def __init__(self,
iface=None,
promisc=None,
filter=None,
nofilter=False,
prog=None,
*arg,
**karg):
self.outs = None
args = ['-w', '-', '-s', '65535']
if iface is None and (WINDOWS or DARWIN):
iface = conf.iface
self.iface = iface
if iface is not None:
args.extend(['-i', network_name(iface)])
if not promisc:
args.append('-p')
if not nofilter:
if conf.except_filter:
if filter:
filter = "(%s) and not (%s)" % (filter, conf.except_filter)
else:
filter = "not (%s)" % conf.except_filter
if filter is not None:
args.append(filter)
self.tcpdump_proc = tcpdump(None, prog=prog, args=args, getproc=True)
self.ins = PcapReader(self.tcpdump_proc.stdout)
def simulate(self, pcap_file_name):
print("Simulation starts!")
print("Reading pcap file: " + pcap_file_name)
pcap_reader = PcapReader(pcap_file_name)
statistic_stop_time = 1
pkt_time_base = -1
stop_time = 0
while True:
pkt = pcap_reader.read_packet()
if pkt is None:
break
if not pkt.haslayer('Ether') or not pkt.haslayer(
'IP') or not pkt.haslayer('TCP'):
continue
if pkt_time_base == -1:
pkt_time_base = pkt.time
pkt_time = pkt.time - pkt_time_base
# print("pkt.time %f" % pkt_time)
while pkt_time > stop_time:
for i in range(self.device_count):
(self.entry_num_per_sec[i]).append(
len(self.ip2hc_tables[i]))
print("%d len: %d" % (i, len(self.entry_num_per_sec[i])))
print("stop time %d" % stop_time)
stop_time += 1
self.__learn_host(pkt['IP'].src, pkt['IP'].dst, pkt['TCP'].sport,
pkt['TCP'].dport, pkt['IP'].ttl)
# print("time:%f length:%d " % (pkt_time, len(self.entry_num_per_sec[0])))
pcap_reader.close()
return self.entry_num_per_sec
def process_pcap_file(self, filename):
"""Processes a pcap file
"""
for pkt in PcapReader(filename):
self.mhp.process(pkt, rawpkt=pkt)
stats = self.mhp.get_stats()
print("Processed", stats['packets'], "packets")
def crypt2plain(self, pcapFile, encType, key):
"""Converts an encrypted stream to unencrypted stream
Returns the unencrypted stream input as a scapy PacketList object
Future plans involve offering a yield parameter so that pcapList,
instead returns as a generated object; should save memory this way.
Does not have the capability to diff between multiple keys encTypes
Possible workaround for this is taking the try and using except,
creating a return to let the user know which objs to retry on
For now, skipping.
"""
## Use the generator of PcapReader for memory purposes
pObj = PcapReader(pcapFile)
pcapList = []
## Deal with WEP
if encType == 'WEP':
for i in pObj:
try:
pkt, iv = pyDot11.wepDecrypt(i, key)
except:
pkt = i
pcapList.append(pkt)
## Return the stream like a normal Scapy PacketList
return PacketList(res=pcapList)
def process_file(in_file, out_file):
"""Read through in_file pcap and convert to csv out_file."""
with PcapReader(in_file) as pcap_reader, open(out_file, 'w') as csvfile:
csv_writer = None
state = {}
for pkt in pcap_reader:
if TCP in pkt and pkt[TCP].dport == 515:
buf = pkt[TCP].load
offset = 0
state['time'] = pkt.time
while offset < len(buf):
block = cms_decode.cms_read_block_from_bytes(buf, offset)
if hasattr(block, 'values'):
state.update(block.values)
if hasattr(block, 'leads'):
state.update(block.leads)
if block.block_type == 0x47:
# write row
if not csv_writer:
fields = [
k for k in sorted(state.keys())
if 'alarm' not in k
]
csv_writer = csv.DictWriter(csvfile,
fields,
extrasaction='ignore')
csv_writer.writeheader()
csv_writer.writerow(state)
offset += 4 + block.length
def __init__(self, filename, reader_id):
if filename.endswith(".pcap"):
self.reader = PcapReader(filename)
if filename.endswith(".pcapng"):
self.reader = PcapNgReader(filename)
self.reader_id = reader_id
self.current_packet = self.reader.read_packet()
def sniff(count=0, store=1, offline=None, prn = None, lfilter=None, L2socket=None, timeout=None, *arg, **karg):
"""Sniff packets
sniff([count=0,] [prn=None,] [store=1,] [offline=None,] [lfilter=None,] + L2ListenSocket args) -> list of packets
Select interface to sniff by setting conf.iface. Use show_interfaces() to see interface names.
