def sniffer():
str = 'capture' + datetime.datetime.now().strftime('%d%m%Y_%H%M%S')
_count = 1
_listFrame = []
_listAlert = []
pcap = Pcap('Capture/'+str+'.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
print('\033[91m{0:5}\t{1:8}\t{2:15}\t\t{3:15}\t\t{4:8}\t{5:6}\t\t{6}\n\033[0m'
.format('No','Time','Source','Destination','Protocol','Length','Info'))
while True:
raw_data, addr = conn.recvfrom(65535)
if (datetime.datetime.now().strftime('%M%S') == '0000'):
pcap.close()
str = 'capture' + datetime.datetime.now().strftime('%d%m%Y_%H%M%S')
pcap = Pcap('Capture/'+str+'.pcap')
pcap.write(raw_data)
ethernetdata = Ethernet(raw_data)
_Warning = checkSniffer(ethernetdata, _listFrame)
if(_Warning != 0 and _Warning != 99 and _Warning != None and _Warning != 98):
ipv4 = IPv4(ethernetdata.data)
_ipsource = ipv4.src
_iptarget = ipv4.target
checklistAlert(_listAlert, _ipsource, _iptarget, _Warning)
RefeshlistAlert(_listAlert)
_Warningreturn = checkWarning(_Warning)
if(printSniffer(ethernetdata, _count, _Warningreturn) == 1):
_count += 1
pcap.close()
def read():
conn = None
if args.file != None:
pcap = Pcap(args.file, True,1)
else:
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
global filas
while True:
if conn!= None:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
else:
line = pcap.read()
if(line==None):
return
raw_data = line['data']
eth = Ethernet(raw_data)
for fila in filas:
fila.append(eth)
time.sleep( 0.3)
pcap.close()
def tcp():
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
interfaceSelection = input("Please enter the interface to sniff-> ")
conn.bind((interfaceSelection,0))
n = 0
print('[TCP][PCAP]')
numberInput = input("Please enter numbers of packet to scan: ")
number = int(numberInput)
while True:
while n < number:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
#IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
#TCP Segments
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
n+=1
sys.exit()
pcap.close()
def sniffer():
str = 'capture' + datetime.datetime.now().strftime("%d%m%Y_%H%M%S")
pcap = Pcap('Capture/' + str + '.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
listFrame = []
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
ethernetdata = Ethernet(raw_data)
checkSniffer(ethernetdata,listFrame)
pcap.close()
def main():
pcap = Pcap('packetCapture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
a = 0
count = 0
counter = 0
print(
'Source IP \t Destination IP \t Source Port \t Destination Port \t Protocol'
)
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# TCP
if count <= 300 and counter <= 50:
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
print('{} \t {} \t\t - {} \t\t - {} \t\t {}'.format(
ipv4.src, ipv4.target, tcp.src_port, tcp.dest_port,
ipv4.proto))
# print('RST'+str(tcp.flag_rst),tcp.flag_syn)
if tcp.flag_syn == 0 and tcp.flag_ack == 1:
count = count + 1
if tcp.flag_rst == 1:
if (len(ip_list) < 100):
ip_list.append(ipv4.src)
# print(ip_list)
if tcp.flag_syn == 1:
if (len(ip_list2) < 100):
ip_list2.append(ipv4.src)
#print(ip_list2)
#time.sleep(5)
for i in ip_list2:
if i in ip_list:
counter = counter + 1
else:
pass
#print(counter)
# if(counter>50):
# print('Beyond Threshold')
# sys.exit()
# else:
# pass
else:
print('Warning:SYN Flood Attack Detected')
sys.exit()
pcap.close()
def sniffer():
str = 'capture'+datetime.datetime.now().strftime('%d%m%Y_%H%M%S')
pcap = Pcap('Capture/'+str+'.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
sys.stdout.write('{0:5}\t{1:8}\t{2:15}\t{3:15}\t{4:8}\t{5:6}\t\t{6}\n'
.format('No','Time','Source','Destination','Protocol','Length','Info'))
_count = 1
_listFrame = []
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
ethernetdata = Ethernet(raw_data)
_Warning = checkSniffer(ethernetdata, _listFrame)
_Warningreturn = checkWarning(_Warning)
printSniffer(ethernetdata, _count, _Warningreturn)
_count += 1
pcap.close()
def udp():
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
interfaceSelection = input("Please enter the interface to sniff-> ")
conn.bind((interfaceSelection, 0))
n = 0
print('[UDP][PCAP]')
numberInput = input("Please enter numbers of packet to scan: ")
number = int(numberInput)
while True:
while n < number:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
#IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
#UDP Segments
if ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
n += 1
else:
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
n += 1
sys.exit()
pcap.close()
def main():
#realizamos las capturas en el archivo capture.pcap y la conf del socket
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
#recibimos trodos los paquetes....
