.size))
                flag_urg = 0
                timed_packets_udp, same_host_count, same_service_count, same_srv_rate, diff_srv_rate, diff_host_rate, land = two_sec_analysis_udp(
                    timed_packets_udp, eth.dest_mac, eth.src_mac, udp.src_port,
                    udp.dest_port)
                classify(sess, protocol_type, service, land, same_host_count,
                         same_service_count, flag_urg, same_srv_rate,
                         diff_srv_rate, diff_host_rate)

            # Other IPv4
            else:
                print("")
                # print(TAB_1 + 'Other IPv4 Data:')
                # print(format_multi_line(DATA_TAB_2, ipv4.data))

        else:
            print("")
            # print('Ethernet Data:')
            # print(format_multi_line(DATA_TAB_1, eth.data))

    pcap.close()

Beispiel #16

0

Datei anzeigen

Datei: pcap_analyser.py Projekt: firastayeb1/try3

def main(file_name, type_addr=None, src=None, dest=None):
    file = open(file_name, 'rb')
    pcapfile = savefile.load_savefile(file, verbose=True)

    b = True
    i = 1
    try:
        packet = pcapfile.packets[0]
        raw_data = packet.raw()
    except:
        print("end of file ")
        b = False
    while b:

        eth = Ethernet(raw_data)
        if (type_addr == '-m' and src == eth.src_mac and dest
                == eth.dest_mac) or type_addr == None or type_addr == 'ip':
            print('\nEthernet Frame:')
            print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
                eth.dest_mac, eth.src_mac, eth.proto))

            # IPv4
            if eth.proto == 8:
                ipv4 = IPv4(eth.data)
                if (type_addr == 'ip' and src == ipv4.src
                        and dest == ipv4.target
                    ) or type_addr == '-m' or type_addr == None:
                    print(TAB_1 + 'IPv4 Packet:')
                    print(TAB_2 +
                          'Version: {}, Header Length: {}, TTL: {},'.format(
                              ipv4.version, ipv4.header_length, ipv4.ttl))
                    print(TAB_2 +
                          'Protocol: {}, Source: {}, Target: {}'.format(
                              ipv4.proto, ipv4.src, ipv4.target))

                    # TCP
                    #elif ipv4.proto == 6:
                    if ipv4.proto == 6:
                        tcp = TCP(ipv4.data)
                        print(TAB_1 + 'TCP Segment:')
                        print(TAB_2 +
                              'Source Port: {}, Destination Port: {}'.format(
                                  tcp.src_port, tcp.dest_port))
                        print(TAB_2 +
                              'Sequence: {}, Acknowledgment: {}'.format(
                                  tcp.sequence, tcp.acknowledgment))
                        print(TAB_2 + 'Flags:')
                        print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
                            tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
                        print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
                            tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
                        #if len(tcp.data) > 0 :
                        #	print(TAB_3 + 'WINDOW: {}'.format(struct.unpack('! H', tcp.data[:2]))

                        if len(tcp.data) > 0:
                            print(TAB_3 + 'WINDOW: {}'.format(tcp.win))

# UDP
                    elif ipv4.proto == 17:
                        udp = UDP(ipv4.data)
                        print(TAB_1 + 'UDP Segment:')
                        print(
                            TAB_2 +
                            'Source Port: {}, Destination Port: {}, Length: {}'
                            .format(udp.src_port, udp.dest_port, udp.size))

        try:
            packet = pcapfile.packets[i]
            raw_data = packet.raw()
            i += 1
        except:
            print("end of file ")
            b = False
    file.close()

Beispiel #17

0

Datei anzeigen

Datei: sniffer.py Projekt: ACE857/Packet-Capture-IPFS-Ethereum

def main(packetSize=1000):
    pcap = Pcap('capture.pcap')
    conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
    count = 0
    while packetSize > count:
        count += 1
        raw_data, addr = conn.recvfrom(65535)
        pcap.write(raw_data)
        eth = Ethernet(raw_data)

        print('\nEthernet Frame:')
        print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
            eth.dest_mac, eth.src_mac, eth.proto))

