def test_udpv4_raw(self):
# Create a packet for raw injection and verify it meets criteria.
from pcs import inet_atol
from pcs.packets.payload import payload
c = ethernet(src="\x01\x02\x03\x04\x05\x06", \
dst="\xff\xff\xff\xff\xff\xff") / \
ipv4(src=inet_atol("192.168.123.17"), \
dst=inet_atol("192.0.2.2"), id=5235) / \
udp(sport=67, dport=68) / \
payload("foobar\n")
c.calc_lengths()
c.calc_checksums()
c.encode()
expected = \
"\xFF\xFF\xFF\xFF\xFF\xFF\x01\x02" \
"\x03\x04\x05\x06\x08\x00\x45\x00" \
"\x00\x23\x14\x73\x00\x00\x40\x11" \
"\x68\x9B\xC0\xA8\x7B\x11\xC0\x00" \
"\x02\x02\x00\x43\x00\x44\x00\x0F" \
"\xC0\x48\x66\x6F\x6F\x62\x61\x72" \
"\x0A"
gotttted = c.bytes
self.assertEqual(expected, gotttted, "test raw encoding")
def setUp(self):
"""
"""
import random
#constants
self.thisside = 0
self.thatside = 1
self.tcb = tcptest.tcb()
self.tcb.ip = { self.thisside : pcs.inet_atol("10.211.55.210") , \
self.thatside : pcs.inet_atol("10.211.55.255")}
self.tcb.ipid = { self.thisside : random.randrange(1,(1<<16)-1) , \
self.thatside : 0}
self.tcb.tcpport = { self.thisside : random.randrange(50000,60000) , \
self.thatside : 9}
self.tcb.tcpsequence = { self.thisside : random.randrange(1,(1<<32)-1),\
self.thatside : 0}
self.tcb.ether = \
{ self.thisside : ethernet.ether_atob("00:1c:42:9d:57:c9") , \
self.thatside : ethernet.ether_atob("00:1c:42:db:c5:22") }
self.tcb.output = { self.thisside : pcs.PcapConnector("ed0") ,\
self.thatside : pcs.PcapConnector("ed0") }
def test_ipv4_ra(self):
# create one packet with the IP Router Alert option,
# and check that it is as you'd expect.
ip = ipv4()
assert (ip != None)
ip.version = 4
ip.hlen = 6 # XXX We add an IP option below.
ip.tos = 0
ip.length = 24 # a bare IP header w/o data
ip.id = 1
ip.flags = IP_DF
ip.offset = 0
ip.ttl = 1
ip.protocol = 2 # a fake IGMP packet
ip.src = inet_atol("192.0.2.1")
ip.dst = inet_atol("224.0.0.22")
# Add Router Alert option.
# hlen should, in fact, be 6 words after adding a single RA option.
ip.options.append(ipv4opt(IPOPT_RA))
ip.calc_checksum()
#hd = hexdumper()
#print hd.dump(ip.bytes)
expected = "\x46\x00\x00\x18\x00\x01\x40\x00" \
"\x01\x02\x42\xC7\xC0\x00\x02\x01" \
"\xE0\x00\x00\x16\x94\x04\x00\x00"
gotttted = ip.bytes
self.assertEqual(expected, gotttted, "packet bytes not expected")
def test_ipv4_ra(self):
# create one packet with the IP Router Alert option,
# and check that it is as you'd expect.
ip = ipv4()
assert (ip != None)
ip.version = 4
ip.hlen = 6 # XXX We add an IP option below.
ip.tos = 0
ip.length = 24 # a bare IP header w/o data
ip.id = 1
ip.flags = IP_DF
ip.offset = 0
ip.ttl = 1
ip.protocol = 2 # a fake IGMP packet
ip.src = inet_atol("192.0.2.1")
ip.dst = inet_atol("224.0.0.22")