while True:
raw_data, addr = conn.recvfrom(65535)
#escribimos el paquete en el archivo para almacenarlo
pcap.write(raw_data)
#desmpaquetamos desde la primera capa
eth = Ethernet(raw_data)
#evaluamos si tiene es ipv4
if eth.proto == 8:
#pasamos a la segunda capa
ipv4 = IPv4(eth.data)
#evaluamos si es un paquete tcp
if ipv4.proto == 6:
#pasamos a la tercera capa
tcp = TCP(ipv4.data)
#vemos si pertenece al puerto 9000
if tcp.src_port == 9000 or tcp.dest_port == 9000:
#desplegamos toda la informacion
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
#Mostramos si tiene aun mas datos
if len(tcp.data) > 0:
print(
TAB_4 +
'______________Este paquete contiene datos_________________\t'
)
#terminamos la captura
pcap.close()
def main():
print("#################Capturing Packets############")
print(TAB_1 +"Source IP"+TAB_1+"Destination IP"+TAB_1+"Protocol"+TAB_1+"Source Port"+TAB_1+"Destination Port")
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
# Extracting the IPv4 Packet from ethernet frame
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# This is the part which extract TCP packet from IPv4 Packet
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
# Multithreading that receives SYN connection and checks for SYN flood attack Simultaneously.
threading.Thread(target= printpkt,args=(ipv4.src,ipv4.target,ipv4.proto,tcp.flag_syn,tcp.flag_ack,tcp.src_port,tcp.dest_port,)).start()
if tcp.flag_syn == 1 and ipv4.target == "192.168.2.34":
t1 = threading.Thread(target= storesynip,daemon=True, args=(ipv4.src,ipv4.target,)).start()
threading.Thread(target= storeip,args=(ipv4.src,ipv4.target,tcp.flag_syn,tcp.flag_ack,tcp.src_port,tcp.dest_port,)).start()
threading.Thread(target= checknow).start()
pcap.close()
def main():
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
packageManager = PackageManager()
print("\nSniffer iniciado...\n")
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
receivedDatetimePacket = time.time()
eth = Ethernet(raw_data)
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
# print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
if len(tcp.data) > 0:
# HTTP
# if tcp.src_port == 8080 or tcp.dest_port == 8080:
if tcp.dest_port == 8080:
packageManager.receivePackage(eth,
receivedDatetimePacket)
# UDP
elif ipv4.proto == 17:
# print('\n\n\n\n\nERRO UDP: + ' + str(ipv4.data))
udp = UDP(ipv4.data)
pcap.close()
def main(packetSize=1000):
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
count = 0
while packetSize > count:
count += 1
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(
icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
def main():
pcap = Pcap("capture.pcap")
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print("\nEthernet Frame:")
print(
f"{TAB_1}Destination: {eth.dest_mac}, Source: {eth.src_mac}, Protocol: {eth.proto}"
)
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + "IPv4 Packet:")
print(TAB_2 + "Version: {}, Header Length: {}, TTL: {},".format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + "Protocol: {}, Source: {}, Target: {}".format(
ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + "ICMP Packet:")
print(TAB_2 + "Type: {}, Code: {}, Checksum: {},".format(
icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + "ICMP Data:")
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + "TCP Segment:")
print(TAB_2 + "Source Port: {}, Destination Port: {}".format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + "Sequence: {}, Acknowledgment: {}".format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + "Flags:")
print(TAB_3 + "URG: {}, ACK: {}, PSH: {}".format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + "RST: {}, SYN: {}, FIN:{}".format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + "HTTP Data:")
try:
http = HTTP(tcp.data)
http_info = str(http.data).split("\n")
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + "TCP Data:")
print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + "UDP Segment:")
print(TAB_2 +
"Source Port: {}, Destination Port: {}, Length: {}".
