class pcap_write(gr.sync_block): def __init__(self,f,append=True): gr.sync_block.__init__(self,"pcap_write",[],[]) self.message_port_register_in(pmt.intern("pdus")); self.set_msg_handler(pmt.intern("pdus"), self.handler); self.f = f self.append = append def start(self): self.pcap = PcapWriter(self.f, append=self.append, sync=True) def stop(self): pass def handler(self, pdu): meta = pmt.to_python(pmt.car(pdu)) x = pmt.to_python(pmt.cdr(pdu)) z = l2.Raw(x.tostring()) if(meta.has_key("timestamp")): t = meta['timestamp'] if( type(t) == tuple ): t = t[0]+t[1] else : t = t z.time = t self.pcap.write(z); def work(self, input_items, output_items): pass
def create_pcap_file_from_frames(self, file_name, frames): writer = PcapWriter(file_name, append=False) for frame in frames: writer.write(frame) writer.close()
def sanitize( filepath_in, filepath_out=None, sequential=True, ipv4_mask=0, ipv6_mask=0, mac_mask=0, start_ipv4="10.0.0.1", start_ipv6="2001:aa::1", start_mac="00:aa:00:00:00:00", ): if not filepath_out: timestamp = datetime.datetime.now().strftime("%y%m%d-%H%m%S") filepath_out = os.path.splitext(filepath_in)[0] + "_sanitized_" + timestamp + os.path.splitext(filepath_in)[1] mac_gen = MACGenerator(sequential=sequential, mask=mac_mask, start_mac=start_mac) ip4_gen = IPv4Generator(sequential=sequential, mask=ipv4_mask, start_ip=start_ipv4) ip6_gen = IPv6Generator(sequential=sequential, mask=ipv6_mask, start_ip=start_ipv6) with open(filepath_in) as capfile: # open cap file with pcapfile cap = savefile.load_savefile(capfile, verbose=False) # use scapy's pcapwriter pktwriter = PcapWriter(filepath_out, append=True) try: for pkt in cap.packets: # create scapy packet from pcapfile packet raw output pkt = Ether(pkt.raw()) # MAC addresses pkt.src = mac_gen.get_mac(pkt.src) pkt.dst = mac_gen.get_mac(pkt.dst) # IP Address try: pkt["IP"].src = ip4_gen.get_ip(pkt["IP"].src) pkt["IP"].dst = ip4_gen.get_ip(pkt["IP"].dst) except IndexError: pkt["IPv6"].src = ip6_gen.get_ip(pkt["IPv6"].src) pkt["IPv6"].dst = ip6_gen.get_ip(pkt["IPv6"].dst) pktwriter.write(pkt) finally: pktwriter.close() return filepath_out.split("/")[-1]
class WrpcapSink(Sink): """Packets received on low input are written to PCA file +----------+ >>-| |->> | | >-|--[pcap] |-> +----------+ """ def __init__(self, fname): self.f = PcapWriter(fname) def stop(self): self.f.flush() def push(self, msg): self.f.write(msg)
def downstream_fragmentation(self): self.m_finished = False self.packet_error = False self.comment = "\n IPv4_PACKET_FRAGMENTED_BY_BR" q = Queue() v6_cap_filter = 'dst {}'.format(self.ipv6_source_address) sniffer = Thread(target=self.v6sniffer, args=(q, v6_cap_filter, 1)) sniffer.daemon = True sniffer.start() while not self.m_finished: ip = IP(src=self.ipv4_source_address, dst=self.ipv4_destination_address) udp = UDP(sport=self.ipv4_udp_or_tcp_source_port, dport=self.ipv4_udp_or_tcp_destination_port) payload = "a" * 1453 send(ip / udp / payload, iface=self.ipv4_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) count = 0 while not q.empty(): pkt = q.get() # print(pkt.show()) # file_name = self.comment.lower()+".pcap" # wrpcap(file_name, pkt) pktdump.write(pkt) try: pkt except NameError: self.comment += "\n Fragments not received" return print "IPv4 Fragmentation by BR:: FAIL" if count == 0: self.v6_address_check(pkt) self.v6_port_check(pkt) if pkt[0][1].nh != 44: self.comment += "\n No Fragment Header found" if count == 1: # Second Fragment self.v6_address_check(pkt) count += 1 if count != 2: self.comment += "\n Both fragments not received" if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "IPv4 Fragmentation by BR:: FAIL" if not self.packet_error: print "IPv4 Fragmentation by BR: PASS"
def downstream_ttl_expired(self): self.m_finished = False self.packet_error = False self.comment = "\n IPv4_TTL_EXPIRED" q = Queue() v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address) sniffer = Thread(target=self.v4sniffer, args=(q, v4_cap_filter, 1)) sniffer.daemon = True sniffer.start() while not self.m_finished: ip = IP(src=self.ipv4_source_address, dst=self.ipv4_destination_address, ttl=2) udp = UDP(sport=self.ipv4_udp_or_tcp_source_port, dport=self.ipv4_udp_or_tcp_destination_port) payload = "a" * 82 send(ip / udp / payload, iface=self.ipv4_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) while not q.empty(): pkt = q.get() # print(pkt.show()) # file_name = self.comment.lower()+".pcap" # wrpcap(file_name, pkt) pktdump.write(pkt) try: pkt except NameError: self.comment += "\n ICMPv6 Packets Not Received" fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() return if pkt[0][1].proto != 1: self.comment += "\n Packet Type is not ICMP (Proto 1)" self.packet_error = True if pkt[0][2].type != 11: self.comment += "\n Incorrect Type Number" self.packet_error = True if pkt[0][2].code != 0: self.comment += "\n Incorrect Code Number" self.packet_error = True if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "TTL Expired: FAIL" if not self.packet_error: print "TTL Expired: PASS"
class WrpcapSink(Sink): """Packets received on low input are written to PCA file +----------+ >>-| |->> | | >-|--[pcap] |-> +----------+ """ def __init__(self, fname, name=None): Sink.__init__(self, name=name) self.f = PcapWriter(fname) def stop(self): self.f.flush() def push(self, msg): self.f.write(msg)
