def EthDecoder2(hdr, data):
eth = EthDecoder().decode(data)
smpPack = eth.child()
str1 = smpPack.__str__()
print "SMP Received: "+str1
return bytes11
def EthDecoder1(hdr, data):
eth = EthDecoder().decode(data)
ip = eth.child()
udp = ip.child()
nonce = udp.get_data_as_string()
print "Received: " + nonce
nonceMod = hex(int(nonce.encode("hex"), 16) + 1)[2:].decode("hex")
sendReply(nonceMod)
def EthDecoder1(hdr,data):
eth = EthDecoder().decode(data)
ip = eth.child()
udp = ip.child()
nonce=udp.get_data_as_string()
print "Received: "+nonce
nonceMod = hex(int(nonce.encode("hex"), 16) + 1)[2:].decode("hex") #nonce incremented
sendReply(nonceMod)
def recv_pkts(hdr, data):
packet = EthDecoder().decode(data)
packetChild = packet.child()
sourceIp = packetChild.get_ip_src()
if (sourceIp != self.getLocalIp()):
try:
newIp = socket.gethostbyaddr(sourceIp)[0]
if (newIp != self.lastIp):
self.lastIp = newIp
print(newIp)
#from 20 to 20 save in a set in every 5 min and save to db
except:
pass
def recv_pkts(hdr, data):
packet = EthDecoder().decode(data)
packetChild = packet.child()
sourceIp = packetChild.get_ip_src()
if (sourceIp != self.getLocalIp()):
try:
newIp = socket.gethostbyaddr(sourceIp)[0]
if (newIp != self.lastIp):
self.lastIp = newIp
print(newIp)
#from 20 to 20 save in a set in every 5 min and save to db
except:
pass
def EthDecoder1(hdr,data):
eth = EthDecoder().decode(data)
sdsReq = eth.child()
str1 = sdsReq.__str__()
print len(str1)
print str1
print "1 "+str1[5:9]+" 2 "+str1[10:14]
ver = str1[5:7]
typ = str1[7:9]
rlen = str1[10:14]
tid1 = (str1[15:17], str1[17:19], str1[20:22], str1[22:24])
tid = tuple(int('0x'+i, 16) for i in tid1)
sid1 = str1[25:29]+str1[30:34]+str1[35:39]+ str1[40:44]+str1[65:69] #sid in hex
sid4 = tuple(re.findall('..', sid1))
sid2 = tuple(chr(int('0x'+i, 16)) for i in sid4) #hex->char
sid3 = ''.join(sid2) #stringified
sid = tuple(int('0x'+i, 16) for i in sid4) #hex->dec
print ver, typ, rlen, tid, sid1, sid4, sid
role = int(str1[70:74],16)
print eth.get_ether_shost()
ep = smp_ep()
ep.serviceID = sid3
ep.r = role
res = directory_smp(ep)
print res
ethAddr = res[0]
port = res[1]
ttl = res[2]
sdsResp1 = SDSResponse()
sdsResp1.set_tid(tid)
sdsResp1.set_sid(sid)
sdsResp1.set_role(role)
sdsResp1.set_ethAddress(ethAddr)
sdsResp1.set_ttl(ttl)
sdsResp1.set_port(port)
ethResp = ImpactPacket.Ethernet()
ethResp.set_ether_type(eth.get_ether_type())
ethResp.set_ether_shost(eth.get_ether_dhost())
ethResp.set_ether_dhost(eth.get_ether_shost())
ethResp.contains(sdsResp1)
s1 = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(ETH_SDS_TYPE))
s1.bind(("eth0",0))
s1.send(ethResp.get_packet())
def recv_packet(hdr, data):
global bintime
global state
frame = EthDecoder().decode(data)
ip = frame.child()
udp = ip.child()
key = ip.get_ip_dst() + "__%s" % udp.get_uh_dport()
try:
state[key] += ip.get_ip_len()
except KeyError:
state[key] = ip.get_ip_len()
now = time()
if (bintime + REPORT_EVERY) < now:
bintime = now
print_report()
state = {}
def EthDecoder1(hdr,data):
eth = EthDecoder().decode(data)
sdsResp = eth.child()
str1 = sdsResp.__str__()
print str1
port = str1[-9:-5] + str1[-4:]
ttl = str1[-14:-10]
ethAddress = str1[-29:-25]+str1[-24:-20]+str1[-19:-15]
sid1 = str1[25:29]+str1[30:34]+str1[35:39]+ str1[40:44]+str1[65:69] #sid in hex
role1 = int(str1[70:74], 16)
tid = str1[15:19]+str1[20:24]
print port, ttl, ethAddress, sid1, role1, tid
if int('0x'+ttl, 16) > 0 : #checks for ttl expiry before sending
sock1 = socket.socket()
for key in tab_smp.keys():
if tab_smp[key] == (sid1, role1):
sock1 = tab_smp[key][0]
print sock1
break
smpPacket = SMP()
smpPacket.set_plen(bytes11)
