コード例 #1
0
 def __init__(self, rules):
     self.__rules = rules
     self._attack_pcap = open_offline(AttackPacket)
     self._normal_pcap = open_offline(NormalPacket)
     self.right_detected, self.wrong_detected = self.__check_detected_packet(
     )
     self.__score = self.right_detected - self.wrong_detected
コード例 #2
0
ファイル: pcapytests.py プロジェクト: CoreSecurity/pcapy
    def testPacketDumper(self):
        """
        #6 test that the dumper writes correct payload
        """
        try:
            r = pcapy.open_offline(TestPcapy._96PINGS)
            dumper = r.dump_open('tmp.pcap')

            hdr, body = r.next()
            i = 0
            while hdr is not None:
                dumper.dump(hdr, body)
                i += 1
                hdr, body = r.next()

            # make sure file closes
            del dumper

            # check that the dumper wrote a legal pcap
            # file with same packer data
            r = pcapy.open_offline(TestPcapy._96PINGS)
            r2 = pcapy.open_offline('tmp.pcap')

            h1, b1 = r.next()
            h2, b2 = r2.next()
            while h1 is not None and h2 is not None:
                self.assertEqual(b1, b2)
                h1, b1 = r.next()
                h2, b2 = r2.next()

            self.assertTrue(h1 is None)
            self.assertTrue(h2 is None)
            del r2
        finally:
            os.unlink('tmp.pcap')
コード例 #3
0
def read_pcap(data_date, flabels, labels):
    dataset_dir = "/home/baskoro/Documents/Dataset/ISCX12/without retransmission/"
    if data_date != "11jun":
        filename = data_date[data_date.index("Testbed"):len(data_date) - 4]

        date_to_filename = {
            'TestbedSatJun12Flows': '12jun',
            'TestbedSunJun13Flows': '13jun',
            'TestbedMonJun14Flows': '14jun',
            'TestbedTueJun15-1Flows': '15jun',
            'TestbedTueJun15-2Flows': '15jun',
            'TestbedTueJun15-3Flows': '15jun',
            'TestbedWedJun16-1Flows': '16jun',
            'TestbedWedJun16-2Flows': '16jun',
            'TestbedWedJun16-3Flows': '16jun',
            'TestbedThuJun17-1Flows': '17jun',
            'TestbedThuJun17-2Flows': '17jun',
            'TestbedThuJun17-3Flows': '17jun',
        }

        cap = pcapy.open_offline(dataset_dir + "testbed-" +
                                 date_to_filename[filename] + ".pcap")
    else:
        cap = pcapy.open_offline(dataset_dir + "testbed-11jun.pcap")

    while (1):
        (header, packet) = cap.next()
        if not header:
            break
        parse_packet(flabels, labels, header, packet)
コード例 #4
0
    def testPacketDumper(self):
        """
        #6 test that the dumper writes correct payload
        """
        try:
            r = pcapy.open_offline(TestPcapy._96PINGS)
            dumper = r.dump_open('tmp.pcap')

            hdr, body = r.next()
            i = 0
            while hdr is not None:
                dumper.dump(hdr, body)
                i += 1
                hdr, body = r.next()

            # make sure file closes
            del dumper

            # check that the dumper wrote a legal pcap
            # file with same packer data
            r = pcapy.open_offline(TestPcapy._96PINGS)
            r2 = pcapy.open_offline('tmp.pcap')

            h1, b1 = r.next()
            h2, b2 = r2.next()
            while h1 is not None and h2 is not None:
                self.assertEqual(b1, b2)
                h1, b1 = r.next()
                h2, b2 = r2.next()

            self.assertTrue(h1 is None)
            self.assertTrue(h2 is None)
            del r2
        finally:
            os.unlink('tmp.pcap')
コード例 #5
0
def AltDataSendt(path):
    File_list = []
    PcapFiles = []
    Overheadsum = 0
    Samlet = 0
    #Vi finder alle Pcap filer i den folderen vi er i
    substring = '.pcap'
    for Allfiles in os.popen('ls %s' % path):
        if substring in Allfiles:
            PcapFiles.append(Allfiles)

#Vi kan nu finde alt data sendt som er i pcap filen.
    for pcap in PcapFiles:
        #We read one pcap file at a time.
        fil = path + "/" + pcap.rstrip()
        reader = pcapy.open_offline("%s" % fil)
        #Vi finder hvor mange frames der er i den givne pcap filen
        Lenght = os.popen('tshark -r %s | wc -l' % fil).read()
        PcapLenght = int(Lenght)
        #Vi koerer igennem alle frames/pakker og finder deres laengder i bytes
        for x in range(0, PcapLenght):
            (header, payload) = reader.next()
            # Summer alle frames laengder

