def recv_flow(self, flow):
if self.raw:
if flow.state == dsniff.FLOW_START:
flow.save['rawf'] = open('/tmp/%s.flow' % id(flow), 'wb')
elif flow.state == dsniff.FLOW_END:
flow.save['rawf'].close()
if flow.client.data:
self._grep_data(flow, flow.client.data, '>')
elif flow.server.data:
self._grep_data(flow, flow.server.data, '<')
class NgrepProgram(dsniff.Program):
def getopt(self, argv):
super(NgrepProgram, self).getopt(argv)
if self.args:
dsniff.config['ngrep'] = { 'pat':re.compile(self.args.pop(0)) }
if __name__ == '__main__':
dsniff.set_usage('%prog [options] [pattern [filter]]')
dsniff.add_option('-x', dest='ngrep.hex', action='store_true',
help='hexdump output')
dsniff.add_option('-k', dest='ngrep.kill', action='store_true',
help='kill matching TCP connections')
dsniff.add_option('-q', dest='ngrep.quiet', action='store_true',
help='no content output')
dsniff.add_option('-n', dest='ngrep.noheader', action='store_true',
help='no header output')
dsniff.add_option('-r', dest='ngrep.raw', action='store_true',
help='raw output')
dsniff.main()
self._grep_data(flow, flow.client.data, '>')
elif flow.server.data:
self._grep_data(flow, flow.server.data, '<')
class NgrepProgram(dsniff.Program):
def getopt(self, argv):
super(NgrepProgram, self).getopt(argv)
if self.args:
dsniff.config['ngrep'] = {'pat': re.compile(self.args.pop(0))}
if __name__ == '__main__':
dsniff.set_usage('%prog [options] [pattern [filter]]')
dsniff.add_option('-x',
dest='ngrep.hex',
action='store_true',
help='hexdump output')
dsniff.add_option('-k',
dest='ngrep.kill',
action='store_true',
help='kill matching TCP connections')
dsniff.add_option('-q',
dest='ngrep.quiet',
action='store_true',
help='no content output')
dsniff.add_option('-n',
dest='ngrep.noheader',
action='store_true',
help='no header output')
dsniff.add_option('-r',
dest='ngrep.raw',
try:
self.cache = cPickle.load(open(self.filename))
print >>sys.stderr, 'loaded %s entries from %s' % (len(self.cache), self.filename)
except IOError:
self.cache = {}
self.subscribe('pcap', 'arp[6:2] = 2', self.recv_pkt)
def teardown(self):
cPickle.dump(self.cache, open(self.filename, 'wb'))
print >>sys.stderr, 'saved %s entries to %s' % (len(self.cache), self.filename)
def recv_pkt(self, pc, pkt):
arp = dpkt.ethernet.Ethernet(pkt).arp
try:
old = self.cache[arp.spa]
if old != arp.sha:
self.cache[arp.spa] = arp.sha
print 'CHANGE: %s is-at %s (was-at %s)' % \
(dnet.ip_ntoa(arp.spa), dnet.eth_ntoa(arp.sha),
dnet.eth_ntoa(old))
except KeyError:
self.cache[arp.spa] = arp.sha
print 'NEW: %s is-at %s' % (dnet.ip_ntoa(arp.spa),
dnet.eth_ntoa(arp.sha))
if __name__ == '__main__':
dsniff.add_option('-f', dest='arpwatch.filename',
default='/var/run/arpwatch.pkl',
help='cache file')
dsniff.main()
except IOError:
self.cache = {}
self.subscribe('pcap', 'arp[6:2] = 2', self.recv_pkt)
def teardown(self):
cPickle.dump(self.cache, open(self.filename, 'wb'))
print >> sys.stderr, 'saved %s entries to %s' % (len(
self.cache), self.filename)
def recv_pkt(self, pc, pkt):
arp = dpkt.ethernet.Ethernet(pkt).arp
try:
old = self.cache[arp.spa]
if old != arp.sha:
self.cache[arp.spa] = arp.sha
print 'CHANGE: %s is-at %s (was-at %s)' % \
(dnet.ip_ntoa(arp.spa), dnet.eth_ntoa(arp.sha),
dnet.eth_ntoa(old))
except KeyError:
self.cache[arp.spa] = arp.sha
print 'NEW: %s is-at %s' % (dnet.ip_ntoa(
arp.spa), dnet.eth_ntoa(arp.sha))
if __name__ == '__main__':
dsniff.add_option('-f',
dest='arpwatch.filename',
default='/var/run/arpwatch.pkl',
help='cache file')
dsniff.main()