format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + "Other IPv4 Data:")
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print("Ethernet Data:")
print(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
def main():
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
info =""
Data=""
# if StartCapture==1:
Tstart=int(round(time.time() * 1000))
#StartCapture=0
while True:
raw_data, addr = conn.recvfrom(65535)
l=[]
l.append(Tstart-int(round(time.time() * 1000)))
pcap.write(raw_data)
eth = Ethernet(raw_data)
#print('\nEthernet Frame:')
Data+="\nEthernet Frame:"+TAB_1 + "Destination:"+str(eth.dest_mac)+"Source: "+str(eth.src_mac)+"Protocol: "+str(eth.proto)
#print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
Data += TAB_2 + 'Protocol: ' + str(ipv4.proto) + ' Source:' + str(ipv4.src) + 'Target:' + str(ipv4.target)
# print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
l.append(ipv4.src)
l.append(ipv4.target)
# print(TAB_1 + 'IPv4 Packet:')
# print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
Data+=TAB_1 + 'IPv4 Packet:'+TAB_2 + 'Version:'+str(ipv4.version)+'Header Length:'+ str(ipv4.header_length)+'TTL:'+str(ipv4.ttl)
l.append(ipv4.header_length)
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
l.append('ICMP')
# print(TAB_1 + 'ICMP Packet:')
# print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
# print(TAB_2 + 'ICMP Data:')
# print(format_multi_line(DATA_TAB_3, icmp.data))
Data+=TAB_1 + 'ICMP Packet:'+TAB_2 + 'Type: '+str(icmp.type)+"Code:"+str(icmp.code)+"Checksum:"+str( icmp.checksum)+TAB_2 + 'ICMP Data:'+str(format_multi_line(DATA_TAB_3, icmp.data))
l.append(icmp.data)
l.append(" ")
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
#print(TAB_1 + 'TCP Segment:')
l.append('TCP')
#print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
info+=str(tcp.src_port)+"->"+str(tcp.dest_port)+"ACK="+str(tcp.flag_ack)+"len ="+str(len(tcp.data))
#print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
#print(TAB_2 + 'Flags:')
#print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
#print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
Data+=TAB_1 + 'TCP Segment:'+TAB_2 + 'Source Port:'+str(tcp.src_port)+"Destination Port:"+str( tcp.dest_port)+TAB_2 + 'Sequence:'+str(tcp.sequence)+" Acknowledgment:"+str(tcp.acknowledgment)
Data+=TAB_2 + 'Flags:'+TAB_3 + 'URG:'+str(tcp.flag_urg)+'ACK'+str(tcp.flag_ack)+'PSH'+str(tcp.flag_psh)+TAB_3 + 'RST:'+str(tcp.flag_rst)+'SYN'+str(tcp.flag_syn)+'FIN'+str(tcp.flag_fin)
l.append(tcp.data)
l.append(info)
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
Data+=TAB_2 + 'HTTP Data:'
# print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
Data+=DATA_TAB_3 + str(line)
# print(DATA_TAB_3 + str(line))
except:
# print(format_multi_line(DATA_TAB_3, tcp.data))
Data+=format_multi_line(DATA_TAB_3, tcp.data)
else:
# print(TAB_2 + 'TCP Data:')
# print(format_multi_line(DATA_TAB_3, tcp.data))
Data+=TAB_2 + 'TCP Data:'+format_multi_line(DATA_TAB_3, tcp.data)
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
l.append('UDB')
#print(TAB_1 + 'UDP Segment:')
