def main():
args = parse_args()
all_packet_dic = []
pkts = rdpcap(args.pcap)
for pkt in pkts:
if 'DNS' in pkt:
raw = str(pkt['DNS'])
d = read_dns_packet(raw, pkt, args.domain)
if d:
all_packet_dic.append(d)
if args.action == 'display':
for p in all_packet_dic:
pretty_print(p)
else:
n = args.pcap
ind = n.rfind('.')
new_pcap = n[:ind] + '.' + args.domain + '.' + n[ind + 1:]
pktdump = PcapWriter(new_pcap, append=True, sync=True)
addresses = []
for p in all_packet_dic:
pktdump.write(p['packet'])
if p['Answers']:
for a in p['Answers']:
if a[1] == 1:
addresses.append(a[4])
for pkt in pkts:
try:
if 'IP' in pkt and pkt[IP].src in addresses or pkt[
IP].dst in addresses:
pktdump.write(pkt)
except:
IndexError
class WrpcapSink(Sink):
"""Packets received on low input are written to PCAP file
.. code::
+----------+
>>-| |->>
| |
>-|--[pcap] |->
+----------+
"""
def __init__(self, fname, name=None, linktype=None):
Sink.__init__(self, name=name)
self.fname = fname
self.f = None
self.linktype = linktype
def start(self):
self.f = PcapWriter(self.fname, linktype=self.linktype)
def stop(self):
if self.f:
self.f.flush()
self.f.close()
def push(self, msg):
if msg:
self.f.write(msg)
def analyze(self,pcapFilename):
hl7Output =BASE_DIR+"/hl7/networkFiles/hl7PacketDump.pcap"
hl7Dump = PcapWriter((hl7Output),append=True,sync=True)
G = nx.DiGraph(directed=True)
print(unquote(pcapFilename))
pcapFilename = unquote(pcapFilename)
packets = rdpcap(pcapFilename)
networkSession = packets.sessions()
for session in networkSession:
for packet in networkSession[session]:
try:
if (str(packet[TCP].payload).startswith("b\'")) and str(packet[TCP].payload).endswith("r\'"):
hl7Dump.write(packet)
G.add_edge( (str(packet[IP].dst)+":"+str(packet[IP].dport)),(str(packet[IP].src)+":"+str(packet[TCP].sport)))
except:
continue
nx.draw(G, with_labels=True)
plt.show()
hl7Dump.close()
return hl7Output
class pcap_write(gr.sync_block):
def __init__(self,f,append=True):
gr.sync_block.__init__(self,"pcap_write",[],[])
self.message_port_register_in(pmt.intern("pdus"));
self.set_msg_handler(pmt.intern("pdus"), self.handler);
self.f = f
self.append = append
def start(self):
self.pcap = PcapWriter(self.f, append=self.append, sync=True)
def stop(self):
pass
def handler(self, pdu):
meta = pmt.to_python(pmt.car(pdu))
x = pmt.to_python(pmt.cdr(pdu))
z = l2.Raw(x.tostring())
if(meta.has_key("timestamp")):
t = meta['timestamp']
if( type(t) == tuple ):
t = t[0]+t[1]
else :
t = t
z.time = t
self.pcap.write(z);
def work(self, input_items, output_items):
pass
def clsMessagesByIp(fileFrom, fileTo):
packages = scapy.rdpcap(fileFrom)
t_results = {}
for p in packages:
srcIp = MessageConvert.getClsSrcIp(p)
desIp = MessageConvert.getClsDesIp(p)
if srcIp == 'null' or desIp == 'null':
continue
mesKeyFirst = srcIp + desIp
mesKeySecond = desIp + srcIp
if mesKeyFirst in t_results:
t_results[mesKeyFirst].append(p)
elif (mesKeySecond in t_results):
t_results[mesKeySecond].append(p)
else:
t_results[mesKeyFirst] = []
t_results[mesKeyFirst].append(p)
for key in t_results:
t_temp = t_results[key]
t_writer = PcapWriter('%s%s.pcap' %(fileTo, key), append=True)
#t_writer = PcapWriter('/home/wxw/data/cip_datanew/' + key + '.pcap', append=True)
for p in t_results[key]:
t_writer.write(p)
t_writer.flush()
t_writer.close()
def create_flows(num_packets, bytes_per_packet, output_file, zipf_param,
n_flows):
pktdump = PcapWriter(output_file, append=False)
#fs = np.random.zipf(zipf_param, num_packets)
fs = genZipf(zipf_param, n_flows, num_packets)
flows = {}
ip_table = IPTable()
for i in xrange(num_packets):
f = fs[i] # generate a single sample from zipfian distribution
if f not in flows:
flows[f] = 1
else:
flows[f] += 1
src_ip, dst_ip, prot, sport, dport = ip_table.lookup_flow(f)
pkt = IP(src=src_ip, dst=dst_ip)
pkt = pkt / UDP(sport=sport, dport=dport)
