def udp():
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
interfaceSelection = input("Please enter the interface to sniff-> ")
conn.bind((interfaceSelection,0))
n = 0
print('[UDP]')
numberInput = input("Please enter numbers of packet to scan: ")
number = int(numberInput)
while True:
while n < number:
raw_data, addr = conn.recvfrom(65535)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
#IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
#UDP Segments
if ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
n+=1
else:
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
n+=1
sys.exit()
def sniffer():
str = 'capture' + datetime.datetime.now().strftime('%d%m%Y_%H%M%S')
_count = 1
_listFrame = []
_listAlert = []
pcap = Pcap('Capture/'+str+'.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
print('\033[91m{0:5}\t{1:8}\t{2:15}\t\t{3:15}\t\t{4:8}\t{5:6}\t\t{6}\n\033[0m'
.format('No','Time','Source','Destination','Protocol','Length','Info'))
while True:
raw_data, addr = conn.recvfrom(65535)
if (datetime.datetime.now().strftime('%M%S') == '0000'):
pcap.close()
str = 'capture' + datetime.datetime.now().strftime('%d%m%Y_%H%M%S')
pcap = Pcap('Capture/'+str+'.pcap')
pcap.write(raw_data)
ethernetdata = Ethernet(raw_data)
_Warning = checkSniffer(ethernetdata, _listFrame)
if(_Warning != 0 and _Warning != 99 and _Warning != None and _Warning != 98):
ipv4 = IPv4(ethernetdata.data)
_ipsource = ipv4.src
_iptarget = ipv4.target
checklistAlert(_listAlert, _ipsource, _iptarget, _Warning)
RefeshlistAlert(_listAlert)
_Warningreturn = checkWarning(_Warning)
if(printSniffer(ethernetdata, _count, _Warningreturn) == 1):
_count += 1
pcap.close()
def read():
conn = None
if args.file != None:
pcap = Pcap(args.file, True,1)
else:
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
global filas
while True:
if conn!= None:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
else:
line = pcap.read()
if(line==None):
return
raw_data = line['data']
eth = Ethernet(raw_data)
for fila in filas:
fila.append(eth)
time.sleep( 0.3)
pcap.close()
def tcp():
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
interfaceSelection = input("Please enter the interface to sniff-> ")
conn.bind((interfaceSelection, 0))
n = 0
print('[TCP]')
numberInput = input("Please enter numbers of packet to scan: ")
number = int(numberInput)
while True:
while n < number:
raw_data, addr = conn.recvfrom(65535)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
#IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
#TCP Segments
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
n += 1
sys.exit()
def main():
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
eth = Ethernet(raw_data)
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 9010 or tcp.dest_port == 9010:
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
if 'Authorization' in line:
#print(str(line))
try:
p = re.compile(
'Authorization: Basic (([A-Za-z0-9@#$%^&+=]+)):'
)
if p.match(line):
username = p.match(line).group(1)
if (username == default_u):
logdefaultcred(
ipv4.src, username)
trackLogin(ipv4.src, username)
except Exception as ex:
print("Regex exception")
print(ex)
except:
print("HTTP exception")
else:
print('\t\tTCP Data:')
print(format_multi_line(TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
# Other IPv4
else:
pass
else:
pass
pcap.close()
def sniffer():
str = 'capture' + datetime.datetime.now().strftime("%d%m%Y_%H%M%S")
pcap = Pcap('Capture/' + str + '.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
listFrame = []
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
ethernetdata = Ethernet(raw_data)
checkSniffer(ethernetdata,listFrame)
pcap.close()
def main():
pcap = Pcap('packetCapture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
a = 0
count = 0
counter = 0
print(
'Source IP \t Destination IP \t Source Port \t Destination Port \t Protocol'
)
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# TCP
if count <= 300 and counter <= 50:
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
print('{} \t {} \t\t - {} \t\t - {} \t\t {}'.format(
ipv4.src, ipv4.target, tcp.src_port, tcp.dest_port,
