def managed_trace(in_uri): trace = plt.trace(in_uri) trace.start() try: yield trace finally: trace.close()
def test_uri(uri, tag=''): t = plt.trace(uri) t.start() nip = n = 0 for pkt in t: n += 1 test_println("n = %d" % n, tag+get_tag("n:"+str(n))) ipf = natkit.IPflow(pkt) if not ipf: test_println("probably not an IP packet", tag+get_tag("n:"+str(n))) continue nip += 1 test_println("%5d: %d %3d %5d %5d %s %s" % (n, # v6 ipf.version, ipf.proto, ipf.src_port, ipf.dst_port, ipf.src_prefix, ipf.dst_prefix), tag+get_tag("n:"+str(n))) fwd = ipf.fwd_key test_print("fwd =", tag+get_tag("n:"+str(n))) for b in fwd.encode(encoding='cp437'): test_print_hex(b) rev = ipf.rev_key test_println('') test_print("rev =", tag+get_tag("n:"+str(n))) for b in rev.encode(encoding='cp437'): test_print_hex(b) test_println('') if nip == 4: break t.close()
def __init__(self, lturi, chains=None, idle_timeout=30, expiry_timeout=5, aggregate=False): """ Create an Observer. :param chains: Array of Observer chain classes :see also: :ref:`Observer Documentation <observer>` """ # Only import this when needed import plt as libtrace # Control self._irq = None self._irq_fired = False self._aggregate = aggregate # Libtrace initialization self._trace = libtrace.trace(lturi) # pylint: disable=no-member self._trace.start() self._pkt = libtrace.packet() # pylint: disable=no-member # Chains of functions to evaluate chains = chains if chains is not None else [] self._chains = [chain() for chain in chains] # Packet timer and bintables self._ptq = 0 # current packet timer, quantized self._idle_bins = {} # map bin number to set of fids self._expiry_bins = {} # map bin number to set of fids self._idle_timeout = idle_timeout self._expiry_timeout = expiry_timeout self._bin_quantum = 1 #self._tq = [] # packet timer queue (heap) # Flow tables self._active = {} self._expiring = {} self._ignored = set() # Emitter queue self._emitted = collections.deque() # Statistics and logging self._logger = logging.getLogger("observer") self._ct_pkt = 0 self._ct_nonip = 0 self._ct_shortkey = 0 self._ct_ignored = 0 self._ct_flow = 0
def get_example_trace(fn): cwd = os.getcwd() basename = os.path.basename(cwd) if re.match(r'python-libtrace', basename): full_fn = 'pcapfile:' + cwd + '/doc/examples/' + fn else: full_fn = 'pcapfile:' + cwd + '/' + fn print "fullfn = {0}\n" . format(full_fn) t = plt.trace(full_fn) t.start() return t
def test_uri(uri): t = plt.trace(uri) t.start() nip = n = 0 for pkt in t: n += 1 print "n = %4d" % n, ipf = natkit.IPflow(pkt) if not ipf: print continue nip += 1 print " %d %3d %5d->%5d %s->%s" % ( ipf.version, ipf.proto, ipf.src_port, ipf.dst_port, ipf.src_prefix, ipf.dst_prefix) fwd = ipf.fwd_key #print "fwd = %s" % fwd v = test_dict.get(fwd) if v: v.fwd += 1 else: rev = ipf.rev_key #print "rev = %s" % rev v =test_dict.get(rev) if v: v.rev += 1 else: test_dict[fwd] = flow(ipf, n) #fwd = ipf.fwd_key #test_dict[fwd] = flow(ipf, n) #rev = ipf.rev_key #test_dict[rev] = flow(ipf, n+1000) if nip == 10: break t.close() print sk = sorted(test_dict) for dk in sk: #print "dk = >%s<, val[k] = %d" % (dk, test_dict[dk]) val = test_dict[dk] f = val.ipf print " %3d: %d+%d; %d %d %d->%d %s->%s" % ( val.first_n, val.fwd, val.rev, f.version, f.proto, f.src_port, f.dst_port, f.src_prefix, f.dst_prefix)