pkt.len = bytes_per_packet
pktdump.write(pkt)
flows_file = open("result-flws.txt", 'w')
flows_file.write("flw_id n_pkts\n")
for k, v in flows.iteritems():
flows_file.write('{} {}\n'.format(k, v))
flows_file.close()
class pcap_write(gr.sync_block):
def __init__(self, f, append=True):
gr.sync_block.__init__(self, "pcap_write", [], [])
self.message_port_register_in(pmt.intern("pdus"))
self.set_msg_handler(pmt.intern("pdus"), self.handler)
self.f = f
self.append = append
def start(self):
self.pcap = PcapWriter(self.f, append=self.append, sync=True)
def stop(self):
pass
def handler(self, pdu):
meta = pmt.to_python(pmt.car(pdu))
x = pmt.to_python(pmt.cdr(pdu))
z = l2.Raw(x.tostring())
if (meta.has_key("timestamp")):
t = meta['timestamp']
if (type(t) == tuple):
t = t[0] + t[1]
else:
t = t
z.time = t
self.pcap.write(z)
def work(self, input_items, output_items):
pass
def showPacket(packet):
# method 1 : save pcap and convert csv
# method 2 : input data into csv
# find csv output module
# first all wirte
# second time save
global packetcont
global model
# traffic info
timestamp = datetime.fromtimestamp(packet[0][1].time)
print(packet[0][1])
print('timestamp:', timestamp)
print('Now packetcont:', packetcont)
print('------------------------------------------------------')
# seleuchel edit - save packet in real time
filename = "./packet/pcap/packet.pcap"
pktdump = PcapWriter(filename, append=True, sync=True)
pktdump.write(packet)
packetcont += 1
if packetcont >= 1000:
# extract pcap -> csv
ext_feature()
#model test
model = AutoEncoder('./packet/csv/exfeature/packet.pcap_Flow.csv')
result_csv = model.get_result()
print(result_csv)
#send to server
sendjson.send(result_csv)
packetcont = 0
class PcapClass:
def __init__(self):
self.Filename = "PacketCapture"
self.LivePcap = None
def CreateLivePacket(self):
self.LivePcap = PcapWriter(self.Filename + ".pcap",
append=True,
sync=True)
def AppendPacket(self, pkt):
if self.LivePcap is not None:
self.LivePcap.write(pkt.GetPacket())
def ChangeName(self, NewName):
if self.LivePcap is None:
self.FileName = NewName
def LoadPcap(self, PcapFileDirectory, PktList):
if self.LivePcap is None:
self.LivePcap = rdpcap(PcapFileDirectory)
frame = 1
for i in self.LivePcap:
Packet(i, frame, PktList, True)
frame += 1
class PluginsData(object):
def __init__(self, ami, pcapout):
self.pcap = []
self.args = {}
self.current_time = time.time()
self.ami = ami
if self.ami.GetStartTime() > 0:
self.packet_time = self.ami.GetStartTime()
else:
self.packet_time = self.current_time - self.ami.GetSleepCursor()
self.outpcap = PcapWriter(pcapout, append=True, sync=True)
def AddPacket(self, action, pkt):
pkt.time = self.packet_time + action.GetSleepCursor()
self.outpcap.write(pkt)
# self.pcap.append(pkt)
def _set(self, key, value):
self.args[key] = value
def _get(self, key):
return self.args[key]
def __str__(self):
return str(self.args)
def wr_pkt(self, mode='node', port=2231):
file_name = ''.join([dir_prefix, mode, '_', str(port), '.pcap'])
try:
pktdump = PcapWriter(file_name, append=True, sync=True)
pktdump.write(self.pkt)
except:
raise Exception
def gen_ipv4_assemble_pcap():
"""Generate ipv4 assemble test case input pcap file."""
writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv4_assemble_rx.pcap",
append=False)
packets = create_packet(1066, False, 1024)
for packet in packets:
writer.write(packet)
writer.close()
def create_pcap_file_from_frames(self, file_name, frames):
writer = PcapWriter(file_name, append=False)
for frame in frames:
writer.write(frame)
writer.close()
def create_pcap_file_from_frames(self, file_name, frames):
writer = PcapWriter(file_name, append=False)
for frame in frames:
writer.write(frame)
writer.close()
class WrpcapSink(Sink):
"""
Writes :py:class:`Packet` on the low entry to a ``pcap`` file.