ipv4.proto))
# print('RST'+str(tcp.flag_rst),tcp.flag_syn)
if tcp.flag_syn == 0 and tcp.flag_ack == 1:
count = count + 1
if tcp.flag_rst == 1:
if (len(ip_list) < 100):
ip_list.append(ipv4.src)
# print(ip_list)
if tcp.flag_syn == 1:
if (len(ip_list2) < 100):
ip_list2.append(ipv4.src)
#print(ip_list2)
#time.sleep(5)
for i in ip_list2:
if i in ip_list:
counter = counter + 1
else:
pass
#print(counter)
# if(counter>50):
# print('Beyond Threshold')
# sys.exit()
# else:
# pass
else:
print('Warning:SYN Flood Attack Detected')
sys.exit()
pcap.close()
def sniffer():
str = 'capture'+datetime.datetime.now().strftime('%d%m%Y_%H%M%S')
pcap = Pcap('Capture/'+str+'.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
sys.stdout.write('{0:5}\t{1:8}\t{2:15}\t{3:15}\t{4:8}\t{5:6}\t\t{6}\n'
.format('No','Time','Source','Destination','Protocol','Length','Info'))
_count = 1
_listFrame = []
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
ethernetdata = Ethernet(raw_data)
_Warning = checkSniffer(ethernetdata, _listFrame)
_Warningreturn = checkWarning(_Warning)
printSniffer(ethernetdata, _count, _Warningreturn)
_count += 1
pcap.close()
def ARP_Sniffer_Analyzer():
global listOfSuspectedMAC
pcap = Pcap('ARP capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
_ARP_analytics = ARP_analytics()
q = Queue()
alreadySuspectedMACs = Queue()
list_of_already_suspected = []
p = Process(target=_ARP_analytics.analyze_ARP,
args=(
q,
alreadySuspectedMACs,
))
p.start()
while True:
Biggest_buffer_we_can_afford = 65535
raw_data, addr = conn.recvfrom(Biggest_buffer_we_can_afford)
pcap.write(raw_data)
eth = Ethernet(raw_data)
if eth.src_mac == my_mac_address:
continue
def check_if_We_already_alert_about_this_MAC():
if not alreadySuspectedMACs.empty():
holder = alreadySuspectedMACs.get()
if holder not in list_of_already_suspected:
list_of_already_suspected.append(holder)
#ARP packet
if eth.original_proto == 2054:
if eth.src_mac != 'FF:FF:FF:FF:FF:FF':
check_if_We_already_alert_about_this_MAC()
print(eth.data)
if eth.src_mac not in list_of_already_suspected:
q.put(eth.src_mac)
print(eth.src_mac)
continue
def main():
#realizamos las capturas en el archivo capture.pcap y la conf del socket
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
#recibimos trodos los paquetes....
while True:
raw_data, addr = conn.recvfrom(65535)
#escribimos el paquete en el archivo para almacenarlo
pcap.write(raw_data)
#desmpaquetamos desde la primera capa
eth = Ethernet(raw_data)
#evaluamos si tiene es ipv4
if eth.proto == 8:
#pasamos a la segunda capa
ipv4 = IPv4(eth.data)
#evaluamos si es un paquete tcp
if ipv4.proto == 6:
#pasamos a la tercera capa
tcp = TCP(ipv4.data)
#vemos si pertenece al puerto 9000
if tcp.src_port == 9000 or tcp.dest_port == 9000:
#desplegamos toda la informacion
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
#Mostramos si tiene aun mas datos
if len(tcp.data) > 0:
print(
TAB_4 +
'______________Este paquete contiene datos_________________\t'
)
#terminamos la captura
pcap.close()
def icmp():
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
interfaceSelection = input("Please enter the interface to sniff-> ")
conn.bind((interfaceSelection, 0))
n = 0
print('[ICMP]')
numberInput = input("Please enter numbers of packet to scan: ")
number = int(numberInput)
while True:
while n < number:
raw_data, addr = conn.recvfrom(65535)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
#IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
#ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(
icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Datadadadada:')
print(format_multi_line(DATA_TAB_3, icmp.data))
else:
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
n += 1
sys.exit()
def main():
print("#################Capturing Packets############")
print(TAB_1 +"Source IP"+TAB_1+"Destination IP"+TAB_1+"Protocol"+TAB_1+"Source Port"+TAB_1+"Destination Port")
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
# Extracting the IPv4 Packet from ethernet frame
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# This is the part which extract TCP packet from IPv4 Packet