smpPacket.set_dport(int('0x'+port, 16))
smpPacket.set_sport(SPORT)
smpPacket.contains(ImpactPacket.Data(buf1))
ethsmp = ImpactPacket.Ethernet()
ethsmp.set_ether_shost(ETH_MY_MAC)
ethAdd1 = re.findall('..', ethAddress)
ethAdd2 = tuple(int('0x'+i, 16) for i in ethAdd1)
ethsmp.set_ether_dhost(ethAdd2)
ethsmp.set_ether_type(ETH_SMP_TYPE)
ethsmp.contains(smpPacket)
sock1.send(ethsmp.get_packet())
return bytes11
def activateLearningMode(self):
f = open(self.location)
pcap = dpkt.pcap.Reader(f)
checker = ICMP6.ICMP6.protocol
listOfMessages = []
for ts, buf in pcap:
eth = EthDecoder().decode(buf)
ethChild = eth.child()
ethChild2 = ethChild.child()
try:
#print ethChild2
if ethChild2.get_ip_protocol_number() == 58:
destination_MAC_address = []
source_MAC_address = []
destination_MAC_address = eth.get_ether_dhost()
source_MAC_address = eth.get_ether_shost()
source_MAC_address_final = ""
destination_MAC_address_final = ""
override_flag = False
router_flag = False
x = 0
for x in range(6):
temp_decimal = source_MAC_address[x]
temp_hex = hex(temp_decimal)
source_MAC_address_final = source_MAC_address_final + temp_hex[2:] + ":"
temp_decimal = destination_MAC_address[x]
temp_hex = hex(temp_decimal)
destination_MAC_address_final = destination_MAC_address_final + temp_hex[2:] + ":"
source_MAC_address_final = source_MAC_address_final[:-1].zfill(2)
destination_MAC_address_final = destination_MAC_address_final[:-1]
target_link_layer_address = ""
packetData = (ethChild2.get_originating_packet_data())
packetHex = []
for data in packetData:
packetHex.append(hex(data))
# print packetHex
source_link_layer_address = ""
target_address = ""
ip_source_address = ethChild.get_source_address()
ip_destination_address = ethChild.get_destination_address()
ndp_message_number = ethChild2.get_type()
x = 0
#print packetHex
contains_source, offset = self.check_ipv6_options(packetHex)
if str(ndp_message_number) == "134": #Router Advertisement
if str(contains_source) == "true-source":
for x in range(6):
source_link_layer_address = source_link_layer_address + packetHex[x + offset + 1][
2:].zfill(2) + ":"
target_address = "n/a"
source_link_layer_address = source_link_layer_address[:-1]
target_link_layer_address = "n/a"
#print "*****************************************************************************************"
#print source_link_layer_address
#print "*****************************************************************************************"
else:
source_link_layer_address = "n/a"
message_details = SLAAC_Message.SLAAC_Message(ndp_message_number, source_link_layer_address,
ip_source_address, ip_destination_address,
source_MAC_address_final,
destination_MAC_address_final, target_address,
target_link_layer_address,override_flag,router_flag)
# print "-----------Packet Details----------"
# print "NDP Message Type %s" % message_details.get_ndp_message_number()
# print "Source Link Layer Address: %s" % message_details.get_source_link_layer_address()
# print "Source IPv6 Address %s " % message_details.get_ip_source_address()
# print "Destination IPv6 Address %s" % message_details.get_ip_destination_address()
# print "Source MAC Address %s" % message_details.get_source_MAC_address()
# print "Destination MAC Address %s" % message_details.get_destination_MAC_address()
# print "Target Address %s" % message_details.get_target_address()
# print "Target Link Layer Address %s" % message_details.get_target_link_layer_address()
# print "Override Flag %s" %message_details.get_override_flag()
# print "Router Flag %s" %message_details.get_router_flag()
# print "----------------END----------------"
listOfMessages.append(message_details)
