def __init__(self, rules): self.__rules = rules self._attack_pcap = open_offline(AttackPacket) self._normal_pcap = open_offline(NormalPacket) self.right_detected, self.wrong_detected = self.__check_detected_packet( ) self.__score = self.right_detected - self.wrong_detected
def testPacketDumper(self): """ #6 test that the dumper writes correct payload """ try: r = pcapy.open_offline(TestPcapy._96PINGS) dumper = r.dump_open('tmp.pcap') hdr, body = r.next() i = 0 while hdr is not None: dumper.dump(hdr, body) i += 1 hdr, body = r.next() # make sure file closes del dumper # check that the dumper wrote a legal pcap # file with same packer data r = pcapy.open_offline(TestPcapy._96PINGS) r2 = pcapy.open_offline('tmp.pcap') h1, b1 = r.next() h2, b2 = r2.next() while h1 is not None and h2 is not None: self.assertEqual(b1, b2) h1, b1 = r.next() h2, b2 = r2.next() self.assertTrue(h1 is None) self.assertTrue(h2 is None) del r2 finally: os.unlink('tmp.pcap')
def read_pcap(data_date, flabels, labels): dataset_dir = "/home/baskoro/Documents/Dataset/ISCX12/without retransmission/" if data_date != "11jun": filename = data_date[data_date.index("Testbed"):len(data_date) - 4] date_to_filename = { 'TestbedSatJun12Flows': '12jun', 'TestbedSunJun13Flows': '13jun', 'TestbedMonJun14Flows': '14jun', 'TestbedTueJun15-1Flows': '15jun', 'TestbedTueJun15-2Flows': '15jun', 'TestbedTueJun15-3Flows': '15jun', 'TestbedWedJun16-1Flows': '16jun', 'TestbedWedJun16-2Flows': '16jun', 'TestbedWedJun16-3Flows': '16jun', 'TestbedThuJun17-1Flows': '17jun', 'TestbedThuJun17-2Flows': '17jun', 'TestbedThuJun17-3Flows': '17jun', } cap = pcapy.open_offline(dataset_dir + "testbed-" + date_to_filename[filename] + ".pcap") else: cap = pcapy.open_offline(dataset_dir + "testbed-11jun.pcap") while (1): (header, packet) = cap.next() if not header: break parse_packet(flabels, labels, header, packet)
def AltDataSendt(path): File_list = [] PcapFiles = [] Overheadsum = 0 Samlet = 0 #Vi finder alle Pcap filer i den folderen vi er i substring = '.pcap' for Allfiles in os.popen('ls %s' % path): if substring in Allfiles: PcapFiles.append(Allfiles) #Vi kan nu finde alt data sendt som er i pcap filen. for pcap in PcapFiles: #We read one pcap file at a time. fil = path + "/" + pcap.rstrip() reader = pcapy.open_offline("%s" % fil) #Vi finder hvor mange frames der er i den givne pcap filen Lenght = os.popen('tshark -r %s | wc -l' % fil).read() PcapLenght = int(Lenght) #Vi koerer igennem alle frames/pakker og finder deres laengder i bytes for x in range(0, PcapLenght): (header, payload) = reader.next() # Summer alle frames laengder Overheadsum = Overheadsum + header.getlen() Samlet = Samlet + Overheadsum #print(Samlet) return (Overheadsum)
def create_streams(pcap, f): p = open_offline(pcap) global folder folder = f p.setfilter(r'ip proto \tcp or \udp') Decoder(p, folder).start() return files
def usage(): print sys.argv[0] + """ -i <dev> -r <input_file> -w <output_file>""" sys.exit(1) # Parse parameter try: cmd_opts = "i:r:w:" opts, args = getopt.getopt(sys.argv[1:], cmd_opts) except getopt.GetoptError: usage() for opt in opts: if opt[0] == "-w": dump_file = opt[1] elif opt[0] == "-i": dev = opt[1] elif opt[0] == "-r": input_file = opt[1] else: usage() # Start sniffing and write packet to a pcap dump file if input_file == None: pcap = pcapy.open_live(dev, 1500, 0, 100) dumper = pcap.dump_open(dump_file) pcap.loop(0, write_packet) # Read a pcap dump file and print it else: pcap = pcapy.open_offline(input_file) pcap.loop(0, read_packet)