            Overheadsum = Overheadsum + header.getlen()
    Samlet = Samlet + Overheadsum
    #print(Samlet)
    return (Overheadsum)
コード例 #6
0
def create_streams(pcap, f):
    p = open_offline(pcap)
    global folder
    folder = f
    p.setfilter(r'ip proto \tcp or \udp')
    Decoder(p, folder).start()
    return files
コード例 #7
0
ファイル: pcap.py プロジェクト: kevinamos/axploit
def usage():
    print sys.argv[0] + """
	-i <dev>
	-r <input_file>
	-w <output_file>"""
    sys.exit(1)
    # Parse parameter
    try:
        cmd_opts = "i:r:w:"
        opts, args = getopt.getopt(sys.argv[1:], cmd_opts)
    except getopt.GetoptError:
        usage()
    for opt in opts:
        if opt[0] == "-w":
            dump_file = opt[1]
        elif opt[0] == "-i":
            dev = opt[1]
        elif opt[0] == "-r":
            input_file = opt[1]
        else:
            usage()
    # Start sniffing and write packet to a pcap dump file
    if input_file == None:
        pcap = pcapy.open_live(dev, 1500, 0, 100)
        dumper = pcap.dump_open(dump_file)
        pcap.loop(0, write_packet)
        # Read a pcap dump file and print it
    else:
        pcap = pcapy.open_offline(input_file)
        pcap.loop(0, read_packet)
コード例 #8
0
def main():
    out = os.fdopen(1, "wb") if write_file == "-" else open(write_file, "wb")
    pcap_header_out(out, link_type)

    r = pcapy.open_offline(read_file)
    while True:
        try:
            hdr, payload = r.next()
        except pcapy.PcapError:
            break

        if hdr == None:
            break
        secs, usecs = hdr.getts()
        tlv = read_tlv(payload)
        if evaluate(query, tlv).value():
            data = slice_data(slicer, tlv)

            try:
                out.write(pcap_packet_header(secs, usecs, len(data)))
                out.write(data)
                out.flush()
            except(IOError, e):
                if e.errno == errno.EPIPE:
                    return
                raise
コード例 #9
0
    def __init__(self, filename, cap_filter=r'ip proto \tcp'):
        self.filename = filename
        self.__cap_filter = cap_filter
        self.__pcapObj = pcapy.open_offline(self.filename)
        self.datalink = self.__pcapObj.datalink()

        if use_progressbar:
            self.filesize = os.stat(self.filename)[stat.ST_SIZE]
        self.read_len = 0

        if pcapy.DLT_EN10MB == self.datalink:
            #self.decoder = EthDecoder()
            self.decoder_str = "EthDecoder"
        elif pcapy.DLT_LINUX_SLL == self.datalink:
            #self.decoder = LinuxSLLDecoder()
            self.decoder_str = "LinuxSLLDecoder"
        else:
            raise Exception("Datalink type not supported: " % self.datalink)

        if self.__cap_filter:
            self.__pcapObj.setfilter(self.__cap_filter)

        print "Reading from %s: linktype=%s" % (filename, self.decoder_str)
        
        if use_progressbar:
            filetransfer = progressbar.FileTransferSpeed()
            filetransfer.units = ['B','KB','MB','GB','TB','PB']
#            widgets = ['Reading DUMP  ', progressbar.FileTransferSpeed(),' <<<', progressbar.Bar(), '>>> ', progressbar.Percentage(),' ', progressbar.ETA()]
            widgets = ['Reading DUMP  ', filetransfer,' <<<', progressbar.Bar(), '>>> ', progressbar.Percentage(),' ', progressbar.ETA()]
            self.pbar = progressbar.ProgressBar(widgets=widgets, maxval=self.filesize).start()
コード例 #10
0
ファイル: split-trace.py プロジェクト: richwolski/bluesky
def scan(filename):
    global decoder
    p = pcapy.open_offline(filename)
    p.setfilter(r"ip proto \tcp")
    assert p.datalink() == pcapy.DLT_EN10MB
    decoder = impacket.ImpactDecoder.EthDecoder()
    p.loop(0, handler)
コード例 #11
0
ファイル: pcap_to_object2.py プロジェクト: siam28/IP-Link
def pcap_to_object(pcap_file, obj_file):
    """Create a Python serialized graph object.
    
    Read the pcap file given in parameter, extracts source and destination IP
    and write a serialized graph object.
    """
    reader = pcapy.open_offline(pcap_file)
    print reader.datalink()
    print pcapy.DLT_LINUX_SLL
    eth_decoder = Decoders.EthDecoder()
    sll_decoder = Decoders.LinuxSLLDecoder()
    ip_decoder = Decoders.IPDecoder()

    dic_ip = ip_dict()

    tts_min = 1000
    tts_max = 2000

    if options.verbose:
        print "Reading pcap file..."
    while True:
        try:
            (header, payload) = reader.next()
            if True:  #tts_min <= header.getts()[0] <= tts_max:
                #ethernet = eth_decoder.decode(payload)
                sll = sll_decoder.decode(payload)
                if sll.get_ether_type() == Packets.IP.ethertype:
                    #ip = ip_decoder.decode(payload[ethernet.get_header_size():])
                    ip_src = sll.child().get_ip_src()
                    ip_dst = sll.child().get_ip_dst()
                    dic_ip[ip_src][ip_dst] += 1
        except Packets.ImpactPacketException, e:
            print e
        except:
コード例 #12
0
ファイル: split_to_streams.py プロジェクト: yfried/deNAT
def main(filename):
    # Open file
    p = open_offline(filename)

    # At the moment the callback only accepts TCP/IP packets.
    p.setfilter(r'ip proto \tcp')

    print "Reading from %s: linktype=%d" % (filename, p.datalink())

