def test_udp_ip_payload(self):
ethernet_header_hex = UDP_IP_PAYLOAD_TEST_CONTEXT["ETHERNET_HEADER"]
ip_payload_hex = UDP_IP_PAYLOAD_TEST_CONTEXT["IP_PAYLOAD"]
udp_payload_hex = UDP_IP_PAYLOAD_TEST_CONTEXT["UDP_PAYLOAD"]
app_payer_payload = UDP_IP_PAYLOAD_TEST_CONTEXT["APP_LAYER_PAYLOAD"]
packet_hex = (ethernet_header_hex + ip_payload_hex + udp_payload_hex +
app_payer_payload)
ethernet_packet = EthernetPacket(dest_mac="0c:84:dc:a6:bf:c1",
source_mac="34:da:b7:87:d5:34")
self.assertEqual(ethernet_header_hex, ethernet_packet.to_bytes().hex())
ip_packet = IpPacket(source_addr_str="86.57.135.193",
dest_addr_str="192.168.1.32",
dscp=IpDiffServiceValues.CS2,
identification=53262,
flags=IpFragmentationFlags(),
ttl=252,
protocol=socket.IPPROTO_UDP)
udp_packet = UdpPacket(
dest_port=39237,
source_port=443) / bytes.fromhex(app_payer_payload)
packet = ethernet_packet / ip_packet / udp_packet
self.assertEqual(packet_hex, packet.to_bytes().hex())
self.assertEqual(packet,
EthernetPacket.from_bytes(bytes.fromhex(packet_hex)))
self.assertTrue(EthernetPacket in packet)
self.assertTrue(IpPacket in packet)
self.assertTrue(UdpPacket in packet)
self.assertFalse(TcpPacket in packet)
def test_ip_payload(self):
ethernet_header_hex = IP_PAYLOAD_TEST_CONTEXT["ETHERNET_HEADER"]
ip_payload_hex = IP_PAYLOAD_TEST_CONTEXT["IP_PAYLOAD"]
packet_hex = ethernet_header_hex + ip_payload_hex
packet = EthernetPacket(dest_mac="00:7e:95:02:61:42",
source_mac="e0:d5:5e:21:b0:cb")
packet_bytes = packet.to_bytes()
self.assertEqual(ethernet_header_hex, packet_bytes.hex())
ip_packet = IpPacket(source_addr_str="127.0.0.1",
dest_addr_str="8.8.8.7",
identification=49101,
flags=IpFragmentationFlags.from_int(0),
ttl=255,
protocol=0)
self.assertEqual(ip_payload_hex, ip_packet.to_bytes().hex())
ethernet_ip = packet / ip_packet
self.assertEqual(packet_hex, ethernet_ip.to_bytes().hex())
self.assertEqual(ethernet_ip,
EthernetPacket.from_bytes(bytes.fromhex(packet_hex)))
self.assertTrue(EthernetPacket in ethernet_ip)
self.assertTrue(IpPacket in ethernet_ip)
self.assertEqual(ip_packet, ethernet_ip[IpPacket])
def test_arp_payload(self):
ethernet_header_hex = ARP_PAYLOAD_TEST_CONTEXT["ETHERNET_HEADER"]
arp_payload_hex = ARP_PAYLOAD_TEST_CONTEXT["ARP_PAYLOAD"]
packet_hex = ethernet_header_hex + arp_payload_hex
packet = EthernetPacket(dest_mac="ff:ff:ff:ff:ff:ff",
source_mac="52:54:00:eb:a2:58",
ether_type=EtherType.ARP)
packet_bytes = packet.to_bytes()
self.assertEqual(ethernet_header_hex, packet_bytes.hex())
arp_payload = ArpPacket(hardware_type=ArpHardwareType.ETHERNET,
protocol_type=EtherType.IPV4,
operation=ArpOperation.OP_REQUEST,
sender_hw_address="52:54:00:eb:a2:58",
sender_proto_address="10.10.144.73",
target_hw_address="00:00:00:00:00:00",
target_proto_address="10.10.152.144")
self.assertEqual(arp_payload_hex, arp_payload.to_bytes().hex())
ethernet_arp = packet / arp_payload
self.assertEqual(packet_hex, ethernet_arp.to_bytes().hex())
self.assertEqual(ethernet_arp,
EthernetPacket.from_bytes(bytes.fromhex(packet_hex)))
self.assertTrue(EthernetPacket in ethernet_arp)
self.assertTrue(ArpPacket in ethernet_arp)
self.assertEqual(arp_payload, ethernet_arp[ArpPacket])
def test_no_payload(self):
ethernet_header_hex = NO_PAYLOAD_TEST_CONTEXT["ETHERNET_HEADER"]
packet = EthernetPacket(dest_mac="01:00:5e:67:00:0a",
source_mac="52:54:00:46:cd:26")
