def test():
"""Open up a test pcap file and stream the packets"""
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = PacketStreamer(iface_name=data_path, max_packets=50)
for packet in streamer.output_stream:
print(packet)
# Test BPF Filter
data_path = file_utils.relative_dir(__file__, '../../data/dns.pcap')
streamer = PacketStreamer(iface_name=data_path,
bpf='udp and dst port 53',
max_packets=50)
for packet in streamer.output_stream:
print(packet)
def test():
"""Test for PacketTags class"""
# Local imports
from chains.sources import packet_streamer
from chains.links import packet_meta
from chains.links import reverse_dns
# Create a PacketStreamer, a PacketMeta, and link them to PacketTags
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path,
max_packets=50)
meta = packet_meta.PacketMeta()
rdns = reverse_dns.ReverseDNS()
# Have the PacketTags use its default tagging methods + my silly example
def tag_is_tcp(data):
return 'Wow! IP' if data['packet']['type'] == 'IP' else None
tags = PacketTags(add_tag_methods=[tag_is_tcp]) # Add my silly tag
# Set up chain
meta.link(streamer)
rdns.link(meta)
tags.link(rdns)
# Print out the tags
for item in tags.output_stream:
src = item['packet']['src']
dst = item['packet']['dst']
print('%s --> %s Tags: %s' %
(net_utils.inet_to_str(src), net_utils.inet_to_str(dst),
str(list(item['tags']))))
def test():
"""Test for PacketTags class"""
# Local imports
from chains.sources import packet_streamer
from chains.links import packet_meta
from chains.links import reverse_dns
# Create a PacketStreamer, a PacketMeta, and link them to PacketTags
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path, max_packets=10)
meta = packet_meta.PacketMeta()
rdns = reverse_dns.ReverseDNS()
# Have the PacketTags use its default tagging methods + my silly example
def tag_is_tcp(data):
return 'TCP' if data['transport_type'] == 'TCP' else None
tags = PacketTags(add_tag_methods=[tag_is_tcp]) # Add my silly tag
# Set up chain
meta.link(streamer)
rdns.link(meta)
tags.link(rdns)
# Print out the tags
for item in tags.output_stream:
src = item[item['packet_type']]['src']
dst = item[item['packet_type']]['dst']
print '%s --> %s Tags: %s' % (net_utils.ip_to_str(src), net_utils.ip_to_str(dst), str(list(item['tags'])))
def test():
"""Test for the Flow class"""
# Local imports
from chains.sources import packet_streamer
from chains.links import packet_meta, reverse_dns, transport_meta
# Create a PacketStreamer, a PacketMeta, and link them to TransportMeta
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path,
max_packets=100)
meta = packet_meta.PacketMeta()
rdns = reverse_dns.ReverseDNS()
tmeta = transport_meta.TransportMeta()
# Set up chain
meta.link(streamer)
rdns.link(meta)
tmeta.link(rdns)
# Put the packets into flows
flows = defaultdict(Flow)
for packet in tmeta.output_stream:
flow_id = flow_tuple(packet)
flows[flow_id].add_packet(packet)
# Print out flow information
for flow in flows.values():
fd = flow.get_flow()
print('Flow %s -- Packets:%d Bytes:%d Payload: %s' %
(fd['flow_id'], len(fd['packet_list']), len(
fd['payload']), repr(fd['payload'])[:20]))
def test():
"""Test for Flows class"""
import pprint
# Local imports
from chains.sources import packet_streamer
from chains.links import packet_meta, reverse_dns, transport_meta
# Create a PacketStreamer, a PacketMeta, and link them to TransportMeta
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path,
max_packets=1000)
meta = packet_meta.PacketMeta()
rdns = reverse_dns.ReverseDNS()
tmeta = transport_meta.TransportMeta()
flows = Flows()
# Set up chain
meta.link(streamer)
rdns.link(meta)
tmeta.link(rdns)
flows.link(tmeta)
# Print out the flow information
for flow in flows.output_stream:
print_flow_info(flow)
def test():
"""Test for DNSMeta class"""
import pprint
# Local imports
from chains.sources import packet_streamer
from chains.links import packet_meta, reverse_dns, transport_meta