        # IPv4
        if eth.proto == 8:
            ipv4 = IPv4(eth.data)
            print(TAB_1 + 'IPv4 Packet:')
            print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(
                ipv4.version, ipv4.header_length, ipv4.ttl))
            print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
                ipv4.proto, ipv4.src, ipv4.target))

            # ICMP
            if ipv4.proto == 1:
                icmp = ICMP(ipv4.data)
                print(TAB_1 + 'ICMP Packet:')
                print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(
                    icmp.type, icmp.code, icmp.checksum))
                print(TAB_2 + 'ICMP Data:')
                print(format_multi_line(DATA_TAB_3, icmp.data))

            # TCP
            elif ipv4.proto == 6:
                tcp = TCP(ipv4.data)
                print(TAB_1 + 'TCP Segment:')
                print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
                    tcp.src_port, tcp.dest_port))
                print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
                    tcp.sequence, tcp.acknowledgment))
                print(TAB_2 + 'Flags:')
                print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
                    tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
                print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
                    tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))

                if len(tcp.data) > 0:

                    # HTTP
                    if tcp.src_port == 80 or tcp.dest_port == 80:
                        print(TAB_2 + 'HTTP Data:')
                        try:
                            http = HTTP(tcp.data)
                            http_info = str(http.data).split('\n')
                            for line in http_info:
                                print(DATA_TAB_3 + str(line))
                        except:
                            print(format_multi_line(DATA_TAB_3, tcp.data))
                    else:
                        print(TAB_2 + 'TCP Data:')
                        print(format_multi_line(DATA_TAB_3, tcp.data))

            # UDP
            elif ipv4.proto == 17:
                udp = UDP(ipv4.data)
                print(TAB_1 + 'UDP Segment:')
                print(TAB_2 +
                      'Source Port: {}, Destination Port: {}, Length: {}'.
                      format(udp.src_port, udp.dest_port, udp.size))

            # Other IPv4
            else:
                print(TAB_1 + 'Other IPv4 Data:')
                print(format_multi_line(DATA_TAB_2, ipv4.data))

        else:
            print('Ethernet Data:')
            print(format_multi_line(DATA_TAB_1, eth.data))

    pcap.close()

Beispiel #18

0

Datei anzeigen

Datei: packet.py Projekt: dheerajtrivedi/Python-Packet-Sniffer

    def __init__(self, data):
        self.src_mac = None
        self.dest_mac = None
        self.eth_type = None
        self.ip_version = None
        self.dest_ip = None
        self.src_ip = None
        self.ip_header_length= None
        self.ttl = None
        self.ip_protocol = None
        self.dest_port = None
        self.src_port = None
        self.tcp_sequence = None
        self.tcp_ack = None
        self.tcp_flag_urg = None
        self.tcp_flag_ack = None
        self.tcp_flag_psh = None
        self.tcp_flag_rst = None
        self.tcp_flag_syn = None
        self.tcp_flag_fin = None
        self.udp_length = None
        self.icmp_type = None
        self.icmp_code = None
        self.icmp_checksum = None
        self.info = '-'

        eth = Ethernet(data)
        self.dest = self.dest_mac = eth.dest_mac
        self.src = self.src_mac = eth.src_mac
        self.proto = 'Ethernet II'
        self.eth_type = eth.proto
        self.length = eth.length
        self.info = '-'
        if eth.proto == 8:
            ipv4 = IPv4(eth.data)
            self.dest = ipv4.target
            self.src = ipv4.src
            self.proto = 'IPv4'

            self.eth_type = 'IPv4'
            self.ip_version = ipv4.version
            self.dest_ip = ipv4.target
            self.src_ip = ipv4.src
            self.ip_header_length= ipv4.header_length
            self.ttl = ipv4.ttl