self.assertEqual(ethernet_header_hex, packet.to_bytes().hex())
self.assertEqual(
packet,
EthernetPacket.from_bytes(bytes.fromhex(ethernet_header_hex)))
def test_is_response(self):
packet1 = EthernetPacket(dest_mac="01:00:5e:67:00:0a",
source_mac="52:54:00:46:cd:26")
response1 = EthernetPacket(dest_mac="52:54:00:46:cd:26",
source_mac="01:00:5e:67:00:0a")
self.assertTrue(response1.is_response(packet1))
# EtherType mismatch
packet2 = EthernetPacket(dest_mac="01:00:5e:67:00:0a",
source_mac="52:54:00:46:cd:26",
ether_type=EtherType.IPV4)
response2 = EthernetPacket(dest_mac="52:54:00:46:cd:26",
source_mac="01:00:5e:67:00:0a",
ether_type=EtherType.IPV6)
self.assertFalse(response2.is_response(packet2))
def test_tcp_ip_payload(self):
ethernet_header_hex = TCP_IP_PAYLOAD_TEST_CONTEXT["ETHERNET_HEADER"]
ip_payload_hex = TCP_IP_PAYLOAD_TEST_CONTEXT["IP_PAYLOAD"]
tcp_payload_hex = TCP_IP_PAYLOAD_TEST_CONTEXT["TCP_PAYLOAD"]
packet_hex = ethernet_header_hex + ip_payload_hex + tcp_payload_hex
ethernet_packet = EthernetPacket(dest_mac="e0:d5:5e:21:b0:cb",
source_mac="00:7e:95:02:61:42")
self.assertEqual(ethernet_header_hex, ethernet_packet.to_bytes().hex())
ip_packet = IpPacket(source_addr_str="3.123.217.208",
dest_addr_str="10.10.128.44",
identification=11150,
flags=IpFragmentationFlags(df=True),
ttl=47,
protocol=socket.IPPROTO_TCP)
tcp_packet = TcpPacket(
source_port=443,
dest_port=55978,
sequence_number=2555500760,
ack_number=1254966751,
flags=TcpControlBits(ack=True),
win_size=10,
options=TcpOptions([
TcpOptions.NOP, TcpOptions.NOP,
(TcpOptions.TIMESTAMPS, [654701382, 3921945890])
]),
)
packet = ethernet_packet / ip_packet / tcp_packet
self.assertEqual(packet_hex, packet.to_bytes().hex())
self.assertEqual(packet,
EthernetPacket.from_bytes(bytes.fromhex(packet_hex)))
self.assertTrue(EthernetPacket in packet)
self.assertTrue(IpPacket in packet)
self.assertTrue(TcpPacket in packet)
def sniff(self) -> Generator[Packet, None, int]:
processed_count = 0
try:
if self._sniff_socket is None:
raise RuntimeError("Sniffer should be used "
"inside context manager")
termination_date_seconds = None
if self._started_callback is not None:
self._started_callback()
if self._timeout is not None:
termination_date_seconds = time.time() + self._timeout
remaining_time_seconds = None
while not self._stopped:
if processed_count == self._packet_count:
break
if self._timeout is not None:
remaining_time_seconds = termination_date_seconds - \
time.time()
if remaining_time_seconds <= 0:
break
# blocking call, waits until data in socket will be available,
# or until timeout expires
if not self._selector.select(remaining_time_seconds):
# no data in socket available yet
continue
# data is available
packet_address: tuple = self._sniff_socket.recvfrom(
self.BUFFER_SIZE_BYTES
)
raw_packet: bytes = packet_address[0]
# apply BPF filter
if self._filter_packet(raw_packet):
# parse Ethernet header and all upper layers if present
ethernet_packet = EthernetPacket.from_bytes(raw_packet)
# apply user-defined predicate if presents
predicate_result: bool = (
self._predicate_filter(ethernet_packet)
if self._predicate_filter is not None
else True
)
if not predicate_result:
continue
processed_count += 1
yield ethernet_packet
return processed_count
except KeyboardInterrupt:
self.LOG.debug("Keyboard interruption received. Exiting...")
return processed_count