def test_rpcap():
"""
"""
for plen, t, buf in rpcap("tests/dns.pcap"):
print("[+]: Payload len=", plen)
print("[+]: Time", t)
print("[+]: Payload", buf)
assert buf == rpcap_buf
break
def main(file):
packets = []
total_counter = 0
counter = 0
start = time.time()
# Fix the counters
# Re-create the table for each reader
for lenght, timestamp, pkt in rpcap(file):
if counter == 100000:
mysql.insert_reader(packets)
counter = 0
packets.clear()
packet = frames.Packet()
ethernet = frames.Ethernet()
parser.ethernet_header(pkt[0:14], ethernet)
packet.layer2 = ethernet
if int(ethernet.ethertype, 16) == int('0x800', 16):
ipv4 = frames.IPv4()
parser.ipv4_header(pkt[14:34], ipv4)
packet.layer3 = ipv4
if ipv4.protocol == 1:
icmp = frames.ICMP()
parser.icmp_header(pkt[34:42], icmp)
packet.layer4 = icmp
packet.label = "ICMP"
elif ipv4.protocol == 6:
tcp = frames.TCP()
parser.tcp_header(pkt[34:54], tcp)
packet.layer4 = tcp
packet.label = "TCP"
elif ipv4.protocol == 17:
udp = frames.UDP()
parser.udp_header(pkt[34:42], udp)
packet.layer4 = udp
packet.label = "UDP"
else:
pass
#print("Other protocol:", ipv4.protocol)
#print()
elif int(ethernet.ethertype, 16) == int('0x86dd', 16):
pass
#print("Name: IPv6")
#print()
elif int(ethernet.ethertype, 16) == int('0x806', 16):
arp = frames.ARP()
parser.arp_header(pkt[14:42], arp)
packet.layer3 = arp
packet.label = "ARP"
else:
pass
#print("Other ethertype:", ethernet.ethertype)
#print()
#packet.print()
packet.time = datetime.fromtimestamp(timestamp)
packets.append(packet)
counter += 1
total_counter += 1
#mysql.insert(packet)
mysql.insert_reader(packets)
end = time.time()
print()
print("Inserted {PACKETS} in {TIME:.2f} seconds".format(
PACKETS=total_counter, TIME=(end - start)))
print()
start, end = mysql.get_time_range()
launcher.main(start, end)
# -*- coding: utf-8 -*- # @Author: JanKinCai # @Date: 2019-09-04 14:26:41 # @Last Modified by: [email protected] # @Last Modified time: 2019-09-04 14:27:23 from pylibpcap.pcap import rpcap from pylibpcap.open import OpenPcap buf = b'\x00\xc0\x9f2A\x8c\x00\xe0\x18\xb1\x0c\xad\x08\x00E\x00\x008' \ b'\x00\x00@\x00@\x11eG\xc0\xa8\xaa\x08\xc0\xa8\xaa\x14\x80\x1b' \ b'\x005\x00$\x85\xed\x102\x01\x00\x00\x01\x00\x00\x00\x00\x00' \ b'\x00\x06google\x03com\x00\x00\x10\x00\x01' with OpenPcap("tests/dns.pcap", filters="") as f: for blen, t, buf in f.read(): print("[+]: Buf length", blen) print("[+]: Time", t) print("[+]: Buf", buf) for blen, t, buf in rpcap("tests/dns.pcap"): print("[+]: Buf length", blen) print("[+]: Time", t) print("[+]: Buf", buf)
from pylibpcap.pcap import rpcap
for _, _, packet in rpcap("data.pcap"):
offset = 42
# Header
session = packet[offset + 0:offset + 10].decode("utf8")
next_seq_number = int.from_bytes(packet[offset + 10:offset + 18],
byteorder='big')
msg_count = int.from_bytes(packet[offset + 18:offset + 20],
byteorder='big')
offset += 20
for i in range(msg_count):
length = int.from_bytes(packet[offset:offset + 2], byteorder='big')
offset += 2
msg_type = packet[offset + 0:offset + 1].decode("utf8")
time_stamp = int.from_bytes(packet[offset + 1:offset + 9],
byteorder='big')
if msg_type == "C":
# Quotation Message
stock_symbol = packet[offset + 9:offset + 19].decode("utf8")
nasdaq_canada_best_bid_price = int.from_bytes(
packet[offset + 19:offset + 27], byteorder='big') / 100000000
nasdaq_canada_best_bid_size = int.from_bytes(
packet[offset + 27:offset + 31], byteorder='big')
nasdaq_cxc_best_bid_size = int.from_bytes(packet[offset +
31:offset + 35],
byteorder='big')
nasdaq_cx2_best_bid_size = int.from_bytes(packet[offset +