#print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
Data+=TAB_1 + 'UDP Segment:'+TAB_2 + 'Source Port:'+str(udp.src_port)+'Destination Port:'+str( udp.dest_port)+'Length'+str(udp.size)
info += str(udp.src_port) + "->" +str (udp.dest_port) + "len =" + str(udp.size) # + "ACK=" + str(udp.flag_ack)
l.append(0)
l.append(info)
# Other IPv4
else:
#print(TAB_1 + 'Other IPv4 Data:')
l.append('other')
l.append(0)
l.append('other')
#print(format_multi_line(DATA_TAB_2, ipv4.data))
Data+=TAB_1 + 'Other IPv4 Data:'+format_multi_line(DATA_TAB_2, ipv4.data)
else:
#print('Ethernet Data:')
#print(format_multi_line(DATA_TAB_1, eth.data))
l.append(" ")#src
l.append(" ")#target
l.append(" ")#Hlength
l.append(" ")#protocol
Data+='Ethernet Data:'+format_multi_line(DATA_TAB_1, eth.data)
l.append(format_multi_line(DATA_TAB_1, eth.data))#hex
l.append(" ") # info
l.append(Data)
temp=l[3]
l[3]=l[4]
l[4]=temp
temp2=l[5]
l[5]=l[6]
l[6]=l[7]
l[7]=temp2
print (*l ,sep=',')
info=""
Data=""
pcap.close()
def main():
# output txt file name
output_file_name = 'task_1b_output.txt'
# remove the previously generated output txt file if exists
if os.path.exists(output_file_name):
os.remove(output_file_name)
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
data_from_server = ''
data_from_client = ''
try:
output_file = open(output_file_name, 'w')
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
now = datetime.now()
current_time = now.strftime("%H:%M:%S")
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# TCP
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
if len(tcp.data) > 0:
if tcp.src_port == 3333:
# print("[BOT to PC] [" + ipv4.src + "]" + " to " + "[" + ipv4.target + "]" + " > " + tcp.data.decode("utf-8"))
print("-------------------------")
printColour(current_time + " [BOT to PC] [" +
ipv4.src + "]" + " to " + "[" +
ipv4.target + "]" + " > ",
"green",
end='')
printColour(tcp.data.decode("utf-8"),
"red",
end='\n')
data_from_server = tcp.data.decode("utf-8")
# print(type(data_from_server))
if (data_from_server.count('@') == 2):
output_file.write(
encode(
random_string(6) +
str(data_from_server) +
random_string(6)) + '\n')
if tcp.dest_port == 3333:
# print("[PC to BOT] [" + ipv4.src + "]" + " to " + "[" + ipv4.target + "]" + " > " + tcp.data.decode("utf-8"))
print("-------------------------")
printColour(current_time + " [PC to BOT] [" +
ipv4.src + "]" + " to " + "[" +
ipv4.target + "]" + " > ",
"green",
end='')
printColour(tcp.data.decode("utf-8"),
"cyan",
end='\n')
data_from_client = tcp.data.decode("utf-8")
# print(type(data_from_client))
if (data_from_client.count('#') == 2):
output_file.write(
encode(
random_string(6) +
str(data_from_client) +
random_string(6)) + '\n')
# if (data_from_server.count('@') == 2) and (data_from_client.count('#') == 2):
# output_file.write(encode(random_string(6) + str(data_from_server) + random_string(6)) + '\n')
# output_file.write(encode(random_string(6) + str(data_from_client) + random_string(6)) + '\n')
pcap.close()
output_file.close()
except KeyboardInterrupt as e:
print('\n\nSee ya !')