def gen_traffic(self, output_filename, dst_ip_addr, dst_mac, src_mac="00:00:00:00:00:01", ip_num=10000, packet_num=500000, payload="Normal Traffic pkts"): print("PAcket Number: %d" % packet_num) if not output_filename.endswith(".pcap"): print("Invalid PCAP filename! Exiting...") return self.pcap_filename = output_filename self.ip_hc_filename = str.join(".", output_filename.split(".")[:-1]) + "_ip_hc.txt" self.ip_fake_ttl_filename = str.join(".", output_filename.split(".")[:-1]) + "_fake_ttl.txt" # show modify request request = "Generating " + output_filename + " with\n" if src_mac is not None: request += " src mac:" + src_mac + "\n" if dst_mac is not None: request += " dst mac:" + dst_mac + "\n" if dst_ip_addr is not None: request += " dst ip addr:" + dst_ip_addr + "\n" print(request + "\n") pcap_writer = PcapWriter(output_filename) src_ips = [] src_hosts_with_ttl = {} for i in range(packet_num): if len(self.src_hosts) < ip_num: # pick a random src ip src_ip = self.__generate_ip() # pick a random hc ttl = self.__generate_rand_ttl() else: src_ip = src_ips[random.randint(0, len(src_ips) - 1)] ttl = src_hosts_with_ttl[src_ip] # calculate ttl according to hc pkt = Ether(src=src_mac, dst=dst_mac)/IP(src=self.__ip_int2str(src_ip), dst=dst_ip_addr, ttl=ttl)/TCP(flags=0x10)/payload pcap_writer.write(pkt) if src_ip not in src_ips: src_ips.append(src_ip) src_hosts_with_ttl[src_ip] = ttl self.src_hosts[src_ip] = self.__ttl2hc(ttl) if i % 10000 == 0: print("%d packets have been produced\n" % i) print(str(len(self.src_hosts)) + " source hosts produced") print("Writing ip,hc dict into " + self.ip_hc_filename + "...") with open(self.ip_hc_filename, "w") as f: json.dump(self.src_hosts, f) f.close() pcap_writer.flush() pcap_writer.close()
def __spawn_sniffer(self): """ Saves pcaps to a file. Should be run as a thread. Ends when the stop_sniffing_flag is set. Should not be called by user """ self.packet_dumper = PcapWriter(self.location, append=True, sync=True) while (self.stop_sniffing_flag == False): sniff(stop_filter=self.__packet_callback, timeout=1)
def __init__(self, iface='', newiface='mon0', filename='', outputmode=1, savingPkt=0, savingPcap=0, filtermode='', iHost=[]): self.iface = iface #old interface self.newiface = newiface #a new interface in monitor mode self.sign = ['—', '\\', '|', '/'] #stupid thing :) self.filename = filename #local pcap filename self.sfilename = str(int(time.time())) self.outputmode = outputmode #0->don't output, 1->output self.savingPkt = savingPkt #0->don't save, 1->save self.savingPcap = savingPcap self.filtermode = '( tcp[13:1]==24 )' #'tcp[13:1]==24' -> only sniff tcp self.iHost = iHost if filtermode: self.filtermode += ' and ( %s )' % filtermode # if self.savingPkt: InitPktsFile(self.sfilename) if savingPcap: self.pktdump = PcapWriter("./Pcaps/%s.pcap" % (self.sfilename), append=True, sync=True) if self.iface == '' and filename: print(putColor('[!]Offline Mode!', 'green')) print(' [-]Filter:', putColor(self.filtermode, 'green')) print(' [-]', end='') ClearLine() pkt = sniff(offline='./Pcaps/' + filename, prn=self.Collector, filter=self.filtermode, store=0) #DO NOT USING store = 1!!! #Or you'll see your memory BOOM print() else: self.Init() self.Exit()
def downstream_udp_packet_translation(self): self.m_finished = False self.packet_error = False self.comment = "\n IPv4_PACKET_NORMAL_TRANSLATION" q = Queue() v6_cap_filter = 'src {}'.format(self.ipv6_destination_address) sniffer = Thread(target=self.v6sniffer, args=(q, v6_cap_filter, 1)) sniffer.daemon = True sniffer.start() while not self.m_finished: ip = IP(src=self.ipv4_source_address, dst=self.ipv4_destination_address) udp = UDP(sport=self.ipv4_udp_or_tcp_source_port, dport=self.ipv4_udp_or_tcp_destination_port) payload = "a" * 82 send(ip / udp / payload, iface=self.ipv4_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) while not q.empty(): pkt = q.get() # print(pkt.show()) # file_name = self.comment.lower()+".pcap" # wrpcap(file_name, pkt) pktdump.write(pkt) try: pkt except NameError: self.comment += "\n IPv6 UDP Packet Not Received" fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() return self.v6_address_check(pkt) self.v6_port_check(pkt) if pkt[0][1].nh == 44: self.v6_address_check(pkt) self.v6_port_check(pkt) self.packet_error = True self.comment += "\n Fragment Header added" if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "Downstream UDP Packet: FAIL" if not self.packet_error: print "Downstream UDP Packet: PASS"
def echo_reply(self): self.m_finished = False self.packet_error = False self.comment = "\n ICMPv6_ECHO_REPLY" q = Queue() v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address) sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 1)) sniffer.daemon = True sniffer.start() while not self.m_finished: ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address) icmp = ICMPv6EchoReply() icmp.id = self.ipv6_udp_or_tcp_source_port payload = "H" * 10 send(ip / icmp / payload, iface=self.ipv6_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) while not q.empty(): pkt = q.get() # print(pkt.show()) pktdump.write(pkt) try: pkt except NameError: self.comment += "\n ICMPv4 Packet not received" print "Upstream Reply Respone: FAIL" return self.v4_address_check(pkt) if pkt[0][1].proto != 1: self.comment += "\n ICMPv6 not received" self.packet_error = True if pkt[0][2].type != 0: self.comment += "\n Incorrect Type Number" self.packet_error = True if pkt[0][2].code != 0: self.comment += "\n Incorrect Code Number" self.packet_error = True if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "Upstream Reply Respone: FAIL" if not self.packet_error: print "Upstream Reply Respone: PASS"
def upstream_mss_clamping(self): self.m_finished = False self.packet_error = False self.comment = "\n IPv6_MSS_CLAMPING" q = Queue() v4_cap_filter = 'tcp and dst {}'.format(self.ipv4_source_address) sniffer = Thread(target=self.v4sniffer, args=(q, v4_cap_filter, 1)) sniffer.daemon = True sniffer.start() while not self.m_finished: ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address) tcp = TCP(sport=self.ipv6_udp_or_tcp_source_port, dport=self.ipv6_udp_or_tcp_destination_port, flags="S", seq=1001, options=[('MSS', 2000)]) payload = "a" * 82 send(ip / tcp / payload, iface=self.ipv6_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) while not q.empty(): pkt = q.get() # print(pkt.show()) # file_name = self.comment.lower()+".pcap" # wrpcap(file_name, pkt) pktdump.write(pkt) try: pkt except NameError: self.comment += "\n IPv4 TCP Packet not received" fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() return self.v4_address_check(pkt) self.v4_port_check(pkt) if pkt[0][2].options[0][1] != 1432: self.comment += "\n MSS not clamped to 1432 - clamped to " + pkt[0][2].options[0][1] self.packet_error = True if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "Upstream TCP MSS Clamping: FAIL" if not self.packet_error: print "Upstream TCP MSS Clamping: PASS"
def _run_on_interface(self, args): interfaces = [] join_to = [] if args.output_file: self.out_writer = PcapWriter(args.output_file) handle_queue_thread = Thread(target=self.handle_packet_queue) handle_queue_thread.start() join_to.append(handle_queue_thread) for iface in args.ifaces: interfaces.append(set_monitor_mode(iface)) sniff_thread = Thread(target=self.sniff, kwargs={"iface": iface}) sniff_thread.start() join_to.append(sniff_thread) if args.channel is None: hopping_thread = Thread(target=self.channel_hopping, kwargs={ "interfaces": interfaces, "band": args.band }) hopping_thread.start() join_to.append(hopping_thread) else: for interface in interfaces: check_chset(interface, args.channel) prev_sig_handler = signal.signal(signal.SIGINT, self.sig_int_handler) self.cmd.pfeedback( "[i] Starting reconnaissance, press ctrl-c to stop...\n") for th in join_to: th.join() if self.out_writer: self.out_writer.close() signal.signal(signal.SIGINT, prev_sig_handler)
def save(p): global filepath global filename if _is_need_change(filepath,filename): filename = _change_filename(filepath,filename) print "modifying filename: {}".format(filename) writer = PcapWriter(filepath+filename,append=True) writer.write(p) writer.flush() writer.close() if _is_need_change(filepath,filename): shutil.move(filepath+filename,toUploadPath+filename)
def __init__(self, destination_folder, filter_list=[], or_filter=False): self.destination_folder = destination_folder self._nlogs = self._get_log_count() self.packet_filters = [] for filter in filter_list: try: type, value = map(str.strip, filter.split("=")) self.add_filter(type, value) except Exception as e: print e pass self.or_filter = or_filter self.current_log_file = "packet_log{n}.cap".format(n=self._nlogs) self.packet_logger = PcapWriter( self.destination_folder + "packet_log{n}.cap".format(n=self._nlogs), append=True, sync=True)
def __init__(self): parser = argparse.ArgumentParser(description='Version: 3.0; Running in Py2.x') parser.add_argument("-i", default='', help="the interface you want to use") parser.add_argument("-mi", default='mon0', help="name of the interface in monitor mode") parser.add_argument("-f", default='', help="local pcap filename(in the offline mode)") parser.add_argument("-o", default='1', help="show msg in the terminal? 0: No, 1: Yes") parser.add_argument("-sPkt", default='1', help="save Pkts during snifffing? 0: No, 1: Yes") parser.add_argument("-sPcap", default='0', help="save Pcap during snifffing? 0: No, 1: Yes") parser.add_argument("-fm", default='', help="filter syntax used in scapy") parser.add_argument("-iHF", default='iHost.txt', help="highlight these hosts when stop the sniffer(in the iHost.txt") parser.add_argument("-fHF", default='fHost.txt', help="filter these hosts when show msg in terminal(in the fHost.txt") args = parser.parse_args() self.iface = args.i #old interface self.newiface = args.mi #a new interface in monitor mode self.sign = ['—','\\' ,'|' ,'/'] #stupid thing :) self.filename = args.f #local pcap filename self.sfilename = str(int(time.time())) self.outputmode = args.o #0->don't output, 1->output self.savingPkt = args.sPkt #0->don't save, 1->save self.savingPcap = args.sPcap self.filtermode = '( tcp[13:1]==24 )'#'tcp[13:1]==24' -> only sniff tcp self.SrcIP = [] self.fHF = args.fHF if args.fm: self.filtermode += ' and ( %s )' %args.fm # if self.savingPkt == '1': InitPktsFile(self.sfilename) if self.savingPcap == '1': self.pktdump = PcapWriter("./Pcaps/%s.pcap" %(self.sfilename), append=True, sync=True) try: with open(args.iHF, 'r') as fp: self.iHost = re.findall('(\S+)', fp.read()) except: ErrorDog(self.Exit) if self.iface == '' and self.filename: print putColor('[!]Offline Mode!', 'green') print ' [-]Filter:', putColor(self.filtermode, 'green') print ' [-]', ClearLine() try: pkt = sniff(offline = './Pcaps/' + self.filename, prn = self.Collector, filter = self.filtermode, store = 0)#DO NOT USING store = 1!!! #Or you'll see your memory BOOM print except: ErrorDog(self.Exit) else: self.Init() self.Exit()
def upstream_hop_limit_expired(self): self.m_finished = False self.packet_error = False self.comment = "\n IPv6_Hot_Limit_EXPIRED" q = Queue() v6_cap_filter = 'icmp6 and dst {}'.format(self.ipv6_source_address) sniffer = Thread(target=self.v6sniffer, args=(q, v6_cap_filter, 1)) sniffer.daemon = True sniffer.start() while not self.m_finished: ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address, hlim=2) udp = UDP(sport=self.ipv6_udp_or_tcp_source_port, dport=self.ipv6_udp_or_tcp_destination_port) payload = "a" * 82 send(ip / udp / payload, iface=self.ipv6_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) while not q.empty(): pkt = q.get() # print(pkt.show()) # file_name = self.comment.lower()+".pcap" # wrpcap(file_name, pkt) pktdump.write(pkt) try: pkt except NameError: self.comment += "\n ICMPv6 Hop Limit Expired not received" fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() return if pkt[0][1].nh != 58: self.comment += "\n Packet Type is not ICMPv6 (Proto 58)" self.packet_error = True if pkt[0][2].type != 3: self.comment += "\n Incorrect Type Number" self.packet_error = True if pkt[0][2].code != 0: self.comment += "\n Incorrect Code Number" self.packet_error = True if not self.packet_error: print "ICMPv6 Hop Limit Expired: PASS"
def __init__(self, iface, save, file__, curses): self.iface=iface self.save=save self.file__ = PcapWriter(file__, append=True, sync=True) if self.save else '' self.handshakes = 0 self.stop_hopper = False self.thread = self.chain_thread() self.curses = curses if self.curses: self.display = Display(self) signal.signal(signal.SIGINT, self.print_exit)
def modify_traffic(self, output_filename, fake_ttl=False, src_mac=None, dst_mac=None, src_ip_addr=None, dst_ip_addr=None): if fake_ttl is True and len(self.src_hosts_with_fake_ttl) == 0: print("Please extract ip2hc table before modify traffic with fake ttl.") # show modify request request = "Generating " + output_filename + " with\n" if fake_ttl: request += " fake ttl\n" if src_mac is not None: request += " src mac:" + src_mac + "\n" if dst_mac is not None: request += " dst mac:" + dst_mac + "\n" if src_ip_addr is not None: request += " src ip addr:" + src_ip_addr + "\n" if dst_ip_addr is not None: request += " dst ip addr:" + dst_ip_addr + "\n" print(request + "\n") pcap_reader = PcapReader(self.pcap_filename) pcap_writer = PcapWriter(output_filename) counter = 0 while True: pkt = pcap_reader.read_packet() if pkt is None: break if not pkt.haslayer('Ether') or not pkt.haslayer('IP'): continue # ipv4 packets counter += 1 ip_int = self.__ip_str2int(pkt['IP'].src) if fake_ttl: pkt['IP'].ttl = self.src_hosts_with_fake_ttl[ip_int] if src_mac is not None: pkt['Ethernet'].src = src_mac if dst_mac is not None: pkt['Ethernet'].dst = dst_mac if src_ip_addr is not None: pkt['IP'].src = src_ip_addr if dst_ip_addr is not None: pkt['IP'].dst = dst_ip_addr pcap_writer.write(pkt) if counter % 10000 == 0: print("%d packets have been processed\n" % counter) pcap_writer.flush() pcap_writer.close() pcap_reader.close()
def create_pcap_file(self, file_name, frame_size, number_of_frames, incremental_ip_address, src_ip="0.0.0.0", dst_ip="0.0.0.0"): current_frame = 0 writer = PcapWriter(file_name, append=False) while current_frame < number_of_frames: ip_id = 0 # current_frame % 0x10000 frame = self.create_tcp_ipv4_frame(ip_id, src_ip, dst_ip, frame_size) writer.write(frame) if incremental_ip_address: dst_ip = self.increment_ip_addr(dst_ip, 1) current_frame += 1 writer.close()
def __init__(self): super(PacketLogger, self).__init__("packetlogger") self.destination_folder = self.config["destination_folder"] self._nlogs = self._get_log_count() self.packet_filters = [] filter_list = self.config["filters"] for filter in filter_list: try: type, value = map(str.strip, filter.split("=")) self.add_filter(type, value) except Exception as e: print e pass self.or_filter = self.config["filter_mode"].lower() == "or" self.current_log_file = "packet_log{n}.cap".format(n=self._nlogs) self.packet_logger = PcapWriter( self.destination_folder + "packet_log{n}.cap".format(n=self._nlogs), append=True, sync=True)
def analyze(self,pcapFilename): hl7Output =BASE_DIR+"/hl7/networkFiles/hl7PacketDump.pcap" hl7Dump = PcapWriter((hl7Output),append=True,sync=True) G = nx.DiGraph(directed=True) print(unquote(pcapFilename)) pcapFilename = unquote(pcapFilename) packets = rdpcap(pcapFilename) networkSession = packets.sessions() for session in networkSession: for packet in networkSession[session]: try: if (str(packet[TCP].payload).startswith("b\'")) and str(packet[TCP].payload).endswith("r\'"): hl7Dump.write(packet) G.add_edge( (str(packet[IP].dst)+":"+str(packet[IP].dport)),(str(packet[IP].src)+":"+str(packet[TCP].sport))) except: continue nx.draw(G, with_labels=True) plt.show() hl7Dump.close() return hl7Output
class WrpcapSink(Sink): """Packets received on low input are written to PCAP file .. code:: +----------+ >>-| |->> | | >-|--[pcap] |-> +----------+ """ def __init__(self, fname, name=None, linktype=None): Sink.__init__(self, name=name) self.fname = fname self.f = None self.linktype = linktype def start(self): self.f = PcapWriter(self.fname, linktype=self.linktype) def stop(self): if self.f: self.f.flush() self.f.close() def push(self, msg): if msg: self.f.write(msg)
def main(): args = parse_args() all_packet_dic = [] pkts = rdpcap(args.pcap) for pkt in pkts: if 'DNS' in pkt: raw = str(pkt['DNS']) d = read_dns_packet(raw, pkt, args.domain) if d: all_packet_dic.append(d) if args.action == 'display': for p in all_packet_dic: pretty_print(p) else: n = args.pcap ind = n.rfind('.') new_pcap = n[:ind] + '.' + args.domain + '.' + n[ind + 1:] pktdump = PcapWriter(new_pcap, append=True, sync=True) addresses = [] for p in all_packet_dic: pktdump.write(p['packet']) if p['Answers']: for a in p['Answers']: if a[1] == 1: addresses.append(a[4]) for pkt in pkts: try: if 'IP' in pkt and pkt[IP].src in addresses or pkt[ IP].dst in addresses: pktdump.write(pkt) except: IndexError
class pcap_write(gr.sync_block): def __init__(self, f): gr.sync_block.__init__(self, "pcap_write", [], []) self.message_port_register_in(pmt.intern("pdus")) self.set_msg_handler(pmt.intern("pdus"), self.handler) self.f = f def start(self): self.pcap = PcapWriter(self.f, append=True, sync=True) def stop(self): pass def handler(self, pdu): ba = bitarray.bitarray() meta = pmt.car(pdu) x = pmt.to_python(pmt.cdr(pdu)) z = l2.Raw(x.tostring()) self.pcap.write(z) def work(self, input_items, output_items): pass
def gen_ipv4_assemble_pcap(): """Generate ipv4 assemble test case input pcap file.""" writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv4_assemble_rx.pcap", append=False) packets = create_packet(1066, False, 1024) for packet in packets: writer.write(packet) writer.close()
class WrpcapSink(Sink): """ Writes :py:class:`Packet` on the low entry to a ``pcap`` file. Ignores all messages on the high entry. .. note:: Due to limitations of the ``pcap`` format, all packets **must** be of the same link type. This class will not mutate packets to conform with the expected link type. .. code:: +----------+ >>-| |->> | | >-|--[pcap] |-> +----------+ :param fname: Filename to write packets to. :type fname: str :param linktype: See :py:attr:`linktype`. :type linktype: None or int .. py:attribute:: linktype Set an explicit link-type (``DLT_``) for packets. This must be an ``int`` or ``None``. This is the same as the :py:func:`wrpcap` ``linktype`` parameter. If ``None`` (the default), the linktype will be auto-detected on the first packet. This field will *not* be updated with the result of this auto-detection. This attribute has no effect after calling :py:meth:`PipeEngine.start`. """ def __init__(self, fname, name=None, linktype=None): # type: (str, Optional[str], Optional[int]) -> None Sink.__init__(self, name=name) self.fname = fname self.f = None # type: Optional[PcapWriter] self.linktype = linktype def start(self): # type: () -> None self.f = PcapWriter(self.fname, linktype=self.linktype) def stop(self): # type: () -> None if self.f: self.f.flush() self.f.close() def push(self, msg): # type: (Packet) -> None if msg and self.f: self.f.write(msg)
def convert_file(input_file, output_file): pktdump = PcapWriter(output_file, append=False) ip_table = IPTable() port_table = PortTable() flow_table = FlowTable() with open(input_file) as tsv: for line in csv.reader(tsv, dialect="excel-tab"): #You can also use delimiter="\t" rather than giving a dialect. # order in file is: # 0: Timestamp, 1: PktLen, 2: SrcIP, 3: DestIP, 4: SrcPort, 5: DestPort, 6: Prot, # 7: SrcHostPrefix, 8: DestHostPrefix, 9: SrcRack, 10: DestRack, 11: SrcPod, # 12: DestPod, 13: InterCluster, 14: InterDC #src_ip = ip_table.lookup_rack_pod(line[2], line[9], line[11]) #dst_ip = ip_table.lookup_rack_pod(line[3], line[10], line[12]) src_ip = ip_table.lookup_prefix(line[2], line[7]) dst_ip = ip_table.lookup_prefix(line[3], line[8]) pkt = IP(src=src_ip, dst=dst_ip) sport = port_table.lookup(line[4]) dport = port_table.lookup(line[5]) prot = int(line[6]) if prot == 6: # TCP pkt = pkt/TCP(sport=sport,dport=dport,flags=flow_table.get_flags(src_ip, dst_ip, sport, dport, prot)) elif prot == 17: # UDP pkt = pkt/UDP(sport=sport,dport=dport) else: continue pkt.time = int(line[0]) pkt.len = int(line[1]) pktdump.write(pkt)
def sanitize(filepath_in, filepath_out=None, sequential=True, ipv4_mask=0, ipv6_mask=0, mac_mask=0, start_ipv4='10.0.0.1', start_ipv6='2001:aa::1', start_mac='00:aa:00:00:00:00'): if not filepath_out: timestamp = datetime.datetime.now().strftime('%y%m%d-%H%m%S') filepath_out = os.path.splitext(filepath_in)[ 0] + '_sanitized_' + timestamp + os.path.splitext(filepath_in)[1] mac_gen = MACGenerator(sequential=sequential, mask=mac_mask, start_mac=start_mac) ip4_gen = IPv4Generator(sequential=sequential, mask=ipv4_mask, start_ip=start_ipv4) ip6_gen = IPv6Generator(sequential=sequential, mask=ipv6_mask, start_ip=start_ipv6) with open(filepath_in) as capfile: #open cap file with pcapfile cap = savefile.load_savefile(capfile, verbose=False) #use scapy's pcapwriter pktwriter = PcapWriter(filepath_out, append=True) try: for pkt in cap.packets: #create scapy packet from pcapfile packet raw output pkt = Ether(pkt.raw()) #MAC addresses pkt.src = mac_gen.get_mac(pkt.src) pkt.dst = mac_gen.get_mac(pkt.dst) #IP Address try: pkt['IP'].src = ip4_gen.get_ip(pkt['IP'].src) pkt['IP'].dst = ip4_gen.get_ip(pkt['IP'].dst) except IndexError: pkt['IPv6'].src = ip6_gen.get_ip(pkt['IPv6'].src) pkt['IPv6'].dst = ip6_gen.get_ip(pkt['IPv6'].dst) pktwriter.write(pkt) finally: pktwriter.close() return filepath_out.split('/')[-1]
def gen_ipv6_fragment_pcap(): """Generate ipv6 fragment test case input pcap file.""" writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv6_fragment_rx.pcap", append=False) for i in range(1, 1454): packets = create_packet(i, True) for packet in packets: writer.write(packet) writer.close()
def gen_ipv4_checksum_pcap(): """Generate ipv4 checksum test case input pcap file.""" writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv4_checksum_rx.pcap", append=False) for i in range(1, 1474): packets = create_packet(i, False) for packet in packets: writer.write(packet) writer.close()
def sniff_goose(interface): print( "GOOSE messages use IEEE 802.1Q for VLAN tagging and prioritization. Many network cards filter out the " "content of this layer. If this is also the case for you, there are often ways to change this. Since it " "varies from card to card you should google it. Otherwise you can answer 'Tagged VLANs' with n." ) time_to_capture = int(input("Time to capture (in seconds) : ")) with_iee = input("Does your interface support tagged VLANs? (y/n): ") capture_name = input("Name of the pcap file (without extension) : ") print('\nSniffing GOOSE traffic from ' '\n[*] Interface: {} ' '\n[*] For:{} seconds ' '\n[*] Tagged VLANs: {} ' '\n'.format(interface, time_to_capture, with_iee)) if with_iee == "y": # Sniffing the traffic from Publisher print( "All network packets with Ethernet, IEEE 802.1Q and RAW Layer are captured!" ) traffic = sniff(iface=interface, timeout=time_to_capture) output = PcapWriter(capture_name + ".pcap", append=True, sync=True) for frame in traffic: # Checks all frames in traffic if frame.haslayer(Ether) == 1 and frame.haslayer( Dot1Q ) == 1 and frame.haslayer( Raw ) == 1: # Checks if the frame has the Ethernet, IEEE802.1Q and Raw layer output.write(frame) # Saves the frame print("File saved as: " + capture_name) elif with_iee == "n": # Sniffing the traffic from Publisher print("All network packets with Ethernet and RAW Layer are captured!") traffic = sniff(iface=interface, timeout=time_to_capture) output = PcapWriter(capture_name + ".pcap", append=True, sync=True) for frame in traffic: # Checks all frames in traffic if frame.haslayer(Ether) == 1 and frame.haslayer( Raw ) == 1: # Checks if the frame has the Ethernet, and Raw layer output.write(frame) # Saves the frame print("File saved as: " + capture_name) else: print("Your Input was: ", with_iee, "It should be 'y' or 'n'!")
def scapy_sniff(self): file = open('iface.setting', 'r') iface = file.read() file.close() if iface == 'None': data = sniff(prn=lambda x: x.summary()) #scapy的sniff嗅探 else: data = sniff(iface=iface, prn=lambda x: x.summary()) print("Start analyzing packets...") file = "sniff_data/" + time.strftime('%Y_%m_%d_%H_%M_%S') + ".pcap" writer = PcapWriter(file, append=True) for i in data: writer.write(i) writer.flush() writer.close()
def classify_bysrc(file_name, file_to): packages = scapy.rdpcap(file_name) t_results = {} for p in packages: if (get_srcip(p) + get_dstip(p) in t_results): t_results[get_srcip(p) + get_dstip(p)].append(p) elif (get_dstip(p) + get_srcip(p) in t_results): t_results[get_dstip(p) + get_srcip(p)].append(p) else: t_results[get_srcip(p) + get_dstip(p)] = [] t_results[get_srcip(p) + get_dstip(p)].append(p) for key in t_results: t_temp = t_results[key] t_writer = PcapWriter(file_to + key + '.pcap', append=True) for p in t_results[key]: t_writer.write(p) t_writer.flush() t_writer.close()
def __init__(self, outfile, mtu=1500): self.pcap = PcapWriter(filename=outfile, linktype=1) self.mss = mtu - 40 self.connstate = {} self.last_packet_tm = datetime.datetime(1970, 1, 1, 0, 0, 0) self.last_timeout_tm = datetime.datetime(1970, 1, 1, 0, 0, 0)
def write(file_name, packets): writer = PcapWriter(file_name, append = True) for p in packets: writer.write(p) writer.flush() writer.close()
def pre_scanning(self): self.packet_logger = PcapWriter(self.destination_folder + self.current_log_file, append=True, sync=True) SessionManager().log_event(NeutralEvent("Packet Logger initiated."))
def refresh(self): self._nlogs = self._get_log_count() self.packet_logger = PcapWriter(self.destination_folder + "packet_log{n}.cap".format(n = self._nlogs), append=True, sync=True)
if options == []: print parser.print_help() sys.exit(-1) if not options.input_target or options.input_target == "": print parser.print_help() sys.exit(-1) if not options.output_pcap or options.output_pcap == "": print parser.print_help() sys.exit(-1) if options.srcip and validate_ip(options.srcip): src = options.srcip if options.dstip and validate_ip(options.dstip): dst = options.dstip #Open our packet dumper pktdump = PcapWriter(options.output_pcap, sync=True) def build_handshake(src,dst,sport,dport): ipsrc = src ipdst = dst portsrc = sport portdst = dport # We don't deal with session wrap around so lets make the range smaller for now # client_isn = random.randint(1024, (2**32)-1) # server_isn = random.randint(1024, (2**32)-1) client_isn = random.randint(1024, 10000) server_isn = random.randint(1024, 10000) syn = IP(src=ipsrc, dst=ipdst)/TCP(flags="S", sport=portsrc, dport=portdst, seq=client_isn) synack = IP(src=ipdst, dst=ipsrc)/TCP(flags="SA", sport=portdst, dport=portsrc, seq=server_isn, ack=syn.seq+1) ack = IP(src=ipsrc, dst=ipdst)/TCP(flags="A", sport=portsrc, dport=portdst, seq=syn.seq+1, ack=synack.seq+1)
class PacketLogger(AirScannerPlugin): def __init__(self, config): super(PacketLogger, self).__init__(config, "packetlogger") self.destination_folder = self.config["destination_folder"] self._nlogs = self._get_log_count() self.packet_filters = [] filter_list = self.config["filters"] self.filter_types = { "bssid" : BSSIDPacketFilter, "ssid" : SSIDPacketFilter, "channel" : ChannelPacketFilter } for filter in filter_list: try: type, value = map(str.strip, filter.split("=")) self.add_filter(type, value) except Exception as e: print e pass self.or_filter = self.config["filter_mode"].lower() == "or" self.current_log_file = "packet_log{n}.cap".format(n = self._nlogs) self.packet_logger = None def pre_scanning(self): self.packet_logger = PcapWriter(self.destination_folder + self.current_log_file, append=True, sync=True) SessionManager().log_event(NeutralEvent("Packet Logger initiated.")) def _get_log_count(self): # Get the number of existing log files if os.path.exists(self.destination_folder): return len(filter(lambda x: x.startswith("packet_log"), os.listdir(self.destination_folder))) else: os.mkdir(self.destination_folder) return 0 def add_filter(self, filter_type, value): filter = None try: filter = self.filter_types[filter_type](value) except KeyError: print "There is no filter definition for '{}'.".format(filter_type) except: pass if filter: self.packet_filters.append(filter) def refresh(self): self._nlogs = self._get_log_count() self.packet_logger = PcapWriter(self.destination_folder + "packet_log{n}.cap".format(n = self._nlogs), append=True, sync=True) def log(self, packet, OR = False): if(OR): # Only needs to pass through 1 filter for filter in self.packet_filters: if filter.passes(packet): self.packet_logger.write(packet) return else: # Needs to pass through all filter for filter in self.packet_filters: if not filter.passes(packet): return self.packet_logger.write(packet) def handle_packet(self, packet): self.log(packet, self.or_filter)
def saz_to_pcap(sazpath): if not sazpath.lower().endswith(".saz"): return None if not HAVE_SCAPY: log.error("Scapy is required for SAZ to PCAP conversion.") return None tmpdir = "" pcappath = "%s/%s.pcap" % (tempfile.mkdtemp(), os.path.basename(sazpath)) fiddler_raw_dir = "" pktdump = PcapWriter(pcappath, sync=True) try: tmpdir = tempfile.mkdtemp() except Exception as e: log.error("Failed to Create temp dir for SAZ extraction %s" % (e)) return None try: z = zipfile.ZipFile(sazpath, "r") except Exception as e: log.error("Failed to open SAZ file as Zip extraction %s" % (e)) return None try: z.extractall(tmpdir) z.close() except Exception as e: log.error("Failed to extract SAZ file to temp dir %s" % (e)) return None if not os.path.isdir("%s/raw/" % (tmpdir)): return None fiddler_raw_dir = "%s/raw/" % (tmpdir) m_file_list = glob.glob("%s/%s" % (fiddler_raw_dir, "*_m.xml")) m_file_list.sort() if m_file_list: for xml_file in m_file_list: sport = random.randint(1024, 65535) src = "192.168.1.1" smac = "00:11:22:aa:bb:cc" dport = 80 dst = "10.1.1.1" dmac = "c0:c1:c0:b7:ce:63" dom = parse(xml_file) m = re.match(r"^(?P<fid>\d+)_m\.xml", os.path.basename(xml_file)) if m: fid = m.group("fid") else: log.error("Failed to find fiddler ID tag") return None xmlTags = dom.getElementsByTagName("SessionFlag") for xmlTag in xmlTags: xmlTag = xmlTag.toxml() m = re.match( r"\<SessionFlag N=\x22x-(?:client(?:ip\x22 V=\x22[^\x22]*?(?P<clientip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})|port\x22 V=\x22(?P<sport>\d+))|hostip\x22 V=\x22[^\x22]*?(?P<hostip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))\x22", xmlTag, ) # TODO:to enable this we need to track 5 tuples otherwise we have session reuse issues # if m and m.group("sport"): # sport = int(m.group("sport")) if m and m.group("clientip") and src == None: src = m.group("clientip") elif m and m.group("hostip"): dst = m.group("hostip") req = open(fiddler_raw_dir + fid + "_c.txt").read() m = re.match( r"^(?P<verb>[^\r\n\s]+)\s+(?P<host_and_port>https?\:\/\/[^\/\r\n\:]+(\:(?P<dport>\d{1,5}))?)\/", req ) if m and m.group("verb") != "CONNECT": req = req.replace(m.group("host_and_port"), "", 1) if m.group("dport") and int(m.group("dport")) <= 65535: dport = int(m.group("dport")) resp = open(fiddler_raw_dir + fid + "_s.txt").read() (seq, ack) = build_handshake(src, dst, sport, dport, pktdump, smac, dmac) (seq, ack) = make_pkts(src, dst, sport, dport, seq, ack, req, pktdump, smac, dmac) (seq, ack) = make_pkts(dst, src, dport, sport, seq, ack, resp, pktdump, dmac, smac) build_finshake(src, dst, sport, dport, seq, ack, pktdump, smac, dmac) else: m_file_list = glob.glob("%s/%s" % (fiddler_raw_dir, "*_c.txt")) m_file_list.sort() if m_file_list: for xml_file in m_file_list: sport = random.randint(1024, 65535) dport = 80 src = "192.168.1.1" smac = "00:11:22:aa:bb:cc" dst = "10.1.1.1" dmac = "c0:c1:c0:b7:ce:63" m = re.match(r"^(?P<fid>\d+)_c\.txt", os.path.basename(xml_file)) if m: fid = m.group("fid") else: log.error("Failed to find fiddler ID tag") return None req = open(fiddler_raw_dir + fid + "_c.txt").read() m = re.match( r"^(?P<verb>[^\r\n\s]+)\s+(?P<host_and_port>https?\:\/\/[^\/\r\n\:]+(\:(?P<dport>\d{1,5}))?)\/", req ) if m and m.group("verb") != "CONNECT": req = req.replace(m.group("host_and_port"), "", 1) if m.group("dport") and int(m.group("dport")) <= 65535: dport = int(m.group("dport")) resp = open(fiddler_raw_dir + fid + "_s.txt").read() (seq, ack) = build_handshake(src, dst, sport, dport, pktdump, smac, dmac) (seq, ack) = make_pkts(src, dst, sport, dport, seq, ack, req, pktdump, smac, dmac) (seq, ack) = make_pkts(dst, src, dport, sport, seq, ack, resp, pktdump, dmac, smac) build_finshake(src, dst, sport, dport, seq, ack, pktdump, smac, dmac) else: log.error("Unsupported SAZ format") return None pktdump.close() if tmpdir: try: shutil.rmtree(tmpdir) except: pass return pcappath
if options == []: print parser.print_help() sys.exit(-1) if not options.input_target or options.input_target == "": print parser.print_help() sys.exit(-1) if not options.output_pcap or options.output_pcap == "": print parser.print_help() sys.exit(-1) if options.srcip and validate_ip(options.srcip): src = options.srcip if options.dstip and validate_ip(options.dstip): dst = options.dstip #Open our packet dumper pktdump = PcapWriter(options.output_pcap, sync=True) pktdump.linktype = 1 # Ethernet def build_handshake(src,dst,sport,dport): ipsrc = src ipdst = dst portsrc = sport portdst = dport # We don't deal with session wrap around so lets make the range smaller for now # client_isn = random.randint(1024, (2**32)-1) # server_isn = random.randint(1024, (2**32)-1) client_isn = random.randint(1024, 10000) server_isn = random.randint(1024, 10000) syn = Ether(src="00:01:02:03:04:05",dst="06:07:08:09:0a:0b",type=0x800)/IP(version=4L,src=ipsrc, dst=ipdst)/TCP(flags="S", sport=portsrc, dport=portdst, seq=client_isn) synack = Ether(dst="00:01:02:03:04:05",src="06:07:08:09:0a:0b",type=0x800)/IP(version=4L,src=ipdst, dst=ipsrc)/TCP(flags="SA", sport=portdst, dport=portsrc, seq=server_isn, ack=syn.seq+1)
class NetworkStack(): """Emulated network stack, processing log entries into network packets""" class ConnState(): """State for a single TCP connection""" def __init__(self, logentry, tm, ctx): self.src_addr = logentry['src_addr'] self.src_port = logentry['src_port'] self.dst_addr = logentry['dst_addr'] self.dst_port = logentry['dst_port'] self.tm = tm self._ctx = ctx def touch(self, tm): if self.tm < tm: self.tm = tm def _write_packet(self, pkt): pkt.time = (self.tm - datetime.datetime(1970, 1, 1)).total_seconds() self._ctx.pcap.write(pkt) self._ctx.last_packet_tm = self.tm def _seq(self, addr, port, inc): if self.src_addr == addr and self.src_port == port: seq = self.src_seq ack = self.dst_seq self.src_seq += inc else: seq = self.dst_seq ack = self.src_seq self.dst_seq += inc return (seq, ack) def syn(self): """Send a TCP SYN handshake, opeining the connection""" self.src_seq = random.randint(1024, (2**32)-1) self.dst_seq = random.randint(1024, (2**32)-1) self._write_packet( Ether()/ IP(src=self.src_addr, dst=self.dst_addr)/ TCP(flags='S', sport=self.src_port, dport=self.dst_port, seq=self.src_seq) ) self.src_seq += 1 self._write_packet( Ether()/ IP(src=self.dst_addr, dst=self.src_addr)/ TCP(flags='SA', sport=self.dst_port, dport=self.src_port, seq=self.dst_seq, ack=self.src_seq) ) self.dst_seq += 1 self._write_packet( Ether()/ IP(src=self.src_addr, dst=self.dst_addr)/ TCP(flags='A', sport=self.src_port, dport=self.dst_port, seq=self.src_seq, ack=self.dst_seq) ) def fin(self): """Send a TCP FIN handshake, closing current connection""" self._write_packet( Ether()/ IP(src=self.src_addr, dst=self.dst_addr)/ TCP(flags="FA", sport=self.src_port, dport=self.dst_port, seq=self.src_seq, ack=self.dst_seq) ) self.src_seq += 1 self._write_packet( Ether()/ IP(src=self.dst_addr, dst=self.src_addr)/ TCP(flags='A', sport=self.dst_port, dport=self.src_port, seq=self.dst_seq, ack=self.src_seq) ) def data(self, logentry): """Send a TCP data segment within the connection""" for segment in chunks(logentry['data'], self._ctx.mss): seq, ack = self._seq(logentry['src_addr'], logentry['src_port'], len(segment)) self._write_packet( Ether()/ IP(src=logentry['src_addr'], dst=logentry['dst_addr'])/ TCP(flags='PA', sport=logentry['src_port'], dport=logentry['dst_port'], seq=seq, ack=ack)/ segment ) def __init__(self, outfile, mtu=1500): self.pcap = PcapWriter(filename=outfile, linktype=1) self.mss = mtu - 40 self.connstate = {} self.last_packet_tm = datetime.datetime(1970, 1, 1, 0, 0, 0) self.last_timeout_tm = datetime.datetime(1970, 1, 1, 0, 0, 0) def _make5tuple(self, logentry): """Construct a canonical per-connection 5-tuple""" if (logentry['src_addr'] < logentry['dst_addr']) or \ (logentry['src_addr'] == logentry['dst_addr'] and \ logentry['src_port'] < logentry['dst_port']): return "tcp|%s|%d|%s|%d" % (logentry['src_addr'], logentry['src_port'], logentry['dst_addr'], logentry['dst_port']) else: return "tcp|%s|%d|%s|%d" % (logentry['dst_addr'], logentry['dst_port'], logentry['src_addr'], logentry['src_port']) # Note that the chosen data structure for the internal state scales badly # for large numbers of connections: O(n) search every minute. This needs # to be rewritten using better data structures for scalability. def add(self, logentry): """Process a log entry, keeping internal state""" tm = parse_timestamp(logentry['timestamp']) conn5tuple = self._make5tuple(logentry) if not conn5tuple in self.connstate: self.connstate[conn5tuple] = NetworkStack.ConnState(logentry, tm, self) self.connstate[conn5tuple].syn() else: self.connstate[conn5tuple].touch(tm) self.connstate[conn5tuple].data(logentry) # at most very 60 seconds, time out old connections (doesn't scale!) if tm > self.last_timeout_tm + datetime.timedelta(0, 1, 0): for conn in self.connstate: if self.last_timeout_tm > self.connstate[conn5tuple].tm + \ datetime.timedelta(0, 1, 0): self.connstate[conn5tuple].fin() del self.connstate[conn5tuple] self.last_timeout_tm = tm def done(self): """We are done, all active connections can be closed""" for conn in self.connstate: self.connstate[conn].touch(self.last_packet_tm) self.connstate[conn].fin() self.pcap.close()
def start(self): self.pcap = PcapWriter(self.f, append=True, sync=True)
def __init__(self, fname, name=None): Sink.__init__(self, name=name) self.f = PcapWriter(fname)
def __init__(self, fname): self.f = PcapWriter(fname)