# Add Router Alert option.
# hlen should, in fact, be 6 words after adding a single RA option.
ip.options.append(ipv4opt(IPOPT_RA))
ip.calc_checksum()
#hd = hexdumper()
#print hd.dump(ip.bytes)
expected = "\x46\x00\x00\x18\x00\x01\x40\x00" \
"\x01\x02\x42\xC7\xC0\x00\x02\x01" \
"\xE0\x00\x00\x16\x94\x04\x00\x00"
gotttted = ip.bytes
self.assertEqual(expected, gotttted, "packet bytes not expected")
def test_udpv4_raw(self):
# Create a packet for raw injection and verify it meets criteria.
from pcs import inet_atol
from pcs.packets.payload import payload
c = ethernet(src="\x01\x02\x03\x04\x05\x06", \
dst="\xff\xff\xff\xff\xff\xff") / \
ipv4(src=inet_atol("192.168.123.17"), \
dst=inet_atol("192.0.2.2"), id=5235) / \
udp(sport=67, dport=68) / \
payload("foobar\n")
c.calc_lengths()
c.calc_checksums()
c.encode()
expected = \
"\xFF\xFF\xFF\xFF\xFF\xFF\x01\x02" \
"\x03\x04\x05\x06\x08\x00\x45\x00" \
"\x00\x23\x14\x73\x00\x00\x40\x11" \
"\x68\x9B\xC0\xA8\x7B\x11\xC0\x00" \
"\x02\x02\x00\x43\x00\x44\x00\x0F" \
"\xC0\x48\x66\x6F\x6F\x62\x61\x72" \
"\x0A"
gotttted = c.bytes
self.assertEqual(expected, gotttted, "test raw encoding")
def test_IN_PRIVATE(self):
tens = inet_atol("10.20.30.40")
self.assert_(IN_PRIVATE(tens) == True)
seventeens = inet_atol("172.16.254.3")
self.assert_(IN_PRIVATE(seventeens) == True)
nineteens = inet_atol("192.168.123.45")
self.assert_(IN_PRIVATE(nineteens) == True)
umpteens = inet_atol("192.0.2.1")
self.assert_(IN_PRIVATE(umpteens) == False)
loopback = inet_atol("127.0.0.1")
self.assert_(IN_PRIVATE(loopback) == False)
def test_IN_PRIVATE(self):
tens = inet_atol("10.20.30.40")
self.assert_(IN_PRIVATE(tens) == True)
seventeens = inet_atol("172.16.254.3")
self.assert_(IN_PRIVATE(seventeens) == True)
nineteens = inet_atol("192.168.123.45")
self.assert_(IN_PRIVATE(nineteens) == True)
umpteens = inet_atol("192.0.2.1")
self.assert_(IN_PRIVATE(umpteens) == False)
loopback = inet_atol("127.0.0.1")
self.assert_(IN_PRIVATE(loopback) == False)
def setUp(self):
"""
As it's the first test, I will use this method as a simple TCB.
I'm planning use some object to handle that.
In this version, TCB is being initialized with test setup
values.
Tcpdump file format would a form to store setup values.
"""
import random
self.tcb = self
#constants
self.thisside = 0
self.thatside = 1
#...Can add other sides
#opt 1 - this opt reduce the scalability, and bring more code.
#self.ipsrc = pcs.inet_atol("192.168.1.10")
#self.ipdst = pcs.inet_atol("192.168.1.20")
#opt 2
self.ip = { self.thisside : pcs.inet_atol("10.211.55.210") , \
self.thatside : pcs.inet_atol("10.211.55.220")}
self.ipid = { self.thisside : random.randrange(1,(1<<16)-1) , \
self.thatside : 0}
self.tcpport = { self.thisside : random.randrange(50000,60000) , \
self.thatside : 9}
self.tcpsequence = {
self.thisside: random.randrange(1, (1 << 32) - 1),
self.thatside: 0
}
# see TODO
self.ether = \
{ self.thisside : ethernet.ether_atob("00:1c:42:9d:57:c9") , \
self.thatside : ethernet.ether_atob("00:1c:42:db:c5:22") }
# see TODO
self.output = { self.thisside : pcs.PcapConnector("ed0") ,\
self.thatside : pcs.PcapConnector("ed0") }
def test_ipv4_read(self):
"""This test reads from a pre-stored pcap file generated with tcpdump and ping on the loopback interface."""
file = PcapConnector("loopping.out")
packet = file.read()
ip = ipv4(packet[file.dloff:len(packet)])
assert (ip != None)
self.assertEqual(ip.version, 4, "version not equal %d" % ip.version)
self.assertEqual(ip.hlen, 5, "hlen not equal %d" % ip.hlen)
self.assertEqual(ip.tos, 0, "tos not equal %d" % ip.tos)
self.assertEqual(ip.length, 84, "length not equal %d" % ip.length)
self.assertEqual(ip.id, 59067, "id not equal %d" % ip.id)
self.assertEqual(ip.flags, 0, "flags not equal %d" % ip.flags)
self.assertEqual(ip.offset, 0, "offset not equal %d" % ip.offset)
self.assertEqual(ip.ttl, 64, "ttl not equal %d" % ip.ttl)
self.assertEqual(ip.protocol, 1, "protocol not equal %d" % ip.protocol)
self.assertEqual(ip.src, inet_atol("127.0.0.1"),
"src not equal %d" % ip.src)
self.assertEqual(ip.dst, inet_atol("127.0.0.1"),
"dst not equal %d" % ip.dst)
def test_ipv4_read(self):
"""This test reads from a pre-stored pcap file generated with tcpdump and ping on the loopback interface."""