def test_uri(uri): t = plt.trace(uri) t.start() nip = n = 0 for pkt in t: n += 1 print "n = %4d" % n, ipf = natkit.IPflow(pkt) if not ipf: print continue nip += 1 print " %d %3d %5d->%5d %s->%s" % (ipf.version, ipf.proto, ipf.src_port, ipf.dst_port, ipf.src_prefix, ipf.dst_prefix) fwd = ipf.fwd_key #print "fwd = %s" % fwd v = test_dict.get(fwd) if v: v.fwd += 1 else: rev = ipf.rev_key #print "rev = %s" % rev v = test_dict.get(rev) if v: v.rev += 1 else: test_dict[fwd] = flow(ipf, n) #fwd = ipf.fwd_key #test_dict[fwd] = flow(ipf, n) #rev = ipf.rev_key #test_dict[rev] = flow(ipf, n+1000) if nip == 10: break t.close() print sk = sorted(test_dict) for dk in sk: #print "dk = >%s<, val[k] = %d" % (dk, test_dict[dk]) val = test_dict[dk] f = val.ipf print " %3d: %d+%d; %d %d %d->%d %s->%s" % ( val.first_n, val.fwd, val.rev, f.version, f.proto, f.src_port, f.dst_port, f.src_prefix, f.dst_prefix)
def test_uri(uri, tag=''): t = plt.trace(uri) t.start() nip6 = nip = n = 0 for pkt in t: n += 1 if not (pkt.ip or pkt.ip6): continue try: ipf = fh.flow(pkt) except: test_println("%4d: probably not an IP packet" % n, tag + get_tag("n:" + str(n))) continue if not ipf.is_inward: print_flow(n, ipf, tag + get_tag("n:" + str(n))) else: if pkt.ip: nip += 1 #if nip <= 4: print_flow(n, ipf, tag + get_tag("n:" + str(n))) elif pkt.ip6: nip6 += 1 #if nip6 <= 4: print_flow(n, ipf, tag + get_tag("n:" + str(n))) fwd = ipf.fwd_key test_print("fwd =", tag + get_tag("n:" + str(n))) for b in fwd: test_print(" %02x" % b) test_println('') hk = ipf.home_key test_print('', tag + get_tag("n:" + str(n))) test_print("hom =") for b in hk: test_print(" %02x" % b) test_println('') #if n == 480: # break t.close()
def test_uri(uri): t = plt.trace(uri) t.start() nip6 = nip = n = 0 for pkt in t: n += 1 if not (pkt.ip or pkt.ip6): continue #try: # ipf = fh.flow(pkt) #except: # print "%4d: probably not an IP packet" % n # continue ipf = fh.flow(pkt) #print "n = %d, ipf = %s" % (n, ipf) if not ipf.is_inward: print_flow(n, ipf) else: if pkt.ip: nip += 1 #if nip <= 4: print_flow(n, ipf) elif pkt.ip6: nip6 += 1 #if nip6 <= 4: print_flow(n, ipf) fwd = ipf.fwd_key print "fwd =", for b in fwd: print " %02x" % ord(b), hk = ipf.home_key print "\nhom =", for b in hk: print " %02x" % ord(b), print #if n == 4: # 480: # break t.close()
def test_uri(uri, tag=''): t = plt.trace(uri) t.start() nip = n = 0 for pkt in t: n += 1 test_println("n = %d" % n, tag + get_tag("n:" + str(n))) try: ipf = natkit.IPflow(pkt) except: test_println("probably not an IP packet", tag + get_tag("n:" + str(n))) continue nip += 1 test_println( "%5d: %d %3d %5d %5d %s %s" % ( n, # v6 ipf.version, ipf.proto, ipf.src_port, ipf.dst_port, ipf.src_prefix, ipf.dst_prefix), tag + get_tag("n:" + str(n))) fwd = ipf.fwd_key test_print("fwd =", tag + get_tag("n:" + str(n))) for b in fwd: test_print(" %02x" % b) rev = ipf.rev_key test_println('') test_print("rev =", tag + get_tag("n:" + str(n))) for b in rev: test_print(" %02x" % b) test_println('') if nip == 4: break t.close()