count: number of packets to capture. 0 means infinity
store: wether to store sniffed packets or discard them
prn: function to apply to each packet. If something is returned,
it is displayed. Ex:
ex: prn = lambda x: x.summary()
filter: provide a BPF filter
lfilter: python function applied to each packet to determine
if further action may be done
ex: lfilter = lambda x: x.haslayer(Padding)
offline: pcap file to read packets from, instead of sniffing them
timeout: stop sniffing after a given time (default: None)
L2socket: use the provided L2socket
"""
c = 0
if offline is None:
log_runtime.info('Sniffing on %s' % conf.iface)
if L2socket is None:
L2socket = conf.L2listen
s = L2socket(type=ETH_P_ALL, *arg, **karg)
else:
flt = karg.get('filter')
s = PcapReader(offline if flt is None else
tcpdump(offline, args=["-w", "-", flt], getfd=True))
lst = []
if timeout is not None:
stoptime = time.time()+timeout
remain = None
while 1:
try:
if timeout is not None:
remain = stoptime-time.time()
if remain <= 0:
break
try:
p = s.recv(MTU)
except PcapTimeoutElapsed:
continue
if p is None:
break
if lfilter and not lfilter(p):
continue
if store:
lst.append(p)
c += 1
if prn:
r = prn(p)
if r is not None:
print r
if 0 < count <= c:
break
except KeyboardInterrupt:
break
s.close()
return plist.PacketList(lst,"Sniffed")
def __init__(self,
iface=None,
promisc=None,
filter=None,
nofilter=False,
prog=None,
*arg,
**karg):
self.outs = None
args = ['-w', '-', '-s', '65535']
if iface is not None:
if WINDOWS:
try:
args.extend(['-i', iface.pcap_name])
except AttributeError:
args.extend(['-i', iface])
else:
args.extend(['-i', iface])
elif WINDOWS:
args.extend(['-i', conf.iface.pcap_name])
if not promisc:
args.append('-p')
if not nofilter:
if conf.except_filter:
if filter:
filter = "(%s) and not (%s)" % (filter, conf.except_filter)
else:
filter = "not (%s)" % conf.except_filter
if filter is not None:
args.append(filter)
self.tcpdump_proc = tcpdump(None, prog=prog, args=args, getproc=True)
self.ins = PcapReader(self.tcpdump_proc.stdout)
def main():
if len(sys.argv) != 2:
sys.stderr.write("Usage: %s <filename.pcap>\n\n" % sys.argv[0])
filename = sys.argv[1]
messages = [seg for seg in PcapReader(filename) if "TCP" in seg]
segments = []
last_ack = {}
for m in messages:
segment = {}
segment["src"] = m.sprintf("%IP.src%:%TCP.sport%")
segment["dst"] = m.sprintf("%IP.dst%:%TCP.dport%")
flags = m.sprintf("%TCP.flags%")
segment["syn"] = "S" in flags
segment["fin"] = "F" in flags
segment["rst"] = "R" in flags
# Acks are special. Not only the A bit must be set, but also the seq number should increase
if "A" in flags:
conn_key = (segment["src"], segment["dst"])
if conn_key in last_ack:
old_ack = last_ack[conn_key]
else:
old_ack = m["TCP"].ack - 1
last_ack[conn_key] = m["TCP"].ack
segment["ack"] = old_ack != m["TCP"].ack
else:
segment["ack"] = False
segments.append(segment)
sys.stdout.write("[\n ")
sys.stdout.write(",\n ".join(str(seg) for seg in segments))
sys.stdout.write("\n]")
def __init__(
self,
iface=None, # type: Optional[_GlobInterfaceType]
promisc=False, # type: bool
filter=None, # type: Optional[str]
nofilter=False, # type: bool
prog=None, # type: Optional[str]
*arg, # type: Any
**karg # type: Any
):
# type: (...) -> None
self.outs = None
args = ['-w', '-', '-s', '65535']
if iface is None and (WINDOWS or DARWIN):
iface = conf.iface
self.iface = iface
if iface is not None:
args.extend(['-i', network_name(iface)])
if not promisc:
args.append('-p')
if not nofilter:
if conf.except_filter:
if filter:
filter = "(%s) and not (%s)" % (filter, conf.except_filter)
else:
filter = "not (%s)" % conf.except_filter
if filter is not None:
args.append(filter)
self.tcpdump_proc = tcpdump(None, prog=prog, args=args, getproc=True)
self.reader = PcapReader(self.tcpdump_proc.stdout)
self.ins = self.reader # type: ignore
def PCAPread(file_name, start, count):