file = PcapConnector("loopping.out")
packet = file.read()
ip = ipv4(packet[file.dloff:len(packet)])
assert (ip != None)
self.assertEqual(ip.version, 4,
"version not equal %d" % ip.version)
self.assertEqual(ip.hlen, 5, "hlen not equal %d" % ip.hlen)
self.assertEqual(ip.tos, 0, "tos not equal %d" % ip.tos)
self.assertEqual(ip.length, 84, "length not equal %d" % ip.length)
self.assertEqual(ip.id, 59067, "id not equal %d" % ip.id)
self.assertEqual(ip.flags, 0, "flags not equal %d" % ip.flags)
self.assertEqual(ip.offset, 0, "offset not equal %d" % ip.offset)
self.assertEqual(ip.ttl, 64, "ttl not equal %d" % ip.ttl)
self.assertEqual(ip.protocol, 1,
"protocol not equal %d" % ip.protocol)
self.assertEqual(ip.src, inet_atol("127.0.0.1"),
"src not equal %d" % ip.src)
self.assertEqual(ip.dst, inet_atol("127.0.0.1"),
"dst not equal %d" % ip.dst)
def resetTcb(self, tcb):
tcb.ip = { self.thisside : pcs.inet_atol("10.211.55.210") , \
self.thatside : pcs.inet_atol("10.211.55.220")}
tcb.ipid = { self.thisside : random.randrange(1, (1<<16)-1) , \
self.thatside : 0}
tcb.tcpport = { self.thisside : random.randrange(50000, 60000) , \
self.thatside : 9}
tcb.tcpsequence = { self.thisside : random.randrange(1,(1<<32)-1),\
self.thatside : 0}
tcb.ether = \
{ self.thisside : ethernet.ether_atob("00:1c:42:9d:57:c9") , \
self.thatside : ethernet.ether_atob("00:1c:42:db:c5:22") }
tcb.output = { self.thisside : pcs.PcapConnector("ed0") , \
self.thatside : pcs.PcapConnector("ed0") }
def testSendSyn4BroadcastAddress(self):
#THISSIDE
(ipsyn, tcpsyn) = tcptest.createsyn(self, self.tcb, self.thisside, \
self.thatside)
tcptest.createwritepacket(self, self.tcb, ipsyn, tcpsyn, self.thisside,\
self.thatside)
print tcpsyn
print ipsyn
#
#Receiving SYN+ACK
#
# adjusting tcb
# I sent to broadcast, I don't wait for an answer, but if there was
# one,it probability wiil have the receiver ip address as source address
#todo:"think about enhance receive method, to receive more one case, may be tcb[]?!"
self.tcb.ip[self.thatside] = pcs.inet_atol("10.211.55.220")
#Receivinig anything
(ipsynack, tcpsynack) = tcptest.receive(self, self.tcb, self.thisside, \
self.thatside)
def main():
from optparse import OptionParser
parser = OptionParser()
parser.add_option("-i",
"--interface",
dest="interface",
default=None,
help="Network interface to send on.")
parser.add_option("-t",
"--target",
dest="ip_target",
default=None,
help="IPv4 target address to lookup.")
parser.add_option("-s",
"--ip_source",
dest="ip_source",
default=None,
help="IPv4 source address to use.")
parser.add_option("-d",
"--ether_destination",
dest="ether_destination",
default=None,
help="Ethernet destination address to use.")
parser.add_option("-e",
"--ether_source",
dest="ether_source",
default=None,
help="Ethernet source address to use.")
parser.add_option("-o",
"--source-port",
dest="source_port",
default=None,
help="Tcp source port.")
parser.add_option("-x",
"--destination-port",
dest="destination_port",
default=None,
help="Tcp destination port.")
