Ejemplo n.º 1
0
 def decodeLayer4(self, ipProtocolNum, l3Payload):
     if ipProtocolNum == Packets.UDP.protocol:
         l4Proto = "UDP"
         l4Decoder = Decoders.UDPDecoder()
         layer4 = l4Decoder.decode(l3Payload)
         l4SrcPort = layer4.get_uh_sport()
         l4DstPort = layer4.get_uh_dport()
         l4Payload = layer4.get_data_as_string()
         return (l4Proto, l4SrcPort, l4DstPort, l4Payload)
     elif ipProtocolNum == Packets.TCP.protocol:
         l4Proto = "TCP"
         l4Decoder = Decoders.TCPDecoder()
         layer4 = l4Decoder.decode(l3Payload)
         l4SrcPort = layer4.get_th_sport()
         l4DstPort = layer4.get_th_dport()
         l4Payload = layer4.get_data_as_string()
         return (l4Proto, l4SrcPort, l4DstPort, l4Payload)
     else:
         warnMessage = _(
             "Cannot import one of the provided packets since " +
             "its layer 4 is unsupported (Only UDP and TCP " +
             "are currently supported, packet IP protocol " +
             "number = {0})").format(ipProtocolNum)
         self.log.warn(warnMessage)
         raise NetzobImportException("PCAP", warnMessage, WARNING,
                                     self.INVALID_LAYER4)
Ejemplo n.º 2
0
    def __decodeLayer4(self, ipProtocolNum, l3Payload):
        """Internal method that parses the specified header and extracts
        layer4 related proprieties."""

        if ipProtocolNum == Packets.UDP.protocol:
            l4Proto = "UDP"
            l4Decoder = Decoders.UDPDecoder()
            layer4 = l4Decoder.decode(l3Payload)
            l4SrcPort = layer4.get_uh_sport()
            l4DstPort = layer4.get_uh_dport()
            l4Payload = layer4.get_data_as_string()
            return (l4Proto, l4SrcPort, l4DstPort, l4Payload)
        elif ipProtocolNum == Packets.TCP.protocol:
            l4Proto = "TCP"
            l4Decoder = Decoders.TCPDecoder()
            layer4 = l4Decoder.decode(l3Payload)
            l4SrcPort = layer4.get_th_sport()
            l4DstPort = layer4.get_th_dport()
            l4Payload = layer4.get_data_as_string()
            return (l4Proto, l4SrcPort, l4DstPort, l4Payload)
        else:
            warnMessage = _(
                "Cannot import one of the provided packets since " +
                "its layer 4 is unsupported (Only UDP and TCP " +
                "are currently supported, packet IP protocol " +
                "number = {0})").format(ipProtocolNum)
            self._logger.warn(warnMessage)
            raise NetzobImportException("PCAP", warnMessage,
                                        self.INVALID_LAYER4)
Ejemplo n.º 3
0
 def decodeLayer4(self, ipProtocolNum, l3Payload):
         if ipProtocolNum == Packets.UDP.protocol:
             l4Proto = "UDP"
             l4Decoder = Decoders.UDPDecoder()
             layer4 = l4Decoder.decode(l3Payload)
             l4SrcPort = layer4.get_uh_sport()
             l4DstPort = layer4.get_uh_dport()
             l4Payload = layer4.get_data_as_string()
             return (l4Proto, l4SrcPort, l4DstPort, l4Payload)
         elif ipProtocolNum == Packets.TCP.protocol:
             l4Proto = "TCP"
             l4Decoder = Decoders.TCPDecoder()
             layer4 = l4Decoder.decode(l3Payload)
             l4SrcPort = layer4.get_th_sport()
             l4DstPort = layer4.get_th_dport()
             l4Payload = layer4.get_data_as_string()
             return (l4Proto, l4SrcPort, l4DstPort, l4Payload)
         else:
             warnMessage = "Cannot import one of the provided packets since its layer 4 is unsupported (Only UDP and TCP are currently supported, packet IP protocol number = {0})".format(ipProtocolNum)
             logging.warn(warnMessage)
Ejemplo n.º 4
0
    def createFlows(self): 
        """Create necessary flows based on pcap file 
        """ 
        print "running..." 
        self.writeFile("report.html", '<html>' 
            + '<head><style>td { font-size:8pt; }</style></head>' 
            + '<body><table border="1" style="width:1000px"><tr>' 
            + '<th style="width:100px">Num.</th>' 
            + '<th style="width:200px">Flow</th>' 
            + '<th style="width:600px;word-wrap:true">Request/Response</th>' 
            + '<th style="width:100px">Attachment</th>' 
            + '</tr>') 
        reader = pcapy.open_offline(self.pcapfile) 
        eth_decoder = Decoders.EthDecoder() 
        ip_decoder = Decoders.IPDecoder() 
        tcp_decoder = Decoders.TCPDecoder() 
        countPacket = 0 
        lastAttach = '' 
        ext = '' 
        (header, payload) = reader.next() 

