Beispiel #1
0
def dump_packets(capture, sniff_date_utc, count): # count == 0 means no limit
    pkt_no = 1
    for packet in capture.sniff_continuously(packet_count=count):
        highest_protocol, layers = get_layers(packet)
        sniff_timestamp = float(packet.sniff_timestamp)
        print "packet no.", pkt_no
        print "* protocol        -", highest_protocol
        print "* sniff date UTC  -", sniff_date_utc.strftime("%Y-%m-%d %H:%M:%S")
        print "* sniff timestamp -", sniff_timestamp
        print "* layers"
        for key in layers:
            print "\t", key, layers[key]
        print
        pkt_no += 1
Beispiel #2
0
def dump_packets(capture, file_date_utc):
    pkt_no = 1
    for packet in capture:
        highest_protocol, layers = get_layers(packet)
        sniff_timestamp = float(packet.sniff_timestamp)
        print "packet no.", pkt_no
        print "* protocol        -", highest_protocol
        print "* file date UTC   -", file_date_utc.strftime("%Y-%m-%d %H:%M:%S")
        print "* sniff date UTC  -", datetime.utcfromtimestamp(sniff_timestamp).strftime("%Y-%m-%d %H:%M:%S")
        print "* sniff timestamp -", sniff_timestamp
        print "* layers"
        for key in layers:
            print "\t", key, layers[key]
        print
        pkt_no += 1
Beispiel #3
0
def index_packets(capture, sniff_date_utc, count):
    for packet in capture.sniff_continuously(packet_count=count): # count == 0 means no limit
        highest_protocol, layers = get_layers(packet)
        sniff_timestamp = float(packet.sniff_timestamp) # use this field for ordering the packets in ES
        action = {
            "_op_type" : "index",
            "_index" : "packets-"+sniff_date_utc.strftime("%Y-%m-%d"),
            "_type" : "pcap_live",
            "_source" : {
                "sniff_date_utc" : sniff_date_utc.strftime("%Y-%m-%d %H:%M:%S"),
                "sniff_timestamp" : sniff_timestamp,
                "protocol" : highest_protocol,
                "layers" : layers
             }
        }
        yield action
Beispiel #4
0
def index_packets(capture, pcap_file, file_date_utc):
    for packet in capture:
        highest_protocol, layers = get_layers(packet)
        sniff_timestamp = float(packet.sniff_timestamp)  # use this field for ordering the packets in ES
        action = {
            "_op_type": "index",
            "_index": "packets-" + datetime.utcfromtimestamp(sniff_timestamp).strftime("%Y-%m-%d"),
            "_type": "pcap_file",
            "_source": {
                "file_name": pcap_file,
                "file_date_utc": file_date_utc.strftime("%Y-%m-%d %H:%M:%S"),
                "sniff_date_utc": datetime.utcfromtimestamp(sniff_timestamp).strftime("%Y-%m-%d %H:%M:%S"),
                "sniff_timestamp": sniff_timestamp,
                "protocol": highest_protocol,
                "layers": layers,
            },
        }
        yield action