(options, args) = parser.parse_args()
import random
ipid = random.randrange(1, (1 << 16) - 1)
tcpsport = random.randrange(50000, 60000) #int(options.source_port )
tcpsequence = random.randrange(1, (1 << 32) - 1)
output = pcs.PcapConnector(options.interface)
replyip = None
replytcp = None
reply = None
packet = None
# SYN
what = "SYN"
ip1 = ipv4.ipv4()
ip1.version = 4
ip1.hlen = 5
ip1.tos = 0
ip1.id = ++ipid
ip1.flags = 0
ip1.offset = 0
ip1.ttl = 64
ip1.protocol = pcs.IPPROTO_TCP
ip1.src = pcs.inet_atol(options.ip_source)
ip1.dst = pcs.inet_atol(options.ip_target)
tcp1 = tcp.tcp()
tcp1.sport = tcpsport
tcp1.dport = int(options.destination_port)
tcp1.sequence = tcpsequence
tcpsequence = tcpsequence + 1 # SYN consumes the sequence
tcp1.ack_number = 0
tcp1.offset = 5
tcp1.urgent = 0
tcp1.ack = 0
tcp1.push = 0
tcp1.reset = 0
tcp1.syn = 1
tcp1.fin = 0
tcp1.window = (1 << 16) - 1
tcp1.urg_point = 0
#tcp1.options
tcp1.checksum = tcp_cksum(tcp1, ip1)
ip1.length = len(ip1.bytes) + len(tcp1.bytes)
# important, only calcs the ip checksum after fill length field
ip1.checksum = ip_cksum(ip1)
ether1 = ethernet.ethernet()
ether1.src = ethernet.ether_atob(options.ether_source)
ether1.dst = ethernet.ether_atob(options.ether_destination)
ether1.type = 0x800
packet = pcs.Chain([ether1, ip1, tcp1])
print "\n%s---------------------------------" % what
print tcp1
print "---------------------------------"
out = output.write(packet.bytes, len(packet.bytes))
## SYN
# SYN+ACK
what = "SYN+ACK"
while 1:
reply = output.read()
packet = ethernet.ethernet(reply)
try:
replyip = packet.data
replytcp = replyip.data
if (ip1.src==replyip.dst and \
ip1.dst==replyip.src and \
tcp1.sport==replytcp.dport and \
tcp1.dport==replytcp.sport):
break
except: #it cannot be a tcp packet (without sport:)
pass
print "\n%s---------------------------------" % what
print packet.data.data
print "---------------------------------"
## SYN+ACK
# ACK 134,187
what = "ACK (SYN)"
ip3 = ipv4.ipv4()
ip3.version = 4
ip3.hlen = 5
ip3.tos = 0
ip3.id = ++ipid
ip3.flags = 0
ip3.offset = 0
ip3.ttl = 64
ip3.protocol = pcs.IPPROTO_TCP
ip3.src = pcs.inet_atol(options.ip_source)
ip3.dst = pcs.inet_atol(options.ip_target)
tcp3 = tcp.tcp()
tcp3.sport = tcpsport
tcp3.dport = int(options.destination_port)
tcp3.sequence = tcpsequence
##tcpsequence = tcpsequence + 1 # ACK DOES NOT consumes the sequence
tcp3.ack_number = replytcp.sequence + 1
tcp3.offset = 5
tcp3.urgent = 0
tcp3.ack = 1
tcp3.push = 0
tcp3.reset = 0
tcp3.syn = 0
tcp3.fin = 0
tcp3.window = (1 << 16) - 1
tcp3.urg_point = 0
#tcp3.options
tcp3.checksum = tcp_cksum(tcp3, ip3)
ip3.length = len(ip3.bytes) + len(tcp3.bytes)
# important, only calcs the ip checksum after fill length field
ip3.checksum = ip_cksum(ip3)
ether3 = ethernet.ethernet()
ether3.src = ethernet.ether_atob(options.ether_source)
ether3.dst = ethernet.ether_atob(options.ether_destination)
ether3.type = 0x800
packet = pcs.Chain([ether3, ip3, tcp3])
print "\n%s---------------------------------" % what
print tcp3
print "---------------------------------"
out = output.write(packet.bytes, len(packet.bytes))
## ACK
# FIN 188,241
what = "FIN"
ip4 = ipv4.ipv4()
ip4.version = 4
ip4.hlen = 5
ip4.tos = 0
ip4.id = ++ipid
ip4.flags = 0
ip4.offset = 0
ip4.ttl = 64
ip4.protocol = pcs.IPPROTO_TCP
ip4.src = pcs.inet_atol(options.ip_source)
ip4.dst = pcs.inet_atol(options.ip_target)
tcp4 = tcp.tcp()
tcp4.sport = tcpsport
tcp4.dport = int(options.destination_port)
tcp4.sequence = tcpsequence