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
# Multithreading that receives SYN connection and checks for SYN flood attack Simultaneously.
threading.Thread(target= printpkt,args=(ipv4.src,ipv4.target,ipv4.proto,tcp.flag_syn,tcp.flag_ack,tcp.src_port,tcp.dest_port,)).start()
if tcp.flag_syn == 1 and ipv4.target == "192.168.2.34":
t1 = threading.Thread(target= storesynip,daemon=True, args=(ipv4.src,ipv4.target,)).start()
threading.Thread(target= storeip,args=(ipv4.src,ipv4.target,tcp.flag_syn,tcp.flag_ack,tcp.src_port,tcp.dest_port,)).start()
threading.Thread(target= checknow).start()
pcap.close()
def main():
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
packageManager = PackageManager()
print("\nSniffer iniciado...\n")
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
receivedDatetimePacket = time.time()
eth = Ethernet(raw_data)
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
# print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
if len(tcp.data) > 0:
# HTTP
# if tcp.src_port == 8080 or tcp.dest_port == 8080:
if tcp.dest_port == 8080:
packageManager.receivePackage(eth,
receivedDatetimePacket)
# UDP
elif ipv4.proto == 17:
# print('\n\n\n\n\nERRO UDP: + ' + str(ipv4.data))
udp = UDP(ipv4.data)
pcap.close()
def index(request):
answer = ''
answer += '<head><style>table, th, td {border: 1px solid black;border-collapse: collapse;}</style></head><body><table><tr><th>Time Stamp</th><th>Destination MAC</th><th>Source MAC</th><th>Protocol</th><th>IP Version</th><th>IP Header Length</th><th>TTL</th><th>Protocol</th><th>Source IP</th><th>Target IP</th><th>Source Port</th><th>Destination Port</th><th>Length</th></tr>'
for raw_data in range(5):
data, addr = s.recvfrom(65565)
pcap.write(data)
unpacked = struct.unpack('@ I H H i I I I I I I I', data[:40])
timestamp = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(unpacked))
eth = Ethernet(raw_data)
ipv4 = IPv4(eth.data)
icmp = ICMP(ipv4.data)
tcp = TCP(ipv4.data)
udp = UDP(ipv4.data)
answer += '<tr><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th></tr>'.format(
timestamp, eth.dest_mac, eth.src_mac, eth.proto, ipv4.version,
ipv4.header_length, ipv4.ttl, ipv4.proto, ipv4.src, ipv4.target,
tcp.src_port, tcp.dest_port, udp.src_port, udp.dest_port, udp.size)
answer += '</table></body>'
return HttpResponse(answer)
def main():
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
conn.bind(('127.0.0.1', 2055))
conn.listen(5)
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# print(TAB_1 + 'IPv4 Packet:')
# print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
# print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
# # ICMP
# if ipv4.proto == 1:
# icmp = ICMP(ipv4.data)
# print(TAB_1 + 'ICMP Packet:')
# print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
# print(TAB_2 + 'ICMP Data:')
# print(format_multi_line(DATA_TAB_3, icmp.data))
# # TCP
# elif ipv4.proto == 6:
# tcp = TCP(ipv4.data)
# if tcp.dest_port == 2055:
# print(TAB_1 + 'TCP Segment:')
# print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
# print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
# print(TAB_2 + 'Flags:')
# print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
# print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
# if len(tcp.data) > 0:
# print(TAB_2 + 'TCP Data:')
# print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
if ipv4.proto == 17:
udp = UDP(ipv4.data)
if udp.dest_port == 2055:
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
# print(format_multi_line(DATA_TAB_2, ipv4.data))
print(binascii.hexlify(ipv4.data))
else:
print('Ethernet Dataffgf:')
print(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
def start(self):
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
for i in range(0, 70):
x=time.clock()
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
mydialog.print_to_tabl(self, i, 0, str(i+1))
mydialog.print_to_tabl(self, i, 1, str(x))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
mydialog.print_to_tabl(self, i, 2, ipv4.src)
mydialog.print_to_tabl(self, i, 3, ipv4.target)
mydialog.print_to_tabl(self, i, 5,str(ipv4.header_length))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
mydialog.print_to_tabl(self,i, 4, "ICMP")
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
mydialog.print_to_tabl(self,i, 4, "tcp")
mydialog.print_to_tabl(self, i, 6,'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment) )
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port,
udp.size))
mydialog.print_to_tabl(self,i, 4, "UDP")
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(self,DATA_TAB_2, ipv4.data))
mydialog.print_to_tabl(self, i, 4, "ICMP")
# else:
#print('Ethernet Data:')
#print(format_multi_line(DATA_TAB_1, eth.data))
#mydialog.print_to_tabl(self, i, 6, str(eth.data))
# if pushButton_2.clicked :
# break
pcap.close()
def main():
timed_packets_tcp = []
timed_packets_udp = []
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
# print('\nEthernet Frame:')
# print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
# Get count feature
# Analyze the packets for last two seconds.
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# print(TAB_1 + 'IPv4 Packet:')
# print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
# print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
# print(TAB_1 + 'ICMP Packet:')
# print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
# print(TAB_2 + 'ICMP Data:')
# print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
protocol_type = 6
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
try:
service = get_service_from_port(tcp.dest_port)
except:
try:
service = get_service_from_port(tcp.src_port)
except:
service = "private"
timed_packets_tcp, same_host_count, same_service_count, same_srv_rate, diff_srv_rate, diff_host_rate, land = two_sec_analysis_tcp(
timed_packets_tcp, eth.dest_mac, eth.src_mac, tcp.src_port,
tcp.dest_port, tcp.sequence, tcp.acknowledgment,
tcp.flag_urg)
classify(sess, protocol_type, service, land, same_host_count,
same_service_count, tcp.flag_urg, same_srv_rate,
diff_srv_rate, diff_host_rate)
# if tcp.flag_urg == 0 and tcp.flag_ack == 0 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 1 and tcp.flag_fin == 0:
