def test_read_block_sectionheader_littleendian_with_options(): scanner = FileScanner( io.BytesIO( b"\x0a\x0d\x0d\x0a" # Magic number b"\x60\x00\x00\x00" # Block size (96 bytes) b"\x4d\x3c\x2b\x1a" # Magic number b"\x01\x00\x00\x00" # Version b"\xff\xff\xff\xff\xff\xff\xff\xff" # Undefined section length # Options b'\x01\x00\x0e\x00Just a comment\x00\x00' b'\x02\x00\x0b\x00My Computer\x00' b'\x03\x00\x05\x00My OS\x00\x00\x00' b'\x04\x00\x0a\x00A fake app\x00\x00' b"\x00\x00\x00\x00" b"\x60\x00\x00\x00" # Block size (96 bytes) )) blocks = list(scanner) assert len(blocks) == 1 block = blocks[0] assert isinstance(block, SectionHeader) assert block.endianness == '<' assert block.version == (1, 0) assert block.length == -1 assert isinstance(block.options, Options) assert len(block.options) == 4 assert block.options['opt_comment'] == 'Just a comment' assert block.interfaces == {} assert repr(block) == ( "<SectionHeader version=1.0 endianness='<' length=-1 options={0}>". format(repr(block.options)))
def test_sample_test006_ntar(filename): # Note: See the comment below this function # test006.ntar is reporting an incorrect size, which causes the # test to fail. Is this the expected behavior? with open(filename, 'rb') as fp: scanner = FileScanner(fp) blocks = list(scanner) # Section header, interface description, then what?? assert len(blocks) == 3 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == '<' assert blocks[0].version == (1, 0) assert blocks[0].length == -1 assert len(blocks[0].options) == 0 assert len(blocks[0].interfaces) == 1 assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].link_type == 2 assert blocks[1].snaplen == 96 assert len(blocks[1].options) == 2 assert blocks[1].options['if_speed'] == (10**8) # 100Mbit assert blocks[1].options['if_description'] == \ 'Stupid ethernet interface\x00' assert isinstance(blocks[2], Packet) assert blocks[2].interface_id == 0
def test_sample_test005_ntar(): with open('test_data/test005.ntar', 'rb') as fp: scanner = FileScanner(fp) blocks = list(scanner) # Section header, interface description assert len(blocks) == 2 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == '<' assert blocks[0].version == (1, 0) assert blocks[0].length == -1 assert len(blocks[0].options) == 0 assert len(blocks[0].interfaces) == 1 assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].link_type == 0x04d8 # ??? assert blocks[1].snaplen == 0x7c assert len(blocks[1].options) == 2 assert blocks[1].options.get_raw( 'if_speed') == b'\x00\xe4\x0b\x54\x02\x00\x00\x00' # noqa assert blocks[1].options['if_speed'] == 0x00000002540be400 assert blocks[1].options['if_speed'] == (10**10) # 10Gbit assert blocks[1].options['if_description'] == \ 'Stupid ethernet interface\x00'
def test_read_block_interface_nondefault_tsresol(): scanner = FileScanner( io.BytesIO( # ---------- Section header b"\x0a\x0d\x0d\x0a" # Magic number b"\x00\x00\x00\x20" # Block size (32 bytes) b"\x1a\x2b\x3c\x4d" # Magic number b"\x00\x01\x00\x00" # Version b"\xff\xff\xff\xff\xff\xff\xff\xff" # Undefined section length b"\x00\x00\x00\x00" # Empty options b"\x00\x00\x00\x20" # Block size (32 bytes) # ---------- Interface description b'\x00\x00\x00\x01' # block magic b'\x00\x00\x00\x20' # block syze (64 bytes) b'\x00\x01' # link type b'\x00\x00' # reserved block b'\x00\x00\xff\xff' # size limit b'\x00\x09\x00\x01' b'\x0c\x00\x00\x00' # if_tsresol (+padding) b'\x00\x00\x00\x00' # end of options b'\x00\x00\x00\x20' # block syze (64 bytes) )) blocks = list(scanner) assert len(blocks) == 2 assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].options['if_tsresol'] == b'\x0c' assert 'if_tsresol' in blocks[1].options assert blocks[1].timestamp_resolution == 1e-12