tcpsequence = tcpsequence + 1 # FIN consumes the sequence
tcp4.ack_number = replytcp.sequence + 1
tcp4.offset = 5
tcp4.urgent = 0
tcp4.ack = 1
tcp4.push = 0
tcp4.reset = 0
tcp4.syn = 0
tcp4.fin = 1
tcp4.window = (1 << 16) - 1
tcp4.urg_point = 0
#tcp4.options
tcp4.checksum = tcp_cksum(tcp4, ip4)
ip4.length = len(ip4.bytes) + len(tcp4.bytes)
# important, only calcs the ip checksum after fill length field
ip4.checksum = ip_cksum(ip4)
ether4 = ethernet.ethernet()
ether4.src = ethernet.ether_atob(options.ether_source)
ether4.dst = ethernet.ether_atob(options.ether_destination)
ether4.type = 0x800
packet = pcs.Chain([ether4, ip4, tcp4])
print "\n%s---------------------------------" % what
print tcp4
print "---------------------------------"
out = output.write(packet.bytes, len(packet.bytes))
## FIN
# ACK (FIN)
what = "ACK (FIN)"
while 1:
reply = output.read()
packet = ethernet.ethernet(reply)
try:
replyip = packet.data
replytcp = replyip.data
if (ip1.src==replyip.dst and \
ip1.dst==replyip.src and \
tcp1.sport==replytcp.dport and \
tcp1.dport==replytcp.sport):
break
except: #it cannot be a tcp packet (without sport:)
pass
print "\n%s---------------------------------" % what
print packet.data.data
print "---------------------------------"
## ACK (FIN)
# FIN
what = "FIN"
while 1:
reply = output.read()
packet = ethernet.ethernet(reply)
try:
replyip = packet.data
replytcp = replyip.data
if (ip1.src==replyip.dst and \
ip1.dst==replyip.src and \
tcp1.sport==replytcp.dport and \
tcp1.dport==replytcp.sport):
break
except: #it cannot be a tcp packet (without sport:)
pass
print "\n%s---------------------------------" % what
print packet.data.data
print "---------------------------------"
## FIN
# ACK (FIN) 288,341
what = "ACK (FIN)"
ip7 = ipv4.ipv4()
ip7.version = 4
ip7.hlen = 5
ip7.tos = 0
ip7.id = ++ipid
ip7.flags = 0
ip7.offset = 0
ip7.ttl = 64
ip7.protocol = pcs.IPPROTO_TCP
ip7.src = pcs.inet_atol(options.ip_source)
ip7.dst = pcs.inet_atol(options.ip_target)
tcp7 = tcp.tcp()
tcp7.sport = tcpsport
tcp7.dport = int(options.destination_port)
tcp7.sequence = tcpsequence
##tcpsequence = tcpsequence + 1 # ACK DOES NOT consumes the sequence
tcp7.ack_number = replytcp.sequence + 1
tcp7.offset = 5
tcp7.urgent = 0
tcp7.ack = 1
tcp7.push = 0
tcp7.reset = 0
tcp7.syn = 0
tcp7.fin = 0
tcp7.window = (1 << 16) - 1
tcp7.urg_point = 0
#tcp7.options
tcp7.checksum = tcp_cksum(tcp7, ip7)
ip7.length = len(ip7.bytes) + len(tcp7.bytes)
# important, only calcs the ip checksum after fill length field
ip7.checksum = ip_cksum(ip7)
ether7 = ethernet.ethernet()
ether7.src = ethernet.ether_atob(options.ether_source)
ether7.dst = ethernet.ether_atob(options.ether_destination)
ether7.type = 0x800
packet = pcs.Chain([ether7, ip7, tcp7])
print "\n%s---------------------------------" % what
print tcp7
print "---------------------------------"
out = output.write(packet.bytes, len(packet.bytes))
def test_IN_EXPERIMENTAL(self):
classe = inet_atol("240.1.2.3")
self.assert_(IN_EXPERIMENTAL(classe) == True)
non_classe = inet_atol("30.40.50.60")
self.assert_(IN_EXPERIMENTAL(non_classe) == False)
def test_IN_LOCAL_GROUP(self):
localgroup = inet_atol("224.0.0.251")
self.assert_(IN_LOCAL_GROUP(localgroup) == True)
nonlocalgroup = inet_atol("239.0.12.34")
self.assert_(IN_LOCAL_GROUP(nonlocalgroup) == False)
def test_IN_MULTICAST(self):
mcast = inet_atol("239.0.12.34")
self.assert_(IN_MULTICAST(mcast) == True)
non_mcast = inet_atol("10.3.4.5")
self.assert_(IN_MULTICAST(non_mcast) == False)
