Beispiel #1
0
    def extract_info(self, packet):
        #The data dumper for the class. Replace this with your own, extracting relevant data from the packet capture.

        analysis = self.decoder.decode(packet)

        return {
            'source': mac_address(analysis.get_ether_shost().tolist()),
            'destination': mac_address(analysis.get_ether_dhost().tolist()),
            'station_id': mac_address(analysis.get_ether_shost().tolist()),
            'reporter': [0],
            'protocol': [0],
            'timestamp': datetime.datetime.utcnow(),
            'rawdata': packet,
            'decode': analysis
        }
Beispiel #2
0
    def extract_info(self, packet):
        eth_packet = self.decoder.decode(packet)
        ip_packet = self.decoder.decode(packet).child()

        return {
            'source': ipaddr.IPv4Address(ip_packet.get_ip_src()),
            'destination': ipaddr.IPv4Address(ip_packet.get_ip_dst()),
            'station_id': mac_address(eth_packet.get_ether_shost().tolist()),
            'reporter': [0, 0x800],
            'protocol': [0, 0x800],
            'timestamp': datetime.datetime.utcnow(),
            'rawdata': packet,
            'decode': eth_packet
        }
Beispiel #3
0
    def extract_info(self, packet):
        eth = self.decoder.decode(packet)
        arp = eth.child()

        return {
            'source': ipaddr.IPv4Address(self.ip_list2int(arp.get_ar_spa())),
            'destination':
            ipaddr.IPv4Address(self.ip_list2int(arp.get_ar_tpa())),
            'station_id': mac_address(eth.get_ether_shost().tolist()),
            'reporter': [0, 0x806],
            'protocol': [0, 0x800],
            'timestamp': datetime.datetime.utcnow(),
            'rawdata': packet,
            'decode': eth
        }
Beispiel #4
0
    def extract_info(self, packet):

        eth_packet = self.decoder.decode(packet)
        ip_packet = self.decoder.decode(packet).child()
        udp_packet = ip_packet.child()
        nbns_packet = nmb.NetBIOSPacket(udp_packet.child().get_packet())

        nbns_name = nmb.decode_name(nbns_packet.get_answers())[1][0:15]
        nbns_type = ord(nmb.decode_name(nbns_packet.get_answers())[1][15])

        return {
            'source': [nbns_name, nbns_type],
            'destination': None,
            'station_id': mac_address(eth_packet.get_ether_shost().tolist()),
            'reporter': [0, 0x800, 17, 137],
            'protocol': [0, 0x800, 17, 137],
            'timestamp': datetime.datetime.utcnow(),
            'rawdata': packet,
            'decode': eth_packet
        }
Beispiel #5
0
    def extract_info(self, packet):
        #The data dumper for the class. Replace this with your own, extracting relevant data from the packet capture.

        analysis = self.decoder.decode(packet)

        if analysis.get_ether_type(
        ) < 1536:  #Not an ethertype. LLC travels within frame
            llc = analysis.child()
            ethertype = llc.get_DSAP()
        else:
            ethertype = analysis.get_ether_type()

        if ethertype == 170:  #Still not a DSAP/Ethertype/PID, but a SNAP packet
            snap = llc.child()
            ethertype = snap.get_protoID()

        return {
            'protocol': ethertype,
            'station_id': mac_address(analysis.get_ether_shost().tolist()),
            'timestamp': datetime.datetime.utcnow(),
            'rawdata': packet,
            'decode': analysis
        }