    # Start decoding process.
    m_decoder = Decoder(p, filename)
    m_decoder.start()

    streams = []
    for stream in m_decoder.connections.values():
        streams.append(dStream(stream))

    if flag_csv:
        csv_filename = os.path.abspath(m_decoder.dir) + '.csv'
        csv_out = open(csv_filename, 'w')
        first_line = ('stream_num,' +
                      ','.join(dPacket.attr_names_as_list()) + "\n")
        csv_out.write(first_line)

        count_streams = 0
        for stream in streams:
            for packet in stream.packets:
                line = str(count_streams) + ',' + packet.csv_line() + "\n"
                csv_out.write(line)
            count_streams += 1

        csv_out.close()

    return streams, m_decoder.packet_list,
コード例 #13
0
ファイル: removedups.py プロジェクト: Enchufa2/nantools
 def __init__(self, dups, infile, outfile):
     self.dups = open(dups)
     self.infile = open_offline(infile)
     self.outfile = self.infile.dump_open(outfile)
     self.deleted = self.infile.dump_open(outfile + '_deleted.cap')
     self._next = 0
     self._pos = 0
コード例 #14
0
ファイル: extract_pkts.py プロジェクト: Enchufa2/nantools
 def __init__(self, infile, outfile, pkts):
     self.infile = open_offline(infile)
     self.outfile = self.infile.dump_open(outfile)
     self.pkts = self._parse(pkts)
     self._next = 0
     self._pos = 0
     self._stop = len(self.pkts)
コード例 #15
0
ファイル: mtp_traffic.py プロジェクト: BinyaminSharet/Mtp
def parse_file(filename):
    f = pcapy.open_offline(filename)
    count = 0
    stage = 0
    len_to_read = 0
    while 1:
        (hdr, data) = f.next()
        if not hdr:
            break
        urb_type = ord(data[8])
        ep = ord(data[10])
        if ep == 0x81 and urb_type == 0x43:
            d = 'RX'
        elif ep == 0x02 and urb_type == 0x53:
            d = 'TX'
            print('')
        else:
            continue
        payload = data[0x40:]
        if len_to_read > 0:  # data...
            print('>>> %s' % payload.encode('hex'))
            len_to_read -= len(payload)
        else:
            if len(payload) < 12:
                continue
            print('current data: %s' % payload.encode('hex'))
            print('[%s] %s' % (d, parse_mtp(payload)))
            len_to_read = get_total_len(payload) - len(payload) 
        count += 1
    print 'count: %s' % (count)
コード例 #16
0
 def __open_pcap_file__(self):
     """
     This method opens the pcap network capture file and sets the BPF filter. 
     """
     self.__pd__ = pcapy.open_offline(self.__pcap_filename__)
     if self.__filter__:
         self.__pd__.setfilter(self.__filter__)
コード例 #17
0
ファイル: split-trace.py プロジェクト: MAYHEM-Lab/UCSBluesky
def scan(filename):
    global decoder
    p = pcapy.open_offline(filename)
    p.setfilter(r"ip proto \tcp")
    assert p.datalink() == pcapy.DLT_EN10MB
    decoder = impacket.ImpactDecoder.EthDecoder()
    p.loop(0, handler)
コード例 #18
0
def create_streams(pcap, f):
    p = open_offline(pcap)
    global folder
    folder = f
    p.setfilter(r'ip proto \tcp or \udp')
    Decoder(p, folder).start()
    return files
コード例 #19
0
def main1(filename, _):
    p = open_offline(filename)
    # Restrict to tcp packets with only syn and ack set.
    p.setfilter(r'tcp[tcpflags] == (tcp-syn | tcp-ack)')
    d = Part1Decoder(p)
    d.start()
    d.report()
コード例 #20
0
def start_capture(capfile, infilter, dev):
    """
        With all information in hand, start capturing packets
        Args:
            capfile: in case user provides a pcap file
            infilter: any tcpdump filters
            dev: network device to sniffer
        Returns:
            cap object
            position number
    """
    position = 0
    try:
        if len(capfile) > 0:
            capfile, position = check_file_position(capfile)
            print "Using file %s " % capfile
            cap = pcapy.open_offline(capfile)
        else:
            print "Sniffing device %s" % dev
            cap = pcapy.open_live(dev, 65536, 1, 0)

    except Exception as exception:
        print "Error: %s" % exception
        print "Exiting..."
        sys.exit(3)

    if len(infilter) is 0:
        infilter = " port 6633 "
    cap.setfilter(infilter)

    return cap, position
コード例 #21
0
ファイル: bridge.py プロジェクト: mikepurvis/rosnovatel
def create_test_sock(pcap_filename):
  rospy.sleep(0.1)

  import pcapy
  from StringIO import StringIO
  from impacket import ImpactDecoder

  body_list = []
  cap = pcapy.open_offline(pcap_filename)
  decoder = ImpactDecoder.EthDecoder()

  while True:
    header, payload = cap.next()
    if not header: break
    udp = decoder.decode(payload).child().child()
    body_list.append(udp.child().get_packet())

  data_io = StringIO(''.join(body_list))

  class MockSocket(object):
    def recv(self, byte_count):
      rospy.sleep(0.0001)
      data = data_io.read(byte_count)
      if data == "":
        rospy.signal_shutdown("Test completed.")
      return data
    def settimeout(self, timeout):
      pass

  return MockSocket()
コード例 #22
0
    def read_interface(self):
        """Read Packets from the packet capture interface"""

