def send_single_UDP(dpkt_request, port, copy_ip, copy_port): method = dpkt_request.method if (cmp(method, "GET") == 0 or cmp(method, "POST") == 0): data = wapper_data(dpkt_request, port) capture_log.log_info("send data %s" % str(data)) addr = (copy_ip, copy_port) sock = socket(AF_INET, SOCK_DGRAM) # UDP sock.connect(addr) sock.send(str(data)) else: capture_log.log_error("error method %s" % method) pass
def filter(dpkt_request): flag = True uri = dpkt_request.uri host = None http_headers = dpkt_request.headers if (http_headers.has_key('host')): host = http_headers['host'] if not filter_uri(uri): flag = False capture_log.log_error("not match uri %s" % uri) if host: if not filter_host(host): flag = False capture_log.log_error("not match host %s" % host) return flag
def send_groupcast_UDP(dpkt_request, port, copy_port, local_ip, group='224.1.1.1', ttl=255): method = dpkt_request.method if (cmp(method, "GET") == 0 or cmp(method, "POST") == 0): data = wapper_data(dpkt_request, copy_port) sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP) sock.bind((local_ip, port)) # Set Time-to-live (optional) ttl_bin = struct.pack('@i', ttl) sock.setsockopt(IPPROTO_IP, IP_MULTICAST_TTL, ttl_bin) status = sock.setsockopt(IPPROTO_IP, IP_ADD_MEMBERSHIP, inet_aton(group) + inet_aton(local_ip)) sock.sendto(data, (group, port)) else: capture_log.log_error("error method %s" % method) pass
def main_pcap(p_time, p_data, local_ip, port, copy_ip, copy_port, exclude_ips): p = dpkt.ethernet.Ethernet(p_data) if p.data.__class__.__name__ == 'IP': ip_data = p.data src_ip = '%d.%d.%d.%d' % tuple(map(ord, list(ip_data.src))) if (cmp(src_ip, local_ip) != 0 and exclude_ip(src_ip, exclude_ips)): if p.data.data.__class__.__name__ == 'TCP': tcp_data = p.data.data if tcp_data.dport == port: if tcp_data.data: try: dpkt_request = dpkt.http.Request(tcp_data.data) # src send packet not capture capture_send.send_single_UDP( dpkt_request, port, copy_ip, copy_port) except Exception, e: error_str = "Capture src_ip %s:local_ip %s:exception: %s" % ( src_ip, local_ip, e) capture_log.log_error(error_str) pass
def start(): if (len(sys.argv) < 4): capture_nc = capture_config.getConfig("config", 'nc') if (not capture_nc): print "error not have network card info" capture_log.log_error("error not have network card info") sys.exit(1) capture_port = capture_config.getConfig("config", 'capture_port') if (not capture_port): print "error not have capture port info" capture_log.log_error("error not have capture port info") sys.exit(1) copy_ip = capture_config.getConfig("config", 'copy_ip') if (not copy_ip): print "error not have copyserver ip info" capture_log.log_error("error not have copyserver ip info") sys.exit(1) print "Start capture port: %s network card: %s copy ip: %s" % ( capture_port, capture_nc, copy_ip) capture_log.log_info( "Start capture port: %s network card: %s copy ip: %s" % (capture_port, capture_nc, copy_ip)) copy_port = capture_config.getConfig("config", 'copy_port') if (copy_port): capture.capture(capture_nc, int(capture_port), copy_ip, int(copy_port)) else: capture.capture(capture_nc, int(capture_port), copy_ip) else: capture_nc = sys.argv[1] capture_port = int(sys.argv[2]) copy_ip = sys.argv[3] print "Start capture port: %s network card: %s copy ip: %s" % ( capture_port, capture_nc, copy_ip) if (len(sys.argv) == 5): copy_port = sys.argv[4] capture.capture(capture_nc, capture_port, copy_ip, copy_port) else: capture.capture(capture_nc, capture_port, copy_ip)