def run_libtrace(in_uri: str, queue: aioprocessing.Queue): """Run librace using interface `in_uri`, sending `(flow_id, symbol, packet_clock)` triples to the given queue.""" logging.info(f'Sniffing on interface: {in_uri}') filter_ = libtrace.filter('udp') with managed_trace(in_uri) as trace: trace.conf_filter(filter_) for packet in trace: ip, udp = packet.ip, packet.udp if ip is None or udp is None: continue src_ip, dst_ip = map(str, (ip.src_prefix, ip.dst_prefix)) src_port, dst_port = udp.src_port, udp.dst_port flow_id = (src_ip, src_port, dst_ip, dst_port) symbol, _ = decode_symbol_with_offset(udp.payload.data) queue.put((flow_id, symbol, packet.erf_time))
def bridgemulticast(interface): bridgesocket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) bridgesocket.connect(bridgehost) print("capturing on {}".format(interface)) trace = plt.trace('bpf:{}'.format(interface)) #capturefilter = 'multicast and host 239.255.42.42 and port 5004' capturefilter = 'udp and port 5004' capfilter = plt.filter(capturefilter) trace.conf_filter(capfilter) trace.conf_promisc(True) trace.start() try: for pkt in trace: hdr = pkt.udp if not hdr: continue data = pkt.udp_payload.data print(type(data)) if not data: continue if len(data) < 1000: continue try: s = bridgesocket.send(data) print('sent ', s) except: pass except KeyboardInterrupt: trace.close() sys.exit()
print "%s: isfile %s" % (full_fn, os.path.isfile(full_fn)) try: with open(full_fn) as file: print "File opened OK" file.close() except IOError as e: print "Unable to open file" #Does not exist OR no read permissions trace_format = "pcapfile" #trace_format = "erf" uri = trace_format + ':' + full_fn print ">> uri = %s" % uri flt = plt.filter('vlan 1051 and tcp') print "flt = %s" % flt t = plt.trace(uri) t.conf_filter(flt) t.conf_snaplen(48) t.start() print "+++ started" t.pause() print "+++ paused" t.start() print "+++ started again" #out_fn = base + '/' + "pypy/pylt/plt/test-out-zlib.pcap" out_fn = base + '/' + "pypy/pylt/plt/test-out-none.pcap" out_uri = trace_format + ':' + out_fn
def main(): signal.signal(signal.SIGINT, signal_handler) args = deal_with_arguments() packets = {} Bytes = {} for proto in (TCP, UDP, ICMP): packets[proto] = 0 Bytes[proto] = 0 print("Press Ctrl+C to exit.") print("Packets processed:\t") # Set up our storage. try: outputfile = open(args.db_name, 'w') tcp_flows = FlowStorage(filename=args.db_name) udp_flows = FlowStorage(filename=args.db_name) icmp_flows = FlowStorage(filename=args.db_name) dests = DestStorage(filename=args.db_name) except Exception as e: print("Problem setting up databases:\n\t%s" % e) exit() # Try opening our trace. if ("nfdump:" in args.input): records = search_file(args.input[7:]) parse_nfdump(records, packets, Bytes, args.interval, tcp_flows, udp_flows, icmp_flows) elif ("flow-tools:" in args.input): records = flowtools.FlowSet(args.input[11:]) parse_flowtools(records, packets, Bytes, args.interval, tcp_flows, udp_flows, icmp_flows) else: try: t = plt.trace(args.input) except Exception as e: print("Trouble opening trace URI/device:\n\t%s" % e) exit() # Try setting up our filter if given one. try: if args.filter != None or args.target != None: if args.filter != None and args.target != None: args.filter = args.filter + " and " elif args.filter == None: args.filter = "" if args.target != None: args.filter = args.filter + "dst " if '/' in args.target: args.filter = args.filter + "net " args.filter = args.filter + args.target f = plt.filter(args.filter) print("Applying filter \"%s\"" % args.filter) t.conf_filter(f) except Exception as e: print("Trouble applying bpf filter: \'%s\'\n\t%s" % (args.filter, e)) exit() try: t.start() except Exception as e: print(e) exit() parse_pcap(t, packets, Bytes, args.interval, tcp_flows, udp_flows, icmp_flows) print("\n************ OVERALL STATS ******************\n") print( "TCP packets\t%s\tBytes\t%s\nUDP packets\t%s\tBytes\t%s\nICMP packets\t%s\tBytes\t%s\n" % (packets[TCP], Bytes[TCP], packets[UDP], Bytes[UDP], packets[ICMP], Bytes[ICMP])) print >> outputfile, "ALL %s %s %s %s %s %s" % (packets[TCP], packets[UDP], packets[ICMP], Bytes[TCP], Bytes[UDP], Bytes[ICMP]) dests.print_stats(tcp_flows, 'TCP', outputfile) dests.print_stats(udp_flows, 'UDP', outputfile) dests.print_stats(icmp_flows, 'ICMP', outputfile) outputfile.close()