# Create a PacketStreamer, a PacketMeta, and link them to DNSMeta
data_path = file_utils.relative_dir(__file__, '../../data/dns.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path,
max_packets=10000)
meta = packet_meta.PacketMeta()
rdns = reverse_dns.ReverseDNS()
tmeta = transport_meta.TransportMeta()
dns_meta = DNSMeta()
# Set up chain
meta.link(streamer)
rdns.link(meta)
tmeta.link(rdns)
dns_meta.link(tmeta)
# Print out the DNS meta data
for item in dns_meta.output_stream:
if 'dns' in item:
print()
pprint.pprint(item['dns'])
else:
print('.', end='')
def test():
"""Test for HTTPMeta class"""
# Local imports
from chains.sources import packet_streamer
from chains.links import packet_meta, reverse_dns, transport_meta, flows
# Create a PacketStreamer, a PacketMeta, and link them to HTTPMeta
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path,
max_packets=10000)
meta = packet_meta.PacketMeta()
rdns = reverse_dns.ReverseDNS()
tmeta = transport_meta.TransportMeta()
fmeta = flows.Flows()
http_meta = HTTPMeta()
# Set up chain
meta.link(streamer)
rdns.link(meta)
tmeta.link(rdns)
fmeta.link(tmeta)
http_meta.link(fmeta)
# Print out the tags
for item in http_meta.output_stream:
if item['http']:
print('%s %s --> %s %s' % (item['http']['type'], item['src'],
item['dst'], item['http']['data']))
def test():
"""Test for TransportTags class"""
# Local imports
from chains.sources import packet_streamer
from chains.links import packet_meta
from chains.links import reverse_dns
# Create a PacketStreamer, a PacketMeta, and link them to TransportTags
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path, max_packets=10)
meta = packet_meta.PacketMeta()
rdns = reverse_dns.ReverseDNS()
tags = TransportTags()
# Set up chain
meta.link(streamer)
rdns.link(meta)
tags.link(rdns)
# Print out the tags
for item in tags.output_stream:
src = item[item['packet_type']]['src']
dst = item[item['packet_type']]['dst']
print '%s --> %s Tags: %s' % (net_utils.ip_to_str(src), net_utils.ip_to_str(dst), str(list(item['tags'])))
def test():
"""Test the Simple Packet Printer Example"""
from chains.utils import file_utils
# For the test we grab a file, but if you don't specify a
# it will grab from the first active interface
data_path = file_utils.relative_dir(__file__, '../data/http.pcap')
run(iface_name = data_path)
def test():
"""Test the Simple Packet Printer Example"""
from chains.utils import file_utils
# For the test we grab a file, but if you don't specify a
# it will grab from the first active interface
data_path = file_utils.relative_dir(__file__, '../data/http.pcap')
run(iface_name = data_path)
def test():
"""Test for PacketMeta class"""
from chains.sources import packet_streamer
import pprint
# Create a PacketStreamer and set its output to PacketMeta input
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path, max_packets=10)
meta = PacketMeta()
meta.link(streamer)
for item in meta.output_stream:
pprint.pprint(item)
def test():
"""Test for PacketMeta class"""
from chains.sources import packet_streamer
import pprint
# Create a PacketStreamer and set its output to PacketMeta input
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path, max_packets=50)
meta = PacketMeta()
meta.link(streamer)
for item in meta.output_stream:
pprint.pprint(item)
def test():
"""Test for ReverseDNS class"""
from chains.sources import packet_streamer
from chains.links import packet_meta
import pprint
# Create a PacketStreamer, a PacketMeta, and link them to ReverseDNS
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path, max_packets=10)
meta = packet_meta.PacketMeta()
dns = ReverseDNS()
meta.link(streamer)
dns.link(meta)
for item in dns.output_stream:
pprint.pprint(item)
def test():
"""Test for ReverseDNS class"""
from chains.sources import packet_streamer
from chains.links import packet_meta
import pprint