def test_uri(uri): t = plt.trace(uri) t.start() nip6 = nip = n = 0 for pkt in t: n += 1 if not (pkt.ip or pkt.ip6): continue try: ipf = fh.flow(pkt) except: print("%4d: probably not an IP packet" % n) continue if not ipf.is_inward: print_flow(n, ipf) else: if pkt.ip: nip += 1 #if nip <= 4: print_flow(n, ipf) elif pkt.ip6: nip6 += 1 #if nip6 <= 4: print_flow(n, ipf) fwd = ipf.fwd_key print("fwd =", end=' ') for b in fwd: print(" %02x" % ord(b), end=' ') hk = ipf.home_key print("\nhom =", end=' ') for b in hk: print(" %02x" % ord(b), end=' ') print() #if n == 480: # break t.close()
def bridgemulticast(interface): bridgesocket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) bridgesocket.connect(bridgehost) print("capturing on {}".format(interface)) trace = plt.trace('bpf:{}'.format(interface)) #capturefilter = 'multicast and host 239.255.42.42 and port 5004' capturefilter = 'udp and port 5004' capfilter = plt.filter(capturefilter) trace.conf_filter(capfilter) trace.conf_promisc(True) trace.start() try: for pkt in trace: hdr = pkt.udp if not hdr: continue data = pkt.udp_payload.data print(type(data)) if not data: continue if len(data) < 1000: continue try: s = bridgesocket.send(data) print('sent ', s) except: pass except KeyboardInterrupt: trace.close() sys.exit()
def test_uri(uri): t = plt.trace(uri) t.start() nip = n = 0 for pkt in t: n += 1 print "n = %d" % n try: ipf = natkit.IPflow(pkt) except: print "probably not an IP packet" continue nip += 1 print "%5d: %d %3d %5d %5d %s %s" % ( n, # v6 ipf.version, ipf.proto, ipf.src_port, ipf.dst_port, ipf.src_prefix, ipf.dst_prefix) fwd = ipf.fwd_key print "fwd =", for b in fwd: print " %02x" % ord(b), rev = ipf.rev_key print "\nrev =", for b in rev: print " %02x" % ord(b), print if nip == 4: break t.close()
def test_uri(uri, tag=''): t = plt.trace(uri) t.start() nip6 = nip = n = 0 for pkt in t: n += 1 if not (pkt.ip or pkt.ip6): continue ipf = fh.flow(pkt) if not ipf.is_inward: print_flow(n, ipf, tag+get_tag("n:"+str(n))) else: if pkt.ip: nip += 1 #if nip <= 4: print_flow(n, ipf, tag+get_tag("n:"+str(n))) elif pkt.ip6: nip6 += 1 #if nip6 <= 4: print_flow(n, ipf, tag+get_tag("n:"+str(n))) fwd = ipf.fwd_key test_print("fwd =", tag+get_tag("n:"+str(n))) for b in fwd.encode(encoding='cp437'): test_print_hex(b) test_println('') hk = ipf.home_key test_print("hom =", tag+get_tag("n:"+str(n))) for b in hk.encode(encoding='cp437'): test_print_hex(b) test_println('') t.close()
import plt # Also imports IPprefix and datetime import sys # argv, exit in_uri = sys.argv[1] # Program name is argv[0] out_uri = sys.argv[2] n_records = sys.argv[3] if not n_records or int(n_records) <= 0: print "Number of records to copy not specified <<<" exit() else: n_records = int(n_records) print "copying first %d records from %s to %s ..." % ( n_records, in_uri, out_uri) t = plt.trace(in_uri) t.start() ot = plt.output_trace(out_uri) ot.start_output() n = 0 for pkt in t: n += 1 ot.write_packet(pkt) if n == n_records: break ot.close_output(); t.close()
