def interface_from_name(name): try: return pcappy.open_live(name, snaplen=65535) except pcappy.PcapPyException: msg = "Can't open interface %s (available interfaces: %s)." % ( name, ", ".join(all_interfaces())) raise argparse.ArgumentTypeError(msg)
def lisp_itr_pcap_thread(device, pfilter, pcap_lock): lisp.lisp_set_exception() pcap_lock.acquire() pcap = pcappy.open_live(device, 9000, 0, 100) pcap_lock.release() pcap.filter = pfilter pcap.loop(-1, lisp_itr_pcap_process_packet, device) return
def Ii111(lisp_thread): lisp.lisp_set_exception() if (lisp.lisp_myrlocs[0] == None): return if 67 - 67: O0 oOOo000oOoO0 = "lo0" if lisp.lisp_is_macos() else "any" if 52 - 52: II111iiii.ooOoO0o / OoOoOO00 / OoooooooOO.i11iIiiIii I1i1i = pcappy.open_live(oOOo000oOoO0, 9000, 0, 100) if 86 - 86: Oo0Ooo / oO0o + O0 * iII111i iiI11I1i1i1iI = "(dst host " OoOOo000o0 = "" for oO0OOoO0 in lisp.lisp_get_all_addresses(): iiI11I1i1i1iI += "{} or ".format(oO0OOoO0) OoOOo000o0 += "{} or ".format(oO0OOoO0) if 12 - 12: II111iiii.I11i / OOooOOo iiI11I1i1i1iI = iiI11I1i1i1iI[0:-4] iiI11I1i1i1iI += ") and ((udp dst port 4341 or 8472 or 4789) or " iiI11I1i1i1iI += "(proto 17 and (ip[6]&0xe0 == 0x20 or " + "(ip[6]&0xe0 == 0 and ip[7] != 0))))" if 77 - 77: ooOoO0o - I1IiiI % I11i - O0 if 67 - 67: OOooOOo + Oo0Ooo if 84 - 84: O0 * OoooooooOO - IiII * IiII if 8 - 8: ooOoO0o / i1IIi.oO0o if 41 - 41: iII111i + OoO0O00 if 86 - 86: OoOoOO00.iIii1I11I1II1 - OoO0O00 OoOOo000o0 = OoOOo000o0[0:-4] iiI11I1i1i1iI += ( " or (not (src host {}) and " + "((udp src port 4342 and ip[28] == 0x28) or " + "(udp dst port 4342 and ip[28] == 0x12)))").format(OoOOo000o0) if 56 - 56: O0 if 61 - 61: o0oOOo0O0Ooo / OOooOOo / Oo0Ooo * O0 if 23 - 23: oO0o - OOooOOo + I11i lisp.lprint("Capturing packets for: '{}'".format(iiI11I1i1i1iI)) I1i1i.filter = iiI11I1i1i1iI if 12 - 12: I1IiiI / ooOoO0o % o0oOOo0O0Ooo / i11iIiiIii % OoooooooOO if 15 - 15: iIii1I11I1II1 % OoooooooOO - Oo0Ooo * Ii1I + I11i if 11 - 11: iII111i * Ii1I - OoOoOO00 if 66 - 66: OoOoOO00.i11iIiiIii - iII111i * o0oOOo0O0Ooo + OoooooooOO * I1ii11iIi11i I1i1i.loop(-1, Oo, [oOOo000oOoO0, lisp_thread]) return if 74 - 74: Oo0Ooo if 61 - 61: Oo0Ooo - I1Ii111 * II111iiii % ooOoO0o * iIii1I11I1II1 + OoO0O00 if 71 - 71: I11i / I11i * oO0o * oO0o / II111iiii if 35 - 35: OOooOOo * o0oOOo0O0Ooo * I1IiiI % Oo0Ooo.OoOoOO00 if 58 - 58: I11i + II111iiii * iII111i * i11iIiiIii - iIii1I11I1II1 if 68 - 68: OoooooooOO % II111iiii if 26 - 26: II111iiii % i11iIiiIii % iIii1I11I1II1 % I11i * I11i * I1ii11iIi11i
def lisp_rtr_pcap_thread(lisp_thread): lisp.lisp_set_exception() if (lisp.lisp_myrlocs[0] == None): return device = "lo0" if lisp.lisp_is_macos() else "any" pcap = pcappy.open_live(device, 9000, 0, 100) # # If "lisp-nat = yes" is configured, then a PETR is co-located with this # RTR functionality. We need to pcap *all* packets (0.0.0.0/0 and 0::/0). # lisp_nat = commands.getoutput("egrep 'lisp-nat = yes' ./lisp.config") lisp_nat = (lisp_nat != "" and lisp_nat[0] == " ") pfilter = "(dst host " afilter = "" for addr in lisp.lisp_get_all_addresses(): pfilter += "{} or ".format(addr) afilter += "{} or ".format(addr) #endif pfilter = pfilter[0:-4] pfilter += ") and ((udp dst port 4341 or 8472 or 4789) or " pfilter += "(proto 17 and (ip[6]&0xe0 == 0x20 or " + \ "(ip[6]&0xe0 == 0 and ip[7] != 0))))" # # For RLOC-probe messages that come via pcap interface so we have the # IP header to grab the TTL. # afilter = afilter[0:-4] pfilter += (" or (not (src host {}) and " + \ "((udp src port 4342 and ip[28] == 0x28) or " + \ "(udp dst port 4342 and ip[28] == 0x12)))").format(afilter) if (lisp_nat): pfilter += " or (dst net 0.0.0.0/0 and not (host {}))".format(afilter) #endif lisp.lprint("Capturing packets for: '{}'".format(pfilter)) pcap.filter = pfilter # # Enter receive loop. # pcap.loop(-1, lisp_rtr_pcap_process_packet, [device, lisp_thread]) return