        # Spin up the packet capture
        if self._iface_is_file():
            self.pcap = pcapy.open_offline(self.iface_name)
        else:
            try:
                # self.pcap = pcap.pcap(name=self.iface_name, promisc=True, immediate=True)
                #   snaplen (maximum number of bytes to capture _per_packet_)
                #   promiscious mode (1 for true)
                #   timeout (in milliseconds)
                self.pcap = pcapy.open_live(self.iface_name, 65536, 1, 0)
            except OSError:
                try:
                    logger.warning(
                        'Could not get promisc mode, turning flag off')
                    self.pcap = pcapy.open_live(self.iface_name, 65536, 0, 0)
                except OSError:
                    log_utils.panic(
                        'Could no open interface with any options (may need to be sudo)'
                    )

        # Add the BPF if it's specified
        if self.bpf:
            self.pcap.setfilter(self.bpf)
        print('listening on %s: %s' % (self.iface_name, self.bpf))

        # For each packet in the pcap process the contents
        _packets = 0
        while True:
            # Grab the next header and packet buffer
            header, raw_buf = self.pcap.next()

            # If we don't get a packet header break out of the loop
            if not header:
                break

            # Extract the timestamp from the header and yield the packet
            seconds, micro_sec = header.getts()
            timestamp = seconds + micro_sec * 10**-6
            yield {
                'timestamp': timestamp,
                'raw_buf': raw_buf,
                'packet_num': _packets
            }
            _packets += 1

            # Is there a max packets set if so break on it
            if self.max_packets and _packets >= self.max_packets:
                break

        # All done so report and raise a StopIteration
        try:
            print(
                'Packet stats: %d  received, %d dropped,  %d dropped by interface'
                % self.pcap.stats())
        except pcapy.PcapError:
            print('No stats available...')
        raise StopIteration
コード例 #23
0
ファイル: overhead.py プロジェクト: andreascas/pcap-parser
def main():

    # Vi finder alle Pcap filer i den folder vi er i
    for file in os.listdir("pcaps/"):
        if file.endswith(".pcap"):
            File_list.append(os.path.abspath(os.path.join("pcaps/", file)))

    overhead_sum = 0
    # Vi kan nu finde alt data sendt som set i pcap filen
    for file in File_list:
        # Vi laeser fra vores oenskede pcap fil
        reader = pcapy.open_offline(file)

        # Vi finder hvor mange frames der er i pcap filen
        Lenght = os.popen('tshark -r {} | wc -l'.format(file)).read()
        test = Lenght[0] + Lenght[1] + Lenght[2]
        PcapLenght = int(test)
        # print(PcapLenght)

        try:
            # Vi koerer igennem alle pakker/frames og finder deres laengder
            for x in range(0, PcapLenght - 1):
                (header, payload) = reader.next()
                # print(header.getlen());
                # Summer alle frames laengder

                if header is not None:
                    overhead_sum = overhead_sum + header.getlen()

        except pcapy.PcapError:
            # print("FEJL")
            print(overhead_sum)
            break

    print(overhead_sum)
コード例 #24
0
ファイル: pcap-ctf.py プロジェクト: simark/pcap-ctf
def main(argv):
	if len(argv) != 3:
		print("Usage: " + argv[0] + " [pcap file] [ctf folder]")
		sys.exit(1)

	pcap_filename = argv[1]
	ctf_path = argv[2]

	if not os.path.exists(pcap_filename):
		print("Source file does not exist.")
		sys.exit(1)

	if os.path.exists(ctf_path):
		print("Output folder exists, aborting.");
		sys.exit(1)

	# open source
	reader = pcapy.open_offline(pcap_filename)

	# create trace folder
	os.mkdir(ctf_path)

	# print metadata
	print_metadata(ctf_path + "/metadata")

	# open stream file
	pp = PacketProcessor(ctf_path + "/stream")

	# process packets
	reader.loop(-1, pp.process_packet)
コード例 #25
0
def read_dataset(filename, port, model):
    # dataset_dir = "/home/baskoro/Documents/Dataset/ISCX12/without retransmission/"
    dataset_dir = "/home/baskoro/Documents/Dataset/Irene/"
    cap = pcapy.open_offline(dataset_dir + filename)
    anomaly_scores = []
    detection_decisions = []
    fresult = open("results/result-lstm-{}.csv".format(port), "w")

    #for i in range(2000):
    while (True):
        (header, packet) = cap.next()
        if not header:
            break
        ascii_payload = parse_packet(header, packet, port, fresult)

        if ascii_payload is not None:
            length = len(ascii_payload)
            anomaly_score = detect(model, ascii_payload) / float(length)
            if anomaly_score > threshold:
                fresult.write("{},1\n".format(anomaly_score))
                #detection_decisions.append(1)
            else:
                fresult.write("{},0\n".format(anomaly_score))
                #detection_decisions.append(0)

            anomaly_scores.append(anomaly_score)
            print anomaly_score

    #print packets
    #print detection_decisions
    mean = numpy.mean(anomaly_scores)
    stdev = numpy.std(anomaly_scores)
    print mean, stdev
    #numpy.savetxt("results/result-lstm-{}.csv".format(port), packets, delimiter=",")
    fresult.close()
コード例 #26
0
ファイル: fingerprint.py プロジェクト: chhans/tor-automation
def analyze(capture_path):
    feature_vector = [0, 0]

    try:
        cap = pcapy.open_offline(capture_path)
        (header, payload) = cap.next()

        while header:
            # Filter out noise packets
            if isNoise(header, payload):
                (header, payload) = cap.next()
                continue

            # Number of TLS headers on uplink/downlink
            tls = carveTLSHeaders(payload)
            if tls[1]:
                feature_vector[0] += tls[0]
            else:
                feature_vector[1] += tls[0]

