Python Packet Examples

Example #1

    def __init__(self, pcap_reader, options):
        '''
    scans the pcap_reader for TCP packets, and adds them to the tcp.Flow
    they belong to, based on their socket

    Args:
    pcap_reader = pcaputil.ModifiedReader
    '''
        self.flowdict = {}
        self.options = options
        self.options.dns = dns.DNS()
        debug_pkt_count = 0

        # Determine the packet type.
        if (pcap_reader.datalink() == dpkt.pcap.DLT_EN10MB):
            PacketClass = dpkt.ethernet.Ethernet
        elif (pcap_reader.datalink() == dpkt.pcap.DLT_LINUX_SLL):
            PacketClass = dpkt.sll.SLL
        elif pcap_reader.datalink() == 0:
            # Loopback packet
            PacketClass = dpkt.loopback.Loopback
        elif pcap_reader.datalink() == 101:
            # RAW packet
            PacketClass = None
        else:
            raise Exception("Unkown packet type: %d" % reader.datalink())

        try:
            for pkt in pcap_reader:
                debug_pkt_count += 1
                # logging.debug("Processing packet %d", debug_pkt_count)
                # discard incomplete packets
                header = pkt[2]
                if header.caplen != header.len:
                    # packet is too short
                    logging.warning('discarding incomplete packet')
                # parse packet
                if PacketClass:
                    packet = PacketClass(pkt[1])
                    ip_packet = packet.data
                else:
                    packet = dpkt.ip.IP(pkt[1])
                    ip_packet = packet

                try:
                    if isinstance(ip_packet, dpkt.ip.IP):
                        if self.options.dns.check_dns(pkt[0], ip_packet):
                            continue
                        if isinstance(ip_packet.data, dpkt.tcp.TCP):
                            # then it's a TCP packet process it
                            tcppkt = tcp.Packet(pkt[0], ip_packet,
                                                ip_packet.data)
                            self.process_packet(tcppkt)  # organize by socket
                except dpkt.Error, error:
                    logging.warning(error)
        except dpkt.dpkt.NeedData, error:
            logging.warning(error)
            logging.warning(
                'A packet in the pcap file was too short, '
                'debug_pkt_count=%d', debug_pkt_count)

Example #2

    def __init__(self, pcap_reader, options):
        '''
    scans the pcap_reader for TCP packets, and adds them to the tcp.Flow
    they belong to, based on their socket

    Args:
    pcap_reader = pcaputil.ModifiedReader
    '''
        self.flowdict = {}
        self.options = options
        self.options.dns = dns.DNS()
        debug_pkt_count = 0
        try:
            for pkt in pcap_reader:
                debug_pkt_count += 1
                log.debug("Processing packet %d", debug_pkt_count)
                # discard incomplete packets
                header = pkt[2]
                if header.caplen != header.len:
                    # packet is too short
                    log.warning('discarding incomplete packet')
                # parse packet
                try:
                    dltoff = dpkt.pcap.dltoff
                    if pcap_reader.dloff == dltoff[dpkt.pcap.DLT_LINUX_SLL]:
                        eth = dpkt.sll.SLL(pkt[1])
                    else:
                        # TODO(lsong): Check other packet type. Default is ethernet.
                        eth = dpkt.ethernet.Ethernet(pkt[1])
                    if isinstance(eth.data, dpkt.ip.IP):
                        ip = eth.data
                        if self.options.dns.check_dns(pkt[0], ip):
                            continue
                        if isinstance(ip.data, dpkt.tcp.TCP):
                            # then it's a TCP packet process it
                            tcppkt = tcp.Packet(pkt[0], pkt[1], eth, ip,
                                                ip.data)
                            self.process_packet(tcppkt)  # organize by socket
                except dpkt.Error, error:
                    log.warning(error)
        except dpkt.dpkt.NeedData, error:
            log.warning(error)
            log.warning(
                'A packet in the pcap file was too short, '
                'debug_pkt_count=%d', debug_pkt_count)

Example #3

File: packetdispatcher.py Project: AnithaBharanikumar/anithadev

 def add(self, ts, buf, eth):
     '''
     ts = dpkt timestamp
     buf = original packet data
     eth = dpkt.ethernet.Ethernet, whether its real Ethernet or from SLL
     '''
     #decide based on pkt.data
     # if it's IP...
     if (isinstance(eth.data, dpkt.ip.IP)
             or isinstance(eth.data, dpkt.ip6.IP6)):
         ip = eth.data
         # if it's TCP
         if isinstance(ip.data, dpkt.tcp.TCP):
             tcppkt = tcp.Packet(ts, buf, eth, ip, ip.data)
             self.tcp.add(tcppkt)
         # if it's UDP...
         elif isinstance(ip.data, dpkt.udp.UDP):
             self.udp.add(ts, ip.data)