# print("SYN Request Sent!")
# print("connection started")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 1 and tcp.flag_fin == 0:
# print("SYN-ACK Request Sent!")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
# print("ACK Request Sent!")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
# print("ACK Request Sent!")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
# print("ACK Request Sent!")
# pass
# elif tcp.flag_urg == 0 and tcp.flag_ack == 1 and tcp.flag_psh == 0 and tcp.flag_rst == 0 and tcp.flag_syn == 0 and tcp.flag_fin == 0:
# print("ACK Request Sent!")
# pass
# if len(tcp.data) > 0:
# # HTTP
# if tcp.src_port == 80 or tcp.dest_port == 80:
# # print(TAB_2 + 'HTTP Data:')
# try:
# http = HTTP(tcp.data)
# http_info = str(http.data).split('\n')
# for line in http_info:
# print(DATA_TAB_3 + str(line))
# except:
# print("")
# # print(format_multi_line(DATA_TAB_3, tcp.data))
# else:
# print("")
# # print(TAB_2 + 'TCP Data:')
# # print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
protocol_type = 17
service = 'other'
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
flag_urg = 0
timed_packets_udp, same_host_count, same_service_count, same_srv_rate, diff_srv_rate, diff_host_rate, land = two_sec_analysis_udp(
timed_packets_udp, eth.dest_mac, eth.src_mac, udp.src_port,
udp.dest_port)
classify(sess, protocol_type, service, land, same_host_count,
same_service_count, flag_urg, same_srv_rate,
diff_srv_rate, diff_host_rate)
# Other IPv4
else:
print("")
# print(TAB_1 + 'Other IPv4 Data:')
# print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print("")
# print('Ethernet Data:')
# print(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
def main(packetSize=1000):
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
count = 0
while packetSize > count:
count += 1
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(
icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
def main(file_name, type_addr=None, src=None, dest=None):
file = open(file_name, 'rb')
pcapfile = savefile.load_savefile(file, verbose=True)
b = True
i = 1
try:
packet = pcapfile.packets[0]
raw_data = packet.raw()
except:
print("end of file ")
b = False
while b:
eth = Ethernet(raw_data)
if (type_addr == '-m' and src == eth.src_mac and dest
== eth.dest_mac) or type_addr == None or type_addr == 'ip':
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
if (type_addr == 'ip' and src == ipv4.src
and dest == ipv4.target
) or type_addr == '-m' or type_addr == None:
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 +
'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# TCP
#elif ipv4.proto == 6:
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 +
'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
#if len(tcp.data) > 0 :
# print(TAB_3 + 'WINDOW: {}'.format(struct.unpack('! H', tcp.data[:2]))
if len(tcp.data) > 0:
print(TAB_3 + 'WINDOW: {}'.format(tcp.win))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(
TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'
.format(udp.src_port, udp.dest_port, udp.size))
try:
packet = pcapfile.packets[i]
raw_data = packet.raw()
i += 1
except:
print("end of file ")
b = False
file.close()
def __init__(self, data):
self.src_mac = None
self.dest_mac = None
self.eth_type = None
self.ip_version = None
self.dest_ip = None
self.src_ip = None
self.ip_header_length= None
self.ttl = None
self.ip_protocol = None
self.dest_port = None
self.src_port = None
self.tcp_sequence = None
self.tcp_ack = None