            (header, payload) = cap.next()
    except pcapy.PcapError:
        pass  # Expected when reaching the end of the capture file
    except:
        print "Unexpected error", sys.exc_info()[0]
        raise

    return feature_vector
コード例 #27
0
ファイル: analyze-tcp.py プロジェクト: MAYHEM-Lab/UCSBluesky
    def process_file(self, filename):
        """Load a pcap file and process the packets contained in it."""

        p = pcapy.open_offline(filename)
        p.setfilter(r"ip proto \tcp")
        assert p.datalink() == pcapy.DLT_EN10MB
        p.loop(0, self.packet_handler)
コード例 #28
0
ファイル: ofp_sniffer.py プロジェクト: ajoaoff/ofp_sniffer
def main(argv):
    '''
        This is the main function
    '''
    print_options, infilter, sanitizer, dev, capfile = ofp_cli.get_params(argv)
    try:
        if len(capfile) > 0:
            print "Using file %s " % capfile
            cap = pcapy.open_offline(capfile)
        else:
            print "Sniffing device %s" % dev
            cap = pcapy.open_live(dev, 65536, 1, 0)

        main_filter = " port 6633 "
        cap.setfilter(main_filter + infilter)

        # start sniffing packets
        while (1):
            (header, packet) = cap.next()
            parse_packet(packet, datetime.datetime.now(), header.getlen(),
                         header.getcaplen(), print_options, sanitizer)
    except KeyboardInterrupt:
        print ofp_fsfw_v10.close()
        print 'Exiting...'
        sys.exit(0)
    except Exception as exception:
        print exception
        return
コード例 #29
0
ファイル: payl.py プロジェクト: SPriyal/PAYL
def payl_detect(mode):
    # load models
    models = {}

    for path in os.listdir(PaylModel.DIRNAME):
        if path.find(".payl") == (len(path) - 5):
            if os.path.isfile(PaylModel.DIRNAME + "/" + path):
                path = path.split(".")[0]
                port = path.split("-")[0]
                length = path.split("-")[1]

                models[path] = PaylModel(port, length)
                models[path].load()

    tmp = mode.split('/')
    fresult_name = tmp[len(tmp)-1]
    fresult = open('result-{}.csv'.format(fresult_name), 'w')
    cap = pcapy.open_offline(mode)
    while(1):
        (header, packet) = cap.next()
        if not header:
            break
        detect(models, header, packet, fresult)
        # break

    print "anomalies found : " + str(anomalies) + "/" + str(packet_counter)
    fresult.close()
コード例 #30
0
def main(argv):
    arpres = []
    choice = int(input("请输入 :\n1 离线工作模式\n2 在线工作模式\n"))
    if choice == 1:
        pcapfile = input("请输入pcap文件名:\n")
        cap = pcapy.open_offline(pcapfile)
    if choice == 2:
        devices = pcapy.findalldevs()
        print("可用网卡:")
        for d in devices:
            print(d)
        dev = input("请输入要监听的网卡:\n")
        print("正在监听网卡 " + dev)
        cap = pcapy.open_live(dev, 65536, 1, 100)
    myfilter = input('请输入过滤表达式:\n')

    cap.setfilter(myfilter)
    t1 = threading.Thread(target=loop,
                          args=(
                              cap,
                              arpres,
                          ),
                          name='LoopThread1')
    #t2=threading.Thread(target=loop,args=(cap,),name='LoopThread2')
    t1.start()
    #t2.start()
    t1.join()
コード例 #31
0
def create_test_sock(pcap_filename):
    rospy.sleep(0.1)

    import pcapy
    from StringIO import StringIO
    from impacket import ImpactDecoder

    body_list = []
    cap = pcapy.open_offline(pcap_filename)
    decoder = ImpactDecoder.EthDecoder()

    while True:
        header, payload = cap.next()
        if not header: break
        udp = decoder.decode(payload).child().child()
        body_list.append(udp.child().get_packet())

    data_io = StringIO(''.join(body_list))

    class MockSocket(object):
        def recv(self, byte_count):
            rospy.sleep(0.0001)
            data = data_io.read(byte_count)
            if data == "":
                rospy.signal_shutdown("Test completed.")
            return data

        def settimeout(self, timeout):
            pass

    return MockSocket()
コード例 #32
0
def parse_all_ip_port(packet_files):
    all_src_ip = set()
    all_dst_ip = set()
    all_src_port = set()
    all_dst_port = set()
    if is_iterable(packet_files) is False:
        packet_files = [packet_files]

    for packet_file in packet_files:

        pcap_handler = open_offline(packet_file)

        while True:
            pkt_hdr, pkt_data = pcap_handler.next()

            if pkt_hdr is None:
                break

            p = PacketParser(pkt_data)

            # What can i do..?
            with ignore(AttributeError):
                all_src_ip.add(p.src_ip)
            with ignore(AttributeError):
                all_dst_ip.add(p.dst_ip)
            with ignore(AttributeError):
                all_src_port.add(p.src_port)
            with ignore(AttributeError):
                all_dst_port.add(p.dst_port)

    return all_src_ip, all_dst_ip, all_src_port, all_dst_port
コード例 #33
0
def main(argv):
    '''
        Description : Main function to read packet from the dumped file
        
        input_param : argv - command line arguement list
        input_type : list
        
    '''
    settings.packet_reader = pcapy.open_offline(settings.dump_file)
    settings.packet_reader.setnonblock(True)
    #filters = ' '.join(argv[1:] ) if len(argv) > 1 else ''
    filters = ''
    try:
       settings.packet_reader.setfilter(filters)
    except pcapy.PcapError:
        logger.error("Syntax error in options : {0}".format(filters))
        logger.info("For Options syntax, Please refer the link http://biot.com/capstats/bpf.html")
        sys.exit(-1)
 