def main(): out = os.fdopen(1, "wb") if write_file == "-" else open(write_file, "wb") pcap_header_out(out, link_type) r = pcapy.open_offline(read_file) while True: try: hdr, payload = r.next() except pcapy.PcapError: break if hdr == None: break secs, usecs = hdr.getts() tlv = read_tlv(payload) if evaluate(query, tlv).value(): data = slice_data(slicer, tlv) try: out.write(pcap_packet_header(secs, usecs, len(data))) out.write(data) out.flush() except(IOError, e): if e.errno == errno.EPIPE: return raise
def __init__(self, filename, cap_filter=r'ip proto \tcp'): self.filename = filename self.__cap_filter = cap_filter self.__pcapObj = pcapy.open_offline(self.filename) self.datalink = self.__pcapObj.datalink() if use_progressbar: self.filesize = os.stat(self.filename)[stat.ST_SIZE] self.read_len = 0 if pcapy.DLT_EN10MB == self.datalink: #self.decoder = EthDecoder() self.decoder_str = "EthDecoder" elif pcapy.DLT_LINUX_SLL == self.datalink: #self.decoder = LinuxSLLDecoder() self.decoder_str = "LinuxSLLDecoder" else: raise Exception("Datalink type not supported: " % self.datalink) if self.__cap_filter: self.__pcapObj.setfilter(self.__cap_filter) print "Reading from %s: linktype=%s" % (filename, self.decoder_str) if use_progressbar: filetransfer = progressbar.FileTransferSpeed() filetransfer.units = ['B','KB','MB','GB','TB','PB'] # widgets = ['Reading DUMP ', progressbar.FileTransferSpeed(),' <<<', progressbar.Bar(), '>>> ', progressbar.Percentage(),' ', progressbar.ETA()] widgets = ['Reading DUMP ', filetransfer,' <<<', progressbar.Bar(), '>>> ', progressbar.Percentage(),' ', progressbar.ETA()] self.pbar = progressbar.ProgressBar(widgets=widgets, maxval=self.filesize).start()
def scan(filename): global decoder p = pcapy.open_offline(filename) p.setfilter(r"ip proto \tcp") assert p.datalink() == pcapy.DLT_EN10MB decoder = impacket.ImpactDecoder.EthDecoder() p.loop(0, handler)
def pcap_to_object(pcap_file, obj_file): """Create a Python serialized graph object. Read the pcap file given in parameter, extracts source and destination IP and write a serialized graph object. """ reader = pcapy.open_offline(pcap_file) print reader.datalink() print pcapy.DLT_LINUX_SLL eth_decoder = Decoders.EthDecoder() sll_decoder = Decoders.LinuxSLLDecoder() ip_decoder = Decoders.IPDecoder() dic_ip = ip_dict() tts_min = 1000 tts_max = 2000 if options.verbose: print "Reading pcap file..." while True: try: (header, payload) = reader.next() if True: #tts_min <= header.getts()[0] <= tts_max: #ethernet = eth_decoder.decode(payload) sll = sll_decoder.decode(payload) if sll.get_ether_type() == Packets.IP.ethertype: #ip = ip_decoder.decode(payload[ethernet.get_header_size():]) ip_src = sll.child().get_ip_src() ip_dst = sll.child().get_ip_dst() dic_ip[ip_src][ip_dst] += 1 except Packets.ImpactPacketException, e: print e except:
def main(filename): # Open file p = open_offline(filename) # At the moment the callback only accepts TCP/IP packets. p.setfilter(r'ip proto \tcp') print "Reading from %s: linktype=%d" % (filename, p.datalink()) # Start decoding process. m_decoder = Decoder(p, filename) m_decoder.start() streams = [] for stream in m_decoder.connections.values(): streams.append(dStream(stream)) if flag_csv: csv_filename = os.path.abspath(m_decoder.dir) + '.csv' csv_out = open(csv_filename, 'w') first_line = ('stream_num,' + ','.join(dPacket.attr_names_as_list()) + "\n") csv_out.write(first_line) count_streams = 0 for stream in streams: for packet in stream.packets: line = str(count_streams) + ',' + packet.csv_line() + "\n" csv_out.write(line) count_streams += 1 csv_out.close() return streams, m_decoder.packet_list,