Ignores all messages on the high entry.
.. note::
Due to limitations of the ``pcap`` format, all packets **must** be of
the same link type. This class will not mutate packets to conform with
the expected link type.
.. code::
+----------+
>>-| |->>
| |
>-|--[pcap] |->
+----------+
:param fname: Filename to write packets to.
:type fname: str
:param linktype: See :py:attr:`linktype`.
:type linktype: None or int
.. py:attribute:: linktype
Set an explicit link-type (``DLT_``) for packets. This must be an
``int`` or ``None``.
This is the same as the :py:func:`wrpcap` ``linktype`` parameter.
If ``None`` (the default), the linktype will be auto-detected on the
first packet. This field will *not* be updated with the result of this
auto-detection.
This attribute has no effect after calling :py:meth:`PipeEngine.start`.
"""
def __init__(self, fname, name=None, linktype=None):
# type: (str, Optional[str], Optional[int]) -> None
Sink.__init__(self, name=name)
self.fname = fname
self.f = None # type: Optional[PcapWriter]
self.linktype = linktype
def start(self):
# type: () -> None
self.f = PcapWriter(self.fname, linktype=self.linktype)
def stop(self):
# type: () -> None
if self.f:
self.f.flush()
self.f.close()
def push(self, msg):
# type: (Packet) -> None
if msg and self.f:
self.f.write(msg)
def sanitize(filepath_in,
filepath_out=None,
sequential=True,
ipv4_mask=0,
ipv6_mask=0,
mac_mask=0,
start_ipv4='10.0.0.1',
start_ipv6='2001:aa::1',
start_mac='00:aa:00:00:00:00'):
if not filepath_out:
timestamp = datetime.datetime.now().strftime('%y%m%d-%H%m%S')
filepath_out = os.path.splitext(filepath_in)[
0] + '_sanitized_' + timestamp + os.path.splitext(filepath_in)[1]
mac_gen = MACGenerator(sequential=sequential,
mask=mac_mask,
start_mac=start_mac)
ip4_gen = IPv4Generator(sequential=sequential,
mask=ipv4_mask,
start_ip=start_ipv4)
ip6_gen = IPv6Generator(sequential=sequential,
mask=ipv6_mask,
start_ip=start_ipv6)
with open(filepath_in) as capfile:
#open cap file with pcapfile
cap = savefile.load_savefile(capfile, verbose=False)
#use scapy's pcapwriter
pktwriter = PcapWriter(filepath_out, append=True)
try:
for pkt in cap.packets:
#create scapy packet from pcapfile packet raw output
pkt = Ether(pkt.raw())
#MAC addresses
pkt.src = mac_gen.get_mac(pkt.src)
pkt.dst = mac_gen.get_mac(pkt.dst)
#IP Address
try:
pkt['IP'].src = ip4_gen.get_ip(pkt['IP'].src)
pkt['IP'].dst = ip4_gen.get_ip(pkt['IP'].dst)
except IndexError:
pkt['IPv6'].src = ip6_gen.get_ip(pkt['IPv6'].src)
pkt['IPv6'].dst = ip6_gen.get_ip(pkt['IPv6'].dst)
pktwriter.write(pkt)
finally:
pktwriter.close()
return filepath_out.split('/')[-1]
def save(self):
global WRITE__
if WRITE__:
_wr = PcapWriter(WRITE__, append=False, sync=True)
_wr.write(self.THEPOL)
pull.use("Handshake >> [%s] Count [%s] %s[Saved]%s" % (pull.DARKCYAN+WRITE__+pull.END, str(len(self.THEPOL)), pull.GREEN, pull.END ))
else:
pull.error("Handshake not saved. Use -w, --write for saving handshakes. ")
def parameter_problem_pointer(self):
self.comment = "\n ICMPv6_PARAMETER_PROBLEM_POINTER"
self.packet_error = True
for ptr_value in range(0, 40):
self.m_finished = False
q = Queue()
v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address)
sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 38))
sniffer.daemon = True
sniffer.start()
count = 0
while not self.m_finished:
ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address)
icmp = ICMPv6ParamProblem()
icmp.code = 0
icmp.ptr = ptr_value
ip1 = IPv6(src=self.ipv6_destination_address, dst=self.ipv6_source_address)
udp = UDP(sport=self.ipv6_udp_or_tcp_destination_port, dport=self.ipv6_udp_or_tcp_source_port)