self.tcp_flag_urg = None
self.tcp_flag_ack = None
self.tcp_flag_psh = None
self.tcp_flag_rst = None
self.tcp_flag_syn = None
self.tcp_flag_fin = None
self.udp_length = None
self.icmp_type = None
self.icmp_code = None
self.icmp_checksum = None
self.info = '-'
eth = Ethernet(data)
self.dest = self.dest_mac = eth.dest_mac
self.src = self.src_mac = eth.src_mac
self.proto = 'Ethernet II'
self.eth_type = eth.proto
self.length = eth.length
self.info = '-'
if eth.proto == 8:
ipv4 = IPv4(eth.data)
self.dest = ipv4.target
self.src = ipv4.src
self.proto = 'IPv4'
self.eth_type = 'IPv4'
self.ip_version = ipv4.version
self.dest_ip = ipv4.target
self.src_ip = ipv4.src
self.ip_header_length= ipv4.header_length
self.ttl = ipv4.ttl
if ipv4.proto == 1:
self.proto = 'ICMP'
self.ip_protocol = 'ICMP'
icmp = ICMP(ipv4.data)
self.icmp_type = icmp.type
self.icmp_code = icmp.code
self.icmp_checksum = icmp.checksum
elif ipv4.proto == 6:
self.proto = 'TCP'
self.ip_protocol = 'TCP'
tcp = TCP(ipv4.data)
self.dest_port = tcp.src_port
self.src_port = tcp.dest_port
self.tcp_sequence = tcp.sequence
self.tcp_ack = tcp.acknowledgment
self.tcp_flag_urg = tcp.flag_urg
self.tcp_flag_ack = tcp.flag_ack
self.tcp_flag_psh = tcp.flag_psh
self.tcp_flag_rst = tcp.flag_rst
self.tcp_flag_syn = tcp.flag_syn
self.tcp_flag_fin = tcp.flag_fin
elif ipv4.proto == 14:
self.proto = 'UDP'
udp = UDP(ipv4.data)
self.src_port = udp.src_port
self.dest_port = udp.dest_port
self.udp_length = udp.size
def receive_packet(conn):
raw_data, addr = conn.recvfrom(65565)
packet = []
eth = Ethernet(raw_data)
packet.append(eth)
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
packet.append(ipv4)
# TCP
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
packet.append(tcp)
# print('SRC IP: {} SRC Port: {} DST IP: {} DST Port: {}'
# .format(ipv4.src, tcp.src_port, ipv4.target, tcp.dest_port))
# print('Data length: {}'.format(len(tcp.data)))
mapped = False
if not mapped:
try:
tcp.data.decode('utf-8')
except:
pass
else:
if len(tcp.data) == 12 and tcp.data.decode('utf-8')[:3] == 'RFB':
vnc = VNCProtocolVersion(tcp.data)
# print(vnc)
packet.append(vnc)
mapped = True
if not mapped:
try:
vnc = VNCClientMessage(tcp.data)
if vnc.message_code == 0 and len(tcp.data) >= 16:
# FramebufferUpdate
try:
vnc_cm = VNCFrameBufferUpdateMessage(tcp.data)
except:
raise Exception('Can\'t decode message as FramebufferUpdate message!')
else:
# print(vnc_cm)
packet.append(vnc_cm)
mapped = True
if vnc.message_code == 0 and len(tcp.data) == 20:
# SetPixelFormat
# print('Probably SetPixelFormat message!')
mapped = True
elif vnc.message_code == 2 and len(tcp.data) == 4:
# SetEncodings
# print('Probably SetEncodings message!')
mapped = True
elif vnc.message_code == 3 and len(tcp.data) == 10:
# FramebufferUpdateRequest
try:
vnc_cm = VNCFrameBufferUpdateRequestMessage(tcp.data)
except:
raise Exception('Can\'t decode message as FramebufferUpdateRequest message!')
else:
# print(vnc_cm)
packet.append(vnc_cm)
mapped = True
elif vnc.message_code == 4 and len(tcp.data) == 8:
# KeyEvent
try:
vnc_cm = VNCKeyEventMessage(tcp.data)
except:
raise Exception('Can\'t decode message as KeyEvent message!')
else:
# print(vnc_cm)
packet.append(vnc_cm)
mapped = True
elif vnc.message_code == 5 and (len(tcp.data) == 6 or len(tcp.data) == 12):
# PointerEvent
try:
vnc_cm = VNCPointerEventMessage(tcp.data)
except:
raise Exception('Can\'t decode message as PointerEvent message!')
else:
# print(vnc_cm)
packet.append(vnc_cm)
mapped = True
elif vnc.message_code == 6:
# ClientCutText
# print('Probably ClientCutText message!')
mapped = True
except Exception as e:
print('Unexpected error: {}'.format(e))
return packet
def main():
#pcap is used to live capture network traffic
pcap = Pcap('capture.pcap')
#Creates a socket using
#Check that its compatible and make sure its in little or big indian
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
#Keeps looping and capturing data
while True:
#buffer size is set to 65535
raw_data, addr = conn.recvfrom(65535)
#storing the data
#capturing it
pcap.write(raw_data)
eth = Ethernet(raw_data)
#{} place order for each variable
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
#Unpacking IP Headers
# IPv4
#Make sure using regular internet traffic
#which is IPv4
if eth.proto == 8:
#calling class ip4
#passing capture data into class
#analysing and using its methods
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
#after analysing the capture data
#ipv4 determines which type of protocol the prackage is from
#1 for ICMP
ipv4 = IPv4(eth.data)
icmp = ICMP(ipv4.data)
#analyses using icmp class
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(
icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
#after analysing the capture data
#ipv4 determines which type of protocol the prackage is from
#6 for ICMP
tcp = TCP(ipv4.data)
#analyses using icmp class
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
#at least some thing is capture
if len(tcp.data) > 0:
#protocol port for HTTP is 80
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
#analyses using icmp class
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
#analyses using UDP class
# UDP
#17 for UDP
elif ipv4.proto == 17:
#analyses using UDP class
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
# Other
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
#this remaining is the payload of data
#data that meaningless or which we cant yet interpret
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
#closing the library after use
pcap.close()
def main():
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
info =""
Data=""
# if StartCapture==1:
Tstart=int(round(time.time() * 1000))
#StartCapture=0
while True:
raw_data, addr = conn.recvfrom(65535)
l=[]
l.append(Tstart-int(round(time.time() * 1000)))
pcap.write(raw_data)
eth = Ethernet(raw_data)
#print('\nEthernet Frame:')
Data+="\nEthernet Frame:"+TAB_1 + "Destination:"+str(eth.dest_mac)+"Source: "+str(eth.src_mac)+"Protocol: "+str(eth.proto)
#print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
Data += TAB_2 + 'Protocol: ' + str(ipv4.proto) + ' Source:' + str(ipv4.src) + 'Target:' + str(ipv4.target)
# print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
l.append(ipv4.src)
l.append(ipv4.target)
# print(TAB_1 + 'IPv4 Packet:')
# print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
Data+=TAB_1 + 'IPv4 Packet:'+TAB_2 + 'Version:'+str(ipv4.version)+'Header Length:'+ str(ipv4.header_length)+'TTL:'+str(ipv4.ttl)
l.append(ipv4.header_length)
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
l.append('ICMP')
# print(TAB_1 + 'ICMP Packet:')
# print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
# print(TAB_2 + 'ICMP Data:')
# print(format_multi_line(DATA_TAB_3, icmp.data))
Data+=TAB_1 + 'ICMP Packet:'+TAB_2 + 'Type: '+str(icmp.type)+"Code:"+str(icmp.code)+"Checksum:"+str( icmp.checksum)+TAB_2 + 'ICMP Data:'+str(format_multi_line(DATA_TAB_3, icmp.data))
l.append(icmp.data)
l.append(" ")
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
#print(TAB_1 + 'TCP Segment:')
l.append('TCP')
#print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
info+=str(tcp.src_port)+"->"+str(tcp.dest_port)+"ACK="+str(tcp.flag_ack)+"len ="+str(len(tcp.data))
#print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
#print(TAB_2 + 'Flags:')
#print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
#print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
Data+=TAB_1 + 'TCP Segment:'+TAB_2 + 'Source Port:'+str(tcp.src_port)+"Destination Port:"+str( tcp.dest_port)+TAB_2 + 'Sequence:'+str(tcp.sequence)+" Acknowledgment:"+str(tcp.acknowledgment)
Data+=TAB_2 + 'Flags:'+TAB_3 + 'URG:'+str(tcp.flag_urg)+'ACK'+str(tcp.flag_ack)+'PSH'+str(tcp.flag_psh)+TAB_3 + 'RST:'+str(tcp.flag_rst)+'SYN'+str(tcp.flag_syn)+'FIN'+str(tcp.flag_fin)
l.append(tcp.data)
l.append(info)
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
Data+=TAB_2 + 'HTTP Data:'
# print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
Data+=DATA_TAB_3 + str(line)
# print(DATA_TAB_3 + str(line))
except:
# print(format_multi_line(DATA_TAB_3, tcp.data))
Data+=format_multi_line(DATA_TAB_3, tcp.data)
else:
# print(TAB_2 + 'TCP Data:')
# print(format_multi_line(DATA_TAB_3, tcp.data))
Data+=TAB_2 + 'TCP Data:'+format_multi_line(DATA_TAB_3, tcp.data)