def __init__(self, dups, infile, outfile): self.dups = open(dups) self.infile = open_offline(infile) self.outfile = self.infile.dump_open(outfile) self.deleted = self.infile.dump_open(outfile + '_deleted.cap') self._next = 0 self._pos = 0
def __init__(self, infile, outfile, pkts): self.infile = open_offline(infile) self.outfile = self.infile.dump_open(outfile) self.pkts = self._parse(pkts) self._next = 0 self._pos = 0 self._stop = len(self.pkts)
def parse_file(filename): f = pcapy.open_offline(filename) count = 0 stage = 0 len_to_read = 0 while 1: (hdr, data) = f.next() if not hdr: break urb_type = ord(data[8]) ep = ord(data[10]) if ep == 0x81 and urb_type == 0x43: d = 'RX' elif ep == 0x02 and urb_type == 0x53: d = 'TX' print('') else: continue payload = data[0x40:] if len_to_read > 0: # data... print('>>> %s' % payload.encode('hex')) len_to_read -= len(payload) else: if len(payload) < 12: continue print('current data: %s' % payload.encode('hex')) print('[%s] %s' % (d, parse_mtp(payload))) len_to_read = get_total_len(payload) - len(payload) count += 1 print 'count: %s' % (count)
def __open_pcap_file__(self): """ This method opens the pcap network capture file and sets the BPF filter. """ self.__pd__ = pcapy.open_offline(self.__pcap_filename__) if self.__filter__: self.__pd__.setfilter(self.__filter__)
def main1(filename, _): p = open_offline(filename) # Restrict to tcp packets with only syn and ack set. p.setfilter(r'tcp[tcpflags] == (tcp-syn | tcp-ack)') d = Part1Decoder(p) d.start() d.report()
def start_capture(capfile, infilter, dev): """ With all information in hand, start capturing packets Args: capfile: in case user provides a pcap file infilter: any tcpdump filters dev: network device to sniffer Returns: cap object position number """ position = 0 try: if len(capfile) > 0: capfile, position = check_file_position(capfile) print "Using file %s " % capfile cap = pcapy.open_offline(capfile) else: print "Sniffing device %s" % dev cap = pcapy.open_live(dev, 65536, 1, 0) except Exception as exception: print "Error: %s" % exception print "Exiting..." sys.exit(3) if len(infilter) is 0: infilter = " port 6633 " cap.setfilter(infilter) return cap, position
def create_test_sock(pcap_filename): rospy.sleep(0.1) import pcapy from StringIO import StringIO from impacket import ImpactDecoder body_list = [] cap = pcapy.open_offline(pcap_filename) decoder = ImpactDecoder.EthDecoder() while True: header, payload = cap.next() if not header: break udp = decoder.decode(payload).child().child() body_list.append(udp.child().get_packet()) data_io = StringIO(''.join(body_list)) class MockSocket(object): def recv(self, byte_count): rospy.sleep(0.0001) data = data_io.read(byte_count) if data == "": rospy.signal_shutdown("Test completed.") return data def settimeout(self, timeout): pass return MockSocket()
def read_interface(self): """Read Packets from the packet capture interface""" # Spin up the packet capture if self._iface_is_file(): self.pcap = pcapy.open_offline(self.iface_name) else: try: # self.pcap = pcap.pcap(name=self.iface_name, promisc=True, immediate=True) # snaplen (maximum number of bytes to capture _per_packet_) # promiscious mode (1 for true) # timeout (in milliseconds) self.pcap = pcapy.open_live(self.iface_name, 65536, 1, 0) except OSError: try: logger.warning( 'Could not get promisc mode, turning flag off') self.pcap = pcapy.open_live(self.iface_name, 65536, 0, 