#!/usr/bin/env python # 1156, Thu 8 Jun 2017 (NZDT) # test-pldns-tcp.py: Demonstrate Ldns objects from tcp # Copyright (C) 2017, Nevil Brownlee, U Auckland import plt import pldns from plt_testing import * t = plt.trace('pcapfile:dns_valid_response_tcp.pcap') t.start() n = 0 margin = ' ' * 7 for pkt in t: n += 1 # Wireshark uses 1-org packet numbers ip = pkt.ip if not ip: continue # Not IP if ip.frag_offset != 0: continue # Non-first fragment tcp = pkt.tcp if not tcp: continue # Not TCP if not (tcp.src_port == 53 or tcp.dst_port == 53): continue payload = tcp.payload if not payload: continue
# python copy-first-n.py pcapfile:anon-v4.pcap pcapfile:first-n.pcap 30 import plt # Also imports IPprefix and datetime import sys # argv, exit from plt_testing import * in_uri = 'icmp-sample.pcap' out_uri = 'pcapfile:icmp-sample-out.pcap' n_records = 10 test_println( "copying first %d records from %s to %s ..." % (n_records, in_uri, out_uri), get_tag()) t = plt.trace(in_uri) t.start() ot = plt.output_trace(out_uri) ot.start_output() n = 0 for pkt in t: n += 1 ot.write_packet(pkt) if n == n_records: break if n != n_records:
def test_uri(uri, tag=''): t = plt.trace(uri) t.start() nip = n = 0 for pkt in t: n += 1 test_println("n = %d" % n, tag + get_tag("n:" + str(n))) ipf = natkit.IPflow(pkt) if not ipf: test_println(" ", tag + get_tag()) continue nip += 1 test_println( "%5d: %d %3d %5d %5d %s %s" % ( n, # v6 ipf.version, ipf.proto, ipf.src_port, ipf.dst_port, ipf.src_prefix, ipf.dst_prefix), tag + get_tag("n:" + str(n))) fwd = ipf.fwd_key test_print("fwd =", tag + get_tag("n:" + str(n))) for b in fwd: test_print(" %02x" % b) rev = ipf.rev_key test_println('') test_print("rev =", tag + get_tag("n:" + str(n))) for b in rev: test_print(" %02x" % b) test_println('') v = test_dict.get(fwd) if v: v.fwd += 1 else: rev = ipf.rev_key v = test_dict.get(rev) if v: v.rev += 1 else: test_dict[fwd] = flow(ipf, n) if nip == 6: break t.close() test_println('') sk = sorted(test_dict) for dk in sk: #print "dk = >%s<, val[k] = %d" % (dk, test_dict[dk]) val = test_dict[dk] f = val.ipf test_println( " %3d: %d+%d; %d %d %d->%d %s->%s" % (val.first_n, val.fwd, val.rev, f.version, f.proto, f.src_port, f.dst_port, f.src_prefix, f.dst_prefix), tag + get_tag("n:" + str(n)))
def __init__(self, lturi, new_flow_chain=[], ip4_chain=[], ip6_chain=[], icmp4_chain=[], icmp6_chain=[], tcp_chain=[], udp_chain=[], l4_chain=[], idle_timeout=30, expiry_timeout=5): """ Create an Observer. :param new_flow_chain: Array of functions to initialise new flows. :type new_flow_chain: array(function) :param ip4_chain: Array of functions to pass IPv4 headers to. :type ip4_chain: array(function) :param ip6_chain: Array of functions to pass IPv6 headers to. :type ip6_chain: array(function) :param icmp4_chain: Array of functions to pass IPv4 headers containing ICMPv4 headers to. :type icmp4_chain: array(function) :param icmp6_chain: Array of functions to pass IPv6 headers containing ICMPv6 headers to. :type icmp6_chain: array(function) :param tcp_chain: Array of functions to pass TCP headers to. :param tcp_chain: Array of functions to pass TCP headers to. :type tcp_chain: array(function) :param udp_chain: Array of functions to pass UDP headers to. :type udp_chain: array(function) :param l4_chain: Array of functions to pass other layer 4 headers to. :type l4_chain: array(function) :see also: :ref:`Observer Documentation <observer>` """ # Only import this when needed import plt as libtrace # Control self._irq = None self._irq_fired = False # Libtrace initialization self._trace = libtrace.trace(lturi) # pylint: disable=no-member self._trace.start() self._pkt = libtrace.packet() # pylint: disable=no-member # Chains of functions to evaluate self._new_flow_chain = new_flow_chain self._ip4_chain = ip4_chain self._ip6_chain = ip6_chain self._icmp4_chain = icmp4_chain self._icmp6_chain = icmp6_chain self._tcp_chain = tcp_chain self._udp_chain = udp_chain self._l4_chain = l4_chain # Packet timer and bintables self._ptq = 0 # current packet timer, quantized self._idle_bins = {} # map bin number to set of fids self._expiry_bins = {} # map bin number to set of fids self._idle_timeout = idle_timeout self._expiry_timeout = expiry_timeout self._bin_quantum = 1 #self._tq = [] # packet timer queue (heap) # Flow tables self._active = {} self._expiring = {} self._ignored = set() # Emitter queue self._emitted = collections.deque() # Statistics and logging self._logger = logging.getLogger("observer") self._ct_pkt = 0 self._ct_nonip = 0 self._ct_shortkey = 0 self._ct_ignored = 0 self._ct_flow = 0
with open(full_fn) as file: print "File opened OK" file.close() except IOError as e: print "Unable to open file" #Does not exist OR no read permissions trace_format = "pcapfile" #trace_format = "erf" uri = trace_format + ':' + full_fn print ">> uri = %s" % uri flt = plt.filter('vlan 1051 and tcp') print "flt = %s" % flt t = plt.trace(uri) t.conf_filter(flt) t.conf_snaplen(48) t.start() print "+++ started" t.pause() print "+++ paused" t.start() print "+++ started again" #out_fn = base + '/' + "pypy/pylt/plt/test-out-zlib.pcap" out_fn = base + '/' + "pypy/pylt/plt/test-out-none.pcap" out_uri = trace_format + ':' + out_fn print ">> out_uri = %s" % out_uri out_t = plt.output_trace(out_uri)
#!/usr/bin/env python # 1818, Sat 5 Jul 14 (NZST) # test-pldns.py: Demonstrate Ldns objects # Copyright (C) 2014, Nevil Brownlee, U Auckland import plt import pldns test_dir = '../../test/v2-test-cases' t = plt.trace('pcapfile:' + test_dir + '/dns-test.pcap') t.start() n = 0 margin = ' ' * 7 for pkt in t: n += 1 # Wireshark uses 1-org packet numbers ip = pkt.ip if not ip: continue # Not IP if ip.frag_offset != 0: continue # Non-first fragment udp = pkt.udp if not udp: continue # Not UDP ldns_obj = pldns.ldns(udp.payload) print "%5d: %s -> %s" % (n, udp.src_prefix, udp.dst_prefix) if not ldns_obj.is_ok():
#!/usr/bin/env python # 1156, Thu 8 Jun 2017 (NZDT) # test-pldns-tcp.py: Demonstrate Ldns objects from tcp # Copyright (C) 2017, Nevil Brownlee, U Auckland import plt import pldns from plt_testing import * t = plt.trace('pcapfile:dns_valid_response_tcp.pcap') t.start() n = 0; margin = ' '*7 for pkt in t: n += 1 # Wireshark uses 1-org packet numbers ip = pkt.ip if not ip: continue # Not IP if ip.frag_offset != 0: continue # Non-first fragment tcp = pkt.tcp if not tcp: continue # Not TCP if not (tcp.src_port == 53 or tcp.dst_port == 53): continue payload = tcp.payload if not payload: continue ldns_obj = pldns.ldns(payload)