            if ipv4.proto == 1:
                self.proto = 'ICMP'
                self.ip_protocol = 'ICMP'
                icmp = ICMP(ipv4.data)
                self.icmp_type = icmp.type
                self.icmp_code = icmp.code
                self.icmp_checksum = icmp.checksum
            elif ipv4.proto == 6:
                self.proto = 'TCP'
                self.ip_protocol = 'TCP'
                tcp = TCP(ipv4.data)
                self.dest_port = tcp.src_port
                self.src_port = tcp.dest_port
                self.tcp_sequence = tcp.sequence
                self.tcp_ack = tcp.acknowledgment
                self.tcp_flag_urg = tcp.flag_urg
                self.tcp_flag_ack = tcp.flag_ack
                self.tcp_flag_psh = tcp.flag_psh
                self.tcp_flag_rst = tcp.flag_rst
                self.tcp_flag_syn = tcp.flag_syn
                self.tcp_flag_fin = tcp.flag_fin
            elif ipv4.proto == 14:
                self.proto = 'UDP'
                udp = UDP(ipv4.data)
                self.src_port = udp.src_port
                self.dest_port = udp.dest_port
                self.udp_length = udp.size

Beispiel #19

0

Datei anzeigen

def main():
    #pcap is used to live capture network traffic
    pcap = Pcap('capture.pcap')
    #Creates a socket using
    #Check that its compatible and make sure its in little or big indian
    conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
    #Keeps looping and capturing data
    while True:
        #buffer size is set to 65535
        raw_data, addr = conn.recvfrom(65535)
        #storing the data
        #capturing it
        pcap.write(raw_data)
        eth = Ethernet(raw_data)
        #{} place order for each variable
        print('\nEthernet Frame:')
        print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
            eth.dest_mac, eth.src_mac, eth.proto))

        #Unpacking IP Headers
        # IPv4
        #Make sure using regular internet traffic
        #which is IPv4
        if eth.proto == 8:
            #calling class ip4
            #passing capture data into class
            #analysing and using its methods
            ipv4 = IPv4(eth.data)
            print(TAB_1 + 'IPv4 Packet:')
            print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(
                ipv4.version, ipv4.header_length, ipv4.ttl))
            print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
                ipv4.proto, ipv4.src, ipv4.target))

            # ICMP
            if ipv4.proto == 1:
                #after analysing the capture data
                #ipv4 determines which type of protocol the prackage is from
                #1 for ICMP
                ipv4 = IPv4(eth.data)
                icmp = ICMP(ipv4.data)
                #analyses using icmp class
                print(TAB_1 + 'ICMP Packet:')
                print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(
                    icmp.type, icmp.code, icmp.checksum))
                print(TAB_2 + 'ICMP Data:')
                print(format_multi_line(DATA_TAB_3, icmp.data))

            # TCP
            elif ipv4.proto == 6:
                #after analysing the capture data
                #ipv4 determines which type of protocol the prackage is from
                #6 for ICMP
                tcp = TCP(ipv4.data)
                #analyses using icmp class
                print(TAB_1 + 'TCP Segment:')
                print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
                    tcp.src_port, tcp.dest_port))
                print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
                    tcp.sequence, tcp.acknowledgment))
                print(TAB_2 + 'Flags:')
                print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
                    tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
                print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
                    tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))

                #at least some thing is capture
                if len(tcp.data) > 0:

                    #protocol port for HTTP is 80
                    # HTTP
                    if tcp.src_port == 80 or tcp.dest_port == 80:
                        print(TAB_2 + 'HTTP Data:')
                        try:
                            #analyses using icmp class
                            http = HTTP(tcp.data)
                            http_info = str(http.data).split('\n')
                            for line in http_info:
                                print(DATA_TAB_3 + str(line))
                        except:
                            print(format_multi_line(DATA_TAB_3, tcp.data))
                    else:
                        print(TAB_2 + 'TCP Data:')
                        print(format_multi_line(DATA_TAB_3, tcp.data))

            #analyses using UDP class
            # UDP
            #17 for UDP
            elif ipv4.proto == 17:
                #analyses using UDP class
                udp = UDP(ipv4.data)
                print(TAB_1 + 'UDP Segment:')
                print(TAB_2 +
                      'Source Port: {}, Destination Port: {}, Length: {}'.
                      format(udp.src_port, udp.dest_port, udp.size))