reader = PcapReader(file_name)
if start > 0:
reader.read_all(start)
if count > 0:
return reader.read_all(count)
else:
return reader.read_all(-1)
def read_pcap_file(self, iface, filename):
try:
pcap_file = os.path.join(self.config['pcap_dir'], filename)
for pkt in PcapReader(pcap_file):
self.fprn(pkt, iface)
except (IOError, error.Scapy_Exception) as exc:
self.logger.exception('Cant read pcap file %s, err: %s', pcap_file,
str(exc))
def process(csvfile, filename, DATA_LENGTH):
#计数
count = 0
#定义csv写入器
writer = csv.writer(csvfile)
writer.writerow(["data"])
#定义pcap读入器
pr = PcapReader(filename)
#循环一行一行数据读入,直到为空
while True:
pcap_data = pr.read_packet()
#空则退出
if pcap_data is None:
break
else:
ether_data = np.fromstring(pcap_data.original, np.uint8, count=14)
type = ether_data[12:14]
# 去除Ethernet包头,取IP包
ip_data = pcap_data.payload
#转换成0-255的数
ipdata = np.fromstring(ip_data.original, np.uint8)
#求数据长度
length = len(ipdata)
#去IP包头
communication_data = ip_data.payload
# 定义一个tmp数据变量,用于存储扩展udp包头与Tcp包头一样长后的udp数据,定义为1500长度,并且填充0,用不补0
tmp_data = np.zeros(shape=[1500], dtype=np.uint8)
# 查找UDP包头的pcap
if communication_data.name == 'UDP':
#ip包长+udp包头长=28字节,因此取前28
tmp_data[0:27] = ipdata[0:27]
#后面补12个0,使其长度与IP+TCP的40字节一致
#后面接上,UDP包长度超过1488 = 1500 - 12的部分去掉,因为补12个0与TCP包头对齐
if length > DATA_LENGTH - 12:
tmp_data[28:] = ipdata[28:DATA_LENGTH - 12]
else:
tmp_data[28:length] = ipdata[28:length]
else:
# TCP保持不变,超过1500的部分去掉
if length > DATA_LENGTH:
tmp_data = ipdata[0:DATA_LENGTH]
else:
tmp_data[0:length] = ipdata[0:length]
#用规范模型对数据进行规范化
X_train = model.transform(np.reshape(tmp_data, newshape=[-1, 1]))
# 写入时写入一行,因此transpose
writer.writerow(np.transpose(X_train)[0])
count = count + 1
if count == 100:
break
# 关闭scapy读入器,防止内存泄露
pr.close()
#反馈文件中的数据总数
return count
def wait_for_packet(self, timeout, filter_out_fn=is_ipv6_misc):
"""
Wait for next packet captured with a timeout
:param timeout: How long to wait for the packet
:returns: Captured packet if no packet arrived within timeout
:raises Exception: if no packet arrives within timeout
"""
deadline = time.time() + timeout
if self._pcap_reader is None:
if not self.wait_for_capture_file(timeout):
raise CaptureTimeoutError(
"Capture file %s did not appear within timeout" % self.out_path
)
while time.time() < deadline:
try:
self._pcap_reader = PcapReader(self.out_path)
break
except:
self.test.logger.debug(
"Exception in scapy.PcapReader(%s): %s"
% (self.out_path, format_exc())
)
if not self._pcap_reader:
raise CaptureTimeoutError(
"Capture file %s did not appear within timeout" % self.out_path
)
poll = False
if timeout > 0:
self.test.logger.debug("Waiting for packet")
else:
poll = True
self.test.logger.debug("Polling for packet")
while time.time() < deadline or poll:
if not self.verify_enough_packet_data_in_pcap():
self._test.sleep(0) # yield
poll = False
continue
p = self._pcap_reader.recv()
if p is not None:
if filter_out_fn is not None and filter_out_fn(p):
self.test.logger.debug(
"Packet received after %ss was filtered out"
% (time.time() - (deadline - timeout))
)
else:
self.test.logger.debug(
"Packet received after %fs"
% (time.time() - (deadline - timeout))
)
return p
self._test.sleep(0) # yield
poll = False
self.test.logger.debug("Timeout - no packets received")
raise CaptureTimeoutError("Packet didn't arrive within timeout")
def _run_on_pcap(self, args):
reader = PcapReader(args.input_file)
try:
while True:
self.handle_packet(reader.read_packet())
except EOFError:
pass
reader.close()
def read_pcap(self):
file_name = input(
"Enter the pcap file name like 2019_11_02_16_55_22.pcap:"
) #输入pcap文件名
file_name = "sniff_data/" + file_name #组合文件路径
reader = PcapReader(file_name) #用scapy打开pcap文件
packets = reader.read_all(-1) #读取所有储存的数据包
for i in packets: #循环数据包列表
i.show() #打印数据包
def parse_pcap_files(self, pcapFiles, quite=True):
"""
Take one more more (list, or tuple) of pcap files and parse them
into the engine.