0) except OSError: log_utils.panic( 'Could no open interface with any options (may need to be sudo)' ) # Add the BPF if it's specified if self.bpf: self.pcap.setfilter(self.bpf) print('listening on %s: %s' % (self.iface_name, self.bpf)) # For each packet in the pcap process the contents _packets = 0 while True: # Grab the next header and packet buffer header, raw_buf = self.pcap.next() # If we don't get a packet header break out of the loop if not header: break # Extract the timestamp from the header and yield the packet seconds, micro_sec = header.getts() timestamp = seconds + micro_sec * 10**-6 yield { 'timestamp': timestamp, 'raw_buf': raw_buf, 'packet_num': _packets } _packets += 1 # Is there a max packets set if so break on it if self.max_packets and _packets >= self.max_packets: break # All done so report and raise a StopIteration try: print( 'Packet stats: %d received, %d dropped, %d dropped by interface' % self.pcap.stats()) except pcapy.PcapError: print('No stats available...') raise StopIteration
def main(): # Vi finder alle Pcap filer i den folder vi er i for file in os.listdir("pcaps/"): if file.endswith(".pcap"): File_list.append(os.path.abspath(os.path.join("pcaps/", file))) overhead_sum = 0 # Vi kan nu finde alt data sendt som set i pcap filen for file in File_list: # Vi laeser fra vores oenskede pcap fil reader = pcapy.open_offline(file) # Vi finder hvor mange frames der er i pcap filen Lenght = os.popen('tshark -r {} | wc -l'.format(file)).read() test = Lenght[0] + Lenght[1] + Lenght[2] PcapLenght = int(test) # print(PcapLenght) try: # Vi koerer igennem alle pakker/frames og finder deres laengder for x in range(0, PcapLenght - 1): (header, payload) = reader.next() # print(header.getlen()); # Summer alle frames laengder if header is not None: overhead_sum = overhead_sum + header.getlen() except pcapy.PcapError: # print("FEJL") print(overhead_sum) break print(overhead_sum)
def main(argv): if len(argv) != 3: print("Usage: " + argv[0] + " [pcap file] [ctf folder]") sys.exit(1) pcap_filename = argv[1] ctf_path = argv[2] if not os.path.exists(pcap_filename): print("Source file does not exist.") sys.exit(1) if os.path.exists(ctf_path): print("Output folder exists, aborting."); sys.exit(1) # open source reader = pcapy.open_offline(pcap_filename) # create trace folder os.mkdir(ctf_path) # print metadata print_metadata(ctf_path + "/metadata") # open stream file pp = PacketProcessor(ctf_path + "/stream") # process packets reader.loop(-1, pp.process_packet)
def read_dataset(filename, port, model): # dataset_dir = "/home/baskoro/Documents/Dataset/ISCX12/without retransmission/" dataset_dir = "/home/baskoro/Documents/Dataset/Irene/" cap = pcapy.open_offline(dataset_dir + filename) anomaly_scores = [] detection_decisions = [] fresult = open("results/result-lstm-{}.csv".format(port), "w") #for i in range(2000): while (True): (header, packet) = cap.next() if not header: break ascii_payload = parse_packet(header, packet, port, fresult) if ascii_payload is not None: length = len(ascii_payload) anomaly_score = detect(model, ascii_payload) / float(length) if anomaly_score > threshold: fresult.write("{},1\n".format(anomaly_score)) #detection_decisions.append(1) else: fresult.write("{},0\n".format(anomaly_score)) #detection_decisions.append(0) anomaly_scores.append(anomaly_score) print anomaly_score #print packets #print detection_decisions mean = numpy.mean(anomaly_scores) stdev = numpy.std(anomaly_scores) print mean, stdev #numpy.savetxt("results/result-lstm-{}.csv".format(port), packets, delimiter=",") fresult.close()