# Create a PacketStreamer, a PacketMeta, and link them to ReverseDNS
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path,
max_packets=50)
meta = packet_meta.PacketMeta()
dns = ReverseDNS()
meta.link(streamer)
dns.link(meta)
for item in dns.output_stream:
pprint.pprint(item)
def test():
"""Test for TLSMeta class"""
# Local imports
from chains.sources import packet_streamer
from chains.links import packet_meta, reverse_dns, transport_meta, flows
# Create a PacketStreamer, a PacketMeta, and link them to TLSMeta
data_path = file_utils.relative_dir(__file__, '../../data/https.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path,
max_packets=10000)
meta = packet_meta.PacketMeta()
rdns = reverse_dns.ReverseDNS()
tmeta = transport_meta.TransportMeta()
fmeta = flows.Flows()
tls_meta = TLSMeta()
# Set up chain
meta.link(streamer)
rdns.link(meta)
tmeta.link(rdns)
fmeta.link(tmeta)
tls_meta.link(fmeta)
# Print out the tags
for item in tls_meta.output_stream:
if item['tls']:
tls_records = item['tls']['data']['tls_records']
if item['tls']['type'] == 'TLS_CTS':
print('HTTPS_REQUEST')
print('\t%s --> %s (%s) tls_records(%d)\n' %
(item['src'], item['dst'], item['dst_domain'],
len(tls_records)))
else:
print('HTTPS_RESPONSE')
print('\t%s (%s) --> %s tls_records(%d)\n' %
(item['src'], item['src_domain'], item['dst'],
len(tls_records)))
else:
logger.info('Could not find TLS in Flow:')
flows.print_flow_info(item)
def test():
"""Test for PacketSummary class"""
from chains.sources import packet_streamer
from chains.links import packet_meta
from chains.links import reverse_dns
from chains.utils import file_utils
# Create a PacketStreamer and set its output to PacketSummary input
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path, max_packets=10)
meta = packet_meta.PacketMeta()
rdns = reverse_dns.ReverseDNS()
printer = PacketSummary()
# Set up the chain
meta.link(streamer)
rdns.link(meta)
printer.link(rdns)
# Pull the chain
printer.pull()
def test():
"""Test for PacketSummary class"""
from chains.sources import packet_streamer
from chains.links import packet_meta
from chains.links import reverse_dns
from chains.utils import file_utils
# Create a PacketStreamer and set its output to PacketSummary input
data_path = file_utils.relative_dir(__file__, 'pcaps/udp.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path, max_packets=50)
meta = packet_meta.PacketMeta()
rdns = reverse_dns.ReverseDNS()
printer = ZMQSink("tcp://localhost:5559","7")
# Set up the chain
meta.link(streamer)
rdns.link(meta)
printer.link(rdns)
# Pull the chain
printer.pull()
def test():
"""Test for PacketPrinter class"""
from chains.sources import packet_streamer
from chains.links import packet_meta
from chains.links import reverse_dns
from chains.utils import file_utils
# Create a PacketStreamer and set its output to PacketPrinter input
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path, max_packets=50)
meta = packet_meta.PacketMeta()
rdns = reverse_dns.ReverseDNS()
printer = PacketPrinter()
# Set up the chain
meta.link(streamer)
rdns.link(meta)
printer.link(rdns)
# Pull the chain
printer.pull()
def test():
"""Test for TransportMeta class"""
import pprint
# Local imports
from chains.sources import packet_streamer
from chains.links import packet_meta, reverse_dns
# Create a PacketStreamer, a PacketMeta, and link them to TransportMeta
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = packet_streamer.PacketStreamer(iface_name=data_path,
max_packets=50)
meta = packet_meta.PacketMeta()
rdns = reverse_dns.ReverseDNS()
tmeta = TransportMeta()
# Set up chain
meta.link(streamer)
rdns.link(meta)
tmeta.link(rdns)
# Print out the tags
for item in tmeta.output_stream:
pprint.pprint(item)
def test():
"""Open up a test pcap file and stream the packets"""
data_path = file_utils.relative_dir(__file__, '../../data/http.pcap')
streamer = PacketStreamer(iface_name=data_path, max_packets=10)
for packet in streamer.output_stream:
print packet