"""
if not hasattr(pcapFiles, '__iter__'):
if isinstance(pcapFiles, str):
pcapFiles = [pcapFiles]
else:
return
for i in range(0, len(pcapFiles)):
pcap = pcapFiles[i]
pcapName = os.path.split(pcap)[1]
if not quite:
sys.stdout.write("Reading PCap File: {0}\r".format(pcapName))
sys.stdout.flush()
if not os.path.isfile(pcap):
if not quite:
sys.stdout.write("Skipping File {0}: File Not Found\n".format(pcap))
sys.stdout.flush()
continue
elif not os.access(pcap, os.R_OK):
if not quite:
sys.stdout.write("Skipping File {0}: Permissions Issue\n".format(pcap))
sys.stdout.flush()
continue
pcapr = PcapReader(pcap) # pylint: disable=no-value-for-parameter
packet = pcapr.read_packet()
i = 1
try:
while packet:
if not quite:
sys.stdout.write('Parsing File: ' + pcap + ' Packets Done: ' + str(i) + '\r')
sys.stdout.flush()
self.parse_wireless_packet(packet)
packet = pcapr.read_packet()
i += 1
i -= 1
if not quite:
sys.stdout.write((' ' * len('Parsing File: ' + pcap + ' Packets Done: ' + str(i))) + '\r')
sys.stdout.write('Done With File: ' + pcap + ' Read ' + str(i) + ' Packets\n')
sys.stdout.flush()
except KeyboardInterrupt:
if not quite:
sys.stdout.write("Skipping File {0} Due To Ctl+C\n".format(pcap))
sys.stdout.flush()
except: # pylint: disable=bare-except
if not quite:
sys.stdout.write("Skipping File {0} Due To Scapy Exception\n".format(pcap))
sys.stdout.flush()
self.fragment_buffer = {}
pcapr.close()
def __init__(self, iface=None, *args, **karg):
_usbpcap_check()
if iface is None:
warning("Available interfaces: [%s]" %
" ".join(x[0] for x in get_usbpcap_interfaces()))
raise NameError("No interface specified !"
" See get_usbpcap_interfaces()")
self.outs = None
args = ['-d', iface, '-b', '134217728', '-A', '-o', '-']
self.usbpcap_proc = subprocess.Popen([conf.prog.usbpcapcmd] + args,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
self.ins = PcapReader(self.usbpcap_proc.stdout)
def rdpcap(filename, count=-1):
"""
Tries to read file in nanosecond format and falls back to regular format.
"""
reader = None
try:
reader=NSPcapReader(filename)
except Scapy_Exception as e:
if 'Not a pcap capture file (bad magic)' == str(e):
reader = PcapReader(filename)
else:
raise e
return reader.read_all(count=count)
def modify_traffic(self, output_filename, fake_ttl=False,
src_mac=None, dst_mac=None, src_ip_addr=None, dst_ip_addr=None):
if fake_ttl is True and len(self.src_hosts_with_fake_ttl) == 0:
print("Please extract ip2hc table before modify traffic with fake ttl.")