def main(): signal.signal(signal.SIGINT, signal_handler) args = deal_with_arguments() # Set up our storage. try: flows = FlowStorage(filename=args.flow_db_name, persistant_storage=args.storage) dests = DestStorage(filename=args.dest_db_name, persistant_storage=args.storage) except Exception as e: print("Problem setting up databases:\n\t%s" % e) exit() # Try opening our trace. try: t = plt.trace(args.input) except Exception as e: print("Trouble opening trace URI/device:\n\t%s" % e) exit() # Try setting up our filter if given one. try: if args.filter != None or args.target != None: if args.filter != None and args.target != None: args.filter = args.filter + " and " elif args.filter == None: args.filter = "" if args.target != None: args.filter = args.filter + "dst " if '/' in args.target: args.filter = args.filter + "net " args.filter = args.filter + args.target f = plt.filter(args.filter) print("Applying filter \"%s\"" % args.filter) t.conf_filter(f) except Exception as e: print("Trouble applying bpf filter: \'%s\'\n\t%s" % (args.filter, e)) exit() print("Press Ctrl+C to exit.") # Try reading. try: t.start() except Exception as e: print(e) exit() # And we're off - loop for as long as we get packets (or ^C) packet_count = 0 non_ipv4_packets = 0 non_ip_packets = 0 non_tcp_packets = 0 last_time_check_pkt_ts = 0 current_time = int(time.time()) do_stats_time = current_time + args.interval do_updates_time = current_time + 15 last_packet_count = 0 last_ts = -2 current_ts = -1 print("Packets processed:\t"), for pkt in t: packet_count = packet_count + 1 last_packet_count = last_packet_count + 1 last_ts = current_ts current_ts = pkt.seconds if last_ts > (current_ts + .5): print("PROBLEM: timestamps out of order: Last ts: %f this ts: %f" % (last_ts, current_ts)) exit() print("%012d\b\b\b\b\b\b\b\b\b\b\b\b" % packet_count), # If we've gone through an interval's worth of packets, check the actual time # we may be going through packets *much* faster than real-time if we're # reading from a trace, but this keeps us from constantly checking the time # to determine when we update/print stats. if current_ts - last_time_check_pkt_ts > 3 or last_packet_count > 100: current_time = int(time.time()) last_time_check_pkt_ts = current_ts if do_stats_time < current_time: print("\nDo stats") dests.update_dest_info(flows, current_ts) do_stats_time = current_time + args.interval do_update_time = current_time + 60 print("Packets processed:\t"), elif do_updates_time < current_time or last_packet_count > 100: print("\nUpdating tables %d" % last_packet_count) last_packet_count = 0 dests.update_dest_info(flows, current_ts, do_stats=False) do_updates_time = current_time + 60 print("Packets processed:\t"), # IP layer ip = pkt.ip if not ip: non_ip_packets = non_ip_packets + 1 continue # IPv4 if ip.version != 4: non_ipv4_packets = non_ipv4_packets + 1 continue # TCP is al we care about right now. tcp = pkt.tcp if not tcp: non_tcp_packets = non_tcp_packets + 1 continue # Get what we're using for dictionary keys. pkt_src = str(ip.src_prefix) pkt_dst = str(ip.dst_prefix) pkt_sport = str(tcp.src_port) pkt_dport = str(tcp.dst_port) # Not perfect - we don't check for certain combinations (ie combinations that don't make sense). event = OTHER if tcp.syn_flag: if not tcp.ack_flag: event = SYN else: event = SYN_ACK elif tcp.fin_flag: event = FIN elif tcp.rst_flag: event = RST elif tcp.ack_flag or tcp.urg_flag or tcp.psh_flag: event = ACK_AND_DATA else: print("Unknown flags!") # Ready to store. flows.add_tcp_flow_event(current_ts, pkt_src, pkt_sport, pkt_dst, pkt_dport, event) print("\nDone\n") dests.update_dest_info(flows, current_ts + DESTSTAT_TIMEOUT) flows.close() dests.close()
print "%s: isfile %s" % (full_fn, os.path.isfile(full_fn)) try: with open(full_fn) as file: print "File opened OK" file.close() except IOError as e: print "Unable to open file" #Does not exist OR no read permissions trace_format = "pcapfile" #trace_format = "erf" uri = trace_format + ':' + full_fn print ">> uri = %s" % uri flt = plt.filter('vlan 1051 and tcp') print "flt = %s" % flt t = plt.trace(uri) t.conf_filter(flt) t.conf_snaplen(48) t.start() print "+++ started" t.pause() print "+++ paused" t.start() print "+++ started again" #out_fn = base + '/' + "pypy/pylt/plt/test-out-zlib.pcap" out_fn = base + '/' + "pypy/pylt/plt/test-out-none.pcap"