def dissect(udp): pudp={} pudp["layer"] = 4 pudp["protocol_name"] = "UDP" pudp["sport"] = udp.sport # Source port pudp["dport"] = udp.dport # Destination port pudp["ulen"] = udp.ulen # Length pudp["usum"] = udp.sum # Checksum if dns.check(udp): pudp["payload"] = dns.dissect(udp.data) else: pudp["payload"] = "unknown protocol on layer " + str(pudp["layer"]+1) return pudp
def dissect(udp): pudp = {} pudp["layer"] = 4 pudp["protocol_name"] = "UDP" pudp["sport"] = udp.sport # Source port pudp["dport"] = udp.dport # Destination port pudp["ulen"] = udp.ulen # Length pudp["usum"] = udp.sum # Checksum if dns.check(udp): pudp["payload"] = dns.dissect(udp.data) else: pudp["payload"] = "unknown protocol on layer " + str( pudp["layer"] + 1) return pudp
def dissect(tcp): """Runs all TCP dissectors. @param conn: connection. @param data: payload data. """ ptcp = {} # populate array of connections of Cuckoo default report ptcp["layer"] = 4 # Source port ptcp["protocol_name"] = "TCP" ptcp["sport"] = tcp.sport # Source port ptcp["dport"] = tcp.dport # Destination port ptcp["seqnum"] = tcp.seq # Sequence number ptcp["acknum"] = tcp.flags # Acknowledge number ptcp["off"] = tcp.off # Data offset ptcp["reserved"] = 0 # Reserved - always 0 ptcp["cb"] = Tcp.tcp_flags(tcp.data) # Verify flag of control bits ptcp["win"] = tcp.win # Window ptcp["cksum"] = tcp.sum # Checksum ptcp["urp"] = tcp.urp # Urgent Pointer ptcp["options"] = tcp.opts # Options ptcp["padding"] = '' # TODO not present in dpkt.ip.IP (maybe computed) # HTTP if http.check(tcp.data): ptcp["payload"] = http.dissect(tcp.data) # SMTP. elif smtp.check(tcp): ptcp["payload"] = smtp.dissect(tcp.data) # IRC elif irc.check(tcp): ptcp["payload"] = irc.dissect(tcp.data) # DNS elif dns.check(tcp): ptcp["payload"] = dns.dissect(tcp.data) # Unknown Protocol else: ptcp["payload"] = "unknown protocol on layer " + str( ptcp["layer"] + 1) return ptcp
def dissect(tcp): """Runs all TCP dissectors. @param conn: connection. @param data: payload data. """ ptcp = {} # populate array of connections of Cuckoo default report ptcp["layer"] = 4 # Source port ptcp["protocol_name"] = "TCP" ptcp["sport"] = tcp.sport # Source port ptcp["dport"] = tcp.dport # Destination port ptcp["seqnum"] = tcp.seq # Sequence number ptcp["acknum"] = tcp.flags # Acknowledge number ptcp["off"] = tcp.off # Data offset ptcp["reserved"] = 0 # Reserved - always 0 ptcp["cb"] = Tcp.tcp_flags(tcp.data) # Verify flag of control bits ptcp["win"] = tcp.win # Window ptcp["cksum"] = tcp.sum # Checksum ptcp["urp"] = tcp.urp # Urgent Pointer ptcp["options"] = tcp.opts # Options ptcp["padding"] = '' # TODO not present in dpkt.ip.IP (maybe computed) # HTTP if http.check(tcp.data): ptcp["payload"] = http.dissect(tcp.data) # SMTP. elif smtp.check(tcp): ptcp["payload"] = smtp.dissect(tcp.data) # IRC elif irc.check(tcp): ptcp["payload"] = irc.dissect(tcp.data) # DNS elif dns.check(tcp): ptcp["payload"] = dns.dissect(tcp.data) # Unknown Protocol else: ptcp["payload"] = "unknown protocol on layer " + str(ptcp["layer"]+1) return ptcp