def test_duplicate_dns_requests(self):
results = Pcap("tests/files/pcap/duplicate-dns-requests.pcap",
{}).run()
assert len(results["dns"]) == 1
assert results["dns"][0] == {
"type": "A",
"request": "hanxi88.f3322.net",
"answers": [{
"data": "192.168.3.253",
"type": "A"
}],
}
def test_icmp_ignore_resultserver(self):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
p = Pcap(None, {})
pkt = dpkt.icmp.ICMP.Echo()
pkt.id = 1
pkt.seq = 2
pkt.data = "foobar"
p._icmp_dissect({
"src": "192.168.56.1",
}, dpkt.icmp.ICMP(str(pkt)))
assert not p.icmp_requests
p._icmp_dissect({
"src": "1.2.3.4",
"dst": "4.5.6.7",
}, dpkt.icmp.ICMP(str(pkt)))
assert len(p.icmp_requests) == 1
def test_resolve_dns(self, p):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
p.return_value = "1.2.3.4"
assert Pcap(None, {})._dns_gethostbyname("google.com") != ""
def setup_class(cls):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
cls.pcap = Pcap("tests/files/pcap/mixed-traffic.pcap", {}).run()
def setup_class(cls):
cls.pcap = Pcap("tests/files/pcap/mixed-traffic.pcap", {}).run()