def test_IN_LINKLOCAL(self):
linklocal = inet_atol("169.254.12.34")
self.assert_(IN_LINKLOCAL(linklocal) == True)
non_linklocal = inet_atol("127.0.0.0")
self.assert_(IN_LINKLOCAL(non_linklocal) == False)
def test_IN_LOCAL_GROUP(self):
localgroup = inet_atol("224.0.0.251")
self.assert_(IN_LOCAL_GROUP(localgroup) == True)
nonlocalgroup = inet_atol("239.0.12.34")
self.assert_(IN_LOCAL_GROUP(nonlocalgroup) == False)
def test_IN_LINKLOCAL(self):
linklocal = inet_atol("169.254.12.34")
self.assert_(IN_LINKLOCAL(linklocal) == True)
non_linklocal = inet_atol("127.0.0.0")
self.assert_(IN_LINKLOCAL(non_linklocal) == False)
def test_dhcpv4_encode(self):
p = dhcpv4()
assert (p != None)
p.op = pcs.packets.dhcpv4.BOOTREQUEST
p.htype = pcs.packets.dhcpv4.HTYPE_ETHER
p.hlen = 6 # sizeof(struct ether_addr)
p.hops = 99
p.xid = 0xABADCAFE
p.secs = 123
p.flags = pcs.packets.dhcpv4.BOOTP_BROADCAST
p.ciaddr = inet_atol("1.2.3.4")
p.yiaddr = inet_atol("5.6.7.8")
p.siaddr = inet_atol("9.10.11.12")
p.giaddr = inet_atol("13.14.15.16")
p.chaddr = ether_atob("00:01:02:03:04:05")
p.sname = "fubar"
p.file = "barfu"
# Append DHCP options, which MUST include the cookie.
p.options.append(dhcpv4_options.cookie().field())
# Maximum DHCP message size.
msz = dhcpv4_options.dhcp_max_message_size()
msz.value = 1460
p.options.append(msz.field())
# DHCP message type.
dhcp = dhcpv4_options.dhcp_message_type()
dhcp.value = DHCPDISCOVER
p.options.append(dhcp.field())
# DHCP vendor class.
vc = dhcpv4_options.dhcp_class_identifier()
vc.value = "FreeBSD:amd64:7-CURRENT"
p.options.append(vc.field())
# BOOTP options end marker.
end = dhcpv4_options.end()
p.options.append(end.field())
# Pad BOOTP payload to 32-bit width.
padlen = 4 - (len(p.bytes) % 4)
pad = dhcpv4_options.pad(padlen)
p.options.append(pad.field())
p.encode()
#hd = hexdumper()
#print p
#print hd.dump2(p.bytes)
gotttted = p.bytes
expected = \
"\x01\x01\x06\x63\xAB\xAD\xCA\xFE" \
"\x00\x7B\x80\x00\x01\x02\x03\x04" \
"\x05\x06\x07\x08\x09\x0A\x0B\x0C" \
"\x0D\x0E\x0F\x10\x00\x01\x02\x03" \
"\x04\x05\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x66\x75\x62\x61" \
"\x72\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x62\x61\x72\x66" \
"\x75\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x63\x82\x53\x63" \
"\x39\x02\x05\xB4\x35\x01\x01\x3C" \
"\x17\x46\x72\x65\x65\x42\x53\x44" \
"\x3A\x61\x6D\x64\x36\x34\x3A\x37" \
"\x2D\x43\x55\x52\x52\x45\x4E\x54" \
"\xFF\x00\x00\x00"
self.assertEqual(expected, gotttted, "test encoding")
def main():
from optparse import OptionParser
parser = OptionParser()
parser.add_option("-f",
"--file",
dest="file",
default=None,
help="pcap file to read from")
parser.add_option("-m",
"--max",
dest="max",
default=10,
type=int,
help="top N addresses to report")
parser.add_option("-s",
"--source",
dest="source",
default=None,
type=str,
help="source IP address")
parser.add_option("-d",
"--dest",
dest="dest",
default=None,
type=str,
help="destination IP address")
parser.add_option("-S",
"--sport",
dest="sport",
default=None,
type=int,
help="source TCP port")
parser.add_option("-D",
"--dport",
dest="dport",
default=None,
type=int,
help="destination TCP port")
parser.add_option("-g",
"--graph",
dest="graph",
default=None,
help="graph the window size changes over time")
parser.add_option("-B",
"--batch",
dest="batch",
default=False,
help="create PNG graphs but do not display them")
parser.add_option("-G",
"--debug",
dest="debug",
default=0,
help="debug gnuplot")
(options, args) = parser.parse_args()