except:
x = 1
#print "Packet Discarded"
#print "fail"
return listOfMessages
def sniffSlaac(self,buf):
#f = open(self.location)
#pcap = dpkt.pcap.Reader(f)
#checker = ICMP6.ICMP6.protocol
#listOfMessages = []
#i = 1
#for ts, buf in pcap:
eth = EthDecoder().decode(buf)
ethChild = eth.child()
ethChild2 = ethChild.child()
try:
#print ethChild2
if ethChild2.get_ip_protocol_number() == 58:
destination_MAC_address = []
source_MAC_address = []
destination_MAC_address = eth.get_ether_dhost()
source_MAC_address = eth.get_ether_shost()
source_MAC_address_final = ""
destination_MAC_address_final = ""
override_flag= False
router_flag = False
x = 0
for x in range(6):
temp_decimal = source_MAC_address[x]
temp_hex = hex(temp_decimal)
source_MAC_address_final = source_MAC_address_final + temp_hex[2:] + ":"
temp_decimal = destination_MAC_address[x]
temp_hex = hex(temp_decimal)
destination_MAC_address_final = destination_MAC_address_final + temp_hex[2:] + ":"
source_MAC_address_final = source_MAC_address_final[:-1].zfill(2)
destination_MAC_address_final = destination_MAC_address_final[:-1]
target_link_layer_address = ""
packetData = (ethChild2.get_originating_packet_data())
packetHex = []
for data in packetData:
packetHex.append(hex(data))
# print packetHex
source_link_layer_address = ""
target_address = ""
ip_source_address = ethChild.get_source_address()
ip_destination_address = ethChild.get_destination_address()
ndp_message_number = ethChild2.get_type()
x = 0
#print packetHex
contains_source, offset = self.check_ipv6_options(packetHex)
if str(ndp_message_number) == "134": #Router Advertisement
if str(contains_source) == "true-source":
for x in range(6):
source_link_layer_address = source_link_layer_address + packetHex[x + offset + 1][
2:].zfill(2) + ":"
target_address = "n/a"
source_link_layer_address = source_link_layer_address[:-1]
target_link_layer_address = "n/a"
#print "*****************************************************************************************"
#print source_link_layer_address
#print "*****************************************************************************************"
else:
source_link_layer_address = "n/a"
elif str(ndp_message_number) == "135": #Neighbor Solicitation
for x in range(16):
target_address = target_address + packetHex[x][2:].zfill(2)
if (x > 0):
if x % 2 != 0:
target_address = target_address + ":"
target_address = target_address[:-1]
target_link_layer_address = "n/a"
if str(contains_source) == "true-source":
for x in range(6):
source_link_layer_address = source_link_layer_address + packetHex[x + offset + 1][
2:].zfill(2) + ":"
source_link_layer_address = source_link_layer_address[:-1]
#print "*****************************************************************************************"
#print source_link_layer_address
#print "*****************************************************************************************"
else:
source_link_layer_address = "n/a"
elif str(ndp_message_number) == "136": #Neighbor Advertisement
#print ethChild2.get_router_flag() #sample code to get router flag of NA
#print ethChild2.get_override_flag()
#router_flag = ethChild2.get_router_flag()
#if router_flag == False:
# print "if else of flag worked"
if str(contains_source) == "true-target" and hex(ethChild2.child().get_bytes()[0:1][0]) == "0xa0":
for x in range(6):
target_link_layer_address = target_link_layer_address + packetHex[1 + offset + x][
2:].zfill(2) + ":"
target_link_layer_address = target_link_layer_address[:-1]
else:
target_link_layer_address = "n/a"
for x in range(16):
target_address = target_address + packetHex[x][2:].zfill(2)
if (x > 0):
if x % 2 != 0:
target_address = target_address + ":"
target_address = target_address[:-1]
override_flag = ethChild2.get_override_flag()
router_flag = ethChild2.get_router_flag()
message_details = SLAAC_Message.SLAAC_Message(ndp_message_number, source_link_layer_address,
ip_source_address, ip_destination_address,
source_MAC_address_final,
destination_MAC_address_final, target_address,
target_link_layer_address,override_flag,router_flag)
#detection_module.detect_rogue_advertisement(message_details)
#print "-----------Packet Details----------"
#print "NDP Message Type %s" % message_details.get_ndp_message_number()
#print "Source Link Layer Address: %s" % message_details.get_source_link_layer_address()
#print "Source IPv6 Address %s " % message_details.get_ip_source_address()
#print "Destination IPv6 Address %s" % message_details.get_ip_destination_address()
#print "Source MAC Address %s" % message_details.get_source_MAC_address()
#print "Destination MAC Address %s" % message_details.get_destination_MAC_address()
#print "Target Address %s" % message_details.get_target_address()
#print "Target Link Layer Address %s" % message_details.get_target_link_layer_address()
#print "Override Flag %s" %message_details.get_override_flag()
#print "Router Flag %s" %message_details.get_router_flag()
#print "----------------END----------------"
#detect_module = Detection()
#if message_details.get_ndp_message_number()=="134": #Last Hop Router Attack
# detect_module.detect_rogue_advertisement(message_details)
#elif message_details.get_ndp_message_number()=="135":#Dos in DAD
# detect_module.detect_dos_dad(message_details)
#elif message_details.get_ndp_message_number()=="136": #Neigbor Spoofing
# if ethChild2.get_router_flag()=="false":
# detect_module.detect_neighbor_spoofing((message_details))
#listOfMessages.append(message_details)
except:
# x = 1
print "Packet Discarded"
def EthDecoder1(hdr, data):
eth = EthDecoder().decode(data)
ip = eth.child()
udp = ip.child()
print "Received: " + udp.get_data_as_string()
def EthDecoder1(hdr, data):
eth = EthDecoder().decode(data)
ip = eth.child()
udp = ip.child()
print "Received: " + udp.get_data_as_string()
def activateLearningMode(self):
f = open(self.location)
pcap = dpkt.pcap.Reader(f)
checker = ICMP6.ICMP6.protocol
listOfMessages = []
for ts, buf in pcap:
eth = EthDecoder().decode(buf)
ethChild = eth.child()
ethChild2 = ethChild.child()
try:
#print ethChild2
if ethChild2.get_ip_protocol_number() == 58:
destination_MAC_address = []
source_MAC_address = []
destination_MAC_address = eth.get_ether_dhost()
source_MAC_address = eth.get_ether_shost()
source_MAC_address_final = ""
destination_MAC_address_final = ""
override_flag = False
router_flag = False
x = 0
for x in range(6):
temp_decimal = source_MAC_address[x]
temp_hex = hex(temp_decimal)
source_MAC_address_final = source_MAC_address_final + temp_hex[
2:] + ":"
temp_decimal = destination_MAC_address[x]
temp_hex = hex(temp_decimal)
destination_MAC_address_final = destination_MAC_address_final + temp_hex[
2:] + ":"
source_MAC_address_final = source_MAC_address_final[:
-1].zfill(
2)
destination_MAC_address_final = destination_MAC_address_final[:
-1]
target_link_layer_address = ""
packetData = (ethChild2.get_originating_packet_data())
packetHex = []
for data in packetData:
packetHex.append(hex(data))
# print packetHex
source_link_layer_address = ""
target_address = ""
ip_source_address = ethChild.get_source_address()
ip_destination_address = ethChild.get_destination_address()
ndp_message_number = ethChild2.get_type()
x = 0
#print packetHex
contains_source, offset = self.check_ipv6_options(
packetHex)