    # start sniffing packets
    while True :
        packets_read = settings.packet_reader.dispatch(1, parse_packet)
        if not packets_read:
            with open(settings.stats_file, "w") as stats_file:
                stats_file.write(str(packet_stats))
            break
コード例 #34
0
ファイル: mtp_traffic.py プロジェクト: dark-lbp/Mtp
def parse_file(filename):
    f = pcapy.open_offline(filename)
    count = 0
    stage = 0
    len_to_read = 0
    while 1:
        (hdr, data) = f.next()
        if not hdr:
            break
        urb_type = ord(data[8])
        ep = ord(data[10])
        if ep == 0x81 and urb_type == 0x43:
            d = 'RX'
        elif ep == 0x02 and urb_type == 0x53:
            d = 'TX'
            print('')
        else:
            continue
        payload = data[0x40:]
        if len_to_read > 0:  # data...
            print('>>> %s' % payload.encode('hex'))
            len_to_read -= len(payload)
        else:
            if len(payload) < 12:
                continue
            print('current data: %s' % payload.encode('hex'))
            print('[%s] %s' % (d, parse_mtp(payload)))
            len_to_read = get_total_len(payload) - len(payload)
        count += 1
    print 'count: %s' % (count)
コード例 #35
0
def start_capture(capfile, infilter, dev):
    """
        With all information in hand, start capturing packets
        Args:
            capfile: in case user provides a pcap file
            infilter: any tcpdump filters
            dev: network device to sniffer
        Returns:
            cap object
            position number
    """
    position = 0
    try:
        if len(capfile) > 0:
            capfile, position = check_file_position(capfile)
            print("Using file %s " % capfile)
            cap = pcapy.open_offline(capfile)
        else:
            print("Sniffing device %s" % dev)
            cap = pcapy.open_live(dev, 65536, 1, 0)

    except Exception as exception:
        print("Error: %s" % exception)
        print("Exiting...")
        sys.exit(3)

    if len(infilter) is 0:
        # Super specific filter to overcome the python-pcapy performance issue
        # reported on https://github.com/CoreSecurity/pcapy/issues/12
        # infilter = "tcp and port 6633 and (tcp[13] & 8!=0 or (tcp[13] & 1!=0 and tcp[13] & 16!=0))"
        infilter = "port 6633 or port 6634 or port 6653"

    cap.setfilter(infilter)

    return cap, position
コード例 #36
0
ファイル: lstm.py プロジェクト: bazz-066/neuralnetwork-AD
def read_dataset(filename, seq_length, port):
    # dataset_dir = "/home/baskoro/Documents/Dataset/ISCX12/without retransmission/"
    dataset_dir = "/home/baskoro/Documents/Dataset/Irene/"
    print(dataset_dir + filename)
    cap = pcapy.open_offline(dataset_dir + filename)
    #for i in range(5000):
    while(True):
        (header, packet) = cap.next()
        if not header:
            break
        payload = parse_packet(header, packet, port, seq_length)

        if payload is None:
            continue

        for i in range(0, len(payload) - seq_length, 1):
            seq_in = payload[i:i + seq_length]
            seq_out = payload[i + seq_length]
            dataX.append(seq_in)
            dataY.append(seq_out)

        n_pattern = len(dataX)

        print n_pattern
        counter[port] += n_pattern
        del dataX[:]
        del dataY[:]
コード例 #37
0
ファイル: parse_pcap.py プロジェクト: pinasdfgh/2
def reader(filename):
    reader = pcapy.open_offline(filename)
    while True:
        try:
            yield array('B', reader.next()[1])
        except (StopIteration, pcapy.PcapError):
            raise StopIteration
コード例 #38
0
def OpenFile(
):  #this fn restarts all global vars and clears all containers (trees and txt) to startover with the pcap file
    global data, cap, times, word, Row, sniffing, packets, captureFromFile
    filename = QtGui.QFileDialog.getOpenFileName(ui_main.centralwidget,
                                                 "Save file", "",
                                                 "pcap (*.pcap)")
    if filename != "":

        msg = "This pcap file is going to overwrite the current captured data...continue without saving?"
        reply = QtGui.QMessageBox.question(ui_main.centralwidget, 'overwrite',
                                           msg, QtGui.QMessageBox.Yes,
                                           QtGui.QMessageBox.No)
        if reply == QtGui.QMessageBox.No:
            None
        else:
            data = ""
            cap = ""
            times = ""
            word = ""  #filter word
            Row = 0
            sniffing = True
            packets = []
            captureFromFile = True
            cap = pcapy.open_offline(str(filename))
            ui_main.PacketTable.clear()
            ui_main.PacketTree.clear()
            ui_main.plainTextEdit.clear()
            get_thread.start()
コード例 #39
0
def openPcap(pcapFile):
    global pReader
    try:
        pReader = pcapy.open_offline(pcapFile)
    except:
        print("Error reading " + pcapFile)
        exit()
コード例 #40
0
 def __init__(self, pcapfile, bpf=None):
     self._cachers = []
     self._pcapfile_name = pcapfile
     self._pc = pcapy.open_offline(pcapfile)
     self._bpf = bpf
     if bpf is not None:
         self._pc.setfilter(bpf)
コード例 #41
0
def view(device, count, filename):
    global c
    c = 0