def test_sample_test005_ntar(): with open("test_data/test005.ntar", "rb") as fp: scanner = FileScanner(fp) blocks = list(scanner) # Section header, interface description assert len(blocks) == 2 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == "<" assert blocks[0].version == (1, 0) assert blocks[0].length == -1 assert len(blocks[0].options) == 0 assert len(blocks[0].interfaces) == 1 assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].link_type == 0x04D8 # ??? assert blocks[1].snaplen == 0x7C assert len(blocks[1].options) == 2 assert (blocks[1].options.get_raw("if_speed") == b"\x00\xe4\x0b\x54\x02\x00\x00\x00") # noqa assert blocks[1].options["if_speed"] == 0x00000002540BE400 assert blocks[1].options["if_speed"] == (10**10) # 10Gbit assert blocks[1].options[ "if_description"] == "Stupid ethernet interface\x00"
def test_read_block_interface_unknown_link_type(): scanner = FileScanner( io.BytesIO( # ---------- Section header b"\x0a\x0d\x0d\x0a" # Magic number b"\x00\x00\x00\x20" # Block size (32 bytes) b"\x1a\x2b\x3c\x4d" # Magic number b"\x00\x01\x00\x00" # Version b"\xff\xff\xff\xff\xff\xff\xff\xff" # Undefined section length b"\x00\x00\x00\x00" # Empty options b"\x00\x00\x00\x20" # Block size (32 bytes) # ---------- Interface description b'\x00\x00\x00\x01' # block magic b'\x00\x00\x00\x18' # block syze b'\xff\x01' # link type (unknown) b'\x00\x00' # reserved block b'\x00\x00\xff\xff' # size limit b'\x00\x00\x00\x00' # end of options b'\x00\x00\x00\x18' # block syze (64 bytes) )) blocks = list(scanner) assert len(blocks) == 2 assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].link_type == 0xff01 assert blocks[1].link_type_description == 'Unknown link type: 0xff01'
def test_sample_test006_ntar(filename): # Note: See the comment below this function # test006.ntar is reporting an incorrect size, which causes the # test to fail. Is this the expected behavior? with open(filename, "rb") as fp: scanner = FileScanner(fp) blocks = list(scanner) # Section header, interface description, then what?? assert len(blocks) == 3 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == "<" assert blocks[0].version == (1, 0) assert blocks[0].length == -1 assert len(blocks[0].options) == 0 assert len(blocks[0].interfaces) == 1 assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].link_type == 2 assert blocks[1].snaplen == 96 assert len(blocks[1].options) == 2 assert blocks[1].options["if_speed"] == (10**8) # 100Mbit assert blocks[1].options[ "if_description"] == "Stupid ethernet interface\x00" assert isinstance(blocks[2], ObsoletePacket) assert blocks[2].interface_id == 0 assert blocks[2].options["pack_flags"].inout == "NA" assert blocks[2].options["pack_flags"].casttype == "NA" assert blocks[2].options["pack_flags"].fcslen == 0 assert blocks[2].options["pack_flags"].reserved == 0 assert blocks[2].options["pack_flags"].err_16 is False assert blocks[2].options["pack_flags"].err_17 is False assert blocks[2].options["pack_flags"].err_18 is False assert blocks[2].options["pack_flags"].err_19 is False assert blocks[2].options["pack_flags"].err_20 is False assert blocks[2].options["pack_flags"].err_21 is False assert blocks[2].options["pack_flags"].err_22 is False assert blocks[2].options["pack_flags"].err_23 is False assert blocks[2].options["pack_flags"].err_crc is False assert blocks[2].options["pack_flags"].err_long is False assert blocks[2].options["pack_flags"].err_short is False assert blocks[2].options["pack_flags"].err_frame_gap is False assert blocks[2].options["pack_flags"].err_frame_align is False assert blocks[2].options["pack_flags"].err_frame_delim is False assert blocks[2].options["pack_flags"].err_preamble is False assert blocks[2].options["pack_flags"].err_symbol is False
