def main():
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
interfaceSelection = input("Please enter the interface to sniff-> ")
conn.bind((interfaceSelection, 0))
n = 0
print('[ALL]')
numberInput = input("Please enter numbers of packet to scan: ")
number = int(numberInput)
while True:
while n < number:
raw_data, addr = conn.recvfrom(65535)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
#IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
#ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(
icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
#TCP Segments
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
#UDP Segments
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
n += 1
else:
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
n += 1
sys.exit()
def main():
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
info =""
Data=""
# if StartCapture==1:
Tstart=int(round(time.time() * 1000))
#StartCapture=0
while True:
raw_data, addr = conn.recvfrom(65535)
l=[]
l.append(Tstart-int(round(time.time() * 1000)))
pcap.write(raw_data)
eth = Ethernet(raw_data)
#print('\nEthernet Frame:')
Data+="\nEthernet Frame:"+TAB_1 + "Destination:"+str(eth.dest_mac)+"Source: "+str(eth.src_mac)+"Protocol: "+str(eth.proto)
#print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
Data += TAB_2 + 'Protocol: ' + str(ipv4.proto) + ' Source:' + str(ipv4.src) + 'Target:' + str(ipv4.target)
# print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
l.append(ipv4.src)
l.append(ipv4.target)
# print(TAB_1 + 'IPv4 Packet:')
# print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
Data+=TAB_1 + 'IPv4 Packet:'+TAB_2 + 'Version:'+str(ipv4.version)+'Header Length:'+ str(ipv4.header_length)+'TTL:'+str(ipv4.ttl)
l.append(ipv4.header_length)
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
l.append('ICMP')
# print(TAB_1 + 'ICMP Packet:')
# print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
# print(TAB_2 + 'ICMP Data:')
# print(format_multi_line(DATA_TAB_3, icmp.data))
Data+=TAB_1 + 'ICMP Packet:'+TAB_2 + 'Type: '+str(icmp.type)+"Code:"+str(icmp.code)+"Checksum:"+str( icmp.checksum)+TAB_2 + 'ICMP Data:'+str(format_multi_line(DATA_TAB_3, icmp.data))
l.append(icmp.data)
l.append(" ")
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
#print(TAB_1 + 'TCP Segment:')
l.append('TCP')
#print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
info+=str(tcp.src_port)+"->"+str(tcp.dest_port)+"ACK="+str(tcp.flag_ack)+"len ="+str(len(tcp.data))
#print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
#print(TAB_2 + 'Flags:')
#print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
#print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
Data+=TAB_1 + 'TCP Segment:'+TAB_2 + 'Source Port:'+str(tcp.src_port)+"Destination Port:"+str( tcp.dest_port)+TAB_2 + 'Sequence:'+str(tcp.sequence)+" Acknowledgment:"+str(tcp.acknowledgment)
Data+=TAB_2 + 'Flags:'+TAB_3 + 'URG:'+str(tcp.flag_urg)+'ACK'+str(tcp.flag_ack)+'PSH'+str(tcp.flag_psh)+TAB_3 + 'RST:'+str(tcp.flag_rst)+'SYN'+str(tcp.flag_syn)+'FIN'+str(tcp.flag_fin)
l.append(tcp.data)
l.append(info)
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
Data+=TAB_2 + 'HTTP Data:'
# print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
Data+=DATA_TAB_3 + str(line)
# print(DATA_TAB_3 + str(line))
except:
# print(format_multi_line(DATA_TAB_3, tcp.data))
Data+=format_multi_line(DATA_TAB_3, tcp.data)
else:
# print(TAB_2 + 'TCP Data:')
# print(format_multi_line(DATA_TAB_3, tcp.data))
Data+=TAB_2 + 'TCP Data:'+format_multi_line(DATA_TAB_3, tcp.data)
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
l.append('UDB')
#print(TAB_1 + 'UDP Segment:')
#print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
Data+=TAB_1 + 'UDP Segment:'+TAB_2 + 'Source Port:'+str(udp.src_port)+'Destination Port:'+str( udp.dest_port)+'Length'+str(udp.size)
info += str(udp.src_port) + "->" +str (udp.dest_port) + "len =" + str(udp.size) # + "ACK=" + str(udp.flag_ack)
l.append(0)
l.append(info)
# Other IPv4
else:
#print(TAB_1 + 'Other IPv4 Data:')
l.append('other')
l.append(0)
l.append('other')
#print(format_multi_line(DATA_TAB_2, ipv4.data))
Data+=TAB_1 + 'Other IPv4 Data:'+format_multi_line(DATA_TAB_2, ipv4.data)
else:
#print('Ethernet Data:')
#print(format_multi_line(DATA_TAB_1, eth.data))
l.append(" ")#src
l.append(" ")#target
l.append(" ")#Hlength
l.append(" ")#protocol
Data+='Ethernet Data:'+format_multi_line(DATA_TAB_1, eth.data)
l.append(format_multi_line(DATA_TAB_1, eth.data))#hex
l.append(" ") # info
l.append(Data)
temp=l[3]
l[3]=l[4]
l[4]=temp
temp2=l[5]
l[5]=l[6]
l[6]=l[7]
l[7]=temp2
print (*l ,sep=',')
info=""
Data=""
pcap.close()
def driver():
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
def checkSniffer(eth, _listFrameEth):
_WarningEth = 0
listblackip1 = blackIP()
listblackip = listblackip1.readIP()
if eth.proto == 8:
ipv4 = IPv4(eth.data)
ipsource = ipv4.src
ipdesti = ipv4.target
proto = ipv4.proto
_tcpsrc_port = 0
_tcpdest_port = 0
_tcplendata = 0
if ipv4.proto != 6:
flagfin = 0
flagsyn = 0
flagrst = 0
flagpsh = 0
flagack = 0
flagurg = 0
else:
tcp = TCP(ipv4.data)
flagfin = int(tcp.flag_fin)
flagsyn = int(tcp.flag_syn)
flagrst = int(tcp.flag_rst)
flagpsh = int(tcp.flag_psh)
flagack = int(tcp.flag_ack)
flagurg = int(tcp.flag_urg)
_tcpsrc_port = tcp.src_port
_tcpdest_port = tcp.dest_port
_tcpldata = tcp.data
if (ipv4.proto == 6 and _tcpsrc_port == 80 or _tcpdest_port == 80):
_WarningEth = checkSqlInjection(HTTP(tcp.data)).check
elif ipsource == ipdesti:
_WarningEth = checkLandAttack(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn, flagrst, flagpsh, flagack, flagurg).check
elif (proto == 1):
icmp = ICMP(ipv4.data)
_lenicmp = len(icmp.data)
_WarningEth = checkpingofDead(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn, flagrst, flagpsh, flagack, flagurg, _lenicmp).check
elif(_WarningEth == 0 and proto == 6):
if (flagfin == 1
and flagurg == 1
and flagpsh == 1
and proto == 6):
_WarningEth = checkXmasScan(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn ,flagrst ,flagpsh, flagack, flagurg).check
elif(flagfin == 1
and proto == 6):
_WarningEth = checkFINScan(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn ,flagrst ,flagpsh, flagack, flagurg).check
elif(flagfin == 0
and flagsyn == 0
and flagrst == 0
and flagpsh == 0
and flagack == 0
and flagurg == 0
and proto == 6):
_WarningEth = checkNULLScan(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn ,flagrst ,flagpsh, flagack, flagurg).check
elif(ipv4.proto ==17 and len(UDP(ipv4.data).data) == 0):
_WarningEth = checkUDPscan(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn ,flagrst ,flagpsh, flagack, flagurg).check