if str(ndp_message_number) == "134": #Router Advertisement
if str(contains_source) == "true-source":
for x in range(6):
source_link_layer_address = source_link_layer_address + packetHex[
x + offset + 1][2:].zfill(2) + ":"
target_address = "n/a"
source_link_layer_address = source_link_layer_address[:
-1]
target_link_layer_address = "n/a"
#print "*****************************************************************************************"
#print source_link_layer_address
#print "*****************************************************************************************"
else:
source_link_layer_address = "n/a"
message_details = SLAAC_Message.SLAAC_Message(
ndp_message_number, source_link_layer_address,
ip_source_address, ip_destination_address,
source_MAC_address_final,
destination_MAC_address_final, target_address,
target_link_layer_address, override_flag, router_flag)
# print "-----------Packet Details----------"
# print "NDP Message Type %s" % message_details.get_ndp_message_number()
# print "Source Link Layer Address: %s" % message_details.get_source_link_layer_address()
# print "Source IPv6 Address %s " % message_details.get_ip_source_address()
# print "Destination IPv6 Address %s" % message_details.get_ip_destination_address()
# print "Source MAC Address %s" % message_details.get_source_MAC_address()
# print "Destination MAC Address %s" % message_details.get_destination_MAC_address()
# print "Target Address %s" % message_details.get_target_address()
# print "Target Link Layer Address %s" % message_details.get_target_link_layer_address()
# print "Override Flag %s" %message_details.get_override_flag()
# print "Router Flag %s" %message_details.get_router_flag()
# print "----------------END----------------"
listOfMessages.append(message_details)
except:
x = 1
#print "Packet Discarded"
#print "fail"
return listOfMessages
def sniffSlaac(self, buf):
#f = open(self.location)
#pcap = dpkt.pcap.Reader(f)
#checker = ICMP6.ICMP6.protocol
#listOfMessages = []
#i = 1
#for ts, buf in pcap:
eth = EthDecoder().decode(buf)
ethChild = eth.child()
ethChild2 = ethChild.child()
try:
#print ethChild2
if ethChild2.get_ip_protocol_number() == 58:
destination_MAC_address = []
source_MAC_address = []
destination_MAC_address = eth.get_ether_dhost()
source_MAC_address = eth.get_ether_shost()
source_MAC_address_final = ""
destination_MAC_address_final = ""
override_flag = False
router_flag = False
x = 0
for x in range(6):
temp_decimal = source_MAC_address[x]
temp_hex = hex(temp_decimal)
source_MAC_address_final = source_MAC_address_final + temp_hex[
2:] + ":"
temp_decimal = destination_MAC_address[x]
temp_hex = hex(temp_decimal)
destination_MAC_address_final = destination_MAC_address_final + temp_hex[
2:] + ":"
source_MAC_address_final = source_MAC_address_final[:-1].zfill(
2)
destination_MAC_address_final = destination_MAC_address_final[:
-1]
target_link_layer_address = ""
packetData = (ethChild2.get_originating_packet_data())
packetHex = []
for data in packetData:
packetHex.append(hex(data))
# print packetHex
source_link_layer_address = ""
target_address = ""
ip_source_address = ethChild.get_source_address()
ip_destination_address = ethChild.get_destination_address()
ndp_message_number = ethChild2.get_type()
x = 0
#print packetHex
contains_source, offset = self.check_ipv6_options(packetHex)
if str(ndp_message_number) == "134": #Router Advertisement
if str(contains_source) == "true-source":
for x in range(6):
source_link_layer_address = source_link_layer_address + packetHex[
x + offset + 1][2:].zfill(2) + ":"
target_address = "n/a"
source_link_layer_address = source_link_layer_address[:
-1]
target_link_layer_address = "n/a"