def main(): signal.signal(signal.SIGINT, signal_handler) args = deal_with_arguments() # Set up our storage. try: flows = FlowStorage(filename=args.flow_db_name, persistant_storage=args.storage) dests = DestStorage(filename=args.dest_db_name, persistant_storage=args.storage) except Exception as e: print("Problem setting up databases:\n\t%s" % e) exit() # Try opening our trace. try: t = plt.trace(args.input) except Exception as e: print("Trouble opening trace URI/device:\n\t%s" % e) exit() # Try setting up our filter if given one. try: if args.filter != None or args.target != None: if args.filter != None and args.target != None: args.filter = args.filter + " and " elif args.filter == None: args.filter = "" if args.target != None: args.filter = args.filter + "dst " if '/' in args.target: args.filter = args.filter + "net " args.filter = args.filter + args.target f = plt.filter(args.filter) print("Applying filter \"%s\"" % args.filter) t.conf_filter(f) except Exception as e: print("Trouble applying bpf filter: \'%s\'\n\t%s" % (args.filter, e)) exit() print("Press Ctrl+C to exit.") # Try reading. try: t.start() except Exception as e: print(e) exit() # And we're off - loop for as long as we get packets (or ^C) packet_count = 0 non_ipv4_packets = 0 non_ip_packets = 0 non_tcp_packets = 0 last_time_check_pkt_ts = 0 current_time = int(time.time()) do_stats_time = current_time + args.interval do_updates_time = current_time + 15 last_packet_count = 0 last_ts = -2 current_ts = -1 print("Packets processed:\t"), for pkt in t: packet_count = packet_count + 1 last_packet_count = last_packet_count + 1 last_ts = current_ts current_ts = pkt.seconds if last_ts > (current_ts + .5): print("PROBLEM: timestamps out of order: Last ts: %f this ts: %f" % (last_ts, current_ts)) exit() print("%012d\b\b\b\b\b\b\b\b\b\b\b\b" % packet_count), # If we've gone through an interval's worth of packets, check the actual time # we may be going through packets *much* faster than real-time if we're # reading from a trace, but this keeps us from constantly checking the time # to determine when we update/print stats. if current_ts - last_time_check_pkt_ts > 3 or last_packet_count > 100: current_time = int(time.time()) last_time_check_pkt_ts = current_ts if do_stats_time < current_time: print("\nDo stats") dests.update_dest_info(flows, current_ts) do_stats_time = current_time + args.interval do_update_time = current_time + 60 print("Packets processed:\t"), elif do_updates_time < current_time or last_packet_count > 100: print("\nUpdating tables %d" % last_packet_count) last_packet_count = 0 dests.update_dest_info(flows, current_ts, do_stats=False) do_updates_time = current_time + 60 print("Packets processed:\t"), # IP layer ip = pkt.ip if not ip: non_ip_packets = non_ip_packets + 1 continue # IPv4 if ip.version != 4: non_ipv4_packets = non_ipv4_packets + 1 continue # TCP is al we care about right now. tcp = pkt.tcp if not tcp: non_tcp_packets = non_tcp_packets + 1 continue # Get what we're using for dictionary keys. pkt_src = str(ip.src_prefix) pkt_dst = str(ip.dst_prefix) pkt_sport = str(tcp.src_port) pkt_dport = str(tcp.dst_port) # Not perfect - we don't check for certain combinations (ie combinations that don't make sense). event = OTHER if tcp.syn_flag: if not tcp.ack_flag: event = SYN else: event = SYN_ACK elif tcp.fin_flag: event = FIN elif tcp.rst_flag: event = RST elif tcp.ack_flag or tcp.urg_flag or tcp.psh_flag: event = ACK_AND_DATA else: print("Unknown flags!") # Ready to store. flows.add_tcp_flow_event(current_ts, pkt_src, pkt_sport, pkt_dst, pkt_dport, event) print("\nDone\n") dests.update_dest_info(flows, current_ts + DESTSTAT_TIMEOUT) flows.close() dests.close()