os.chmod(output_file_name, (S_IRWXG | S_IRWXO | S_IRWXU))
exit()
class Sniffer(QThread):
def __init__(self):
super(self.__class__, self).__init__()
self.pcap = Pcap('capture.pcap')
self.conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
socket.ntohs(3))
#self.my_widget = myWidget
#self.my_widget.newPacketSignal.connect(self.on_packetChanged)
MyWidget.start.newPacketSignal.connect(self.on_packetChanged)
QThread.__init__(self)
def __del__(self):
self.wait()
def run(self):
info = ""
Data = ""
while True:
Tstart = (round(time.time() * 1000))
while (MyWidget.start.getPacket()):
raw_data, addr = self.conn.recvfrom(65535)
l = []
l.append(((round(time.time() * 1000)) - Tstart) / 1000)
self.pcap.write(raw_data)
eth = Ethernet(raw_data)
# print('\nEthernet Frame:')
Data += "\nEthernet Frame:" + TAB_1 + "Destination:" + str(
eth.dest_mac) + "Source: " + str(
eth.src_mac) + "Protocol: " + str(eth.proto)
# print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
Data += TAB_2 + 'Protocol: ' + str(
ipv4.proto) + ' Source:' + str(
ipv4.src) + 'Target:' + str(ipv4.target)
# print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
l.append(ipv4.src)
l.append(ipv4.target)
# print(TAB_1 + 'IPv4 Packet:')
# print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
Data += TAB_1 + 'IPv4 Packet:' + TAB_2 + 'Version:' + str(
ipv4.version) + 'Header Length:' + str(
ipv4.header_length) + 'TTL:' + str(ipv4.ttl)
l.append(ipv4.header_length)
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
l.append('ICMP')
# print(TAB_1 + 'ICMP Packet:')
# print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
# print(TAB_2 + 'ICMP Data:')
# print(format_multi_line(DATA_TAB_3, icmp.data))
Data += TAB_1 + 'ICMP Packet:' + TAB_2 + 'Type: ' + str(
icmp.type
) + "Code:" + str(icmp.code) + "Checksum:" + str(
icmp.checksum) + TAB_2 + 'ICMP Data:' + str(
format_multi_line(DATA_TAB_3, icmp.data))
l.append(icmp.data)
l.append(" ")
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
# print(TAB_1 + 'TCP Segment:')
l.append('TCP')
# print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
info += str(tcp.src_port) + "->" + str(
tcp.dest_port) + "ACK=" + str(
tcp.flag_ack) + "len =" + str(len(tcp.data))
# print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
# print(TAB_2 + 'Flags:')
# print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
# print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
Data += TAB_1 + 'TCP Segment:' + TAB_2 + 'Source Port:' + str(
tcp.src_port) + "Destination Port:" + str(
tcp.dest_port) + TAB_2 + 'Sequence:' + str(
tcp.sequence) + " Acknowledgment:" + str(
tcp.acknowledgment)
Data += TAB_2 + 'Flags:' + TAB_3 + 'URG:' + str(
tcp.flag_urg) + 'ACK' + str(
tcp.flag_ack) + 'PSH' + str(
tcp.flag_psh) + TAB_3 + 'RST:' + str(
tcp.flag_rst) + 'SYN' + str(
tcp.flag_syn) + 'FIN' + str(
tcp.flag_fin)
l.append(tcp.data)
l.append(info)
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
Data += TAB_2 + 'HTTP Data:'
# print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
Data += DATA_TAB_3 + str(line)
# print(DATA_TAB_3 + str(line))
except:
# print(format_multi_line(DATA_TAB_3, tcp.data))
Data += format_multi_line(
DATA_TAB_3, tcp.data)
else:
# print(TAB_2 + 'TCP Data:')
# print(format_multi_line(DATA_TAB_3, tcp.data))
Data += TAB_2 + 'TCP Data:' + format_multi_line(
DATA_TAB_3, tcp.data)
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
l.append('UDP')
# print(TAB_1 + 'UDP Segment:')
# print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
Data += TAB_1 + 'UDP Segment:' + TAB_2 + 'Source Port:' + str(
udp.src_port) + 'Destination Port:' + str(
udp.dest_port) + 'Length' + str(udp.size)
info += str(udp.src_port) + "->" + str(
udp.dest_port) + "len =" + str(
udp.size) # + "ACK=" + str(udp.flag_ack)
l.append(0)
l.append(info)
# Other IPv4
else:
# print(TAB_1 + 'Other IPv4 Data:')
l.append('other')
l.append(0)
l.append('other')
# print(format_multi_line(DATA_TAB_2, ipv4.data))
Data += TAB_1 + 'Other IPv4 Data:' + format_multi_line(