        while payload!='':                  # no other way to stop pcapy loop? 
            countPacket+=1 
            try: 
                if countPacket%100==0: 
                    print "(%d packets already processed)" % countPacket 
                arrline = self.decodePayload(payload) 
                # If TCP flag RST, we skip the packet 
                if arrline: 
                    ethernet = eth_decoder.decode(payload) 
                    smac = self.decodeMac(ethernet.get_ether_shost()) 
                    dmac = self.decodeMac(ethernet.get_ether_dhost()) 
                    if ethernet.get_ether_type() == Packets.IP.ethertype:   # if IP packet 
                        ip = ip_decoder.decode(payload[ethernet.get_header_size():]) 
                        if ip.get_ip_p() == Packets.TCP.protocol:           # if TCP packet 
                            tcp = tcp_decoder.decode( 
                                payload[ethernet.get_header_size()+ip.get_header_size():]) 
                            ipsrc = ip.get_ip_src() 
                            ipdst = ip.get_ip_dst() 
                            sport = tcp.get_th_sport() 
                            dport = tcp.get_th_dport() 
                            sessionFile = "session-"+ipsrc+"."+str(sport)+"-"+ipdst+"."+str(dport) 
                            flow = ipsrc + ':' + str(sport) + '<br />(' + smac + ')' + '<br />-><br />' + ipdst + ':' + str(dport) + '<br />(' + dmac + ')' 
                            for line in arrline: 
                                if line.strip() != "": 
                                    if chardet.detect(line)['encoding'] == 'ascii': 
                                        line = line.replace('###~~~###', '') 
                                        if line.startswith("GET ") or line.startswith("HTTP/"): 
                                            if line.startswith("HTTP/"): # new file 
                                                packetnum = countPacket 
                                                self.writeFile("report.html", '<td>&nbsp</td>') 
                                            self.writeFile("report.html", '<tr><td>'+str(countPacket)+'</td>') 
                                            self.writeFile("report.html", '<td>'+flow+'</td><td>') 
                                        if line.startswith("Content-Type"): 
                                            style = ' style="background:#ffff00"' 
                                            ext = '.'+line.split("/")[1].split(";")[0] 
                                            if ext == '.gzip': 
                                                ext = '.gz' 
                                        else: 
                                            style = '' 
                                        self.writeFile("report.html", '<div'+style+'>'+line+'</div>') 
                                    else: # raw data 

                                        if sessionFile + "-" + str(packetnum) + ext != lastAttach: 
                                            # New file 
                                            line = line.replace('###~~~###', '') 
                                            lastAttach = sessionFile + "-" + str(packetnum) + ext 
                                            self.writeFile("report.html",'</td><td align="center"><a href="' 
                                                + sessionFile + "-" + str(packetnum) + ext + '">') 
                                            if ext==".jpeg" or ext==".gif": 
                                                self.writeFile("report.html",'<img src="' 
                                                    + sessionFile + "-" + str(packetnum) + ext 
                                                    + '" border="2" style="width:100px;" />') 
                                            else: 
                                                self.writeFile("report.html",'<div style="background:#ff0000;color:#fff;font-weight:bold;width:50px;text-align:center">' 
                                                    + ext[1:] + '</div>') 
                                            self.writeFile("report.html", '</a></td></tr>') 
                                        else: 
                                            line = line.replace('###~~~###', '\r\n') 
                                        # Content of the file 
                                        self.writeFile(sessionFile + "-" + str(packetnum) + ext, line)       # raw data 
                (header, payload) = reader.next() 
            except: 
                break 

        print "\n%d have been detected in this pcap file" % countPacket 
        self.writeFile("report.html", "</table>\n%d have been detected in this pcap file</body></html>" % countPacket)