RefeshlistFrame(_listFrameEth, ipsource, ipdesti, proto,flagfin, flagsyn ,flagrst ,flagpsh ,flagack ,flagurg)
AddtoFrame(_listFrameEth, ipsource, ipdesti, 1, proto, flagfin, flagsyn ,flagrst ,flagpsh ,flagack ,flagurg)
if(_WarningEth != 0):
inBlackIP = 0
for x in range(0,len(listblackip)):
if ipsource + '\n' == listblackip[x]:
inBlackIP = 1
if (inBlackIP == 0):
Ip = blackIP()
Ip.appendIP(ipsource+'\n')
elif(len(listblackip) > 0 and _WarningEth == 0):
for x in range(0,len(listblackip)):
if ipsource + '\n' == listblackip[x]:
_WarningEth = 99
if ipdesti + '\n' == listblackip[x]:
_WarningEth = 98
#printFrame(_listFrameEth)
return _WarningEth
def __init__(self, data):
self.src_mac = None
self.dest_mac = None
self.eth_type = None
self.ip_version = None
self.dest_ip = None
self.src_ip = None
self.ip_header_length= None
self.ttl = None
self.ip_protocol = None
self.dest_port = None
self.src_port = None
self.tcp_sequence = None
self.tcp_ack = None
self.tcp_flag_urg = None
self.tcp_flag_ack = None
self.tcp_flag_psh = None
self.tcp_flag_rst = None
self.tcp_flag_syn = None
self.tcp_flag_fin = None
self.udp_length = None
self.icmp_type = None
self.icmp_code = None
self.icmp_checksum = None
self.info = '-'
eth = Ethernet(data)
self.dest = self.dest_mac = eth.dest_mac
self.src = self.src_mac = eth.src_mac
self.proto = 'Ethernet II'
self.eth_type = eth.proto
self.length = eth.length
self.info = '-'
if eth.proto == 8:
ipv4 = IPv4(eth.data)
self.dest = ipv4.target
self.src = ipv4.src
self.proto = 'IPv4'
self.eth_type = 'IPv4'
self.ip_version = ipv4.version
self.dest_ip = ipv4.target
self.src_ip = ipv4.src
self.ip_header_length= ipv4.header_length
self.ttl = ipv4.ttl
if ipv4.proto == 1:
self.proto = 'ICMP'
self.ip_protocol = 'ICMP'
icmp = ICMP(ipv4.data)
self.icmp_type = icmp.type
self.icmp_code = icmp.code
self.icmp_checksum = icmp.checksum
elif ipv4.proto == 6:
self.proto = 'TCP'
self.ip_protocol = 'TCP'
tcp = TCP(ipv4.data)
self.dest_port = tcp.src_port
self.src_port = tcp.dest_port
self.tcp_sequence = tcp.sequence
self.tcp_ack = tcp.acknowledgment
self.tcp_flag_urg = tcp.flag_urg
self.tcp_flag_ack = tcp.flag_ack
self.tcp_flag_psh = tcp.flag_psh
self.tcp_flag_rst = tcp.flag_rst
self.tcp_flag_syn = tcp.flag_syn
self.tcp_flag_fin = tcp.flag_fin
elif ipv4.proto == 14:
self.proto = 'UDP'
udp = UDP(ipv4.data)
self.src_port = udp.src_port
self.dest_port = udp.dest_port
self.udp_length = udp.size
def main(type_addr=None, src=None, dest=None, file_name=None):
#code of .pcap file analyzer
if file_name != None:
file = open(file_name, 'rb')
pcapfile = savefile.load_savefile(file, verbose=True)
b = True
i = 1
try:
packet = pcapfile.packets[0]
raw_data = packet.raw()
size = packet.packet_len
except:
print("empty file !")
b = False
#code to read and analyze .pcap file with the protocol Linux cooked capture
while b:
if 1:
if 1:
#ipv4 = IPv4(eth.data)
ipv4 = IPv4(raw_data[16:])
if (type_addr == '-ip' and src == ipv4.src
and dest == ipv4.target
) or type_addr == '-m' or type_addr == None:
print(TAB_1 + 'IPv4 Packet: No:{}'.format(i))
print(
TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 +
'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# TCP
#elif ipv4.proto == 6:
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
add_info(ipv4.src, ipv4.target, tcp.sequence,
tcp.flag_fin, packet, tcp,
packet.packet_len)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.