def oo0OOo0O(lisp_thread): lisp.lisp_set_exception() if (lisp.lisp_myrlocs[0] == None): return if 39 - 39: OoooooooOO + oO0o % OOooOOo / OOooOOo Ii1ii111i1 = "lo0" if lisp.lisp_is_macos() else "any" if 27 - 27: iII111i.I11i.iIii1I11I1II1.iIii1I11I1II1 iIi1i = pcappy.open_live(Ii1ii111i1, 9000, 0, 100) if 4 - 4: I1Ii111 / i11iIiiIii / OOooOOo OooO0ooo0o = "(dst host " iii1 = "" for oO0OOoO0 in lisp.lisp_get_all_addresses(): OooO0ooo0o += "{} or ".format(oO0OOoO0) iii1 += "{} or ".format(oO0OOoO0) if 32 - 32: Ii1I.IiII.OoooooooOO - OoO0O00 + oO0o OooO0ooo0o = OooO0ooo0o[0:-4] OooO0ooo0o += ") and ((udp dst port 4341 or 8472 or 4789) or " OooO0ooo0o += "(proto 17 and (ip[6]&0xe0 == 0x20 or " + "(ip[6]&0xe0 == 0 and ip[7] != 0))))" if 88 - 88: iII111i if 19 - 19: II111iiii * IiII + Ii1I if 65 - 65: OOooOOo.I1Ii111.OoO0O00.iII111i - OOooOOo if 19 - 19: i11iIiiIii + iII111i % ooOoO0o if 14 - 14: OoO0O00.II111iiii.I11i / Ii1I % I1ii11iIi11i - ooOoO0o if 67 - 67: I11i - OOooOOo.i1IIi iii1 = iii1[0:-4] OooO0ooo0o += (" or (not (src host {}) and " + "((udp src port 4342 and ip[28] == 0x28) or " + "(udp dst port 4342 and ip[28] == 0x12)))").format(iii1) if 35 - 35: iII111i + ooOoO0o - oO0o.iII111i.IiII if 87 - 87: OoOoOO00 if 25 - 25: i1IIi.OoO0O00 - OoOoOO00 / OoO0O00 % OoO0O00 * iIii1I11I1II1 lisp.lprint("Capturing packets for: '{}'".format(OooO0ooo0o)) iIi1i.filter = OooO0ooo0o if 50 - 50: OoO0O00.i11iIiiIii - oO0o.oO0o if 31 - 31: OOooOOo / Oo0Ooo * i1IIi.OoOoOO00 if 57 - 57: OOooOOo + iIii1I11I1II1 % i1IIi % I1IiiI if 83 - 83: o0oOOo0O0Ooo / i11iIiiIii % iIii1I11I1II1.I11i % oO0o.OoooooooOO iIi1i.loop(-1, OoO, [Ii1ii111i1, lisp_thread]) return if 94 - 94: Ii1I + iIii1I11I1II1 % OoO0O00 if 93 - 93: Ii1I - OOooOOo + iIii1I11I1II1 * o0oOOo0O0Ooo + I1Ii111.iII111i if 49 - 49: OoooooooOO * I11i - Oo0Ooo.oO0o if 89 - 89: ooOoO0o + Ii1I * ooOoO0o / ooOoO0o if 46 - 46: OoO0O00 if 71 - 71: I11i / I11i * oO0o * oO0o / II111iiii if 35 - 35: OOooOOo * o0oOOo0O0Ooo * I1IiiI % Oo0Ooo.OoOoOO00
def I1iIII1(lisp_thread): lisp.lisp_set_exception() if (lisp.lisp_myrlocs[0] == None): return if 39 - 39: OoooooooOO OOOOoO000 = "lo0" if lisp.lisp_is_macos() else "any" if 38 - 38: I1IiiI oOo0OoOOo0 = pcappy.open_live(OOOOoO000, 9000, 0, 100) if 30 - 30: I1ii11iIi11i % I1IiiI O0Oo00 = "(dst host " ii1IiIIi1i = "" for oO0OOoO0 in lisp.lisp_get_all_addresses(): O0Oo00 += "{} or ".format(oO0OOoO0) ii1IiIIi1i += "{} or ".format(oO0OOoO0) if 54 - 54: ooOoO0o O0Oo00 = O0Oo00[0:-4] O0Oo00 += ") and ((udp dst port 4341 or 8472 or 4789) or " O0Oo00 += "(proto 17 and (ip[6]&0xe0 == 0x20 or " + "(ip[6]&0xe0 == 0 and ip[7] != 0))))" if 67 - 67: OOooOOo.Oo0Ooo + OoOoOO00 - OoooooooOO if 70 - 70: OOooOOo / II111iiii - iIii1I11I1II1 - iII111i if 11 - 11: iIii1I11I1II1.OoooooooOO.II111iiii / i1IIi - I11i if 30 - 30: OoOoOO00 if 21 - 21: i11iIiiIii / I1Ii111 % OOooOOo * O0.I11i - iIii1I11I1II1 if 26 - 26: II111iiii * OoOoOO00 ii1IiIIi1i = ii1IiIIi1i[0:-4] O0Oo00 += (" or (not (src host {}) and " + "((udp src port 4342 and ip[28] == 0x28) or " + "(udp dst port 4342 and ip[28] == 0x12)))").format(ii1IiIIi1i) if 10 - 10: II111iiii.iII111i if 32 - 32: Ii1I.IiII.OoooooooOO - OoO0O00 + oO0o if 88 - 88: iII111i lisp.lprint("Capturing packets for: '{}'".format(O0Oo00)) oOo0OoOOo0.filter = O0Oo00 if 19 - 19: II111iiii * IiII + Ii1I if 65 - 65: OOooOOo.I1Ii111.OoO0O00.iII111i - OOooOOo if 19 - 19: i11iIiiIii + iII111i % ooOoO0o if 14 - 14: OoO0O00.II111iiii.I11i / Ii1I % I1ii11iIi11i - ooOoO0o oOo0OoOOo0.loop(-1, OO0, [OOOOoO000, lisp_thread]) return if 67 - 67: I11i - OOooOOo.i1IIi if 35 - 35: iII111i + ooOoO0o - oO0o.iII111i.IiII if 87 - 87: OoOoOO00 if 25 - 25: i1IIi.OoO0O00 - OoOoOO00 / OoO0O00 % OoO0O00 * iIii1I11I1II1 if 50 - 50: OoO0O00.i11iIiiIii - oO0o.oO0o if 31 - 31: OOooOOo / Oo0Ooo * i1IIi.OoOoOO00 if 57 - 57: OOooOOo + iIii1I11I1II1 % i1IIi % I1IiiI
def live_capture(interface="", net_mask=24, time=100): SNAP_LEN = 65536 #Maximum size of a packet request_packets = dict() if interface == "": print("Looking for a default interface...") try: interface = lookupdev() except PcapPyException as e: print("Unable to find default network interface. Aborting!") sys.exit(1) print("Performing capture on: " + interface) #We need network capabilities or root permission to sniff packets, unfortunately #if we dont have them the libpcap library generates a segmentation fault and #I cant think of a way to detect it and warn the user (except checking the euid for root) try: p = open_live(interface, SNAP_LEN, 1, 0) except PcapPyException as e: print(e.message) sys.exit(1) p.filter = 'icmp' stats = {'icmp_count': 0, 'suspect': 0} try: while(True): (header, packet) = p.next_ex() got_icmp_packet(stats, header, packet, net_mask, request_packets, time) except KeyboardInterrupt: #FIXME This is only caught when control is handed back to the python code from the pcap library print("Capture canceled by user") except PcapPyException as e: print(e.message) print("Captured " + str(stats['icmp_count']) + " ICMP packets") print("Captured " + str(stats['suspect']) + " suspicious ICMP packets")
def lisp_rtr_pcap_thread(lisp_thread): lisp.lisp_set_exception() if (lisp.lisp_myrlocs[0] == None): return device = "lo0" if lisp.lisp_is_macos() else "any" pcap = pcappy.open_live(device, 9000, 0, 100) pfilter = "(dst host " afilter = "" for addr in lisp.lisp_get_all_addresses(): pfilter += "{} or ".format(addr) afilter += "{} or ".format(addr) #endif pfilter = pfilter[0:-4] pfilter += ") and ((udp dst port 4341 or 8472 or 4789) or " pfilter += "(proto 17 and (ip[6]&0xe0 == 0x20 or " + \ "(ip[6]&0xe0 == 0 and ip[7] != 0))))" # # For RLOC-probe messages that come via pcap interface so we have the # IP header to grab the TTL. # afilter = afilter[0:-4] pfilter += (" or (not (src host {}) and " + \ "((udp src port 4342 and ip[28] == 0x28) or " + \ "(udp dst port 4342 and ip[28] == 0x12)))").format(afilter) lisp.lprint("Capturing packets for: '{}'".format(pfilter)) pcap.filter = pfilter # # Enter receive loop. # pcap.loop(-1, lisp_rtr_pcap_process_packet, [device, lisp_thread]) return
def run(self): self.capture = pcappy.open_live(self.interface, snaplen=self.snaplen, promisc=self.promisc, to_ms=self.ms) self.capture.loop(-1, self._parse_packet, self.d)