def test_sample_test006_ntar(filename): # Note: See the comment below this function # test006.ntar is reporting an incorrect size, which causes the # test to fail. Is this the expected behavior? with open(filename, 'rb') as fp: scanner = FileScanner(fp) blocks = list(scanner) # Section header, interface description, then what?? assert len(blocks) == 3 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == '<' assert blocks[0].version == (1, 0) assert blocks[0].length == -1 assert len(blocks[0].options) == 0 assert len(blocks[0].interfaces) == 1 assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].link_type == 2 assert blocks[1].snaplen == 96 assert len(blocks[1].options) == 2 assert blocks[1].options['if_speed'] == (10**8) # 100Mbit assert blocks[1].options['if_description'] == \ 'Stupid ethernet interface\x00' assert isinstance(blocks[2], ObsoletePacket) assert blocks[2].interface_id == 0 assert blocks[2].options['pack_flags'].inout == 'NA' assert blocks[2].options['pack_flags'].casttype == 'NA' assert blocks[2].options['pack_flags'].fcslen == 0 assert blocks[2].options['pack_flags'].reserved == 0 assert blocks[2].options['pack_flags'].err_16 == False assert blocks[2].options['pack_flags'].err_17 == False assert blocks[2].options['pack_flags'].err_18 == False assert blocks[2].options['pack_flags'].err_19 == False assert blocks[2].options['pack_flags'].err_20 == False assert blocks[2].options['pack_flags'].err_21 == False assert blocks[2].options['pack_flags'].err_22 == False assert blocks[2].options['pack_flags'].err_23 == False assert blocks[2].options['pack_flags'].err_crc == False assert blocks[2].options['pack_flags'].err_long == False assert blocks[2].options['pack_flags'].err_short == False assert blocks[2].options['pack_flags'].err_frame_gap == False assert blocks[2].options['pack_flags'].err_frame_align == False assert blocks[2].options['pack_flags'].err_frame_delim == False assert blocks[2].options['pack_flags'].err_preamble == False assert blocks[2].options['pack_flags'].err_symbol == False
def test_sample_test001_ntar(): with open('test_data/test001.ntar', 'rb') as fp: scanner = FileScanner(fp) blocks = list(scanner) # There is just a section header assert len(blocks) == 1 assert blocks[0].endianness == '<' assert blocks[0].version == (1, 0) assert blocks[0].length == -1 assert len(blocks[0].options) == 0 assert len(blocks[0].interfaces) == 0
def test_read_block_interface_bigendian(): scanner = FileScanner( io.BytesIO( # ---------- Section header b"\x0a\x0d\x0d\x0a" # Magic number b"\x00\x00\x00\x20" # Block size (32 bytes) b"\x1a\x2b\x3c\x4d" # Magic number b"\x00\x01\x00\x00" # Version b"\xff\xff\xff\xff\xff\xff\xff\xff" # Undefined section length b"\x00\x00\x00\x00" # Empty options b"\x00\x00\x00\x20" # Block size (32 bytes) # ---------- Interface description b"\x00\x00\x00\x01" # block magic b"\x00\x00\x00\x40" # block syze (64 bytes) b"\x00\x01" # link type b"\x00\x00" # reserved block b"\x00\x00\xff\xff" # size limit b"\x00\x02\x00\x04" b"eth0" # if_name b"\x00\x09\x00\x01" b"\x06\x00\x00\x00" # if_tsresol (+padding) b"\x00\x0c\x00\x13" b"Linux 3.2.0-4-amd64\x00" # if_os b"\x00\x00\x00\x00" # end of options b"\x00\x00\x00\x40" # block syze (64 bytes) ) ) blocks = list(scanner) assert len(blocks) == 2 