format(tcp.src_port, tcp.dest_port))
print(TAB_2 +
'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
print(TAB_3 + 'WINDOW: {}'.format(tcp.win))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(
TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'
.format(udp.src_port, udp.dest_port, udp.size))
try:
packet = pcapfile.packets[i]
raw_data = packet.raw()
size = packet.packet_len
i += 1
except:
print("end of file ")
b = False
file.close()
#code of real time analyzer in a local network
else:
file = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
socket.ntohs(3))
i = 0
while True:
if keyboard.is_pressed('q'):
break
raw_data, addr = conn.recvfrom(65535)
i += 1
eth = Ethernet(raw_data)
if keyboard.is_pressed('q'): #press q to stop the sniffer
break
if (type_addr == '-m' and src == eth.src_mac and dest
== eth.dest_mac) or type_addr == None or type_addr == 'ip':
file.write(raw_data)
print('\nEthernet Frame:')
print(TAB_1 +
'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
i += 1
ipv4 = IPv4(eth.data)
if (type_addr == 'ip' and src == ipv4.src
and dest == ipv4.target
) or type_addr == '-m' or type_addr == None:
print(TAB_1 + 'IPv4 Packet: No:{}'.format(i))
print(
TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 +
'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# TCP
#elif ipv4.proto == 6:
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.
format(tcp.src_port, tcp.dest_port))
print(TAB_2 +
'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
print(TAB_3 + 'WINDOW: {}'.format(tcp.win))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(
TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'
.format(udp.src_port, udp.dest_port, udp.size))
file.close()
file1 = open('capture.pcap', 'rb')
pcapfile = savefile.load_savefile(file1, verbose=True)
j = 0
b = True
packet = pcapfile.packets[0]
raw_data = packet.raw()
size = packet.packet_len
while b:
eth = Ethernet(raw_data)
if (type_addr == '-m' and src == eth.src_mac and dest
== eth.dest_mac) or type_addr == None or type_addr == 'ip':
# IPv4
if eth.proto == 8:
i += 1
ipv4 = IPv4(eth.data)
if 1:
# TCP
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
add_info(ipv4.src, ipv4.target, tcp.sequence,
tcp.flag_fin, packet, tcp,
packet.packet_len)
try:
packet = pcapfile.packets[j]
raw_data = packet.raw()
size = packet.packet_len
j += 1
except:
print("end of file ")
b = False
file1.close()
def main():
#pcap is used to live capture network traffic
pcap = Pcap('capture.pcap')
#Creates a socket using
#Check that its compatible and make sure its in little or big indian
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
#Keeps looping and capturing data
while True:
#buffer size is set to 65535
raw_data, addr = conn.recvfrom(65535)
#storing the data
#capturing it
pcap.write(raw_data)
eth = Ethernet(raw_data)
#{} place order for each variable
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
#Unpacking IP Headers
# IPv4
#Make sure using regular internet traffic
#which is IPv4
if eth.proto == 8:
#calling class ip4
#passing capture data into class
#analysing and using its methods
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
#after analysing the capture data
#ipv4 determines which type of protocol the prackage is from
#1 for ICMP
ipv4 = IPv4(eth.data)
icmp = ICMP(ipv4.data)
#analyses using icmp class
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(
icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
#after analysing the capture data
#ipv4 determines which type of protocol the prackage is from
#6 for ICMP
tcp = TCP(ipv4.data)
#analyses using icmp class
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
#at least some thing is capture
if len(tcp.data) > 0:
#protocol port for HTTP is 80
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
#analyses using icmp class
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
#analyses using UDP class
# UDP
#17 for UDP
elif ipv4.proto == 17:
#analyses using UDP class
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
# Other
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
#this remaining is the payload of data
#data that meaningless or which we cant yet interpret
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
#closing the library after use
pcap.close()
def receive_packet(conn):
raw_data, addr = conn.recvfrom(65565)
packet = []
eth = Ethernet(raw_data)
packet.append(eth)
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
packet.append(ipv4)
# TCP
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
packet.append(tcp)
# print('SRC IP: {} SRC Port: {} DST IP: {} DST Port: {}'
# .format(ipv4.src, tcp.src_port, ipv4.target, tcp.dest_port))
# print('Data length: {}'.format(len(tcp.data)))
mapped = False
if not mapped:
try:
tcp.data.decode('utf-8')
except:
pass
else:
if len(tcp.data) == 12 and tcp.data.decode('utf-8')[:3] == 'RFB':
vnc = VNCProtocolVersion(tcp.data)
# print(vnc)
packet.append(vnc)
mapped = True
if not mapped:
try:
vnc = VNCClientMessage(tcp.data)
if vnc.message_code == 0 and len(tcp.data) >= 16:
# FramebufferUpdate
try:
vnc_cm = VNCFrameBufferUpdateMessage(tcp.data)
except:
raise Exception('Can\'t decode message as FramebufferUpdate message!')