file = pcs.PcapConnector(options.file)
max = options.max
source = pcs.inet_atol(options.source)
dest = pcs.inet_atol(options.dest)
done = False
packets = 0
win_prev = 0
if (options.graph != None):
tmpfile = tempfile.NamedTemporaryFile()
plotter = Gnuplot.Gnuplot(debug=options.debug)
plotter.xlabel('Packet #')
plotter.ylabel('Window Size')
while not done:
try:
packet = file.readpkt()
except:
done = True
packets += 1
if (packet.type != 0x800):
continue
ip = packet.data
if (ip.protocol != IPPROTO_TCP):
continue
if (ip.src != source):
continue
if (ip.dst != dest):
continue
tcp = ip.data
if (tcp.sport != options.sport):
continue
if (tcp.dport != options.dport):
continue
if (win_prev == 0):
win_prev = tcp.window
elif (win_prev != tcp.window):
if (options.graph):
tmpfile.write("%s %s\n" % (packets, tcp.window))
else:
print "Window size changed to %d at %d" % (tcp.window, packets)
win_prev = tcp.window
if (options.graph != None):
if (options.batch != False):
plotter('set terminal png')
plotter('set output "' + options.graph + ".png")
tmpfile.flush()
plotter.plot(Gnuplot.File(tmpfile.name))
if (options.batch == False):
raw_input('Press return to exit')
else:
time.sleep(1)
def test_IN_MULTICAST(self):
mcast = inet_atol("239.0.12.34")
self.assert_(IN_MULTICAST(mcast) == True)
non_mcast = inet_atol("10.3.4.5")
self.assert_(IN_MULTICAST(non_mcast) == False)
def main():
from optparse import OptionParser
parser = OptionParser()
parser.add_option("-f", "--file",
dest="file", default=None,
help="pcap file to read from")
parser.add_option("-m", "--max",
dest="max", default=10, type=int,
help="top N addresses to report")
parser.add_option("-s", "--subnet-mask",
dest="mask", default=None,
help="subnetmask")
parser.add_option("-n", "--network",
dest="network", default=None,
help="network we're looking at")
(options, args) = parser.parse_args()
file = pcs.PcapConnector(options.file)
max = options.max
mask = pcs.inet_atol(options.mask)
network = pcs.inet_atol(options.network)
done = False
srcmap = {}
packets = 0
in_network = 0
while not done:
try:
packet = file.readpkt()
except:
done = True
packets += 1
ip = packet.data
if (ip.src & mask) != network:
if ip.src in srcmap:
srcmap[ip.src] += 1
else:
srcmap[ip.src] = 1
else:
in_network +=1
print "%d packets in dumpfile" % packets
print "%d unique source IPs" % len(srcmap)
print "%d packets in specified network" % in_network
print "Top %d source addresses were" % max
hit_list = sorted(srcmap.itervalues(), reverse = True)
for i in range(1,max):
for addr in srcmap.items():
if addr[1] == hit_list[i]:
print "Address %s\t Count %s\t Percentage %f" % (inet_ntop(AF_INET, struct.pack('!L', addr[0])), addr[1], (float(addr[1]) / float(packets)) * float(100))
def main():
from optparse import OptionParser
parser = OptionParser()
parser.add_option("-f", "--file",
dest="file", default=None,
help="pcap file to read from")
parser.add_option("-m", "--max",
dest="max", default=10, type=int,
help="top N addresses to report")
parser.add_option("-s", "--source",
dest="source", default=None, type=str,
help="source IP address")
parser.add_option("-d", "--dest",
dest="dest", default=None, type=str,
help="destination IP address")
parser.add_option("-S", "--sport",
dest="sport", default=None, type=int,
help="source TCP port")
parser.add_option("-D", "--dport",
dest="dport", default=None, type=int,
help="destination TCP port")
parser.add_option("-g", "--graph",
dest="graph", default=None,
help="graph the window size changes over time")