            # Other
            else:
                print(TAB_1 + 'Other IPv4 Data:')
                print(format_multi_line(DATA_TAB_2, ipv4.data))

        else:
            #this remaining is the payload of data
            #data that meaningless or which we cant yet interpret
            print('Ethernet Data:')
            print(format_multi_line(DATA_TAB_1, eth.data))
    #closing the library after use
    pcap.close()

Beispiel #20

0

Datei anzeigen

   def start(self):

     pcap = Pcap('capture.pcap')
     conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))

     for i in range(0, 70):
        x=time.clock()
        raw_data, addr = conn.recvfrom(65535)
        pcap.write(raw_data)
        eth = Ethernet(raw_data)

        print('\nEthernet Frame:')
        print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
        mydialog.print_to_tabl(self, i, 0, str(i+1))
        mydialog.print_to_tabl(self, i, 1, str(x))

        # IPv4
        if eth.proto == 8:
            ipv4 = IPv4(eth.data)
            print(TAB_1 + 'IPv4 Packet:')
            print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
            print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
            mydialog.print_to_tabl(self, i, 2, ipv4.src)
            mydialog.print_to_tabl(self, i, 3, ipv4.target)
            mydialog.print_to_tabl(self, i, 5,str(ipv4.header_length))

            # ICMP
            if ipv4.proto == 1:

                icmp = ICMP(ipv4.data)
                print(TAB_1 + 'ICMP Packet:')
                print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
                print(TAB_2 + 'ICMP Data:')
                print(format_multi_line(DATA_TAB_3, icmp.data))
                mydialog.print_to_tabl(self,i, 4, "ICMP")

            # TCP
            elif ipv4.proto == 6:
                tcp = TCP(ipv4.data)
                print(TAB_1 + 'TCP Segment:')
                print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
                print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
                print(TAB_2 + 'Flags:')
                print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
                print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
                mydialog.print_to_tabl(self,i, 4, "tcp")
                mydialog.print_to_tabl(self, i, 6,'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment) )

                if len(tcp.data) > 0:

                    # HTTP
                    if tcp.src_port == 80 or tcp.dest_port == 80:
                        print(TAB_2 + 'HTTP Data:')
                        try:
                            http = HTTP(tcp.data)
                            http_info = str(http.data).split('\n')
                            for line in http_info:
                                print(DATA_TAB_3 + str(line))
                        except:
                            print(format_multi_line(DATA_TAB_3, tcp.data))
                    else:
                        print(TAB_2 + 'TCP Data:')
                        print(format_multi_line(DATA_TAB_3, tcp.data))

            # UDP
            elif ipv4.proto == 17:
                udp = UDP(ipv4.data)
                print(TAB_1 + 'UDP Segment:')
                print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port,
                                                                                         udp.size))
                mydialog.print_to_tabl(self,i, 4, "UDP")

            # Other IPv4
            else:
                print(TAB_1 + 'Other IPv4 Data:')
                print(format_multi_line(self,DATA_TAB_2, ipv4.data))
                mydialog.print_to_tabl(self, i, 4, "ICMP")

       # else:
            #print('Ethernet Data:')
            #print(format_multi_line(DATA_TAB_1, eth.data))
            #mydialog.print_to_tabl(self, i, 6, str(eth.data))

        # if pushButton_2.clicked :
        #  break

     pcap.close()

Beispiel #21

0

Datei anzeigen

def main():
    report = Report()
    conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))

    while True:

        #check if date passes
        if report.current_date != date.today().strftime("%d_%m_%Y"):
            #create new report
            report = Report()
            print ("New Date")

        raw_data, addr = conn.recvfrom(65535)
        #pcap.write(raw_data)
        eth = Ethernet(raw_data)

        print('\nEthernet Frame:')
        print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))

        # IPv4
        if eth.proto == 8:
            ipv4 = IPv4(eth.data)
            print(TAB_1 + 'IPv4 Packet:')
            print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
            print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))

            # ICMP
            if ipv4.proto == 1:
                icmp = ICMP(ipv4.data)
                print(TAB_1 + 'ICMP Packet:')
                print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
                print(TAB_2 + 'ICMP Data:')
                print(format_multi_line(DATA_TAB_3, icmp.data))