else:
# print(vnc_cm)
packet.append(vnc_cm)
mapped = True
if vnc.message_code == 0 and len(tcp.data) == 20:
# SetPixelFormat
# print('Probably SetPixelFormat message!')
mapped = True
elif vnc.message_code == 2 and len(tcp.data) == 4:
# SetEncodings
# print('Probably SetEncodings message!')
mapped = True
elif vnc.message_code == 3 and len(tcp.data) == 10:
# FramebufferUpdateRequest
try:
vnc_cm = VNCFrameBufferUpdateRequestMessage(tcp.data)
except:
raise Exception('Can\'t decode message as FramebufferUpdateRequest message!')
else:
# print(vnc_cm)
packet.append(vnc_cm)
mapped = True
elif vnc.message_code == 4 and len(tcp.data) == 8:
# KeyEvent
try:
vnc_cm = VNCKeyEventMessage(tcp.data)
except:
raise Exception('Can\'t decode message as KeyEvent message!')
else:
# print(vnc_cm)
packet.append(vnc_cm)
mapped = True
elif vnc.message_code == 5 and (len(tcp.data) == 6 or len(tcp.data) == 12):
# PointerEvent
try:
vnc_cm = VNCPointerEventMessage(tcp.data)
except:
raise Exception('Can\'t decode message as PointerEvent message!')
else:
# print(vnc_cm)
packet.append(vnc_cm)
mapped = True
elif vnc.message_code == 6:
# ClientCutText
# print('Probably ClientCutText message!')
mapped = True
except Exception as e:
print('Unexpected error: {}'.format(e))
return packet
def main():
timed_packets_tcp = []
timed_packets_udp = []
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
# print('\nEthernet Frame:')
# print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
# Get count feature
# Analyze the packets for last two seconds.
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# print(TAB_1 + 'IPv4 Packet:')
# print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
# print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
# print(TAB_1 + 'ICMP Packet:')
# print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
# print(TAB_2 + 'ICMP Data:')
# print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
protocol_type = 6
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
try:
service = get_service_from_port(tcp.dest_port)
except:
try:
service = get_service_from_port(tcp.src_port)
except:
service = "private"
timed_packets_tcp, same_host_count, same_service_count, same_srv_rate, diff_srv_rate, diff_host_rate, land = two_sec_analysis_tcp(
timed_packets_tcp, eth.dest_mac, eth.src_mac, tcp.src_port,
tcp.dest_port, tcp.sequence, tcp.acknowledgment,
tcp.flag_urg)
classify(sess, protocol_type, service, land, same_host_count,
same_service_count, tcp.flag_urg, same_srv_rate,
diff_srv_rate, diff_host_rate)
# if tcp.flag_urg == 0 and tcp.flag_ack == 0 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 1 and tcp.flag_fin == 0:
# print("SYN Request Sent!")
# print("connection started")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 1 and tcp.flag_fin == 0:
# print("SYN-ACK Request Sent!")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
# print("ACK Request Sent!")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
# print("ACK Request Sent!")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
# print("ACK Request Sent!")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
# print("ACK Request Sent!")
# pass
# if len(tcp.data) > 0:
# # HTTP
# if tcp.src_port == 80 or tcp.dest_port == 80:
# # print(TAB_2 + 'HTTP Data:')
# try:
# http = HTTP(tcp.data)
# http_info = str(http.data).split('\n')
# for line in http_info:
# print(DATA_TAB_3 + str(line))
# except:
# print("")
# # print(format_multi_line(DATA_TAB_3, tcp.data))
# else:
# print("")
# # print(TAB_2 + 'TCP Data:')
# # print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
protocol_type = 17
service = 'other'
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
flag_urg = 0
timed_packets_udp, same_host_count, same_service_count, same_srv_rate, diff_srv_rate, diff_host_rate, land = two_sec_analysis_udp(
timed_packets_udp, eth.dest_mac, eth.src_mac, udp.src_port,
udp.dest_port)
classify(sess, protocol_type, service, land, same_host_count,
same_service_count, flag_urg, same_srv_rate,
diff_srv_rate, diff_host_rate)
# Other IPv4
else:
print("")
# print(TAB_1 + 'Other IPv4 Data:')
# print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print("")
# print('Ethernet Data:')
# print(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
#if eth.proto == 8:
# ipv4 = IPv4(eth.data)
# print('IPv4 Packet:')
# print('Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
# print('Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
def index(request):
answer = ''
answer.append(str('<head><style>table, th, td {border: 1px solid black;border-collapse: collapse;}</style></head><body><table><tr><th>Time Stamp</th><th>Destination MAC</th><th>Source MAC</th><th>Protocol</th><th>IP Version</th><th>IP Header Length</th><th>TTL</th><th>Protocol</th><th>Source IP</th><th>Target IP</th><th>Source Port</th><th>Destination Port</th><th>Length</th></tr>'))
for raw_data in range(5):
raw_data , addr = s.recvfrom(65565)
pcap.write(raw_data)
unpacked = struct.unpack('@ I H H i I I I I I I I', raw_data[:40])
timestamp = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(unpacked))
eth = Ethernet(raw_data)
ipv4 = IPv4(eth.data)
icmp = ICMP ( ipv4.data )
tcp = TCP (ipv4.data)
udp = UDP (ipv4.data)
# pcap =Pcap(pcap.data)
answer.append (str('<tr><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th></tr>'.format(timestamp, eth.dest_mac, eth.src_mac, eth.proto, ipv4.version, ipv4.header_length, ipv4.ttl, nipv4.proto, ipv4.src, ipv4.target, tcp.src_port, tcp.dest_port, udp.src_port, udp.dest_port, udp.size)))
answer.append (str('</table></body>'))
return HttpResponse(answer)
def main():
# output txt file name
output_file_name = 'task_1b_output.txt'
# remove the previously generated output txt file if exists
if os.path.exists(output_file_name):
os.remove(output_file_name)
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
data_from_server = ''
data_from_client = ''
try:
output_file = open(output_file_name, 'w')
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
now = datetime.now()
current_time = now.strftime("%H:%M:%S")
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# TCP
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
if len(tcp.data) > 0:
if tcp.src_port == 3333:
# print("[BOT to PC] [" + ipv4.src + "]" + " to " + "[" + ipv4.target + "]" + " > " + tcp.data.decode("utf-8"))
print("-------------------------")
printColour(current_time + " [BOT to PC] [" +
ipv4.src + "]" + " to " + "[" +
ipv4.target + "]" + " > ",
"green",
end='')
printColour(tcp.data.decode("utf-8"),
"red",
end='\n')
data_from_server = tcp.data.decode("utf-8")
# print(type(data_from_server))
if (data_from_server.count('@') == 2):
output_file.write(
encode(
random_string(6) +
str(data_from_server) +
random_string(6)) + '\n')
if tcp.dest_port == 3333:
# print("[PC to BOT] [" + ipv4.src + "]" + " to " + "[" + ipv4.target + "]" + " > " + tcp.data.decode("utf-8"))
print("-------------------------")
printColour(current_time + " [PC to BOT] [" +
ipv4.src + "]" + " to " + "[" +
ipv4.target + "]" + " > ",
"green",
end='')
printColour(tcp.data.decode("utf-8"),
"cyan",
end='\n')
data_from_client = tcp.data.decode("utf-8")
# print(type(data_from_client))
if (data_from_client.count('#') == 2):
output_file.write(
encode(
random_string(6) +
str(data_from_client) +
random_string(6)) + '\n')
# if (data_from_server.count('@') == 2) and (data_from_client.count('#') == 2):
# output_file.write(encode(random_string(6) + str(data_from_server) + random_string(6)) + '\n')
# output_file.write(encode(random_string(6) + str(data_from_client) + random_string(6)) + '\n')
pcap.close()
output_file.close()
except KeyboardInterrupt as e:
print('\n\nSee ya !')
