def monitor():
"""
Sniffs/monitors given capturing interface
"""
print("[o] running...")
def packet_handler(header, packet):
global _count
try:
sec, usec = header.getts()
if _multiprocessing:
write_block(_buffer, _count, struct.pack("=II", sec, usec) + packet)
_n.value = _count + 1
else:
_process_packet(packet, sec, usec)
_count += 1
except socket.timeout:
pass
try:
_cap.loop(-1, packet_handler)
except KeyboardInterrupt:
print("\r[x] Ctrl-C pressed")
finally:
if _multiprocessing:
for _ in xrange(_multiprocessing.cpu_count() - 1):
write_block(_buffer, _n.value, "", BLOCK_MARKER.END)
_n.value = _n.value + 1
while _multiprocessing.active_children():
time.sleep(REGULAR_SENSOR_SLEEP_TIME)
def monitor():
"""
Sniffs/monitors given capturing interface
"""
print("[o] running...")
def packet_handler(header, packet):
global _count
try:
sec, usec = header.getts()
if _multiprocessing:
write_block(_buffer, _count,
struct.pack("=II", sec, usec) + packet)
_n.value = _count + 1
else:
_process_packet(packet, sec, usec)
_count += 1
except socket.timeout:
pass
try:
_cap.loop(-1, packet_handler)
except KeyboardInterrupt:
print("\r[x] Ctrl-C pressed")
finally:
if _multiprocessing:
for _ in xrange(_multiprocessing.cpu_count() - 1):
write_block(_buffer, _n.value, "", BLOCK_MARKER.END)
_n.value = _n.value + 1
while _multiprocessing.active_children():
time.sleep(REGULAR_SENSOR_SLEEP_TIME)
def packet_handler(header, packet):
global _count
try:
sec, usec = header.getts()
if _multiprocessing:
write_block(_buffer, _count, struct.pack("=II", sec, usec) + packet)
_n.value = _count + 1
else:
_process_packet(packet, sec, usec)
_count += 1
except socket.timeout:
pass
def packet_handler(header, packet):
global _count
try:
sec, usec = header.getts()
if _multiprocessing:
write_block(_buffer, _count, struct.pack("=II", sec, usec) + packet)
_n.value = _count + 1
else:
_process_packet(packet, sec, usec)
_count += 1
except socket.timeout:
pass
def packet_handler(datalink, header, packet):
global _count
ip_offset = None
dlt_offset = DLT_OFFSETS[datalink]
try:
if datalink == pcapy.DLT_RAW:
ip_offset = dlt_offset
elif datalink == pcapy.DLT_PPP:
if ord(packet[2]) == 0 and ord(packet[3]) == 0x21: # IPv4
ip_offset = dlt_offset
else:
if ord(packet[dlt_offset - 2]) == 8 and ord(
packet[dlt_offset - 1]) == 0: # IPv4
ip_offset = dlt_offset
elif ord(packet[dlt_offset - 2]) == 0x81 and ord(
packet[dlt_offset - 1]) == 0: # VLAN
if ord(packet[dlt_offset + 2]) == 8 and ord(
packet[dlt_offset + 3]) == 0: # IPv4
ip_offset = dlt_offset + 4
except IndexError:
pass
if ip_offset is None:
return
data = packet[ip_offset:]
try:
sec, usec = header.getts()
if _multiprocessing:
if _locks.count:
_locks.count.acquire()
write_block(_buffer, _count,
struct.pack("=II", sec, usec) + data)
_count += 1
_n.value = _count
if _locks.count:
_locks.count.release()
else:
_process_ip(data, sec, usec)
except socket.timeout:
pass
def packet_handler(datalink, header, packet):
global _count
ip_offset = None
dlt_offset = DLT_OFFSETS[datalink]
try:
if datalink == pcapy.DLT_RAW:
ip_offset = dlt_offset
elif datalink == pcapy.DLT_PPP:
if ord(packet[2]) == 0x00 and ord(packet[3]) == 0x21: # IPv4
ip_offset = dlt_offset
elif ord(packet[2]) == 0x00 and ord(packet[3]) == 0x57: # IPv6
ip_offset = dlt_offset
elif dlt_offset >= 2:
if ord(packet[dlt_offset - 2]) == 0x81 and ord(packet[dlt_offset - 1]) == 0x00: # VLAN
dlt_offset += 4
if ord(packet[dlt_offset - 2]) == 0x08 and ord(packet[dlt_offset - 1]) == 0x00: # IPv4
ip_offset = dlt_offset
elif ord(packet[dlt_offset - 2]) == 0x86 and ord(packet[dlt_offset - 1]) == 0xdd: # IPv6
ip_offset = dlt_offset
except IndexError:
pass
if ip_offset is None:
return
try:
sec, usec = header.getts()
if _multiprocessing:
if _locks.count:
_locks.count.acquire()
write_block(_buffer, _count, struct.pack("=III", sec, usec, ip_offset) + packet)
_count += 1
_n.value = _count
if _locks.count:
_locks.count.release()
else:
_process_packet(packet, sec, usec, ip_offset)
except socket.timeout:
pass
def packet_handler(datalink, header, packet):
global _count
ip_offset = None
dlt_offset = DLT_OFFSETS[datalink]
try:
if datalink == pcapy.DLT_RAW:
ip_offset = dlt_offset
elif datalink == pcapy.DLT_PPP:
if packet[2:4] in ("\x00\x21", "\x00\x57"): # (IPv4, IPv6)