DATA_TAB_2, ipv4.data)
else:
# print('Ethernet Data:')
# print(format_multi_line(DATA_TAB_1, eth.data))
l.append(" ") # src
l.append(" ") # target
l.append(" ") # Hlength
l.append(" ") # protocol
Data += 'Ethernet Data:' + format_multi_line(
DATA_TAB_1, eth.data)
l.append(format_multi_line(DATA_TAB_1, eth.data)) # hex
l.append(" ") # info
l.append(Data)
temp = l[3]
l[3] = l[4]
l[4] = temp
temp2 = l[5]
l[5] = l[6]
l[6] = l[7]
l[7] = temp2
# print(*l, sep=',')
print(l)
MyWidget.Integration.setPacket(l)
time.sleep(0.1)
info = ""
Data = ""
self.pcap.close()
def on_packetChanged(self):
print(MyWidget.start.getPacket())
def main():
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
fob = open('output.txt','w')
fob.write("Output File\n\n");
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
fob.write('\n\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
fob.write(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
fob.write(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
fob.write(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
fob.write(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + 'ICMP Packet:')
fob.write(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
fob.write(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
fob.write(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
fob.write(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
fob.write(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
fob.write(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
fob.write(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
fob.write(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
fob.write(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
fob.write(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
fob.write(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
fob.write(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
fob.write(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
fob.write(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
fob.write(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
fob.write(TAB_1 + 'UDP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
fob.write(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
fob.write(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
fob.write(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print('Ethernet Data:')
fob.write(' Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
fob.write(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
def main():
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
conn.bind(('127.0.0.1', 2055))
conn.listen(5)
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# print(TAB_1 + 'IPv4 Packet:')
# print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
# print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
# # ICMP
# if ipv4.proto == 1:
# icmp = ICMP(ipv4.data)
# print(TAB_1 + 'ICMP Packet:')
# print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
# print(TAB_2 + 'ICMP Data:')
# print(format_multi_line(DATA_TAB_3, icmp.data))
# # TCP
# elif ipv4.proto == 6:
# tcp = TCP(ipv4.data)
# if tcp.dest_port == 2055:
# print(TAB_1 + 'TCP Segment:')
# print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
# print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
# print(TAB_2 + 'Flags:')
# print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
# print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
# if len(tcp.data) > 0:
# print(TAB_2 + 'TCP Data:')
# print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
if ipv4.proto == 17:
udp = UDP(ipv4.data)
if udp.dest_port == 2055:
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
# print(format_multi_line(DATA_TAB_2, ipv4.data))
print(binascii.hexlify(ipv4.data))
else:
print('Ethernet Dataffgf:')
print(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
def main():
timed_packets_tcp = []
timed_packets_udp = []