# show modify request
request = "Generating " + output_filename + " with\n"
if fake_ttl:
request += " fake ttl\n"
if src_mac is not None:
request += " src mac:" + src_mac + "\n"
if dst_mac is not None:
request += " dst mac:" + dst_mac + "\n"
if src_ip_addr is not None:
request += " src ip addr:" + src_ip_addr + "\n"
if dst_ip_addr is not None:
request += " dst ip addr:" + dst_ip_addr + "\n"
print(request + "\n")
pcap_reader = PcapReader(self.pcap_filename)
pcap_writer = PcapWriter(output_filename)
counter = 0
while True:
pkt = pcap_reader.read_packet()
if pkt is None:
break
if not pkt.haslayer('Ether') or not pkt.haslayer('IP'):
continue
# ipv4 packets
counter += 1
ip_int = self.__ip_str2int(pkt['IP'].src)
if fake_ttl:
pkt['IP'].ttl = self.src_hosts_with_fake_ttl[ip_int]
if src_mac is not None:
pkt['Ethernet'].src = src_mac
if dst_mac is not None:
pkt['Ethernet'].dst = dst_mac
if src_ip_addr is not None:
pkt['IP'].src = src_ip_addr
if dst_ip_addr is not None:
pkt['IP'].dst = dst_ip_addr
pcap_writer.write(pkt)
if counter % 10000 == 0:
print("%d packets have been processed\n" % counter)
pcap_writer.flush()
pcap_writer.close()
pcap_reader.close()
def run(self):
while True:
self.pcap = PcapReader(self.f)
self.lasttime = 0
for p in self.pcap:
if (not (self.lasttime == 0)):
diff = (p.time - self.lasttime)
time.sleep(diff * self.time_scale)
self.lasttime = p.time
if (self.done):
return
v = pmt.to_pmt(numpy.fromstring(str(p), dtype=numpy.uint8))
meta = pmt.make_dict()
self.message_port_pub(pmt.intern("pdus"), pmt.cons(meta, v))
def mysniff(self, *arg, **karg):
c = 0
if self.opened_socket is not None:
s = self.opened_socket
else:
if self.offline is None:
if self.L2socket is None:
self.L2socket = conf.L2listen
s = self.L2socket(type=ETH_P_ALL, *arg, **karg)
else:
s = PcapReader(self.offline)
lst = []
if self.timeout is not None:
stoptime = time.time() + self.timeout
remain = None
while 1:
if not self.running:
break
try:
if self.timeout is not None:
remain = stoptime - time.time()
if remain <= 0:
break
sel = select([s], [], [], remain)
if s in sel[0]:
p = s.recv(MTU)
if p is None:
break
if self.lfilter and not self.lfilter(p):
continue
if self.store:
lst.append(p)
c += 1
if self.prn:
r = self.prn(p)
if r is not None:
print r
if self.stop_filter and self.stop_filter(p):
break
if 0 < self.count <= c:
break
except KeyboardInterrupt:
break
if self.opened_socket is None:
s.close()
return plist.PacketList(lst, "Sniffed")
def arp_analyse(self, files_path):
# count = 0
for i in range(0, len(files_path)):
try:
packets = PcapReader(files_path[i])
while True:
packet = packets.read_packet()
if packet is None:
break
else:
# count = count+1
print(repr(packet))
packets.close()
except Scapy_Exception as e:
print(e)
def __init__(self, iface=None, promisc=None, filter=None, nofilter=False,
prog=None, *arg, **karg):
self.outs = None
args = ['-w', '-', '-s', '65535']
if iface is not None:
args.extend(['-i', iface])
if not promisc:
args.append('-p')
if not nofilter:
if conf.except_filter:
if filter:
filter = "(%s) and not (%s)" % (filter, conf.except_filter)
else:
filter = "not (%s)" % conf.except_filter
if filter is not None:
args.append(filter)
self.ins = PcapReader(tcpdump(None, prog=prog, args=args, getfd=True))
def pcap2flows(pth_pcap, num_pkt_thresh=2, verbose=True):
'''Reads pcap and divides packets into 5-tuple flows (arrival times and sizes)
Arguments:
pcap_file (string) = path to pcap file
num_pkt_thresh (int) = discards flows with fewer packets than max(2, thresh)
Returns:
flows (list) = [(fid, arrival times list, packet sizes list)]
'''
print(f'pcap_file: {pth_pcap}')
sessions = OrderedDict() # key order of fid by time
num_pkts = 0
pkt_sizes = []
"filter pcap_file only contains the special srcIP "
i = 0
FRAME_LEN = 1500 + 14
cnt = 0
try:
# sessions= rdpcap(pcap_file).sessions()
# res = PcapReader(pcap_file).read_all(count=-1)
# from scapy import plist
# sessions = plist.PacketList(res, name=os.path.basename(pcap_file)).sessions()
for i, pkt in enumerate(
PcapReader(pth_pcap)): # iteratively get packet from the pcap
if i % 10000 == 0:
print(f'i_pkt: {i}')