payload = "H" * 10
send(ip / icmp / ip1 / udp / payload, iface=self.ipv6_interface, verbose=False)
if not q.empty():
file_name = self.comment.lower() + ".pcap"
pktdump = PcapWriter(file_name, append=True, sync=True)
while not q.empty():
pkt = q.get()
# print(pkt.show())
pktdump.write(pkt)
try:
pkt
except NameError:
self.comment += "\n ICMPv4 Packet not received"
print "Upstream Parameter Problem Pointer Translation: FAIL"
return
if pkt[0][1].proto != 1:
self.comment += "\n ICMPv4 not received"
self.packet_error = True
if pkt[0][2].type != 12:
self.comment += "\n Incorrect Type Number"
self.packet_error = True
if pkt[0][2].code != 0:
self.comment += "\n Incorrect Code Number"
self.packet_error = True
ipv4_ptr_values = [x for x in range(17)]
if pkt[0][ICMP].ptr not in ipv4_ptr_values:
self.comment += "\n Incorrect Pointer values"
self.packet_error = True
count += 1
if count != 39:
self.comment += "\n All packets not received"
self.packet_error = True
if self.packet_error:
fh = open("test_results.txt", "a")
fh.write(self.comment)
fh.close()
print "Upstream Parameter Problem Pointer Translation: FAIL"
if not self.packet_error:
print "Upstream Parameter Problem Pointer Translation: PASS"
def gen_ipv4_checksum_pcap():
"""Generate ipv4 checksum test case input pcap file."""
writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv4_checksum_rx.pcap",
append=False)
for i in range(1, 1474):
packets = create_packet(i, False)
for packet in packets:
writer.write(packet)
writer.close()
def save():
global buf
global filename
#filename = "/home/seleuchel/libcap/packet/"+"packet_" + str(filenum) + ".pcap"
pktdump = PcapWriter(filename, append=True, sync=True)
pktdump.write(buf)
buf = []
filenum += 1
def gen_ipv6_fragment_pcap():
"""Generate ipv6 fragment test case input pcap file."""
writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv6_fragment_rx.pcap",
append=False)
for i in range(1, 1454):
packets = create_packet(i, True)
for packet in packets:
writer.write(packet)
writer.close()
def gen_traffic(self, output_filename,
dst_ip_addr, dst_mac, src_mac="00:00:00:00:00:01",
ip_num=10000, packet_num=500000, payload="Normal Traffic pkts"):
print("PAcket Number: %d" % packet_num)
if not output_filename.endswith(".pcap"):
print("Invalid PCAP filename! Exiting...")
return
self.pcap_filename = output_filename
self.ip_hc_filename = str.join(".", output_filename.split(".")[:-1]) + "_ip_hc.txt"
self.ip_fake_ttl_filename = str.join(".", output_filename.split(".")[:-1]) + "_fake_ttl.txt"
# show modify request
request = "Generating " + output_filename + " with\n"
if src_mac is not None:
request += " src mac:" + src_mac + "\n"
if dst_mac is not None:
request += " dst mac:" + dst_mac + "\n"
if dst_ip_addr is not None:
request += " dst ip addr:" + dst_ip_addr + "\n"
print(request + "\n")
pcap_writer = PcapWriter(output_filename)
src_ips = []
src_hosts_with_ttl = {}
for i in range(packet_num):
if len(self.src_hosts) < ip_num:
# pick a random src ip
src_ip = self.__generate_ip()
# pick a random hc
ttl = self.__generate_rand_ttl()
else:
src_ip = src_ips[random.randint(0, len(src_ips) - 1)]
ttl = src_hosts_with_ttl[src_ip]
# calculate ttl according to hc
pkt = Ether(src=src_mac, dst=dst_mac)/IP(src=self.__ip_int2str(src_ip), dst=dst_ip_addr, ttl=ttl)/TCP(flags=0x10)/payload
pcap_writer.write(pkt)
if src_ip not in src_ips:
src_ips.append(src_ip)
src_hosts_with_ttl[src_ip] = ttl
self.src_hosts[src_ip] = self.__ttl2hc(ttl)
if i % 10000 == 0:
print("%d packets have been produced\n" % i)
print(str(len(self.src_hosts)) + " source hosts produced")
print("Writing ip,hc dict into " + self.ip_hc_filename + "...")