def analyze(capture_path): feature_vector = [0, 0] try: cap = pcapy.open_offline(capture_path) (header, payload) = cap.next() while header: # Filter out noise packets if isNoise(header, payload): (header, payload) = cap.next() continue # Number of TLS headers on uplink/downlink tls = carveTLSHeaders(payload) if tls[1]: feature_vector[0] += tls[0] else: feature_vector[1] += tls[0] (header, payload) = cap.next() except pcapy.PcapError: pass # Expected when reaching the end of the capture file except: print "Unexpected error", sys.exc_info()[0] raise return feature_vector
def process_file(self, filename): """Load a pcap file and process the packets contained in it.""" p = pcapy.open_offline(filename) p.setfilter(r"ip proto \tcp") assert p.datalink() == pcapy.DLT_EN10MB p.loop(0, self.packet_handler)
def main(argv): ''' This is the main function ''' print_options, infilter, sanitizer, dev, capfile = ofp_cli.get_params(argv) try: if len(capfile) > 0: print "Using file %s " % capfile cap = pcapy.open_offline(capfile) else: print "Sniffing device %s" % dev cap = pcapy.open_live(dev, 65536, 1, 0) main_filter = " port 6633 " cap.setfilter(main_filter + infilter) # start sniffing packets while (1): (header, packet) = cap.next() parse_packet(packet, datetime.datetime.now(), header.getlen(), header.getcaplen(), print_options, sanitizer) except KeyboardInterrupt: print ofp_fsfw_v10.close() print 'Exiting...' sys.exit(0) except Exception as exception: print exception return
def payl_detect(mode): # load models models = {} for path in os.listdir(PaylModel.DIRNAME): if path.find(".payl") == (len(path) - 5): if os.path.isfile(PaylModel.DIRNAME + "/" + path): path = path.split(".")[0] port = path.split("-")[0] length = path.split("-")[1] models[path] = PaylModel(port, length) models[path].load() tmp = mode.split('/') fresult_name = tmp[len(tmp)-1] fresult = open('result-{}.csv'.format(fresult_name), 'w') cap = pcapy.open_offline(mode) while(1): (header, packet) = cap.next() if not header: break detect(models, header, packet, fresult) # break print "anomalies found : " + str(anomalies) + "/" + str(packet_counter) fresult.close()
def main(argv): arpres = [] choice = int(input("请输入 :\n1 离线工作模式\n2 在线工作模式\n")) if choice == 1: pcapfile = input("请输入pcap文件名:\n") cap = pcapy.open_offline(pcapfile) if choice == 2: devices = pcapy.findalldevs() print("可用网卡:") for d in devices: print(d) dev = input("请输入要监听的网卡:\n") print("正在监听网卡 " + dev) cap = pcapy.open_live(dev, 65536, 1, 100) myfilter = input('请输入过滤表达式:\n') cap.setfilter(myfilter) t1 = threading.Thread(target=loop, args=( cap, arpres, ), name='LoopThread1') #t2=threading.Thread(target=loop,args=(cap,),name='LoopThread2') t1.start() #t2.start() t1.join()
def parse_all_ip_port(packet_files): all_src_ip = set() all_dst_ip = set() all_src_port = set() all_dst_port = set() if is_iterable(packet_files) is False: packet_files = [packet_files] for packet_file in packet_files: pcap_handler = open_offline(packet_file) while True: pkt_hdr, pkt_data = pcap_handler.next() if pkt_hdr is None: break p = PacketParser(pkt_data) # What can i do..? with ignore(AttributeError): all_src_ip.add(p.src_ip) with ignore(AttributeError): all_dst_ip.add(p.dst_ip) with ignore(AttributeError): all_src_port.add(p.src_port) with ignore(AttributeError): all_dst_port.add(p.dst_port) return all_src_ip, all_dst_ip, all_src_port, all_dst_port
