def run_libtrace(in_uri: str, queue: aioprocessing.Queue):
"""Run librace using interface `in_uri`, sending `(flow_id, symbol, packet_clock)` triples to
the given queue."""
logging.info(f'Sniffing on interface: {in_uri}')
filter_ = libtrace.filter('udp')
with managed_trace(in_uri) as trace:
trace.conf_filter(filter_)
for packet in trace:
ip, udp = packet.ip, packet.udp
if ip is None or udp is None:
continue
src_ip, dst_ip = map(str, (ip.src_prefix, ip.dst_prefix))
src_port, dst_port = udp.src_port, udp.dst_port
flow_id = (src_ip, src_port, dst_ip, dst_port)
symbol, _ = decode_symbol_with_offset(udp.payload.data)
queue.put((flow_id, symbol, packet.erf_time))
def bridgemulticast(interface):
bridgesocket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
bridgesocket.connect(bridgehost)
print("capturing on {}".format(interface))
trace = plt.trace('bpf:{}'.format(interface))
#capturefilter = 'multicast and host 239.255.42.42 and port 5004'
capturefilter = 'udp and port 5004'
capfilter = plt.filter(capturefilter)
trace.conf_filter(capfilter)
trace.conf_promisc(True)
trace.start()
try:
for pkt in trace:
hdr = pkt.udp
if not hdr:
continue
data = pkt.udp_payload.data
print(type(data))
if not data:
continue
if len(data) < 1000:
continue
try:
s = bridgesocket.send(data)
print('sent ', s)
except:
pass
except KeyboardInterrupt:
trace.close()
sys.exit()
print "%s: isfile %s" % (full_fn, os.path.isfile(full_fn))
try:
with open(full_fn) as file:
print "File opened OK"
file.close()
except IOError as e:
print "Unable to open file" #Does not exist OR no read permissions
trace_format = "pcapfile"
#trace_format = "erf"
uri = trace_format + ':' + full_fn
print ">> uri = %s" % uri
flt = plt.filter('vlan 1051 and tcp')
print "flt = %s" % flt
t = plt.trace(uri)
t.conf_filter(flt)
t.conf_snaplen(48)
t.start()
print "+++ started"
t.pause()
print "+++ paused"
t.start()
print "+++ started again"
#out_fn = base + '/' + "pypy/pylt/plt/test-out-zlib.pcap"
out_fn = base + '/' + "pypy/pylt/plt/test-out-none.pcap"
out_uri = trace_format + ':' + out_fn
def main():
signal.signal(signal.SIGINT, signal_handler)
args = deal_with_arguments()
packets = {}
Bytes = {}
for proto in (TCP, UDP, ICMP):
packets[proto] = 0
Bytes[proto] = 0
print("Press Ctrl+C to exit.")
print("Packets processed:\t")
# Set up our storage.
try:
outputfile = open(args.db_name, 'w')
tcp_flows = FlowStorage(filename=args.db_name)
udp_flows = FlowStorage(filename=args.db_name)
icmp_flows = FlowStorage(filename=args.db_name)
dests = DestStorage(filename=args.db_name)
except Exception as e:
print("Problem setting up databases:\n\t%s" % e)
exit()
# Try opening our trace.
if ("nfdump:" in args.input):
records = search_file(args.input[7:])
parse_nfdump(records, packets, Bytes, args.interval, tcp_flows,
udp_flows, icmp_flows)
elif ("flow-tools:" in args.input):
records = flowtools.FlowSet(args.input[11:])
parse_flowtools(records, packets, Bytes, args.interval, tcp_flows,
udp_flows, icmp_flows)
else:
try:
t = plt.trace(args.input)
except Exception as e:
print("Trouble opening trace URI/device:\n\t%s" % e)
exit()
# Try setting up our filter if given one.
try:
if args.filter != None or args.target != None:
if args.filter != None and args.target != None:
args.filter = args.filter + " and "
elif args.filter == None:
args.filter = ""
if args.target != None:
args.filter = args.filter + "dst "
if '/' in args.target:
args.filter = args.filter + "net "
args.filter = args.filter + args.target
f = plt.filter(args.filter)
print("Applying filter \"%s\"" % args.filter)
t.conf_filter(f)
except Exception as e:
print("Trouble applying bpf filter: \'%s\'\n\t%s" %
(args.filter, e))
exit()
try:
t.start()
except Exception as e:
print(e)
exit()
parse_pcap(t, packets, Bytes, args.interval, tcp_flows, udp_flows,
icmp_flows)
print("\n************ OVERALL STATS ******************\n")
print(
"TCP packets\t%s\tBytes\t%s\nUDP packets\t%s\tBytes\t%s\nICMP packets\t%s\tBytes\t%s\n"
% (packets[TCP], Bytes[TCP], packets[UDP], Bytes[UDP], packets[ICMP],
Bytes[ICMP]))
print >> outputfile, "ALL %s %s %s %s %s %s" % (packets[TCP], packets[UDP],
packets[ICMP], Bytes[TCP],
Bytes[UDP], Bytes[ICMP])
dests.print_stats(tcp_flows, 'TCP', outputfile)
dests.print_stats(udp_flows, 'UDP', outputfile)
dests.print_stats(icmp_flows, 'ICMP', outputfile)
outputfile.close()
def main():
signal.signal(signal.SIGINT, signal_handler)
args = deal_with_arguments()