with open(self.ip_hc_filename, "w") as f:
json.dump(self.src_hosts, f)
f.close()
pcap_writer.flush()
pcap_writer.close()
def packethandler(pkt):
pktdump = PcapWriter(pcap_file, append=True, sync=True)
if pkt.haslayer(Dot11):
if pkt.haslayer(EAPOL) or (pkt.type == 0 and pkt.addr3 == ap.lower()):
pktdump.write(pkt)
if pkt.haslayer(EAPOL):
print(
f"{Bcolors.OKGREEN}Captured EAPOL Packet from SRC:{pkt.addr2} and DST:{pkt.addr1}{Bcolors.ENDC}"
)
PACKET_LIST.append(pkt)
def parameter_problem(self):
self.m_finished = False
self.packet_error = False
self.comment = "\n ICMPv6_PARAMETER_PROBLEM"
q = Queue()
v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address)
sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 2))
sniffer.daemon = True
sniffer.start()
while not self.m_finished:
code_values = [1, 2]
for code_value in code_values:
ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address)
icmp = ICMPv6ParamProblem()
icmp.code = code_value
ip1 = IPv6(src=self.ipv6_destination_address, dst=self.ipv6_source_address)
udp = UDP(sport=self.ipv6_udp_or_tcp_destination_port, dport=self.ipv6_udp_or_tcp_source_port)
payload = "H" * 10
send(ip / icmp / ip1 / udp / payload, iface=self.ipv6_interface, verbose=False)
if not q.empty():
file_name = self.comment.lower() + ".pcap"
pktdump = PcapWriter(file_name, append=True, sync=True)
count = 0
while not q.empty():
pkt = q.get()
# print(pkt.show())
pktdump.write(pkt)
try:
pkt
except NameError:
self.comment += "\n ICMPv4 Packet not received"
print "Upstream Parameter Problem Translation: FAIL"
return
self.v4_address_check(pkt)
if pkt[0][1].proto != 1:
self.comment += "\n ICMPv6 not received"
self.packet_error = True
if pkt[0][2].type != 3:
self.comment += "\n Incorrect Type Number"
self.packet_error = True
if pkt[0][2].code != 0:
self.comment += "\n Incorrect Code Number"
self.packet_error = True
count += 1
if count == 2:
self.comment += "\n Received two packets. Code 2 should be dropped"
self.packet_error = True
if self.packet_error:
fh = open("test_results.txt", "a")
fh.write(self.comment)
fh.close()
print "Upstream Parameter Problem Translation: FAIL"
if not self.packet_error:
print "Upstream Parameter Problem Translation: PASS"
def packet_too_big(self):
mtu_values = [512, 513, 1024, 1025, 1278, 1279, 1280, 1281, 1282, 1472, 1480, 1498, 1499, 1500, 1518, 1550, 1600]
for mtu_value in mtu_values:
self.m_finished = False
self.packet_error = False
self.comment = "\n ICMPv6_PACKET_TOO_BIG"
q = Queue()
v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address)
sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 17))
sniffer.daemon = True
sniffer.start()
rx_mtu = mtu_value - 20
while not self.m_finished:
ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address)
icmp = ICMPv6PacketTooBig()
icmp.mtu = mtu_value
ip1 = IPv6(src=self.ipv6_destination_address, dst=self.ipv6_source_address)
udp = UDP(sport=self.ipv6_udp_or_tcp_destination_port, dport=self.ipv6_udp_or_tcp_source_port)
payload = "H" * 10
send(ip / icmp / ip1 / udp / payload, iface=self.ipv6_interface, verbose=False)
if not q.empty():
file_name = self.comment.lower() + ".pcap"
pktdump = PcapWriter(file_name, append=True, sync=True)
while not q.empty():
pkt = q.get()
#print(pkt.show())
pktdump.write(pkt)
q.task_done()
try:
pkt
except NameError:
self.comment += "\n ICMPv4 Packet not received"
print "Upstream Packet too Big Translation: FAIL"
return
self.v4_address_check(pkt)
if pkt[0][1].proto != 1:
self.comment += "\n ICMPv6 not received"
self.packet_error = True
if pkt[0][2].type != 3:
self.comment += "\n Incorrect Type Number"
self.packet_error = True
if pkt[0][2].code != 4:
self.comment += "\n Incorrect Code Number"
self.packet_error = True
if pkt[0][ICMP].nexthopmtu != rx_mtu:
self.comment += "\n Incorrect MTU values - should be " + str(rx_mtu) + " but was " + str(pkt[0][ICMP].nexthopmtu)
self.packet_error = True
if self.packet_error:
fh = open("test_results.txt", "a")
fh.write(self.comment)
fh.close()
print "Upstream Packet Too Big Translation (IPv6: " + str(mtu_value) + ", IPv4: " + str(rx_mtu) + "): FAIL"
if not self.packet_error:
print "Upstream Packet Too Big Translation (IPv6: " + str(mtu_value) + ", IPv4: " + str(rx_mtu) + "): PASS"
def save(p):
global filepath
global filename
if _is_need_change(filepath,filename):
filename = _change_filename(filepath,filename)
print "modifying filename: {}".format(filename)
writer = PcapWriter(filepath+filename,append=True)
writer.write(p)
writer.flush()
writer.close()
if _is_need_change(filepath,filename):
shutil.move(filepath+filename,toUploadPath+filename)
def remove_a_packet_from_pcap(file='test.pcap'):
# acquire all packets from pcap
pkts = rdpcap(file)
# ignore the first packet
pkts = pkts[1:]
# recreate pcap
os.remove(file)
pktdump = PcapWriter(file, append=True, sync=True)
# write other packets to pcap
for pkt in pkts:
pktdump.write(pkt)
pktdump.close()
def pcap_truncate(path_in, path_out):
print(f"'{path_in.name}' ({os.path.getsize(str(path_in))/(1024 * 1024)})...")