#print "*****************************************************************************************"
#print source_link_layer_address
#print "*****************************************************************************************"
else:
source_link_layer_address = "n/a"
elif str(ndp_message_number) == "135": #Neighbor Solicitation
for x in range(16):
target_address = target_address + packetHex[x][
2:].zfill(2)
if (x > 0):
if x % 2 != 0:
target_address = target_address + ":"
target_address = target_address[:-1]
target_link_layer_address = "n/a"
if str(contains_source) == "true-source":
for x in range(6):
source_link_layer_address = source_link_layer_address + packetHex[
x + offset + 1][2:].zfill(2) + ":"
source_link_layer_address = source_link_layer_address[:
-1]
#print "*****************************************************************************************"
#print source_link_layer_address
#print "*****************************************************************************************"
else:
source_link_layer_address = "n/a"
elif str(ndp_message_number) == "136": #Neighbor Advertisement
#print ethChild2.get_router_flag() #sample code to get router flag of NA
#print ethChild2.get_override_flag()
#router_flag = ethChild2.get_router_flag()
#if router_flag == False:
# print "if else of flag worked"
if str(contains_source) == "true-target" and hex(
ethChild2.child().get_bytes()[0:1][0]) == "0xa0":
for x in range(6):
target_link_layer_address = target_link_layer_address + packetHex[
1 + offset + x][2:].zfill(2) + ":"
target_link_layer_address = target_link_layer_address[:
-1]
else:
target_link_layer_address = "n/a"
for x in range(16):
target_address = target_address + packetHex[x][
2:].zfill(2)
if (x > 0):
if x % 2 != 0:
target_address = target_address + ":"
target_address = target_address[:-1]
override_flag = ethChild2.get_override_flag()
router_flag = ethChild2.get_router_flag()
message_details = SLAAC_Message.SLAAC_Message(
ndp_message_number, source_link_layer_address,
ip_source_address, ip_destination_address,
source_MAC_address_final, destination_MAC_address_final,
target_address, target_link_layer_address, override_flag,
router_flag)
#detection_module.detect_rogue_advertisement(message_details)
#print "-----------Packet Details----------"
#print "NDP Message Type %s" % message_details.get_ndp_message_number()
#print "Source Link Layer Address: %s" % message_details.get_source_link_layer_address()
#print "Source IPv6 Address %s " % message_details.get_ip_source_address()
#print "Destination IPv6 Address %s" % message_details.get_ip_destination_address()
#print "Source MAC Address %s" % message_details.get_source_MAC_address()
#print "Destination MAC Address %s" % message_details.get_destination_MAC_address()
#print "Target Address %s" % message_details.get_target_address()
#print "Target Link Layer Address %s" % message_details.get_target_link_layer_address()
#print "Override Flag %s" %message_details.get_override_flag()
#print "Router Flag %s" %message_details.get_router_flag()
#print "----------------END----------------"
#detect_module = Detection()
#if message_details.get_ndp_message_number()=="134": #Last Hop Router Attack
# detect_module.detect_rogue_advertisement(message_details)
#elif message_details.get_ndp_message_number()=="135":#Dos in DAD
# detect_module.detect_dos_dad(message_details)
#elif message_details.get_ndp_message_number()=="136": #Neigbor Spoofing
# if ethChild2.get_router_flag()=="false":
# detect_module.detect_neighbor_spoofing((message_details))
#listOfMessages.append(message_details)
except:
# x = 1
print "Packet Discarded"