def main(argv): ''' Description : Main function to read packet from the dumped file input_param : argv - command line arguement list input_type : list ''' settings.packet_reader = pcapy.open_offline(settings.dump_file) settings.packet_reader.setnonblock(True) #filters = ' '.join(argv[1:] ) if len(argv) > 1 else '' filters = '' try: settings.packet_reader.setfilter(filters) except pcapy.PcapError: logger.error("Syntax error in options : {0}".format(filters)) logger.info("For Options syntax, Please refer the link http://biot.com/capstats/bpf.html") sys.exit(-1) # start sniffing packets while True : packets_read = settings.packet_reader.dispatch(1, parse_packet) if not packets_read: with open(settings.stats_file, "w") as stats_file: stats_file.write(str(packet_stats)) break
def start_capture(capfile, infilter, dev): """ With all information in hand, start capturing packets Args: capfile: in case user provides a pcap file infilter: any tcpdump filters dev: network device to sniffer Returns: cap object position number """ position = 0 try: if len(capfile) > 0: capfile, position = check_file_position(capfile) print("Using file %s " % capfile) cap = pcapy.open_offline(capfile) else: print("Sniffing device %s" % dev) cap = pcapy.open_live(dev, 65536, 1, 0) except Exception as exception: print("Error: %s" % exception) print("Exiting...") sys.exit(3) if len(infilter) is 0: # Super specific filter to overcome the python-pcapy performance issue # reported on https://github.com/CoreSecurity/pcapy/issues/12 # infilter = "tcp and port 6633 and (tcp[13] & 8!=0 or (tcp[13] & 1!=0 and tcp[13] & 16!=0))" infilter = "port 6633 or port 6634 or port 6653" cap.setfilter(infilter) return cap, position
def read_dataset(filename, seq_length, port): # dataset_dir = "/home/baskoro/Documents/Dataset/ISCX12/without retransmission/" dataset_dir = "/home/baskoro/Documents/Dataset/Irene/" print(dataset_dir + filename) cap = pcapy.open_offline(dataset_dir + filename) #for i in range(5000): while(True): (header, packet) = cap.next() if not header: break payload = parse_packet(header, packet, port, seq_length) if payload is None: continue for i in range(0, len(payload) - seq_length, 1): seq_in = payload[i:i + seq_length] seq_out = payload[i + seq_length] dataX.append(seq_in) dataY.append(seq_out) n_pattern = len(dataX) print n_pattern counter[port] += n_pattern del dataX[:] del dataY[:]
def reader(filename): reader = pcapy.open_offline(filename) while True: try: yield array('B', reader.next()[1]) except (StopIteration, pcapy.PcapError): raise StopIteration
def OpenFile( ): #this fn restarts all global vars and clears all containers (trees and txt) to startover with the pcap file global data, cap, times, word, Row, sniffing, packets, captureFromFile filename = QtGui.QFileDialog.getOpenFileName(ui_main.centralwidget, "Save file", "", "pcap (*.pcap)") if filename != "": msg = "This pcap file is going to overwrite the current captured data...continue without saving?" reply = QtGui.QMessageBox.question(ui_main.centralwidget, 'overwrite', msg, QtGui.QMessageBox.Yes, QtGui.QMessageBox.No) if reply == QtGui.QMessageBox.No: None else: data = "" cap = "" times = "" word = "" #filter word Row = 0 sniffing = True packets = [] captureFromFile = True cap = pcapy.open_offline(str(filename)) ui_main.PacketTable.clear() ui_main.PacketTree.clear() ui_main.plainTextEdit.clear() get_thread.start()
def openPcap(pcapFile): global pReader try: pReader = pcapy.open_offline(pcapFile) except: print("Error reading " + pcapFile) exit()