    if device != None and count == -1:
        usage()
        sys.exit()

    if device != None and filename != None:
        usage()
        sys.exit()

    if device != None and filename == None:
        cap = pcapy.open_live(device, 2048, 1, 0)
        print 'viewer: listening on ' + device

    if filename != None and device == None:
        cap = pcapy.open_offline(filename)
        print 'viewer: reading ' + filename

    if count == -1 and filename != None:
        while True:
            (header, packet) = cap.next()
            parse_packet(packet)

    if count != -1 and (filename != None or device != None):
        while c < count:
            (header, packet) = cap.next()
            parse_packet(packet)
コード例 #42
0
ファイル: pcap-splitter.py プロジェクト: catalyst256/MyJunk
def main(filename):
    # Open file
    p = open_offline(filename)
    # At the moment the callback only accepts TCP/IP packets.
    p.setfilter(r'ip proto \tcp or \udp')
    print "Reading from %s: linktype=%d" % (filename, p.datalink())
    # Start decoding process.
    Decoder(p).start()
コード例 #43
0
ファイル: parse_pcap.py プロジェクト: JustinAzoff/passive-dns
def parse(fn):
    """Process a pcap file and return a dictionary of
        (answer, query, type) -> {first, last, ttl}"""
    s = Statmaker()
    pcap = pcapy.open_offline(fn)
    pcap.loop(0, s)

    return s
コード例 #44
0
ファイル: test.py プロジェクト: malikcjm/tests
    def __init__(self, in_file, outputs):
        self.p = pcapy.open_offline(in_file)
        self.o = list()

        for name, f in outputs:
            p = pcapy.compile(pcapy.DLT_EN10MB, 4096, f, 0, 1)
            o = self.p.dump_open(name)
            self.o.append((p, o))
コード例 #45
0
 def testPacketHeaderRefCount(self):
     """#1:when next() creates a pkthdr it make one extra reference"""
     class _Simple: pass
     #r = pcapy.open_live("en1", 65000, 0, 1000)
     r = pcapy.open_offline(TestPcapy._96PINGS)
     #get one & check its refcount
     self.assertEqual( sys.getrefcount(r.next()[0]),
                       sys.getrefcount(_Simple()) )
コード例 #46
0
ファイル: test_usbmodify.py プロジェクト: sobkas/usbrevue
def packet_generator():
    pcap = pcapy.open_offline(test_data('testdump_usbmodify.pcap'))

    while True:
        (hdr, pack) = pcap.next()
        if hdr is None:
            return # EOF
        yield Packet(hdr, pack)
コード例 #47
0
ファイル: source.py プロジェクト: FomkaV/wifi-arsenal
	def runFromFile(self, filename):
		reader = None		
		try:
			reader = pcapy.open_offline(filename)
		except:
			print "Could not open file {0}.".format(filename)
			sys.exit(-1)
		else:
			self.__run(reader)			
コード例 #48
0
ファイル: pcapytests.py プロジェクト: CoreSecurity/pcapy
 def testClose(self):
     """
     #7 Test the close method
     """
     r = pcapy.open_offline(TestPcapy._96PINGS)
     hdr, body = r.next()
     assert hdr is not None
     r.close()
     with self.assertRaises(ValueError):
         r.next()
コード例 #49
0
ファイル: afrc.py プロジェクト: erickjuicy/afrc2014-1
def offline(filename):
    """Anaiza un archivo pcap."""
    print "Abriendo archivo «" + filename + "»..."
    cap = pcapy.open_offline(filename)
    while True:
        (header, packet) = cap.next()
        if header != None:
            parse(packet)
        else:
            break
コード例 #50
0
def filefilter(pcapfile):

	try:
		print("Reading pcap file %s" % pcapfile)
		packetReader = open_offline(pcapfile)
	except Exception as e:
		print("Error opening pcap file: %s" % str(e))
		return 0

	packetReader.loop(0, Process)
コード例 #51
0
ファイル: pcapytests.py プロジェクト: CoreSecurity/pcapy
    def testContextManager(self):
        """
        #8 Test the context manager support
        """
        with pcapy.open_offline(TestPcapy._96PINGS) as r:
            hdr, body = r.next()
            assert hdr is not None

        with self.assertRaises(ValueError):
            r.next()
コード例 #52
0
ファイル: 01_io_pcapy.py プロジェクト: dylc5190/pcap
def pcapy_io(f_in,f_out):

    pt = pcapy.open_offline(f_in)
    pd = pt.dump_open(f_out)
    hdr, body = pt.next()
    while hdr is not None:
        pd.dump(hdr, body)
        hdr, body = pt.next()
    del pd
    pt.close()
コード例 #53
0
ファイル: parse.py プロジェクト: richwolski/bluesky
def process(filename):
    global decoder
    p = pcapy.open_offline(filename)
    p.setfilter(r"ip proto \tcp")
    assert p.datalink() == pcapy.DLT_EN10MB
    decoder = impacket.ImpactDecoder.EthDecoder()
    p.loop(0, handler)