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
# print('\nEthernet Frame:')
# print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
# Get count feature
# Analyze the packets for last two seconds.
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# print(TAB_1 + 'IPv4 Packet:')
# print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
# print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
# print(TAB_1 + 'ICMP Packet:')
# print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
# print(TAB_2 + 'ICMP Data:')
# print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
protocol_type = 6
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
try:
service = get_service_from_port(tcp.dest_port)
except:
try:
service = get_service_from_port(tcp.src_port)
except:
service = "private"
timed_packets_tcp, same_host_count, same_service_count, same_srv_rate, diff_srv_rate, diff_host_rate, land = two_sec_analysis_tcp(
timed_packets_tcp, eth.dest_mac, eth.src_mac, tcp.src_port,
tcp.dest_port, tcp.sequence, tcp.acknowledgment,
tcp.flag_urg)
classify(sess, protocol_type, service, land, same_host_count,
same_service_count, tcp.flag_urg, same_srv_rate,
diff_srv_rate, diff_host_rate)
# if tcp.flag_urg == 0 and tcp.flag_ack == 0 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 1 and tcp.flag_fin == 0:
# print("SYN Request Sent!")
# print("connection started")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 1 and tcp.flag_fin == 0:
# print("SYN-ACK Request Sent!")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
# print("ACK Request Sent!")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
# print("ACK Request Sent!")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
# print("ACK Request Sent!")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
# print("ACK Request Sent!")
# pass
# if len(tcp.data) > 0:
# # HTTP
# if tcp.src_port == 80 or tcp.dest_port == 80:
# # print(TAB_2 + 'HTTP Data:')
# try:
# http = HTTP(tcp.data)
# http_info = str(http.data).split('\n')
# for line in http_info:
# print(DATA_TAB_3 + str(line))
# except:
# print("")
# # print(format_multi_line(DATA_TAB_3, tcp.data))
# else:
# print("")
# # print(TAB_2 + 'TCP Data:')
# # print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
protocol_type = 17
service = 'other'
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
flag_urg = 0
timed_packets_udp, same_host_count, same_service_count, same_srv_rate, diff_srv_rate, diff_host_rate, land = two_sec_analysis_udp(
timed_packets_udp, eth.dest_mac, eth.src_mac, udp.src_port,
udp.dest_port)
classify(sess, protocol_type, service, land, same_host_count,
same_service_count, flag_urg, same_srv_rate,
diff_srv_rate, diff_host_rate)
# Other IPv4
else:
print("")
# print(TAB_1 + 'Other IPv4 Data:')
# print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print("")
# print('Ethernet Data:')
# print(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
def start(self):
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
for i in range(0, 70):
x=time.clock()
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
mydialog.print_to_tabl(self, i, 0, str(i+1))
mydialog.print_to_tabl(self, i, 1, str(x))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
mydialog.print_to_tabl(self, i, 2, ipv4.src)
mydialog.print_to_tabl(self, i, 3, ipv4.target)
mydialog.print_to_tabl(self, i, 5,str(ipv4.header_length))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
mydialog.print_to_tabl(self,i, 4, "ICMP")
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
mydialog.print_to_tabl(self,i, 4, "tcp")
mydialog.print_to_tabl(self, i, 6,'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment) )
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port,
udp.size))
mydialog.print_to_tabl(self,i, 4, "UDP")
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(self,DATA_TAB_2, ipv4.data))
mydialog.print_to_tabl(self, i, 4, "ICMP")
# else:
#print('Ethernet Data:')
#print(format_multi_line(DATA_TAB_1, eth.data))
#mydialog.print_to_tabl(self, i, 6, str(eth.data))
# if pushButton_2.clicked :
# break
pcap.close()
def main(type_addr=None, src=None, dest=None, file_name=None):
#code of .pcap file analyzer
if file_name != None:
file = open(file_name, 'rb')
pcapfile = savefile.load_savefile(file, verbose=True)
b = True
i = 1
try:
packet = pcapfile.packets[0]
raw_data = packet.raw()
size = packet.packet_len
except:
print("empty file !")
b = False
#code to read and analyze .pcap file with the protocol Linux cooked capture
while b:
if 1:
if 1:
#ipv4 = IPv4(eth.data)
ipv4 = IPv4(raw_data[16:])
if (type_addr == '-ip' and src == ipv4.src
and dest == ipv4.target
) or type_addr == '-m' or type_addr == None:
print(TAB_1 + 'IPv4 Packet: No:{}'.format(i))
print(
TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 +
'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# TCP
#elif ipv4.proto == 6:
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
add_info(ipv4.src, ipv4.target, tcp.sequence,
tcp.flag_fin, packet, tcp,
packet.packet_len)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.