def __init__(self, pcapfile, bpf=None): self._cachers = [] self._pcapfile_name = pcapfile self._pc = pcapy.open_offline(pcapfile) self._bpf = bpf if bpf is not None: self._pc.setfilter(bpf)
def view(device, count, filename): global c c = 0 if device != None and count == -1: usage() sys.exit() if device != None and filename != None: usage() sys.exit() if device != None and filename == None: cap = pcapy.open_live(device, 2048, 1, 0) print 'viewer: listening on ' + device if filename != None and device == None: cap = pcapy.open_offline(filename) print 'viewer: reading ' + filename if count == -1 and filename != None: while True: (header, packet) = cap.next() parse_packet(packet) if count != -1 and (filename != None or device != None): while c < count: (header, packet) = cap.next() parse_packet(packet)
def main(filename): # Open file p = open_offline(filename) # At the moment the callback only accepts TCP/IP packets. p.setfilter(r'ip proto \tcp or \udp') print "Reading from %s: linktype=%d" % (filename, p.datalink()) # Start decoding process. Decoder(p).start()
def parse(fn): """Process a pcap file and return a dictionary of (answer, query, type) -> {first, last, ttl}""" s = Statmaker() pcap = pcapy.open_offline(fn) pcap.loop(0, s) return s
def __init__(self, in_file, outputs): self.p = pcapy.open_offline(in_file) self.o = list() for name, f in outputs: p = pcapy.compile(pcapy.DLT_EN10MB, 4096, f, 0, 1) o = self.p.dump_open(name) self.o.append((p, o))
def testPacketHeaderRefCount(self): """#1:when next() creates a pkthdr it make one extra reference""" class _Simple: pass #r = pcapy.open_live("en1", 65000, 0, 1000) r = pcapy.open_offline(TestPcapy._96PINGS) #get one & check its refcount self.assertEqual( sys.getrefcount(r.next()[0]), sys.getrefcount(_Simple()) )
def packet_generator(): pcap = pcapy.open_offline(test_data('testdump_usbmodify.pcap')) while True: (hdr, pack) = pcap.next() if hdr is None: return # EOF yield Packet(hdr, pack)
def runFromFile(self, filename): reader = None try: reader = pcapy.open_offline(filename) except: print "Could not open file {0}.".format(filename) sys.exit(-1) else: self.__run(reader)
def testClose(self): """ #7 Test the close method """ r = pcapy.open_offline(TestPcapy._96PINGS) hdr, body = r.next() assert hdr is not None r.close() with self.assertRaises(ValueError): r.next()
def offline(filename): """Anaiza un archivo pcap.""" print "Abriendo archivo «" + filename + "»..." cap = pcapy.open_offline(filename) while True: (header, packet) = cap.next() if header != None: parse(packet) else: break
def filefilter(pcapfile): try: print("Reading pcap file %s" % pcapfile) packetReader = open_offline(pcapfile) except Exception as e: print("Error opening pcap file: %s" % str(e)) return 0 packetReader.loop(0, Process)
def testContextManager(self): """ #8 Test the context manager support """ with pcapy.open_offline(TestPcapy._96PINGS) as r: hdr, body = r.next() assert hdr is not None with self.assertRaises(ValueError): r.next()
def pcapy_io(f_in,f_out): pt = pcapy.open_offline(f_in) pd = pt.dump_open(f_out) hdr, body = pt.next() while hdr is not None: pd.dump(hdr, body) hdr, body = pt.next() del pd pt.close()
def process(filename): global decoder p = pcapy.open_offline(filename) p.setfilter(r"ip proto \tcp") assert p.datalink() == pcapy.DLT_EN10MB decoder = impacket.ImpactDecoder.EthDecoder() p.loop(0, handler) for c in flows.values(): c.finish_transfer()
