def parse_pcap_file(filename, net_mask, time):
try:
p = open_offline(filename)
except PcapPyException as e:
print(e.message)
sys.exit(1)
p.filter = 'icmp'
request_packets = dict()
print("Parsing " + filename)
stats = {'icmp_count': 0, 'suspect': 0}
try:
while(True):
packet = p.next_ex()
if packet is None:
print("Done parsing the file!")
break
got_icmp_packet(stats, packet[0], packet[1], net_mask, request_packets, time)
except KeyboardInterrupt:
print("File parsing canceled by user")
except PcapPyException as e:
print(e.message)
print("Found " + str(stats['icmp_count']) + " ICMP packets")
print("Found " + str(stats['suspect']) + " suspicious ICMP packets")
def live_capture(interface="", net_mask=24, time=100):
SNAP_LEN = 65536 #Maximum size of a packet
request_packets = dict()
if interface == "":
print("Looking for a default interface...")
try:
interface = lookupdev()
except PcapPyException as e:
print("Unable to find default network interface. Aborting!")
sys.exit(1)
print("Performing capture on: " + interface)
#We need network capabilities or root permission to sniff packets, unfortunately
#if we dont have them the libpcap library generates a segmentation fault and
#I cant think of a way to detect it and warn the user (except checking the euid for root)
try:
p = open_live(interface, SNAP_LEN, 1, 0)
except PcapPyException as e:
print(e.message)
sys.exit(1)
p.filter = 'icmp'
stats = {'icmp_count': 0, 'suspect': 0}
try:
while(True):
(header, packet) = p.next_ex()
got_icmp_packet(stats, header, packet, net_mask, request_packets, time)
except KeyboardInterrupt: #FIXME This is only caught when control is handed back to the python code from the pcap library
print("Capture canceled by user")
except PcapPyException as e:
print(e.message)
print("Captured " + str(stats['icmp_count']) + " ICMP packets")
print("Captured " + str(stats['suspect']) + " suspicious ICMP packets")
