def dissect(udp):
pudp={}
pudp["layer"] = 4
pudp["protocol_name"] = "UDP"
pudp["sport"] = udp.sport # Source port
pudp["dport"] = udp.dport # Destination port
pudp["ulen"] = udp.ulen # Length
pudp["usum"] = udp.sum # Checksum
if dns.check(udp):
pudp["payload"] = dns.dissect(udp.data)
else:
pudp["payload"] = "unknown protocol on layer " + str(pudp["layer"]+1)
return pudp
def dissect(udp):
pudp = {}
pudp["layer"] = 4
pudp["protocol_name"] = "UDP"
pudp["sport"] = udp.sport # Source port
pudp["dport"] = udp.dport # Destination port
pudp["ulen"] = udp.ulen # Length
pudp["usum"] = udp.sum # Checksum
if dns.check(udp):
pudp["payload"] = dns.dissect(udp.data)
else:
pudp["payload"] = "unknown protocol on layer " + str(
pudp["layer"] + 1)
return pudp
def dissect(tcp):
"""Runs all TCP dissectors.
@param conn: connection.
@param data: payload data.
"""
ptcp = {} # populate array of connections of Cuckoo default report
ptcp["layer"] = 4 # Source port
ptcp["protocol_name"] = "TCP"
ptcp["sport"] = tcp.sport # Source port
ptcp["dport"] = tcp.dport # Destination port
ptcp["seqnum"] = tcp.seq # Sequence number
ptcp["acknum"] = tcp.flags # Acknowledge number
ptcp["off"] = tcp.off # Data offset
ptcp["reserved"] = 0 # Reserved - always 0
ptcp["cb"] = Tcp.tcp_flags(tcp.data) # Verify flag of control bits
ptcp["win"] = tcp.win # Window
ptcp["cksum"] = tcp.sum # Checksum
ptcp["urp"] = tcp.urp # Urgent Pointer
ptcp["options"] = tcp.opts # Options
ptcp["padding"] = '' # TODO not present in dpkt.ip.IP (maybe computed)
# HTTP
if http.check(tcp.data):
ptcp["payload"] = http.dissect(tcp.data)
# SMTP.
elif smtp.check(tcp):
ptcp["payload"] = smtp.dissect(tcp.data)
# IRC
elif irc.check(tcp):
ptcp["payload"] = irc.dissect(tcp.data)
# DNS
elif dns.check(tcp):
ptcp["payload"] = dns.dissect(tcp.data)
# Unknown Protocol
else:
ptcp["payload"] = "unknown protocol on layer " + str(
ptcp["layer"] + 1)
return ptcp
def dissect(tcp):
"""Runs all TCP dissectors.
@param conn: connection.
@param data: payload data.
"""
ptcp = {} # populate array of connections of Cuckoo default report
ptcp["layer"] = 4 # Source port
ptcp["protocol_name"] = "TCP"
ptcp["sport"] = tcp.sport # Source port
ptcp["dport"] = tcp.dport # Destination port
ptcp["seqnum"] = tcp.seq # Sequence number
ptcp["acknum"] = tcp.flags # Acknowledge number
ptcp["off"] = tcp.off # Data offset
ptcp["reserved"] = 0 # Reserved - always 0
ptcp["cb"] = Tcp.tcp_flags(tcp.data) # Verify flag of control bits
ptcp["win"] = tcp.win # Window
ptcp["cksum"] = tcp.sum # Checksum
ptcp["urp"] = tcp.urp # Urgent Pointer
ptcp["options"] = tcp.opts # Options
ptcp["padding"] = '' # TODO not present in dpkt.ip.IP (maybe computed)
# HTTP
if http.check(tcp.data):
ptcp["payload"] = http.dissect(tcp.data)
# SMTP.
elif smtp.check(tcp):
ptcp["payload"] = smtp.dissect(tcp.data)
# IRC
elif irc.check(tcp):
ptcp["payload"] = irc.dissect(tcp.data)
# DNS
elif dns.check(tcp):
ptcp["payload"] = dns.dissect(tcp.data)
# Unknown Protocol
else:
ptcp["payload"] = "unknown protocol on layer " + str(ptcp["layer"]+1)
return ptcp