            # TCP
            elif ipv4.proto == 6:
                tcp = TCP(ipv4.data)
                print(TAB_1 + 'TCP Segment:')
                print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
                print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
                print(TAB_2 + 'Flags:')
                print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
                print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))

                if len(tcp.data) > 0:

                    # HTTP
                    if tcp.src_port == 80 or tcp.dest_port == 80 or tcp.dest_port == 443 or tcp.src_port == 443 :
                        print(TAB_2 + 'HTTP Data:')
                        try:
                            http = HTTP(tcp.data)
                            http_info = str(http.data).split('\n')
                            for line in http_info:
                                print(DATA_TAB_3 + str(line))

                               
                                # add line to report
                                report.add_row(ipv4.src,ipv4.target)

                        except:
                            print(format_multi_line(DATA_TAB_3, tcp.data))
                    else:
                        print(TAB_2 + 'TCP Data:')
                        print(format_multi_line(DATA_TAB_3, tcp.data))

            # UDP
            elif ipv4.proto == 17:
                udp = UDP(ipv4.data)
                print(TAB_1 + 'UDP Segment:')
                print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))

            # Other IPv4
            else:
                print(TAB_1 + 'Other IPv4 Data:')
                print(format_multi_line(DATA_TAB_2, ipv4.data))

        else:
            print('Ethernet Data:')
            print(format_multi_line(DATA_TAB_1, eth.data))

Beispiel #22

0

Datei anzeigen

Datei: views.py Projekt: maxvonhippel/pcap-parser

 #if eth.proto == 8:
           # ipv4 = IPv4(eth.data)
           # print('IPv4 Packet:')
           #   print('Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
           #   print('Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))



def index(request):
    answer = ''
 	answer.append(str('<head><style>table, th, td {border: 1px solid black;border-collapse: collapse;}</style></head><body><table><tr><th>Time Stamp</th><th>Destination MAC</th><th>Source MAC</th><th>Protocol</th><th>IP Version</th><th>IP Header Length</th><th>TTL</th><th>Protocol</th><th>Source IP</th><th>Target IP</th><th>Source Port</th><th>Destination Port</th><th>Length</th></tr>'))
    for raw_data in range(5):
        raw_data , addr = s.recvfrom(65565)
        pcap.write(raw_data)
        unpacked = struct.unpack('@ I H H i I I I I I I I', raw_data[:40])
        timestamp = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(unpacked))
        eth = Ethernet(raw_data)
        ipv4 = IPv4(eth.data)
        icmp = ICMP ( ipv4.data )
        tcp = TCP (ipv4.data)
        udp = UDP (ipv4.data)
       # pcap =Pcap(pcap.data)

        answer.append (str('<tr><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th></tr>'.format(timestamp, eth.dest_mac, eth.src_mac, eth.proto, ipv4.version, ipv4.header_length, ipv4.ttl, nipv4.proto, ipv4.src, ipv4.target, tcp.src_port, tcp.dest_port, udp.src_port, udp.dest_port, udp.size)))

    answer.append (str('</table></body>'))

    return HttpResponse(answer)

Beispiel #23

0

Datei anzeigen

def main():
    pcap = Pcap("capture.pcap")
    conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))

    while True:
        raw_data, addr = conn.recvfrom(65535)
        pcap.write(raw_data)
        eth = Ethernet(raw_data)

        print("\nEthernet Frame:")
        print(
            f"{TAB_1}Destination: {eth.dest_mac}, Source: {eth.src_mac}, Protocol: {eth.proto}"
        )

        # IPv4
        if eth.proto == 8:
            ipv4 = IPv4(eth.data)
            print(TAB_1 + "IPv4 Packet:")
            print(TAB_2 + "Version: {}, Header Length: {}, TTL: {},".format(
                ipv4.version, ipv4.header_length, ipv4.ttl))
            print(TAB_2 + "Protocol: {}, Source: {}, Target: {}".format(
                ipv4.proto, ipv4.src, ipv4.target))