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
l.append('UDB')
#print(TAB_1 + 'UDP Segment:')
#print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
Data+=TAB_1 + 'UDP Segment:'+TAB_2 + 'Source Port:'+str(udp.src_port)+'Destination Port:'+str( udp.dest_port)+'Length'+str(udp.size)
info += str(udp.src_port) + "->" +str (udp.dest_port) + "len =" + str(udp.size) # + "ACK=" + str(udp.flag_ack)
l.append(0)
l.append(info)
# Other IPv4
else:
#print(TAB_1 + 'Other IPv4 Data:')
l.append('other')
l.append(0)
l.append('other')
#print(format_multi_line(DATA_TAB_2, ipv4.data))
Data+=TAB_1 + 'Other IPv4 Data:'+format_multi_line(DATA_TAB_2, ipv4.data)
else:
#print('Ethernet Data:')
#print(format_multi_line(DATA_TAB_1, eth.data))
l.append(" ")#src
l.append(" ")#target
l.append(" ")#Hlength
l.append(" ")#protocol
Data+='Ethernet Data:'+format_multi_line(DATA_TAB_1, eth.data)
l.append(format_multi_line(DATA_TAB_1, eth.data))#hex
l.append(" ") # info
l.append(Data)
temp=l[3]
l[3]=l[4]
l[4]=temp
temp2=l[5]
l[5]=l[6]
l[6]=l[7]
l[7]=temp2
print (*l ,sep=',')
info=""
Data=""
pcap.close()
def main():
report = Report()
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
#check if date passes
if report.current_date != date.today().strftime("%d_%m_%Y"):
#create new report
report = Report()
print ("New Date")
raw_data, addr = conn.recvfrom(65535)
#pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80 or tcp.dest_port == 443 or tcp.src_port == 443 :
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
# add line to report
report.add_row(ipv4.src,ipv4.target)
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
def main():
# output txt file name
output_file_name = 'task_1b_output.txt'
# remove the previously generated output txt file if exists
if os.path.exists(output_file_name):
os.remove(output_file_name)
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
data_from_server = ''
data_from_client = ''
try:
output_file = open(output_file_name, 'w')
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
now = datetime.now()
current_time = now.strftime("%H:%M:%S")
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# TCP
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
if len(tcp.data) > 0:
if tcp.src_port == 3333:
# print("[BOT to PC] [" + ipv4.src + "]" + " to " + "[" + ipv4.target + "]" + " > " + tcp.data.decode("utf-8"))
print("-------------------------")
printColour(current_time + " [BOT to PC] [" +
ipv4.src + "]" + " to " + "[" +
ipv4.target + "]" + " > ",
"green",
end='')
printColour(tcp.data.decode("utf-8"),
"red",
end='\n')
data_from_server = tcp.data.decode("utf-8")
# print(type(data_from_server))
if (data_from_server.count('@') == 2):
output_file.write(
encode(
random_string(6) +
str(data_from_server) +
random_string(6)) + '\n')
if tcp.dest_port == 3333:
# print("[PC to BOT] [" + ipv4.src + "]" + " to " + "[" + ipv4.target + "]" + " > " + tcp.data.decode("utf-8"))
print("-------------------------")
printColour(current_time + " [PC to BOT] [" +
ipv4.src + "]" + " to " + "[" +
ipv4.target + "]" + " > ",
"green",
end='')
printColour(tcp.data.decode("utf-8"),
"cyan",
end='\n')
data_from_client = tcp.data.decode("utf-8")
# print(type(data_from_client))
if (data_from_client.count('#') == 2):
output_file.write(
encode(
random_string(6) +
str(data_from_client) +
random_string(6)) + '\n')
# if (data_from_server.count('@') == 2) and (data_from_client.count('#') == 2):
# output_file.write(encode(random_string(6) + str(data_from_server) + random_string(6)) + '\n')
# output_file.write(encode(random_string(6) + str(data_from_client) + random_string(6)) + '\n')
pcap.close()
output_file.close()
except KeyboardInterrupt as e:
print('\n\nSee ya !')
os.chmod(output_file_name, (S_IRWXG | S_IRWXO | S_IRWXU))
exit()
def main(type_addr=None, src=None, dest=None, file_name=None):
#code of .pcap file analyzer
if file_name != None:
file = open(file_name, 'rb')
pcapfile = savefile.load_savefile(file, verbose=True)
b = True
i = 1
try:
packet = pcapfile.packets[0]
raw_data = packet.raw()
size = packet.packet_len
except:
print("empty file !")
b = False
#code to read and analyze .pcap file with the protocol Linux cooked capture
while b:
if 1:
if 1:
#ipv4 = IPv4(eth.data)
ipv4 = IPv4(raw_data[16:])
if (type_addr == '-ip' and src == ipv4.src
and dest == ipv4.target
) or type_addr == '-m' or type_addr == None:
print(TAB_1 + 'IPv4 Packet: No:{}'.format(i))
print(
TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 +
'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# TCP
#elif ipv4.proto == 6:
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
add_info(ipv4.src, ipv4.target, tcp.sequence,
tcp.flag_fin, packet, tcp,
packet.packet_len)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.