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == ">" assert blocks[0].interfaces == {0: blocks[1]} assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].link_type == 0x01 assert blocks[1].link_type_description == "D/I/X and 802.3 Ethernet" assert blocks[1].snaplen == 0xFFFF assert blocks[1].options["if_name"] == "eth0" assert blocks[1].options["if_tsresol"] == b"\x06" assert blocks[1].timestamp_resolution == 1e-6 assert blocks[1].options["if_os"] == "Linux 3.2.0-4-amd64" assert blocks[1].reserved == 0 assert repr(blocks[1]) == ( "<InterfaceDescription link_type=1 reserved={reserved} " "snaplen=65535 options={options}>".format( options=repr(blocks[1].options), reserved=repr(blocks[1].reserved) ) )
def test_read_block_interface_bigendian(): scanner = FileScanner( io.BytesIO( # ---------- Section header "\x0a\x0d\x0d\x0a" # Magic number "\x00\x00\x00\x20" # Block size (32 bytes) "\x1a\x2b\x3c\x4d" # Magic number "\x00\x01\x00\x00" # Version "\xff\xff\xff\xff\xff\xff\xff\xff" # Undefined section length "\x00\x00\x00\x00" # Empty options "\x00\x00\x00\x20" # Block size (32 bytes) # ---------- Interface description '\x00\x00\x00\x01' # block magic '\x00\x00\x00\x40' # block syze (64 bytes) '\x00\x01' # link type '\x00\x00' # reserved block '\x00\x00\xff\xff' # size limit '\x00\x02\x00\x04' 'eth0' # if_name '\x00\x09\x00\x01' '\x06\x00\x00\x00' # if_tsresol (+padding) '\x00\x0c\x00\x13' 'Linux 3.2.0-4-amd64\x00' # if_os '\x00\x00\x00\x00' # end of options '\x00\x00\x00\x40' # block syze (64 bytes) )) blocks = list(scanner) assert len(blocks) == 2 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == '>' assert blocks[0].interfaces == {0: blocks[1]} assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].link_type == 0x01 assert blocks[1].link_type_description == 'D/I/X and 802.3 Ethernet' assert blocks[1].snaplen == 0xffff assert blocks[1].options['if_name'] == 'eth0' assert blocks[1].options['if_tsresol'] == '\x06' assert blocks[1].timestamp_resolution == 1e-6 assert blocks[1].options['if_os'] == 'Linux 3.2.0-4-amd64' assert repr(blocks[1]) == ( "<InterfaceDescription link_type=1 reserved='\\x00\\x00' " "snaplen=65535 options={options}>".format( options=repr(blocks[1].options)))
def test_sample_test004_ntar(): with open("test_data/test004.ntar", "rb") as fp: scanner = FileScanner(fp) blocks = list(scanner) # Section header assert len(blocks) == 1 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == "<" assert blocks[0].version == (1, 0) assert blocks[0].length == -1 assert len(blocks[0].options) == 2 assert blocks[0].options["shb_os"] == "Windows XP\x00" # (why NULL?) assert blocks[0].options["shb_userappl"] == "Test004.exe\x00" assert len(blocks[0].interfaces) == 0
def test_sample_test004_ntar(): with open('test_data/test004.ntar', 'rb') as fp: scanner = FileScanner(fp) blocks = list(scanner) # Section header assert len(blocks) == 1 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == '<' assert blocks[0].version == (1, 0) assert blocks[0].length == -1 assert len(blocks[0].options) == 2 assert blocks[0].options['shb_os'] == 'Windows XP\x00' # (why NULL?) assert blocks[0].options['shb_userappl'] == 'Test004.exe\x00' assert len(blocks[0].interfaces) == 0
def test_sample_test002_ntar(): with open("test_data/test002.ntar", "rb") as fp: scanner = FileScanner(fp) blocks = list(scanner) # Section header, interface description assert len(blocks) == 2 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == "<" assert blocks[0].version == (1, 0) assert blocks[0].length == -1 assert len(blocks[0].options) == 0 assert len(blocks[0].interfaces) == 1 assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].link_type == 0 # Unknown link type assert blocks[1].snaplen == 0 assert len(blocks[1].options) == 0