os.chmod(output_file_name, (S_IRWXG | S_IRWXO | S_IRWXU))
exit()
def main(file_name, type_addr=None, src=None, dest=None):
file = open(file_name, 'rb')
pcapfile = savefile.load_savefile(file, verbose=True)
b = True
i = 1
try:
packet = pcapfile.packets[0]
raw_data = packet.raw()
except:
print("end of file ")
b = False
while b:
eth = Ethernet(raw_data)
if (type_addr == '-m' and src == eth.src_mac and dest
== eth.dest_mac) or type_addr == None or type_addr == 'ip':
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
if (type_addr == 'ip' and src == ipv4.src
and dest == ipv4.target
) or type_addr == '-m' or type_addr == None:
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 +
'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# TCP
#elif ipv4.proto == 6:
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 +
'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
#if len(tcp.data) > 0 :
# print(TAB_3 + 'WINDOW: {}'.format(struct.unpack('! H', tcp.data[:2]))
if len(tcp.data) > 0:
print(TAB_3 + 'WINDOW: {}'.format(tcp.win))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(
TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'
.format(udp.src_port, udp.dest_port, udp.size))
try:
packet = pcapfile.packets[i]
raw_data = packet.raw()
i += 1
except:
print("end of file ")
b = False
file.close()
def printSniffer(eth, count, _Warning):
if eth.proto == 8:
#print(TAB_1 + 'ethproto=8')
ipv4 = IPv4(eth.data)
ipv4src = ipv4.src.__str__()
ipv4target = ipv4.target.__str__()
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
icmpinfo = 'Type:' + icmp.type.__str__(
) + 'Code' + icmp.code.__str__(
) + 'Checksum' + icmp.checksum.__str__()
print('{0:5}\t{1:8}\t{2:15}\t{3:15}\t{4:8}\t{5:6}\t\t{6}'.format(
count.__str__(), "Timeeeee", ipv4.src, ipv4.target, 'ICMP',
len(icmp.data).__str__(), _Warning.__str__()))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
tcpinfo = 'SrcPort:{}, DestPort:{}'.format(
tcp.src_port,
tcp.dest_port) + ' Sequence:{}, Acknowledgment:{}'.format(
tcp.sequence,
tcp.acknowledgment) + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack,
tcp.flag_psh) + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin)
'''
if len(tcp.data) > 0:
#HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
#print(format_multi_line(DATA_TAB_3, tcp.data))
'''
print('{0:5}\t{1:8}\t{2:15}\t{3:15}\t{4:8}\t{5:6}\t\t{6}'.format(
count, 'Timeeeee', ipv4.src, ipv4.target, 'TCP', len(tcp.data),
_Warning))
# UDP
elif ipv4.proto == 17:
#print(TAB_1 + 'ethproto=17')
udp = UDP(ipv4.data)
udpinfo = 'SrcPort: {}, DestPort:{}, Length'.format(
udp.src_port, udp.dest_port, udp.size)
#print(TAB_1 + 'UDP Segment:')
#print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port,udp.size))
print('{0:5}\t{1:8}\t{2:15}\t{3:15}\t{4:8}\t{5:6}\t\t{6}'.format(
count, "Timeeeee", ipv4.src, ipv4.target, 'UDP', len(udp.data),
_Warning))
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print('Ethernet Data: = Protocol != 8 {}'.format(eth.proto))