            # ICMP
            if ipv4.proto == 1:
                icmp = ICMP(ipv4.data)
                print(TAB_1 + "ICMP Packet:")
                print(TAB_2 + "Type: {}, Code: {}, Checksum: {},".format(
                    icmp.type, icmp.code, icmp.checksum))
                print(TAB_2 + "ICMP Data:")
                print(format_multi_line(DATA_TAB_3, icmp.data))

            # TCP
            elif ipv4.proto == 6:
                tcp = TCP(ipv4.data)
                print(TAB_1 + "TCP Segment:")
                print(TAB_2 + "Source Port: {}, Destination Port: {}".format(
                    tcp.src_port, tcp.dest_port))
                print(TAB_2 + "Sequence: {}, Acknowledgment: {}".format(
                    tcp.sequence, tcp.acknowledgment))
                print(TAB_2 + "Flags:")
                print(TAB_3 + "URG: {}, ACK: {}, PSH: {}".format(
                    tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
                print(TAB_3 + "RST: {}, SYN: {}, FIN:{}".format(
                    tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))

                if len(tcp.data) > 0:

                    # HTTP
                    if tcp.src_port == 80 or tcp.dest_port == 80:
                        print(TAB_2 + "HTTP Data:")
                        try:
                            http = HTTP(tcp.data)
                            http_info = str(http.data).split("\n")
                            for line in http_info:
                                print(DATA_TAB_3 + str(line))
                        except:
                            print(format_multi_line(DATA_TAB_3, tcp.data))
                    else:
                        print(TAB_2 + "TCP Data:")
                        print(format_multi_line(DATA_TAB_3, tcp.data))

            # UDP
            elif ipv4.proto == 17:
                udp = UDP(ipv4.data)
                print(TAB_1 + "UDP Segment:")
                print(TAB_2 +
                      "Source Port: {}, Destination Port: {}, Length: {}".
                      format(udp.src_port, udp.dest_port, udp.size))

            # Other IPv4
            else:
                print(TAB_1 + "Other IPv4 Data:")
                print(format_multi_line(DATA_TAB_2, ipv4.data))

        else:
            print("Ethernet Data:")
            print(format_multi_line(DATA_TAB_1, eth.data))

    pcap.close()

Beispiel #24

0

Datei anzeigen

def main(type_addr=None, src=None, dest=None, file_name=None):
    #code of .pcap file analyzer
    if file_name != None:
        file = open(file_name, 'rb')
        pcapfile = savefile.load_savefile(file, verbose=True)

        b = True
        i = 1
        try:
            packet = pcapfile.packets[0]
            raw_data = packet.raw()
            size = packet.packet_len
        except:
            print("empty file !")
            b = False
        #code to read and analyze .pcap file with the protocol Linux cooked capture
        while b:
            if 1:

                if 1:
                    #ipv4 = IPv4(eth.data)
                    ipv4 = IPv4(raw_data[16:])
                    if (type_addr == '-ip' and src == ipv4.src
                            and dest == ipv4.target
                        ) or type_addr == '-m' or type_addr == None:
                        print(TAB_1 + 'IPv4 Packet: No:{}'.format(i))
                        print(
                            TAB_2 +
                            'Version: {}, Header Length: {}, TTL: {},'.format(
                                ipv4.version, ipv4.header_length, ipv4.ttl))
                        print(TAB_2 +
                              'Protocol: {}, Source: {}, Target: {}'.format(
                                  ipv4.proto, ipv4.src, ipv4.target))

                        # TCP
                        #elif ipv4.proto == 6:
                        if ipv4.proto == 6:
                            tcp = TCP(ipv4.data)
                            add_info(ipv4.src, ipv4.target, tcp.sequence,
                                     tcp.flag_fin, packet, tcp,
                                     packet.packet_len)
                            print(TAB_1 + 'TCP Segment:')
                            print(TAB_2 +
                                  'Source Port: {}, Destination Port: {}'.
                                  format(tcp.src_port, tcp.dest_port))
                            print(TAB_2 +
                                  'Sequence: {}, Acknowledgment: {}'.format(
                                      tcp.sequence, tcp.acknowledgment))
                            print(TAB_2 + 'Flags:')
                            print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
                                tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
                            print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
                                tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))