    for c in flows.values():
        c.finish_transfer()
コード例 #54
0
ファイル: flowsing.py プロジェクト: flykeysky/flowsing
def SplitPcap():
    # Open file
    filename=APPCONFIG.GlobalConfig["pcapfilename"]
    #logging.info (filename )
    p = open_offline(filename)
    # At the moment the callback only accepts TCP/IP packets.
    #p.setfilter(r'ip proto \tcp')
    p.setfilter(r'ip')
    logging.info ("Reading from %s: linktype=%d" % (filename, p.datalink()) )
    # Start decoding process.
    Decoder(p).start()
コード例 #55
0
ファイル: pscan.py プロジェクト: llazzaro/netscan2
	def pcap(self,fname):
		"""
		opens a pcap file and reads the contents
		"""
		cap = pcapy.open_offline(fname)

		self.map = []
		self.p = PacketDecoder()
		cap.loop(0,self.process)

		return self.map
コード例 #56
0
ファイル: ndwatch.py プロジェクト: petersilva/ndwatch
    def start (self):
        # TODO: specify a device or select all devices
        # dev = pcapy.findalldevs()[0]

        if self.options['offline'] is None :
            p = pcapy.open_live(self.options['interface'], 65536, False, 1)
        else:
            p = pcapy.open_offline(self.options['offline'])

	#print "p.loop"
        p.loop(-1, self.handle_packet)
コード例 #57
0
ファイル: bridge.py プロジェクト: lemiant/novatel_span_driver
def create_test_sock(pcap_filename):
    rospy.sleep(0.1)

    try:
        import pcapy
    except ImportError:
        import pure_pcapy as pcapy

    from StringIO import StringIO
    from impacket import ImpactDecoder

    body_list = []
    if pcap_filename.endswith("gz"):
        # From: http://projects.honeynet.org/honeysnap/changeset/35/trunk/honeysnap/__init__.py
        import tempfile
        import gzip
        tmph, tmpf = tempfile.mkstemp()
        tmph = open(tmpf, 'wb')
        gfile = gzip.open(pcap_filename)
        tmph.write(gfile.read())
        gfile.close()
        tmph.close()
        pcap_filename = tmpf

    cap = pcapy.open_offline(pcap_filename)
    decoder = ImpactDecoder.EthDecoder()

    while True:
        header, payload = cap.next()
        if not header:
            break
        try:
            tcp = decoder.decode(payload).child().child()
            body_list.append(tcp.child().get_packet())
        except AttributeError:
            print decoder.decode(payload)
            raise

    data_io = StringIO(''.join(body_list))

    class MockSocket(object):

        def recv(self, byte_count):
            rospy.sleep(0.002)
            data = data_io.read(byte_count)
            if data == "":
                rospy.signal_shutdown("Test completed.")
            return data

        def settimeout(self, timeout):
            pass

    return MockSocket()
コード例 #58
0
ファイル: pcapytests.py プロジェクト: 4sp1r3/pcapy
    def testBPFFilter(self):
        """
        #3 test offline BPFFilter
        """
        r = pcapy.open_offline(TestPcapy._96PINGS)
        bpf = pcapy.BPFProgram("ip dst host 192.168.1.1")

        hdr, pkt = r.next()
        while hdr is not None:
            f = bpf.filter(pkt)
            self.assertNotEqual(f, 0)
            hdr, pkt = r.next()
コード例 #59
0
ファイル: packet_filter.py プロジェクト: fin/plinker
def main():
    oc = OSC.OSCClient()
    oc.connect(hostport)

    kbints = 0

    interface_address=options.interface_address

    if openfile:
        p = pcapy.open_offline(openfile)
    else:
        # begin listening to network traffic
        interface = options.interface
        interface_address = netifaces.ifaddresses(interface)[2][0]['addr']

        p = pcapy.open_live(interface, 1024, False, 10240)

    # create and start threads
    network_traffic = communication_thread()
    network_traffic.start()


    try:
        (header, payload) = p.next()
        while header:
            e = Ether(payload)
            t = e.getlayer(TCP)
            if t:
                i = e.getlayer(IP)
                nw_traffic_global.setdefault(t.dport,0)
                try:
                    nw_traffic_global[t.dport]+=1
                except KeyError:
                    print 'race'
                nw_traffic_inout['in' if i.dst == interface_address else 'out']+=1
                    
            if e.haslayer(ICMP):
                x = OSC.OSCMessage()
                x.setAddress('/plinker/ping')
                x.append(1)
                oc.send(x)
                print 'ICMP ping sent'

            second = header.getts()[0] # [1] = miliseconds
            
            try:
                (header, payload) = p.next()
            except Exception,e:
                pass
                #print type(e)
    except Exception,e:
        print traceback.print_exc(e)
コード例 #60
0
ファイル: test_usbrevue.py プロジェクト: sobkas/usbrevue
    def setUp(self):
        pcap = pcapy.open_offline(test_data('usb-single-packet-2.pcap'))
        self.packet = Packet(*pcap.next())

        self.set_and_test = partial(self.setattr_and_test, self.packet)

        # Long name, but not as long as without it
        self.assertRaisesWrongPacketXferType = partial(self.assertRaises,
                WrongPacketXferType, getattr, self.packet)

        # Verify that we have the right test data
        self.assertEqual(self.packet.length, 40, 'unmodified packet wrong--test bad?')
        self.assertEqual(self.packet.busnum, 7, 'unmodified packet wrong--test bad?')