def test_sample_test003_ntar(): with open('test_data/test003.ntar', 'rb') as fp: scanner = FileScanner(fp) blocks = list(scanner) # Section header, interface description assert len(blocks) == 2 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == '<' assert blocks[0].version == (1, 0) assert blocks[0].length == -1 assert len(blocks[0].options) == 0 assert len(blocks[0].interfaces) == 1 assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].link_type == 0x04d8 # ??? assert blocks[1].snaplen == 0x7c assert len(blocks[1].options) == 0
def test_read_block_sectionheader_bigendian_empty_options(): scanner = FileScanner( io.BytesIO( "\x0a\x0d\x0d\x0a" # Magic number "\x00\x00\x00\x20" # Block size (32 bytes) "\x1a\x2b\x3c\x4d" # Magic number "\x00\x01\x00\x00" # Version "\xff\xff\xff\xff\xff\xff\xff\xff" # Undefined section length "\x00\x00\x00\x00" # Empty options "\x00\x00\x00\x20" # Block size (32 bytes) )) blocks = list(scanner) assert len(blocks) == 1 block = blocks[0] assert isinstance(block, SectionHeader) assert block.endianness == '>' assert block.version == (1, 0) assert block.length == -1 assert isinstance(block.options, Options) assert len(block.options) == 0 assert block.interfaces == {}
def test_read_block_sectionheader_littleendian_missing_options(): scanner = FileScanner( io.BytesIO( b"\x0a\x0d\x0d\x0a" # Magic number b"\x1c\x00\x00\x00" # Block size (32 bytes) b"\x4d\x3c\x2b\x1a" # Byte order b"\x01\x00\x00\x00" # Version b"\xff\xff\xff\xff\xff\xff\xff\xff" # Undefined section length b"" # Missing options b"\x1c\x00\x00\x00" # Block size (32 bytes) )) blocks = list(scanner) assert len(blocks) == 1 block = blocks[0] assert isinstance(block, SectionHeader) assert block.endianness == '<' assert block.version == (1, 0) assert block.length == -1 assert isinstance(block.options, Options) assert len(block.options) == 0 assert block.interfaces == {}
def test_read_block_enhanced_packet_tsresol_bigendian(tsr_base, tsr_exp): data = _generate_file_with_tsresol(tsr_base, tsr_exp) scanner = FileScanner(io.BytesIO(data)) blocks = list(scanner) assert len(blocks) == 3 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == ">" assert blocks[0].interfaces == {0: blocks[1]} assert isinstance(blocks[1], InterfaceDescription) assert len(blocks[1].options) == 1 # Just if_tsresol assert blocks[1].options["if_tsresol"] == pack_timestamp_resolution( tsr_base, tsr_exp) assert isinstance(blocks[2], EnhancedPacket) assert blocks[2].section == blocks[0] assert blocks[2].interface_id == 0 assert blocks[2].interface == blocks[1] resol = tsr_base**tsr_exp assert blocks[2].timestamp_resolution == resol assert blocks[2].timestamp == 1420070400.0
def test_read_block_interface_stats_bigendian(): scanner = FileScanner( io.BytesIO( # ---------- Section header "\x0a\x0d\x0d\x0a" # Magic number "\x00\x00\x00\x20" # Block size (32 bytes) "\x1a\x2b\x3c\x4d" # Magic number "\x00\x01\x00\x00" # Version "\xff\xff\xff\xff\xff\xff\xff\xff" # Undefined section length "\x00\x00\x00\x00" # Empty options "\x00\x00\x00\x20" # Block size (32 bytes) # ---------- Interface description '\x00\x00\x00\x01' # block magic '\x00\x00\x00\x40' # block syze (64 bytes) '\x00\x01' # link type '\x00\x00' # reserved block '\x00\x00\xff\xff' # size limit '\x00\x02\x00\x04' 'eth0' # if_name '\x00\x09\x00\x01' '\x06\x00\x00\x00' # if_tsresol (+padding) '\x00\x0c\x00\x13' 'Linux 3.2.0-4-amd64\x00' # if_os '\x00\x00\x00\x00' # End of options '\x00\x00\x00\x40' # block syze (64 bytes) # ---------- Interface statistics '\x00\x00\x00\x05' # Magic number '\x00\x00\x00\x80' # block size (128 bytes) '\x00\x00\x00\x00' # interface id '\x00\x05\x0b\x5f\x61\xf8\x14\x40' # Timestamp '\x00\x01\x00\x0a' 'A comment\x00\x00\x00' '\x00\x02\x00\x08' '\x00\x05\x0b\x5f\x64\xa6\xb9\x80' # isb_starttime '\x00\x03\x00\x08' '\x00\x05\x0b\x5f\x6b\x44\x73\x40' # isb_endtime '\x00\x04\x00\x08' '\x00\x00\x00\x00\x00\x01\x23\x45' # isb_ifrecv '\x00\x05\x00\x08' '\x00\x00\x00\x00\x00\x00\x00\x20' # isb_drop '\x00\x06\x00\x08' '\x00\x00\x00\x00\x00\x00\x0a\xbc' # isb_filteraccept # noqa '\x00\x07\x00\x08' '\x00\x00\x00\x00\x00\x00\x00\x33' # isb_osdrop '\x00\x08\x00\x08' '\x00\x00\x00\x00\x00\x0a\xbc\xde' # isb_usrdeliv '\x00\x00\x00\x00' # End of options '\x00\x00\x00\x80' # block size (16 bytes) )) blocks = list(scanner) assert len(blocks) == 3 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == '>' assert blocks[0].interfaces == {0: blocks[1]} assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].statistics is blocks[2] assert isinstance(blocks[2], InterfaceStatistics) assert blocks[2].timestamp == 0x050b5f61f81440 / 1e6 assert blocks[2].options['isb_starttime'] == 0x050b5f64a6b980 # no resol! assert blocks[2].options['isb_endtime'] == 0x050b5f6b447340 # no resol! assert blocks[2].options['isb_ifrecv'] == 0x12345 assert blocks[2].options['isb_ifdrop'] == 0x20 assert blocks[2].options['isb_filteraccept'] == 0xabc assert blocks[2].options['isb_osdrop'] == 0x33 assert blocks[2].options['isb_usrdeliv'] == 0xabcde
def test_read_block_interface_stats_bigendian(): scanner = FileScanner( io.BytesIO( # ---------- Section header b"\x0a\x0d\x0d\x0a" # Magic number b"\x00\x00\x00\x20" # Block size (32 bytes) b"\x1a\x2b\x3c\x4d" # Magic number b"\x00\x01\x00\x00" # Version b"\xff\xff\xff\xff\xff\xff\xff\xff" # Undefined section length b"\x00\x00\x00\x00" # Empty options b"\x00\x00\x00\x20" # Block size (32 bytes) # ---------- Interface description b"\x00\x00\x00\x01" # block magic b"\x00\x00\x00\x40" # block syze (64 bytes) b"\x00\x01" # link type b"\x00\x00" # reserved block b"\x00\x00\xff\xff" # size limit b"\x00\x02\x00\x04" b"eth0" # if_name b"\x00\x09\x00\x01" b"\x06\x00\x00\x00" # if_tsresol (+padding) b"\x00\x0c\x00\x13" b"Linux 3.2.0-4-amd64\x00" # if_os b"\x00\x00\x00\x00" # End of options b"\x00\x00\x00\x40" # block syze (64 bytes) # ---------- Interface statistics b"\x00\x00\x00\x05" # Magic number b"\x00\x00\x00\x80" # block size (128 bytes) b"\x00\x00\x00\x00" # interface id b"\x00\x05\x0b\x5f\x61\xf8\x14\x40" # Timestamp b"\x00\x01\x00\x0a" b"A comment\x00\x00\x00" b"\x00\x02\x00\x08" b"\x00\x05\x0b\x5f\x64\xa6\xb9\x80" # isb_starttime # noqa b"\x00\x03\x00\x08" b"\x00\x05\x0b\x5f\x6b\x44\x73\x40" # isb_endtime b"\x00\x04\x00\x08" b"\x00\x00\x00\x00\x00\x01\x23\x45" # isb_ifrecv b"\x00\x05\x00\x08" b"\x00\x00\x00\x00\x00\x00\x00\x20" # isb_drop b"\x00\x06\x00\x08" b"\x00\x00\x00\x00\x00\x00\x0a\xbc" # isb_filteraccept # noqa b"\x00\x07\x00\x08" b"\x00\x00\x00\x00\x00\x00\x00\x33" # isb_osdrop b"\x00\x08\x00\x08" b"\x00\x00\x00\x00\x00\x0a\xbc\xde" # isb_usrdeliv b"\x00\x00\x00\x00" # End of options b"\x00\x00\x00\x80" # block size (16 bytes) )) blocks = list(scanner) assert len(blocks) == 3 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == ">" assert blocks[0].interfaces == {0: blocks[1]} assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].statistics is blocks[2] assert isinstance(blocks[2], InterfaceStatistics) assert blocks[2].timestamp == 0x050B5F61F81440 / 1e6 assert blocks[2].options["isb_starttime"] == 0x050B5F64A6B980 # no resol! assert blocks[2].options["isb_endtime"] == 0x050B5F6B447340 # no resol! assert blocks[2].options["isb_ifrecv"] == 0x12345 assert blocks[2].options["isb_ifdrop"] == 0x20 assert blocks[2].options["isb_filteraccept"] == 0xABC assert blocks[2].options["isb_osdrop"] == 0x33 assert blocks[2].options["isb_usrdeliv"] == 0xABCDE
