def packetHandler(pkt):
global mac
global icmp_pkt_arr
global udp_pkt_arr
global tcp_pkt_arr
global node
pprint.pprint(pkt)
if pkt.haslayer(IP):
ip = pkt.getlayer(IP)
ether = pkt.getlayer(Ether)
if ip.dst != None and func.inSubnet(
ip.dst) and ether.src != mac: # removing data from AP
if pkt.lastlayer().haslayer(ICMP):
if icmp_pkt_arr == 0:
icmp_pkt_arr = time.time()
else:
timeSeen = time.time()
if timeSeen - icmp_pkt_arr <= func.tau():
d.warning('[+] Possible ICMP Flood detected')
icmp_pkt_arr = timeSeen
icmp.process(pkt, node, timeSeen)
else:
# reset
d.default('[-] Resetting icmp_pkt_arr')
icmp_pkt_arr = 0
if pkt.lastlayer().haslayer(UDP):
if udp_pkt_arr == 0:
udp_pkt_arr = time.time()
else:
timeSeen = time.time()
if timeSeen - udp_pkt_arr <= func.tau():
d.warning('[+] Possible UDP Flood detected')
udp_pkt_arr = timeSeen
udp.process(pkt, node, timeSeen)
else:
# reset
d.default('[-] Resetting udp_pkt_arr')
udp_pkt_arr = 0
if pkt.lastlayer().haslayer(TCP):
if tcp_pkt_arr == 0:
tcp_pkt_arr = time.time()
else:
timeSeen = time.time()
if timeSeen - tcp_pkt_arr <= func.tau():
d.warning('[+] Possible TCP Flood detected')
tcp_pkt_arr = timeSeen
syn.process(pkt, node, timeSeen)
else:
# reset
d.default('[-] Resetting tcp_pkt_arr')
tcp_pkt_arr = 0
def packetHandler(pkt):
global mac
if pkt.haslayer(IP):
ip = pkt.getlayer(IP)
ether = pkt.getlayer(Ether)
if ip.dst != None and func.inSubnet(
ip.dst) and ether.src != mac: # removing data from AP
if pkt.lastlayer().haslayer(ICMP):
icmp.process(pkt)
if pkt.lastlayer().haslayer(UDP):
udp.process(pkt)
if pkt.lastlayer().haslayer(TCP):
syn.process(pkt)
def packetHandler(pkt):
global mac
global scenario
#d.warning(pprint.pformat(pkt))
# passing model as second param
scenario = model
global t_start
if pkt.haslayer(IP):
ip = pkt.getlayer(IP)
ether = pkt.getlayer(Ether)
if ip.dst != None and func.inSubnet(
ip.dst) and ether.src != mac: # removing data from AP
if pkt.haslayer(ICMP):
icmp.process(pkt, scenario, t_start)
if pkt.haslayer(UDP):
udp.process(pkt, scenario, t_start)
if pkt.haslayer(TCP):
tcp.process(pkt, scenario, t_start)
def decode(pkt):
decoded_pkt = []
# EAPOL
if pkt.haslayer(EAPOL):
ether_frame = pkt.getlayer(Ether)
if func.inSubnet(ether_frame.src):
decoded_pkt.append({
'ip': '0.0.0.0',
'mac': ether_frame.src,
'time': time.time(),
'acq': 'eapol',
'valid': 2
})
decoded_pkt.append({
'ip': '0.0.0.0',
'mac': ether_frame.dst,
'time': time.time(),
'acq': 'eapol',
'valid': 2
})
# DHCP
if pkt.haslayer(DHCP):
dhcp_frame = pkt.getlayer(DHCP)
ether_frame = pkt.getlayer(Ether)
if dhcp_frame.server_id != None and func.inSubnet(
dhcp_frame.requested_addr):
valid = arp.metric(dhcp_frame.requested_addr)
decoded_pkt.append({
'ip': dhcp_frame.requested_addr,
'mac': ether_frame.src,
'time': time.time(),
'acq': 'dhcp',
'valid': valid
})
# IP
if pkt.haslayer(IP):
ip_frame = pkt.getlayer(IP)
ether_frame = pkt.getlayer(Ether)
valid = arp.metric(ip_frame.src)
valid2 = arp.metric(ip_frame.dst)
if func.inSubnet(ip_frame.src):
decoded_pkt.append({
'ip': ip_frame.src,
'mac': ether_frame.src,
'time': time.time(),
'acq': 'ip',
'valid': valid
})
if func.inSubnet(ip_frame.dst):
decoded_pkt.append({
'ip': ip_frame.dst,
'mac': ether_frame.dst,
'time': time.time(),
'acq': 'ip',
'valid': valid2
})
# ARP
if pkt.haslayer(ARP):
arp_frame = pkt.getlayer(ARP)
valid = arp.metric(arp_frame.psrc)
if func.inSubnet(arp_frame.psrc):
decoded_pkt.append({
'ip': arp_frame.psrc,
'mac': arp_frame.hwsrc,
'time': time.time(),
'acq': 'arp',
'valid': valid
})
log.warning(str(decoded_pkt))
if len(decoded_pkt) > 0:
return json.dumps(decoded_pkt[0])
return None