                            if len(tcp.data) > 0:
                                print(TAB_3 + 'WINDOW: {}'.format(tcp.win))

# UDP
                        elif ipv4.proto == 17:
                            udp = UDP(ipv4.data)
                            print(TAB_1 + 'UDP Segment:')
                            print(
                                TAB_2 +
                                'Source Port: {}, Destination Port: {}, Length: {}'
                                .format(udp.src_port, udp.dest_port, udp.size))

            try:
                packet = pcapfile.packets[i]
                raw_data = packet.raw()
                size = packet.packet_len
                i += 1
            except:
                print("end of file ")
                b = False
                file.close()
    #code of real time analyzer in a local network
    else:
        file = Pcap('capture.pcap')
        conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
                             socket.ntohs(3))

        i = 0
        while True:
            if keyboard.is_pressed('q'):
                break
            raw_data, addr = conn.recvfrom(65535)

            i += 1

            eth = Ethernet(raw_data)
            if keyboard.is_pressed('q'):  #press q to stop the sniffer
                break
            if (type_addr == '-m' and src == eth.src_mac and dest
                    == eth.dest_mac) or type_addr == None or type_addr == 'ip':
                file.write(raw_data)
                print('\nEthernet Frame:')
                print(TAB_1 +
                      'Destination: {}, Source: {}, Protocol: {}'.format(
                          eth.dest_mac, eth.src_mac, eth.proto))

                # IPv4
                if eth.proto == 8:
                    i += 1
                    ipv4 = IPv4(eth.data)
                    if (type_addr == 'ip' and src == ipv4.src
                            and dest == ipv4.target
                        ) or type_addr == '-m' or type_addr == None:
                        print(TAB_1 + 'IPv4 Packet: No:{}'.format(i))
                        print(
                            TAB_2 +
                            'Version: {}, Header Length: {}, TTL: {},'.format(
                                ipv4.version, ipv4.header_length, ipv4.ttl))
                        print(TAB_2 +
                              'Protocol: {}, Source: {}, Target: {}'.format(
                                  ipv4.proto, ipv4.src, ipv4.target))

                        # TCP
                        #elif ipv4.proto == 6:
                        if ipv4.proto == 6:
                            tcp = TCP(ipv4.data)
                            print(TAB_1 + 'TCP Segment:')
                            print(TAB_2 +
                                  'Source Port: {}, Destination Port: {}'.
                                  format(tcp.src_port, tcp.dest_port))
                            print(TAB_2 +
                                  'Sequence: {}, Acknowledgment: {}'.format(
                                      tcp.sequence, tcp.acknowledgment))
                            print(TAB_2 + 'Flags:')
                            print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
                                tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
                            print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
                                tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))

                            if len(tcp.data) > 0:
                                print(TAB_3 + 'WINDOW: {}'.format(tcp.win))

# UDP
                        elif ipv4.proto == 17:
                            udp = UDP(ipv4.data)
                            print(TAB_1 + 'UDP Segment:')
                            print(
                                TAB_2 +
                                'Source Port: {}, Destination Port: {}, Length: {}'
                                .format(udp.src_port, udp.dest_port, udp.size))
        file.close()
        file1 = open('capture.pcap', 'rb')
        pcapfile = savefile.load_savefile(file1, verbose=True)
        j = 0
        b = True
        packet = pcapfile.packets[0]
        raw_data = packet.raw()
        size = packet.packet_len
        while b:
            eth = Ethernet(raw_data)
            if (type_addr == '-m' and src == eth.src_mac and dest
                    == eth.dest_mac) or type_addr == None or type_addr == 'ip':

                # IPv4
                if eth.proto == 8:
                    i += 1
                    ipv4 = IPv4(eth.data)
                    if 1:

                        # TCP

                        if ipv4.proto == 6:
                            tcp = TCP(ipv4.data)
                            add_info(ipv4.src, ipv4.target, tcp.sequence,
                                     tcp.flag_fin, packet, tcp,
                                     packet.packet_len)

            try:
                packet = pcapfile.packets[j]
                raw_data = packet.raw()
                size = packet.packet_len
                j += 1
            except:
                print("end of file ")
                b = False

        file1.close()