def test_sample_test010_ntar(): with open('test_data/test010.ntar', 'rb') as fp: scanner = FileScanner(fp) for entry in scanner: pass
def test_read_block_enhanced_packet_bigendian(): scanner = FileScanner( io.BytesIO( # ---------- Section header b"\x0a\x0d\x0d\x0a" # Magic number b"\x00\x00\x00\x20" # Block size (32 bytes) b"\x1a\x2b\x3c\x4d" # Magic number b"\x00\x01\x00\x00" # Version b"\xff\xff\xff\xff\xff\xff\xff\xff" # Undefined section length b"\x00\x00\x00\x00" # Empty options b"\x00\x00\x00\x20" # Block size (32 bytes) # ---------- Interface description b"\x00\x00\x00\x01" # block magic b"\x00\x00\x00\x40" # block syze (64 bytes) b"\x00\x01" # link type b"\x00\x00" # reserved block b"\x00\x00\xff\xff" # size limit b"\x00\x02\x00\x04" b"eth0" # if_name b"\x00\x09\x00\x01" b"\x06\x00\x00\x00" # if_tsresol (+padding) b"\x00\x0c\x00\x13" b"Linux 3.2.0-4-amd64\x00" # if_os b"\x00\x00\x00\x00" # end of options b"\x00\x00\x00\x40" # block syze (64 bytes) # ---------- Enhanced packet b"\x00\x00\x00\x06" # block magic b"\x00\x00\x00\x78" # block syze (120 bytes) b"\x00\x00\x00\x00" # interface id (first one, eth0) b"\x00\x04\xf8\x1e" b"\x3c\x3e\xd5\xa9" # timestamp (microseconds) b"\x00\x00\x00\x51" # Captured length b"\x00\x00\x00\x51" # Original length # Packet data (81 bytes) b"\x00\x02\x157\xa2D\x00\xae\xf3R\xaa\xd1\x08\x00" # Ethernet b"E\x00\x00C\x00\x01\x00\x00@\x06x<\xc0\xa8\x05\x15B#\xfa\x97" # IP b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 " # TCP b"\x00\xbb9\x00\x00" # TCP(cont) b"GET /index.html HTTP/1.0 \n\n" # HTTP b"\x00\x00\x00" # Padding # todo: add options? b"\x00\x00\x00\x00" # Empty options b"\x00\x00\x00\x78" # block syze (120 bytes) )) blocks = list(scanner) assert len(blocks) == 3 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == ">" assert blocks[0].interfaces == {0: blocks[1]} assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].section == blocks[0] assert blocks[1].link_type == 0x01 assert blocks[1].snaplen == 0xFFFF assert blocks[1].options["if_name"] == "eth0" assert blocks[1].options["if_tsresol"] == b"\x06" assert isinstance(blocks[2], EnhancedPacket) assert blocks[2].section == blocks[0] assert blocks[2].interface_id == 0 assert blocks[2].interface == blocks[1] assert blocks[2].timestamp_high == 0x0004F81E assert blocks[2].timestamp_low == 0x3C3ED5A9 assert blocks[2].timestamp_resolution == 1e-6 assert blocks[2].timestamp == 1398708650.3008409 assert blocks[2].captured_len == 0x51 assert blocks[2].packet_len == 0x51 assert blocks[2].packet_data == ( b"\x00\x02\x157\xa2D\x00\xae\xf3R\xaa\xd1\x08\x00" # Ethernet b"E\x00\x00C\x00\x01\x00\x00@\x06x<\xc0\xa8\x05\x15B#\xfa\x97" # IP b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 " # TCP b"\x00\xbb9\x00\x00" # TCP(cont) b"GET /index.html HTTP/1.0 \n\n") # HTTP assert len(blocks[2].options) == 0