# sess_key = session_extractor(pkt) # this function treats bidirection as two sessions.
# if ('TCP' in sess_key) or ('UDP' in sess_key) or (6 in sess_key) or (17 in sess_key):
if (TCP in pkt) or (UDP in pkt):
if len(pkt) > FRAME_LEN:
cnt += 1
print(
f'i: {i}, pkt.wirelen: {pkt.wirelen}, len(pkt): {len(pkt)}, pkt.payload.len: {pkt.payload.len}'
)
pkt_sizes.append(len(pkt))
except Exception as e:
print('Error', e)
print(
f'tot_pkts: {i + 1}, {cnt} packets have wirelen > FRAME_LEN({FRAME_LEN})'
)
print(f'len(sessions) {len(sessions.keys())}')
return pkt_sizes
def _read_pcap(self):
self._say("reading file {name}".format(name=self.pcap_file))
start_time = time.time()
try:
fdesc = PcapReader(self.pcap_file)
except (IOError, Scapy_Exception) as err:
self._say("rdpcap: error: {}".format(err), file=sys.stderr)
self._app_shutdown()
except NameError as err:
self._say("rdpcap error: not a pcap file ({})".format(err),
file=sys.stderr)
self._app_shutdown()
except KeyboardInterrupt:
self._app_shutdown()
self._read_pkts(fdesc)
read_time = time.time()
self._say("took {0:.3f} seconds to read and parse"\
.format(read_time - start_time))
def dst_protocol_analysis(pid, d_mac, result_list):
result = []
for f in filenames[pid]:
for p in PcapReader(f):
packet_len = len(p)
p_ip, snd_rcv = get_pak_ip(p, d_mac)
if p_ip != 'non-ip' and p_ip in dst_info:
p_protocol = get_pak_protocol(packet=p, d_mac=d_mac)
host = dst_info[p_ip]
if p_protocol in protocol_info:
prot = protocol_info[p_protocol]
else:
prot = ProtocolPort.ProtocolPort(p_protocol, '-1', '-1',
'-1', '-1')
index = 0
is_old = False
for dst_pro in result:
if host == dst_pro.host and prot == dst_pro.protocol_port:
is_old = True
break
index += 1
if is_old:
if snd_rcv == 'snd':
result[index].add_snd(packet_len)
result[index].add_ps(1)
else:
result[index].add_rcv(packet_len)
result[index].add_pr(1)
else:
current: DestinationPro.DestinationPro
current = DestinationPro.DestinationPro(host, prot)
if snd_rcv == 'snd':
current.add_snd(packet_len)
current.add_ps(1)
else:
current.add_rcv(packet_len)
current.add_pr(1)
result.append(current)
result_list[pid] = result
def parse_file( tup ):
path, content = tup
ftmp = tempfile.NamedTemporaryFile(delete=True)
ftmp.write(content)
ftmp.flush()
pcap_reader = PcapReader(ftmp.name)
count=0
for packet in pcap_reader:
count+=1
try:
row = parse_packet(packet)
if row is not None:
yield row
except:
pass
ftmp.close()
def main():
sent = collections.Counter()
received = collections.Counter()
ratio = 3
for pkt in PcapReader(
sys.argv[1]
): # Using generator to avoid loading 350MB file into mem at once
if pkt.haslayer(Ether) and pkt.haslayer(IP) and pkt.haslayer(TCP):
if pkt[TCP].flags == 'S': # SYN - Sent packet
ip = pkt[IP].src
sent[ip] += 1
elif pkt[
TCP].flags == 'SA': # SYN-ACK - Sent packet acknowledgement
ip = pkt[IP].dst
received[ip] += 1
for ip in sent.keys():
if sent[ip] > received[ip] * ratio:
print(ip)
def read_pcap():
if chinses_mode:
print("请输入pcap文件名:")
else:
file_name = input(
"Enter the pcap file name like 2019_11_02_16_55_22.pcap:"
) #输入pcap文件名
file_name = "sniff_data/" + file_name #组合文件路径
try:
reader = PcapReader(file_name) #用scapy打开pcap文件
except FileNotFoundError:
if chinses_mode:
print("找不到文件")
else:
print("Can nod find the file")
return
packets = reader.read_all(-1) #读取所有储存的数据包
for i in packets: #循环数据包列表
i.show() #打印数据包