# 1123, Tue 30 Jan 2018 (NZDT) # # test-sctp.py: Test SCTP handling in plt # # Copyright (C) 2018, Nevil Brownlee, U Auckland | WAND from plt_testing import * import plt tcp_fn = "sctp-demo.pcap" # Data file name t = plt.trace("pcapfile:"+tcp_fn) t.start() # Start t n = 0 for pkt in t: # Get next packet n += 1 # Count it sctp = pkt.sctp if not sctp: continue s = "%4d: src_port %u, dst_port %d, vf tag %08x, checksum %08x" % ( n, sctp.src_port, sctp.dst_port, sctp.verification_tag, sctp.checksum) test_println(s, get_tag()) cho = sctp.chunks for cx,ch in enumerate(cho): ###sctp.chunks): s = "%4d chunk %d: type %d, flags %02x length %d bytes OK %s " % ( n, cx, ch.type, ch.flags, ch.length, ch.is_ok) test_println(s, get_tag()) s = " "*9 + "bytes:"
def test_uri(uri, tag=''): test_dict = {} t = plt.trace(uri) t.start() nip = n = 0 for pkt in t: n += 1 test_println("n = %d" % n, tag+get_tag("n:"+str(n))) ipf = natkit.IPflow(pkt) if not ipf: test_println(" ", tag+get_tag()) continue nip += 1 test_println("%5d: %d %3d %5d %5d %s %s" % (n, # v6 ipf.version, ipf.proto, ipf.src_port, ipf.dst_port, ipf.src_prefix, ipf.dst_prefix), tag+get_tag("n:"+str(n))) fwd = ipf.fwd_key test_print("fwd =", tag+get_tag("n:"+str(n))) for b in fwd.encode(encoding='cp437'): test_print_hex(b) test_println('') rev = ipf.rev_key test_println('') for b in rev.encode(encoding='cp437'): test_print_hex(b) test_println('') v = test_dict.get(fwd) if v: v.fwd += 1 else: rev = ipf.rev_key v =test_dict.get(rev) if v: v.rev += 1 else: test_dict[fwd] = flow(ipf, n) if nip == 6: break t.close() test_println('') sk = sorted(test_dict) tot_pkts = 0 for dk in sk: #print "dk = >%s<, val[k] = %d" % (dk, test_dict[dk]) val = test_dict[dk] f = val.ipf test_println(" %3d: %d+%d; %d %d %d->%d %s->%s" % ( val.first_n, val.fwd, val.rev, f.version, f.proto, f.src_port, f.dst_port, f.src_prefix, f.dst_prefix), tag+get_tag("n:"+str(n))) tot_pkts += val.fwd+val.rev test_println("%s: n = %d, nip = %d, tot_pkts = %d, OK = %s" % \ (uri, n, nip, tot_pkts, tot_pkts == nip)) test_println("")
#!/usr/bin/env python # 1818, Sat 5 Jul 14 (NZST) # test-pldns.py: Demonstrate Ldns objects # Copyright (C) 2015, Nevil Brownlee, U Auckland import plt import pldns from plt_testing import * t = plt.trace('pcapfile:dns-test.pcap') t.start() n = 0; margin = ' '*7 for pkt in t: n += 1 # Wireshark uses 1-org packet numbers ip = pkt.ip if not ip: continue # Not IP if ip.frag_offset != 0: continue # Non-first fragment udp = pkt.udp if not udp: continue # Not UDP ldns_obj = pldns.ldns(udp.payload) test_println("%5d: %s -> %s" % (n, udp.src_prefix, udp.dst_prefix), get_tag()) if not ldns_obj.is_ok(): test_println("%sCouldn't make ldns_obj, status = <%s>" % (