import sys import os if len(sys.argv) < 2: print("use as %s <path-to-pcap-file>" % sys.argv[0]) exit(0) sys.path.append( os.path.dirname(os.path.dirname(os.path.realpath(__file__)))) from pcapng.scanner import FileScanner from pcapng.blocks import EnhancedPacket from kaitai.hytera_dmr_application_protocol import HyteraDmrApplicationProtocol from kaitai.hytera_radio_network_protocol import HyteraRadioNetworkProtocol from kaitai.hytera_simple_transport_reliability_protocol import ( HyteraSimpleTransportReliabilityProtocol, ) from kaitai.ip_site_connect_protocol import IpSiteConnectProtocol from kaitai.ip_site_connect_heartbeat import IpSiteConnectHeartbeat from kaitai.real_time_transport_protocol import RealTimeTransportProtocol from tests.prettyprint import _prettyprint import kamene.packet with open(sys.argv[1], "rb") as testfile: scanner = FileScanner(testfile) counter = 0 for block in scanner: if isinstance(block, EnhancedPacket): counter += 1 pprint_enhanced_packet(block) print("{0} packets worked through".format(counter))
def test_read_block_enhanced_packet_bigendian(): scanner = FileScanner( io.BytesIO( # ---------- Section header "\x0a\x0d\x0d\x0a" # Magic number "\x00\x00\x00\x20" # Block size (32 bytes) "\x1a\x2b\x3c\x4d" # Magic number "\x00\x01\x00\x00" # Version "\xff\xff\xff\xff\xff\xff\xff\xff" # Undefined section length "\x00\x00\x00\x00" # Empty options "\x00\x00\x00\x20" # Block size (32 bytes) # ---------- Interface description '\x00\x00\x00\x01' # block magic '\x00\x00\x00\x40' # block syze (64 bytes) '\x00\x01' # link type '\x00\x00' # reserved block '\x00\x00\xff\xff' # size limit '\x00\x02\x00\x04' 'eth0' # if_name '\x00\x09\x00\x01' '\x06\x00\x00\x00' # if_tsresol (+padding) '\x00\x0c\x00\x13' 'Linux 3.2.0-4-amd64\x00' # if_os '\x00\x00\x00\x00' # end of options '\x00\x00\x00\x40' # block syze (64 bytes) # ---------- Enhanced packet '\x00\x00\x00\x06' # block magic '\x00\x00\x00\x78' # block syze (120 bytes) '\x00\x00\x00\x00' # interface id (first one, eth0) '\x00\x04\xf8\x1e' '\x3c\x3e\xd5\xa9' # timestamp (microseconds) '\x00\x00\x00\x51' # Captured length '\x00\x00\x00\x51' # Original length # Packet data (81 bytes) '\x00\x02\x157\xa2D\x00\xae\xf3R\xaa\xd1\x08\x00' # Ethernet 'E\x00\x00C\x00\x01\x00\x00@\x06x<\xc0\xa8\x05\x15B#\xfa\x97' # IP '\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 ' # TCP '\x00\xbb9\x00\x00' # TCP(cont) 'GET /index.html HTTP/1.0 \n\n' # HTTP '\x00\x00\x00' # Padding # todo: add options? '\x00\x00\x00\x00' # Empty options '\x00\x00\x00\x78' # block syze (120 bytes) )) blocks = list(scanner) assert len(blocks) == 3 assert isinstance(blocks[0], SectionHeader) assert blocks[0].endianness == '>' assert blocks[0].interfaces == {0: blocks[1]} assert isinstance(blocks[1], InterfaceDescription) assert blocks[1].section == blocks[0] assert blocks[1].link_type == 0x01 assert blocks[1].snaplen == 0xffff assert blocks[1].options['if_name'] == 'eth0' assert blocks[1].options['if_tsresol'] == '\x06' assert isinstance(blocks[2], EnhancedPacket) assert blocks[2].section == blocks[0] assert blocks[2].interface_id == 0 assert blocks[2].interface == blocks[1] assert blocks[2].timestamp_high == 0x0004f81e assert blocks[2].timestamp_low == 0x3c3ed5a9 assert blocks[2].timestamp_resolution == 1e-6 assert blocks[2].timestamp == 1398708650.3008409 assert blocks[2].captured_len == 0x51 assert blocks[2].packet_len == 0x51 assert blocks[2].packet_data == ( '\x00\x02\x157\xa2D\x00\xae\xf3R\xaa\xd1\x08\x00' # Ethernet 'E\x00\x00C\x00\x01\x00\x00@\x06x<\xc0\xa8\x05\x15B#\xfa\x97' # IP '\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 ' # TCP '\x00\xbb9\x00\x00' # TCP(cont) 'GET /index.html HTTP/1.0 \n\n') # HTTP assert len(blocks[2].options) == 0
def test_sample_test010_ntar(): with open("test_data/test010.ntar", "rb") as fp: scanner = FileScanner(fp) for entry in scanner: pass