def SplitPcap(): # Open file filename=APPCONFIG.GlobalConfig["pcapfilename"] #logging.info (filename ) p = open_offline(filename) # At the moment the callback only accepts TCP/IP packets. #p.setfilter(r'ip proto \tcp') p.setfilter(r'ip') logging.info ("Reading from %s: linktype=%d" % (filename, p.datalink()) ) # Start decoding process. Decoder(p).start()
def pcap(self,fname): """ opens a pcap file and reads the contents """ cap = pcapy.open_offline(fname) self.map = [] self.p = PacketDecoder() cap.loop(0,self.process) return self.map
def start (self): # TODO: specify a device or select all devices # dev = pcapy.findalldevs()[0] if self.options['offline'] is None : p = pcapy.open_live(self.options['interface'], 65536, False, 1) else: p = pcapy.open_offline(self.options['offline']) #print "p.loop" p.loop(-1, self.handle_packet)
def create_test_sock(pcap_filename): rospy.sleep(0.1) try: import pcapy except ImportError: import pure_pcapy as pcapy from StringIO import StringIO from impacket import ImpactDecoder body_list = [] if pcap_filename.endswith("gz"): # From: http://projects.honeynet.org/honeysnap/changeset/35/trunk/honeysnap/__init__.py import tempfile import gzip tmph, tmpf = tempfile.mkstemp() tmph = open(tmpf, 'wb') gfile = gzip.open(pcap_filename) tmph.write(gfile.read()) gfile.close() tmph.close() pcap_filename = tmpf cap = pcapy.open_offline(pcap_filename) decoder = ImpactDecoder.EthDecoder() while True: header, payload = cap.next() if not header: break try: tcp = decoder.decode(payload).child().child() body_list.append(tcp.child().get_packet()) except AttributeError: print decoder.decode(payload) raise data_io = StringIO(''.join(body_list)) class MockSocket(object): def recv(self, byte_count): rospy.sleep(0.002) data = data_io.read(byte_count) if data == "": rospy.signal_shutdown("Test completed.") return data def settimeout(self, timeout): pass return MockSocket()
def testBPFFilter(self): """ #3 test offline BPFFilter """ r = pcapy.open_offline(TestPcapy._96PINGS) bpf = pcapy.BPFProgram("ip dst host 192.168.1.1") hdr, pkt = r.next() while hdr is not None: f = bpf.filter(pkt) self.assertNotEqual(f, 0) hdr, pkt = r.next()
def main(): oc = OSC.OSCClient() oc.connect(hostport) kbints = 0 interface_address=options.interface_address if openfile: p = pcapy.open_offline(openfile) else: # begin listening to network traffic interface = options.interface interface_address = netifaces.ifaddresses(interface)[2][0]['addr'] p = pcapy.open_live(interface, 1024, False, 10240) # create and start threads network_traffic = communication_thread() network_traffic.start() try: (header, payload) = p.next() while header: e = Ether(payload) t = e.getlayer(TCP) if t: i = e.getlayer(IP) nw_traffic_global.setdefault(t.dport,0) try: nw_traffic_global[t.dport]+=1 except KeyError: print 'race' nw_traffic_inout['in' if i.dst == interface_address else 'out']+=1 if e.haslayer(ICMP): x = OSC.OSCMessage() x.setAddress('/plinker/ping') x.append(1) oc.send(x) print 'ICMP ping sent' second = header.getts()[0] # [1] = miliseconds try: (header, payload) = p.next() except Exception,e: pass #print type(e) except Exception,e: print traceback.print_exc(e)
def setUp(self): pcap = pcapy.open_offline(test_data('usb-single-packet-2.pcap')) self.packet = Packet(*pcap.next()) self.set_and_test = partial(self.setattr_and_test, self.packet) # Long name, but not as long as without it self.assertRaisesWrongPacketXferType = partial(self.assertRaises, WrongPacketXferType, getattr, self.packet) # Verify that we have the right test data self.assertEqual(self.packet.length, 40, 'unmodified packet wrong--test bad?') self.assertEqual(self.packet.busnum, 7, 'unmodified packet wrong--test bad?')