# Set up our storage.
try:
flows = FlowStorage(filename=args.flow_db_name,
persistant_storage=args.storage)
dests = DestStorage(filename=args.dest_db_name,
persistant_storage=args.storage)
except Exception as e:
print("Problem setting up databases:\n\t%s" % e)
exit()
# Try opening our trace.
try:
t = plt.trace(args.input)
except Exception as e:
print("Trouble opening trace URI/device:\n\t%s" % e)
exit()
# Try setting up our filter if given one.
try:
if args.filter != None or args.target != None:
if args.filter != None and args.target != None:
args.filter = args.filter + " and "
elif args.filter == None:
args.filter = ""
if args.target != None:
args.filter = args.filter + "dst "
if '/' in args.target:
args.filter = args.filter + "net "
args.filter = args.filter + args.target
f = plt.filter(args.filter)
print("Applying filter \"%s\"" % args.filter)
t.conf_filter(f)
except Exception as e:
print("Trouble applying bpf filter: \'%s\'\n\t%s" % (args.filter, e))
exit()
print("Press Ctrl+C to exit.")
# Try reading.
try:
t.start()
except Exception as e:
print(e)
exit()
# And we're off - loop for as long as we get packets (or ^C)
packet_count = 0
non_ipv4_packets = 0
non_ip_packets = 0
non_tcp_packets = 0
last_time_check_pkt_ts = 0
current_time = int(time.time())
do_stats_time = current_time + args.interval
do_updates_time = current_time + 15
last_packet_count = 0
last_ts = -2
current_ts = -1
print("Packets processed:\t"),
for pkt in t:
packet_count = packet_count + 1
last_packet_count = last_packet_count + 1
last_ts = current_ts
current_ts = pkt.seconds
if last_ts > (current_ts + .5):
print("PROBLEM: timestamps out of order: Last ts: %f this ts: %f" %
(last_ts, current_ts))
exit()
print("%012d\b\b\b\b\b\b\b\b\b\b\b\b" % packet_count),
# If we've gone through an interval's worth of packets, check the actual time
# we may be going through packets *much* faster than real-time if we're
# reading from a trace, but this keeps us from constantly checking the time
# to determine when we update/print stats.
if current_ts - last_time_check_pkt_ts > 3 or last_packet_count > 100:
current_time = int(time.time())
last_time_check_pkt_ts = current_ts
if do_stats_time < current_time:
print("\nDo stats")
dests.update_dest_info(flows, current_ts)
do_stats_time = current_time + args.interval
do_update_time = current_time + 60
print("Packets processed:\t"),
elif do_updates_time < current_time or last_packet_count > 100:
print("\nUpdating tables %d" % last_packet_count)
last_packet_count = 0
dests.update_dest_info(flows, current_ts, do_stats=False)
do_updates_time = current_time + 60
print("Packets processed:\t"),
# IP layer
ip = pkt.ip
if not ip:
non_ip_packets = non_ip_packets + 1
continue
# IPv4
if ip.version != 4:
non_ipv4_packets = non_ipv4_packets + 1
continue
# TCP is al we care about right now.
tcp = pkt.tcp
if not tcp:
non_tcp_packets = non_tcp_packets + 1
continue
# Get what we're using for dictionary keys.
pkt_src = str(ip.src_prefix)
pkt_dst = str(ip.dst_prefix)
pkt_sport = str(tcp.src_port)
pkt_dport = str(tcp.dst_port)
# Not perfect - we don't check for certain combinations (ie combinations that don't make sense).
event = OTHER
if tcp.syn_flag:
if not tcp.ack_flag:
event = SYN
else:
event = SYN_ACK
elif tcp.fin_flag:
event = FIN
elif tcp.rst_flag:
event = RST
elif tcp.ack_flag or tcp.urg_flag or tcp.psh_flag:
event = ACK_AND_DATA
else:
print("Unknown flags!")
# Ready to store.
flows.add_tcp_flow_event(current_ts, pkt_src, pkt_sport, pkt_dst,
pkt_dport, event)
print("\nDone\n")
dests.update_dest_info(flows, current_ts + DESTSTAT_TIMEOUT)
flows.close()
dests.close()
print "%s: isfile %s" % (full_fn, os.path.isfile(full_fn))
try:
with open(full_fn) as file:
print "File opened OK"
file.close()
except IOError as e:
print "Unable to open file" #Does not exist OR no read permissions
trace_format = "pcapfile"
#trace_format = "erf"
uri = trace_format + ':' + full_fn
print ">> uri = %s" % uri
flt = plt.filter('vlan 1051 and tcp')
print "flt = %s" % flt
t = plt.trace(uri)
t.conf_filter(flt)
t.conf_snaplen(48)
t.start()
print "+++ started"
t.pause()
print "+++ paused"
t.start()
print "+++ started again"
#out_fn = base + '/' + "pypy/pylt/plt/test-out-zlib.pcap"
out_fn = base + '/' + "pypy/pylt/plt/test-out-none.pcap"