format(tcp.src_port, tcp.dest_port))
print(TAB_2 +
'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
print(TAB_3 + 'WINDOW: {}'.format(tcp.win))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(
TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'
.format(udp.src_port, udp.dest_port, udp.size))
try:
packet = pcapfile.packets[i]
raw_data = packet.raw()
size = packet.packet_len
i += 1
except:
print("end of file ")
b = False
file.close()
#code of real time analyzer in a local network
else:
file = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
socket.ntohs(3))
i = 0
while True:
if keyboard.is_pressed('q'):
break
raw_data, addr = conn.recvfrom(65535)
i += 1
eth = Ethernet(raw_data)
if keyboard.is_pressed('q'): #press q to stop the sniffer
break
if (type_addr == '-m' and src == eth.src_mac and dest
== eth.dest_mac) or type_addr == None or type_addr == 'ip':
file.write(raw_data)
print('\nEthernet Frame:')
print(TAB_1 +
'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
i += 1
ipv4 = IPv4(eth.data)
if (type_addr == 'ip' and src == ipv4.src
and dest == ipv4.target
) or type_addr == '-m' or type_addr == None:
print(TAB_1 + 'IPv4 Packet: No:{}'.format(i))
print(
TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 +
'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# TCP
#elif ipv4.proto == 6:
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.
format(tcp.src_port, tcp.dest_port))
print(TAB_2 +
'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
print(TAB_3 + 'WINDOW: {}'.format(tcp.win))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(
TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'
.format(udp.src_port, udp.dest_port, udp.size))
file.close()
file1 = open('capture.pcap', 'rb')
pcapfile = savefile.load_savefile(file1, verbose=True)
j = 0
b = True
packet = pcapfile.packets[0]
raw_data = packet.raw()
size = packet.packet_len
while b:
eth = Ethernet(raw_data)
if (type_addr == '-m' and src == eth.src_mac and dest
== eth.dest_mac) or type_addr == None or type_addr == 'ip':
# IPv4
if eth.proto == 8:
i += 1
ipv4 = IPv4(eth.data)
if 1:
# TCP
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
add_info(ipv4.src, ipv4.target, tcp.sequence,
tcp.flag_fin, packet, tcp,
packet.packet_len)
try:
packet = pcapfile.packets[j]
raw_data = packet.raw()
size = packet.packet_len
j += 1
except:
print("end of file ")
b = False
file1.close()
def main():
pcap = Pcap("capture.pcap")
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print("\nEthernet Frame:")
print(
f"{TAB_1}Destination: {eth.dest_mac}, Source: {eth.src_mac}, Protocol: {eth.proto}"
)
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + "IPv4 Packet:")
print(TAB_2 + "Version: {}, Header Length: {}, TTL: {},".format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + "Protocol: {}, Source: {}, Target: {}".format(
ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + "ICMP Packet:")
print(TAB_2 + "Type: {}, Code: {}, Checksum: {},".format(
icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + "ICMP Data:")
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + "TCP Segment:")
print(TAB_2 + "Source Port: {}, Destination Port: {}".format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + "Sequence: {}, Acknowledgment: {}".format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + "Flags:")
print(TAB_3 + "URG: {}, ACK: {}, PSH: {}".format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + "RST: {}, SYN: {}, FIN:{}".format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + "HTTP Data:")
try:
http = HTTP(tcp.data)
http_info = str(http.data).split("\n")
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + "TCP Data:")
print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + "UDP Segment:")
print(TAB_2 +
"Source Port: {}, Destination Port: {}, Length: {}".
format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + "Other IPv4 Data:")
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print("Ethernet Data:")
print(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
#if eth.proto == 8:
# ipv4 = IPv4(eth.data)
# print('IPv4 Packet:')
# print('Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
# print('Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
def index(request):
answer = ''
answer.append(str('<head><style>table, th, td {border: 1px solid black;border-collapse: collapse;}</style></head><body><table><tr><th>Time Stamp</th><th>Destination MAC</th><th>Source MAC</th><th>Protocol</th><th>IP Version</th><th>IP Header Length</th><th>TTL</th><th>Protocol</th><th>Source IP</th><th>Target IP</th><th>Source Port</th><th>Destination Port</th><th>Length</th></tr>'))
for raw_data in range(5):
raw_data , addr = s.recvfrom(65565)
pcap.write(raw_data)
unpacked = struct.unpack('@ I H H i I I I I I I I', raw_data[:40])
timestamp = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(unpacked))
eth = Ethernet(raw_data)
ipv4 = IPv4(eth.data)
icmp = ICMP ( ipv4.data )
tcp = TCP (ipv4.data)
udp = UDP (ipv4.data)
# pcap =Pcap(pcap.data)
answer.append (str('<tr><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th><th>{}</th></tr>'.format(timestamp, eth.dest_mac, eth.src_mac, eth.proto, ipv4.version, ipv4.header_length, ipv4.ttl, nipv4.proto, ipv4.src, ipv4.target, tcp.src_port, tcp.dest_port, udp.src_port, udp.dest_port, udp.size)))
answer.append (str('</table></body>'))
return HttpResponse(answer)