cap = rdpcap(str(path_in))
out = PcapWriter(str(path_out))
for packet in tqdm(cap, desc="Truncating PCAP", leave=False):
if packet.haslayer("IP"):
if packet.haslayer("TCP"):
packet["IP"]["TCP"].remove_payload()
elif packet.haslayer("UDP"):
packet["IP"]["UDP"].remove_payload()
out.write(packet)
out.close()
def sanitize(
filepath_in,
filepath_out=None,
sequential=True,
ipv4_mask=0,
ipv6_mask=0,
mac_mask=0,
start_ipv4="10.0.0.1",
start_ipv6="2001:aa::1",
start_mac="00:aa:00:00:00:00",
):
if not filepath_out:
timestamp = datetime.datetime.now().strftime("%y%m%d-%H%m%S")
filepath_out = os.path.splitext(filepath_in)[0] + "_sanitized_" + timestamp + os.path.splitext(filepath_in)[1]
mac_gen = MACGenerator(sequential=sequential, mask=mac_mask, start_mac=start_mac)
ip4_gen = IPv4Generator(sequential=sequential, mask=ipv4_mask, start_ip=start_ipv4)
ip6_gen = IPv6Generator(sequential=sequential, mask=ipv6_mask, start_ip=start_ipv6)
with open(filepath_in) as capfile:
# open cap file with pcapfile
cap = savefile.load_savefile(capfile, verbose=False)
# use scapy's pcapwriter
pktwriter = PcapWriter(filepath_out, append=True)
try:
for pkt in cap.packets:
# create scapy packet from pcapfile packet raw output
pkt = Ether(pkt.raw())
# MAC addresses
pkt.src = mac_gen.get_mac(pkt.src)
pkt.dst = mac_gen.get_mac(pkt.dst)
# IP Address
try:
pkt["IP"].src = ip4_gen.get_ip(pkt["IP"].src)
pkt["IP"].dst = ip4_gen.get_ip(pkt["IP"].dst)
except IndexError:
pkt["IPv6"].src = ip6_gen.get_ip(pkt["IPv6"].src)
pkt["IPv6"].dst = ip6_gen.get_ip(pkt["IPv6"].dst)
pktwriter.write(pkt)
finally:
pktwriter.close()
return filepath_out.split("/")[-1]
def save_handshake(self, pkts, bss):
f_name = 'handshakes'
fi_name = '%s.cap' % (bss.replace(':', '').lower())
self.c_v_path(os.path.join(os.getcwd(), f_name))
file__ = PcapWriter(os.path.join(os.getcwd(), f_name, fi_name),
append=True,
sync=True)
for pkt in pkts:
file__.write(pkt)
file__.close()
return os.path.join(os.getcwd(), f_name, fi_name)
def modify_traffic(self, output_filename, fake_ttl=False,
src_mac=None, dst_mac=None, src_ip_addr=None, dst_ip_addr=None):
if fake_ttl is True and len(self.src_hosts_with_fake_ttl) == 0:
print("Please extract ip2hc table before modify traffic with fake ttl.")