def main(): signal.signal(signal.SIGINT, signal_handler) args = deal_with_arguments() packets = {} Bytes = {} for proto in (TCP, UDP, ICMP): packets[proto] = 0 Bytes[proto] = 0 print("Press Ctrl+C to exit.") print("Packets processed:\t") # Set up our storage. try: outputfile = open(args.db_name, 'w') tcp_flows = FlowStorage(filename=args.db_name) udp_flows = FlowStorage(filename=args.db_name) icmp_flows = FlowStorage(filename=args.db_name) dests = DestStorage(filename=args.db_name) except Exception as e: print("Problem setting up databases:\n\t%s" % e) exit() # Try opening our trace. if ("nfdump:" in args.input): records = search_file(args.input[7:]) parse_nfdump(records, packets, Bytes, args.interval, tcp_flows, udp_flows, icmp_flows) elif ("flow-tools:" in args.input): records = flowtools.FlowSet(args.input[11:]) parse_flowtools(records, packets, Bytes, args.interval, tcp_flows, udp_flows, icmp_flows) else: try: t = plt.trace(args.input) except Exception as e: print("Trouble opening trace URI/device:\n\t%s" % e) exit() # Try setting up our filter if given one. try: if args.filter != None or args.target != None: if args.filter != None and args.target != None: args.filter = args.filter + " and " elif args.filter == None: args.filter = "" if args.target != None: args.filter = args.filter + "dst " if '/' in args.target: args.filter = args.filter + "net " args.filter = args.filter + args.target f = plt.filter(args.filter) print("Applying filter \"%s\"" % args.filter) t.conf_filter(f) except Exception as e: print("Trouble applying bpf filter: \'%s\'\n\t%s" % (args.filter, e)) exit() try: t.start() except Exception as e: print(e) exit() parse_pcap(t, packets, Bytes, args.interval, tcp_flows, udp_flows, icmp_flows) print("\n************ OVERALL STATS ******************\n") print( "TCP packets\t%s\tBytes\t%s\nUDP packets\t%s\tBytes\t%s\nICMP packets\t%s\tBytes\t%s\n" % (packets[TCP], Bytes[TCP], packets[UDP], Bytes[UDP], packets[ICMP], Bytes[ICMP])) print >> outputfile, "ALL %s %s %s %s %s %s" % (packets[TCP], packets[UDP], packets[ICMP], Bytes[TCP], Bytes[UDP], Bytes[ICMP]) dests.print_stats(tcp_flows, 'TCP', outputfile) dests.print_stats(udp_flows, 'UDP', outputfile) dests.print_stats(icmp_flows, 'ICMP', outputfile) outputfile.close()
full_fn = base + '/' + fn print "%s: isfile %s" % (full_fn, os.path.isfile(full_fn)) #try: # with open(full_fn) as file: # print "File opened OK" # file.close() #except IOError as e: # print "Unable to open file" #Does not exist OR no read permissions trace_format = "pcapfile" #trace_format = "erf" uri = trace_format + ':' + full_fn print ">> uri = %s" % uri t = plt.trace(uri) t.start() test_dict = {} td_2 = {} def print_first(s): for x in range(16): if x%8 == 0: print "", print "%02x" % s[x], def print_last(s, rem): x = (rem-8)/8*8 while x < rem: if x%8 == 0:
tcp_fn = "anon-v4.pcap" def test_option(n): xn = tcp.option(n) if isinstance(xn, bool): print((" opt %d: > %s <" % (n, xn))) else: oline = " opt %d: >" % n for c in xn: oline += " %02x" % c print((oline + " <")) t = plt.trace("pcapfile:" + tcp_fn) t.start() n = 0 for pkt in t: n += 1 tcp = pkt.tcp if not tcp: continue if tcp.doff == 5: # No TCP options continue print(("pkt %d ---" % n)) xod = tcp.options_data oline = " " for c in xod: