def _process_packet(session: Session, packet: Packet,
must_inspect_strings: bool):
"""
Processes a single packet within its context thanks to the `Session` instance.
Parameters
----------
session : Session
The session the packet belongs to.
packet : Packet
To packet to be analysed.
must_inspect_strings : bool
Whether strings in the packet should be inspected or not. Can be pretty heavy on the CPU.
"""
if len(packet.layers
) > 3: # == tshark parsed something else than ETH, IP, TCP
for layer in packet.layers[3:]:
layer_name = layer.layer_name
if hasattr(layer, "_ws_malformed_expert"):
raise MalformedPacketException(
"[{}] session contains malformed packet in layer '{}'".
format(session, layer_name))
# Not based on layer name, can be found in different layers
if hasattr(layer, "nt_status") or (
hasattr(layer, "ntlmssp_identifier")
and layer.ntlmssp_identifier == "NTLMSSP"):
session.protocol = layer_name.upper()
ntlmssp.analyse(session, layer)
# Analyse the layer with the appropriate parser
if layer_name in parsers:
session.protocol = layer_name.upper()
parsers[layer_name].analyse(session, layer)
if must_inspect_strings:
strings = utils.extract_strings_splitted_on_end_of_line_from(packet)
emails_found = extract.extract_emails(strings)
credit_cards_found = extract.extract_credit_cards(strings)
for email in emails_found:
logger.info(session, "Found email address: " + email)
for credit_card in credit_cards_found:
logger.info(
session,
"Credit card '{}' found: '{}'".format(credit_card.name,
credit_card.number))
def analyse(session: Session, layer: Layer):
current_creds = session.credentials_being_built
if hasattr(layer, "version"):
session.protocol = "SNMPv" + str(int(layer.version) + 1)
elif hasattr(layer, "msgversion"):
session.protocol = "SNMPv" + layer.msgversion
else:
session.protocol = "SNMPv?"
if hasattr(layer, "community") \
and (session["community_string"] is None or session["community_string"] != layer.community):
current_creds.password = session["community_string"] = layer.community
logger.found(session, "community string found: " + layer.community)
session.validate_credentials()
elif hasattr(layer, "msgusername") and layer.msgusername != "msgUserName: "******"username"] is None or session["username"] != layer.msgusername):
current_creds.username = session["username"] = layer.msgusername
logger.found(session, "username found: " + layer.msgusername)
session.validate_credentials()