# show modify request
request = "Generating " + output_filename + " with\n"
if fake_ttl:
request += " fake ttl\n"
if src_mac is not None:
request += " src mac:" + src_mac + "\n"
if dst_mac is not None:
request += " dst mac:" + dst_mac + "\n"
if src_ip_addr is not None:
request += " src ip addr:" + src_ip_addr + "\n"
if dst_ip_addr is not None:
request += " dst ip addr:" + dst_ip_addr + "\n"
print(request + "\n")
pcap_reader = PcapReader(self.pcap_filename)
pcap_writer = PcapWriter(output_filename)
counter = 0
while True:
pkt = pcap_reader.read_packet()
if pkt is None:
break
if not pkt.haslayer('Ether') or not pkt.haslayer('IP'):
continue
# ipv4 packets
counter += 1
ip_int = self.__ip_str2int(pkt['IP'].src)
if fake_ttl:
pkt['IP'].ttl = self.src_hosts_with_fake_ttl[ip_int]
if src_mac is not None:
pkt['Ethernet'].src = src_mac
if dst_mac is not None:
pkt['Ethernet'].dst = dst_mac
if src_ip_addr is not None:
pkt['IP'].src = src_ip_addr
if dst_ip_addr is not None:
pkt['IP'].dst = dst_ip_addr
pcap_writer.write(pkt)
if counter % 10000 == 0:
print("%d packets have been processed\n" % counter)
pcap_writer.flush()
pcap_writer.close()
pcap_reader.close()
def downstream_fragments(self):
ip = IP(src=self.ipv4_source_address, dst=self.ipv4_destination_address, id=30000)
udp = UDP(sport=self.ipv4_udp_or_tcp_source_port, dport=self.ipv4_udp_or_tcp_destination_port)
payload = "a" * 1500
packet = ip / udp / payload
frags = scapy.all.fragment(packet, fragsize=1000)
for fragment in frags:
send(fragment, iface=ipv4_interface, verbose=False)
self.m_finished = False
self.packet_error = False
self.comment = "\n IPv4_PACKET_FRAGMENTS"
q = Queue()
v6_cap_filter = 'dst {}'.format(self.ipv6_source_address)
sniffer = Thread(target=self.v6sniffer, args=(q, v6_cap_filter, 2))
sniffer.daemon = True
sniffer.start()
while not self.m_finished:
send(fragment, iface=ipv4_interface, verbose=False)
if not q.empty():
file_name = self.comment.lower() + ".pcap"
pktdump = PcapWriter(file_name, append=True, sync=True)
count = 0
while not q.empty():
pkt = q.get()
# print(pkt.show())
# file_name = self.comment.lower()+".pcap"
# wrpcap(file_name, pkt)
pktdump.write(pkt)
try:
pkt
except NameError:
self.comment += "\n Fragments forwarded by BR not received"
print "IPv4 Fragments forwarded by BR: FAIL"
return
if count == 0:
self.v6_address_check(pkt)
self.v6_port_check(pkt)
if count == 1: # Second Fragment
self.v6_address_check(pkt)
if pkt[0][1].nh != 44:
self.comment += "\n No Fragment Header found"
count += 1
if count != 2:
self.comment += "\n Both fragments not received"
if self.packet_error:
fh = open("test_results.txt", "a")
fh.write(self.comment)
fh.close()
print "IPv4 Fragments forwarded by BR: FAIL"
if not self.packet_error:
print "IPv4 Fragments forwarded by BR: PASS"
def downstream_outside_port(self):
self.m_finished = False
self.packet_error = False
self.comment = "\n IPv4_OUTSIDE_PORT_NO"
q = Queue()
v4_cap_filter = 'dst {}'.format(self.ipv4_source_address)
sniffer = Thread(target=self.v4sniffer, args=(q, v4_cap_filter, 1))
sniffer.daemon = True
sniffer.start()
while not self.m_finished:
ip = IP(src=self.ipv4_source_address, dst=self.ipv4_destination_address)
udp = UDP(sport=self.ipv4_udp_or_tcp_source_port, dport=1001)
payload = "a" * 82
send(ip / udp / payload, iface=self.ipv4_interface, verbose=False)
if not q.empty():
file_name = self.comment.lower() + ".pcap"
pktdump = PcapWriter(file_name, append=True, sync=True)
while not q.empty():
pkt = q.get()
# print(pkt.show())
# file_name = self.comment.lower()+".pcap"
# wrpcap(file_name, pkt)
pktdump.write(pkt)
try:
pkt
except NameError:
self.comment += "\n ICMPv4 not received - the packet might have been dropped silently"
fh = open("test_results.txt", "a")
fh.write(self.comment)
fh.close()
print "Packet to Reserved Port Dropped: CONDITIONAL PASS"
return
if pkt[0][1].proto != 1:
self.comment += "\n ICMPv4 Packet Not Received"