format(tcp.src_port, tcp.dest_port))
print(TAB_2 +
'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
print(TAB_3 + 'WINDOW: {}'.format(tcp.win))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(
TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'
.format(udp.src_port, udp.dest_port, udp.size))
try:
packet = pcapfile.packets[i]
raw_data = packet.raw()
size = packet.packet_len
i += 1
except:
print("end of file ")
b = False
file.close()
#code of real time analyzer in a local network
else:
file = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
socket.ntohs(3))
i = 0
while True:
if keyboard.is_pressed('q'):
break
raw_data, addr = conn.recvfrom(65535)
i += 1
eth = Ethernet(raw_data)
if keyboard.is_pressed('q'): #press q to stop the sniffer
break
if (type_addr == '-m' and src == eth.src_mac and dest
== eth.dest_mac) or type_addr == None or type_addr == 'ip':
file.write(raw_data)
print('\nEthernet Frame:')
print(TAB_1 +
'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
i += 1
ipv4 = IPv4(eth.data)
if (type_addr == 'ip' and src == ipv4.src
and dest == ipv4.target
) or type_addr == '-m' or type_addr == None:
print(TAB_1 + 'IPv4 Packet: No:{}'.format(i))
print(
TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 +
'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# TCP
#elif ipv4.proto == 6:
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.
format(tcp.src_port, tcp.dest_port))
print(TAB_2 +
'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
print(TAB_3 + 'WINDOW: {}'.format(tcp.win))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(
TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'
.format(udp.src_port, udp.dest_port, udp.size))
file.close()
file1 = open('capture.pcap', 'rb')
pcapfile = savefile.load_savefile(file1, verbose=True)
j = 0
b = True
packet = pcapfile.packets[0]
raw_data = packet.raw()
size = packet.packet_len
while b:
eth = Ethernet(raw_data)
if (type_addr == '-m' and src == eth.src_mac and dest
== eth.dest_mac) or type_addr == None or type_addr == 'ip':
# IPv4
if eth.proto == 8:
i += 1
ipv4 = IPv4(eth.data)
if 1:
# TCP
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
add_info(ipv4.src, ipv4.target, tcp.sequence,
tcp.flag_fin, packet, tcp,
packet.packet_len)
try:
packet = pcapfile.packets[j]
raw_data = packet.raw()
size = packet.packet_len
j += 1
except:
print("end of file ")
b = False
file1.close()
def main():
#pcap is used to live capture network traffic
pcap = Pcap('capture.pcap')
#Creates a socket using
#Check that its compatible and make sure its in little or big indian
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
#Keeps looping and capturing data
while True:
#buffer size is set to 65535
raw_data, addr = conn.recvfrom(65535)
#storing the data
#capturing it
pcap.write(raw_data)
eth = Ethernet(raw_data)
#{} place order for each variable
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
#Unpacking IP Headers
# IPv4
#Make sure using regular internet traffic
#which is IPv4
if eth.proto == 8:
#calling class ip4
#passing capture data into class
#analysing and using its methods
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
#after analysing the capture data
#ipv4 determines which type of protocol the prackage is from
#1 for ICMP
ipv4 = IPv4(eth.data)
icmp = ICMP(ipv4.data)
#analyses using icmp class
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(
icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
#after analysing the capture data
#ipv4 determines which type of protocol the prackage is from
#6 for ICMP
tcp = TCP(ipv4.data)
#analyses using icmp class
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
#at least some thing is capture
if len(tcp.data) > 0:
#protocol port for HTTP is 80
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
#analyses using icmp class
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
#analyses using UDP class
# UDP
#17 for UDP
elif ipv4.proto == 17:
#analyses using UDP class
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
# Other
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
#this remaining is the payload of data
#data that meaningless or which we cant yet interpret
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
#closing the library after use
pcap.close()