parser.add_option("-B", "--batch",
dest="batch", default=False,
help="create PNG graphs but do not display them")
parser.add_option("-G", "--debug",
dest="debug", default=0,
help="debug gnuplot")
(options, args) = parser.parse_args()
file = pcs.PcapConnector(options.file)
max = options.max
source = pcs.inet_atol(options.source)
dest = pcs.inet_atol(options.dest)
done = False
packets = 0
win_prev = 0
if (options.graph != None):
tmpfile = tempfile.NamedTemporaryFile()
plotter = Gnuplot.Gnuplot(debug=options.debug)
plotter.xlabel('Packet #')
plotter.ylabel('Window Size')
while not done:
try:
packet = file.readpkt()
except:
done = True
packets += 1
if (packet.type != 0x800):
continue
ip = packet.data
if (ip.protocol != IPPROTO_TCP):
continue
if (ip.src != source):
continue
if (ip.dst != dest):
continue
tcp = ip.data
if (tcp.sport != options.sport):
continue
if (tcp.dport != options.dport):
continue
if (win_prev == 0):
win_prev = tcp.window
elif (win_prev != tcp.window):
if (options.graph):
tmpfile.write("%s %s\n" % (packets, tcp.window))
else:
print "Window size changed to %d at %d" % (tcp.window, packets)
win_prev = tcp.window
if (options.graph != None):
if (options.batch != False):
plotter('set terminal png')
plotter('set output "' + options.graph + ".png")
tmpfile.flush()
plotter.plot(Gnuplot.File(tmpfile.name))
if (options.batch == False):
raw_input('Press return to exit')
else:
time.sleep(1)
def test_dhcpv4_encode(self):
p = dhcpv4()
assert (p != None)
p.op = pcs.packets.dhcpv4.BOOTREQUEST
p.htype = pcs.packets.dhcpv4.HTYPE_ETHER
p.hlen = 6 # sizeof(struct ether_addr)
p.hops = 99
p.xid = 0xABADCAFE
p.secs = 123
p.flags = pcs.packets.dhcpv4.BOOTP_BROADCAST
p.ciaddr = inet_atol("1.2.3.4")
p.yiaddr = inet_atol("5.6.7.8")
p.siaddr = inet_atol("9.10.11.12")
p.giaddr = inet_atol("13.14.15.16")
p.chaddr = ether_atob("00:01:02:03:04:05")
p.sname = "fubar"
p.file = "barfu"
# Append DHCP options, which MUST include the cookie.
p.options.append(dhcpv4_options.cookie().field())
# Maximum DHCP message size.
msz = dhcpv4_options.dhcp_max_message_size()
msz.value = 1460
p.options.append(msz.field())
# DHCP message type.
dhcp = dhcpv4_options.dhcp_message_type()
dhcp.value = DHCPDISCOVER
p.options.append(dhcp.field())
# DHCP vendor class.
vc = dhcpv4_options.dhcp_class_identifier()
vc.value = "FreeBSD:amd64:7-CURRENT"
p.options.append(vc.field())
# BOOTP options end marker.
end = dhcpv4_options.end()
p.options.append(end.field())
# Pad BOOTP payload to 32-bit width.
padlen = 4 - (len(p.bytes) % 4)
pad = dhcpv4_options.pad(padlen)
p.options.append(pad.field())
p.encode()
#hd = hexdumper()
#print p
#print hd.dump2(p.bytes)
gotttted = p.bytes
expected = \
"\x01\x01\x06\x63\xAB\xAD\xCA\xFE" \
"\x00\x7B\x80\x00\x01\x02\x03\x04" \
"\x05\x06\x07\x08\x09\x0A\x0B\x0C" \
"\x0D\x0E\x0F\x10\x00\x01\x02\x03" \
"\x04\x05\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x66\x75\x62\x61" \
"\x72\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x62\x61\x72\x66" \
"\x75\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x63\x82\x53\x63" \
"\x39\x02\x05\xB4\x35\x01\x01\x3C" \
"\x17\x46\x72\x65\x65\x42\x53\x44" \
"\x3A\x61\x6D\x64\x36\x34\x3A\x37" \
"\x2D\x43\x55\x52\x52\x45\x4E\x54" \
"\xFF\x00\x00\x00"
self.assertEqual(expected, gotttted, "test encoding")
def test_IN_EXPERIMENTAL(self):
classe = inet_atol("240.1.2.3")
self.assert_(IN_EXPERIMENTAL(classe) == True)
non_classe = inet_atol("30.40.50.60")
self.assert_(IN_EXPERIMENTAL(non_classe) == False)