self.packet_error = True
if pkt[0][1].proto == 17:
self.comment += "\n Packet Translated Normally"
self.packet_error = True
self.comment += "\n ICMPv4 Packet Received\n "
self.comment += pkt[0][2].type
self.comment += "\n "
self.comment += pkt[0][2].code
self.comment += "\n"
self.packet_error = True
if self.packet_error:
fh = open("test_results.txt", "a")
fh.write(self.comment)
fh.close()
print "IPv4 Packet to Dest Reserved Port Dropped: FAIL"
if not self.packet_error:
print "IPv4 Packet to Dest Reserved Port Dropped: PASS"
class WrpcapSink(Sink):
"""Packets received on low input are written to PCA file
+----------+
>>-| |->>
| |
>-|--[pcap] |->
+----------+
"""
def __init__(self, fname):
self.f = PcapWriter(fname)
def stop(self):
self.f.flush()
def push(self, msg):
self.f.write(msg)
def create_pcap_file(self, file_name, frame_size, number_of_frames,
incremental_ip_address,
src_ip="0.0.0.0",
dst_ip="0.0.0.0"):
current_frame = 0
writer = PcapWriter(file_name, append=False)
while current_frame < number_of_frames:
ip_id = 0 # current_frame % 0x10000
frame = self.create_tcp_ipv4_frame(ip_id, src_ip, dst_ip,
frame_size)
writer.write(frame)
if incremental_ip_address:
dst_ip = self.increment_ip_addr(dst_ip, 1)
current_frame += 1
writer.close()
class pcap_write(gr.sync_block):
def __init__(self, f):
gr.sync_block.__init__(self, "pcap_write", [], [])
self.message_port_register_in(pmt.intern("pdus"))
self.set_msg_handler(pmt.intern("pdus"), self.handler)
self.f = f
def start(self):
self.pcap = PcapWriter(self.f, append=True, sync=True)
def stop(self):
pass
def handler(self, pdu):
ba = bitarray.bitarray()
meta = pmt.car(pdu)
x = pmt.to_python(pmt.cdr(pdu))
z = l2.Raw(x.tostring())
self.pcap.write(z)
def work(self, input_items, output_items):
pass
def write(file_name, packets):
writer = PcapWriter(file_name, append = True)
for p in packets:
writer.write(p)
writer.flush()
writer.close()
class PacketLogger(AirScannerPlugin):
def __init__(self, config):
super(PacketLogger, self).__init__(config, "packetlogger")
self.destination_folder = self.config["destination_folder"]
self._nlogs = self._get_log_count()
self.packet_filters = []
filter_list = self.config["filters"]
self.filter_types = {
"bssid" : BSSIDPacketFilter,
"ssid" : SSIDPacketFilter,
"channel" : ChannelPacketFilter
}
for filter in filter_list:
try:
type, value = map(str.strip, filter.split("="))
self.add_filter(type, value)
except Exception as e:
print e
pass
self.or_filter = self.config["filter_mode"].lower() == "or"
self.current_log_file = "packet_log{n}.cap".format(n = self._nlogs)
self.packet_logger = None
def pre_scanning(self):
self.packet_logger = PcapWriter(self.destination_folder + self.current_log_file,
append=True, sync=True)
SessionManager().log_event(NeutralEvent("Packet Logger initiated."))
def _get_log_count(self):
# Get the number of existing log files
if os.path.exists(self.destination_folder):
return len(filter(lambda x: x.startswith("packet_log"), os.listdir(self.destination_folder)))
else:
os.mkdir(self.destination_folder)
return 0
def add_filter(self, filter_type, value):
filter = None
try:
filter = self.filter_types[filter_type](value)
except KeyError:
print "There is no filter definition for '{}'.".format(filter_type)
except:
pass
if filter:
self.packet_filters.append(filter)
def refresh(self):
self._nlogs = self._get_log_count()
self.packet_logger = PcapWriter(self.destination_folder + "packet_log{n}.cap".format(n = self._nlogs),
append=True, sync=True)
def log(self, packet, OR = False):
if(OR):
# Only needs to pass through 1 filter
for filter in self.packet_filters:
if filter.passes(packet):
self.packet_logger.write(packet)
return
else:
# Needs to pass through all filter
for filter in self.packet_filters:
if not filter.passes(packet):
return
self.packet_logger.write(packet)
def handle_packet(self, packet):
self.log(packet, self.or_filter)