ip_offset = dlt_offset
elif dlt_offset >= 2:
if packet[dlt_offset - 2:dlt_offset] == "\x81\x00": # VLAN
dlt_offset += 4
if packet[dlt_offset - 2:dlt_offset] in ("\x08\x00", "\x86\xdd"): # (IPv4, IPv6)
ip_offset = dlt_offset
except IndexError:
pass
if ip_offset is None:
return
try:
sec, usec = header.getts()
if _multiprocessing:
if _locks.count:
_locks.count.acquire()
write_block(_buffer, _count, struct.pack("=III", sec, usec, ip_offset) + packet)
_n.value = _count = _count + 1
if _locks.count:
_locks.count.release()
else:
_process_packet(packet, sec, usec, ip_offset)
except socket.timeout:
pass
def packet_handler(datalink, header, packet):
global _count
ip_offset = None
dlt_offset = DLT_OFFSETS[datalink]
try:
if datalink == pcapy.DLT_RAW:
ip_offset = dlt_offset
elif datalink == pcapy.DLT_PPP:
if packet[2:4] in ("\x00\x21", "\x00\x57"): # (IPv4, IPv6)
ip_offset = dlt_offset
elif dlt_offset >= 2:
if packet[dlt_offset - 2:dlt_offset] == "\x81\x00": # VLAN
dlt_offset += 4
if packet[dlt_offset - 2:dlt_offset] in ("\x08\x00", "\x86\xdd"): # (IPv4, IPv6)
ip_offset = dlt_offset
except IndexError:
pass
if ip_offset is None:
return
try:
sec, usec = header.getts()
if _multiprocessing:
if _locks.count:
_locks.count.acquire()
write_block(_buffer, _count, struct.pack("=III", sec, usec, ip_offset) + packet)
_n.value = _count = _count + 1
if _locks.count:
_locks.count.release()
else:
_process_packet(packet, sec, usec, ip_offset)
except socket.timeout:
pass
def packet_handler(datalink, header, packet):
global _count
ip_offset = None
dlt_offset = DLT_OFFSETS[datalink]
try:
if datalink == pcapy.DLT_RAW:
ip_offset = dlt_offset
elif datalink == pcapy.DLT_PPP:
if ord(packet[2]) == 0 and ord(packet[3]) == 0x21: # IPv4
ip_offset = dlt_offset
else:
if ord(packet[dlt_offset - 2]) == 8 and ord(packet[dlt_offset - 1]) == 0: # IPv4
ip_offset = dlt_offset
elif ord(packet[dlt_offset - 2]) == 0x81 and ord(packet[dlt_offset - 1]) == 0: # VLAN
if ord(packet[dlt_offset + 2]) == 8 and ord(packet[dlt_offset + 3]) == 0: # IPv4
ip_offset = dlt_offset + 4
except IndexError:
pass
if ip_offset is None:
return
data = packet[ip_offset:]
try:
sec, usec = header.getts()
if _multiprocessing:
with _count_lock:
count = _count
_count += 1
write_block(_buffer, count, struct.pack("=II", sec, usec) + data)
_n.value = _count
else:
_process_ip(data, sec, usec)
except socket.timeout:
pass
time.sleep(1)
print("[i] finished")
except SystemError, ex:
if "error return without" in str(ex):
print("\r[x] stopping (Ctrl-C pressed)")
else:
raise
except KeyboardInterrupt:
print("\r[x] stopping (Ctrl-C pressed)")
finally:
print("\r[i] please wait...")
if _multiprocessing:
try:
for _ in xrange(config.PROCESS_COUNT - 1):
write_block(_buffer, _n.value, "", BLOCK_MARKER.END)
_n.value = _n.value + 1
while _multiprocessing.active_children():
time.sleep(REGULAR_SENSOR_SLEEP_TIME)
except KeyboardInterrupt:
pass
def main():
print("%s (sensor) #v%s\n" % (NAME, VERSION))
parser = optparse.OptionParser(version=VERSION)
parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1])
parser.add_option("-i", dest="pcap_file", help="open pcap file for offline analysis")
parser.add_option("-p", dest="plugins", help="plugin(s) to be used per event")
parser.add_option("--console", dest="console", action="store_true", help="print events to console (too)")
parser.add_option("--debug", dest="debug", action="store_true", help=optparse.SUPPRESS_HELP)
for _cap in _caps:
threading.Thread(target=_, args=(_cap, )).start()
while threading.activeCount() > 1:
time.sleep(1)
except SystemError, ex:
if "error return without" in str(ex):
print("\r[x] Ctrl-C pressed")
else:
raise
except KeyboardInterrupt:
print("\r[x] Ctrl-C pressed")
finally:
if _multiprocessing:
for _ in xrange(_multiprocessing.cpu_count() - 1):
write_block(_buffer, _n.value, "", BLOCK_MARKER.END)
_n.value = _n.value + 1
while _multiprocessing.active_children():
time.sleep(REGULAR_SENSOR_SLEEP_TIME)
def main():
print("%s (sensor) #v%s\n" % (NAME, VERSION))
parser = optparse.OptionParser(version=VERSION)
parser.add_option("-c",
dest="config_file",
default=CONFIG_FILE,
help="Configuration file (default: '%s')" %
os.path.split(CONFIG_FILE)[-1])
options, _ = parser.parse_args()
