def extract_info(self, packet): #The data dumper for the class. Replace this with your own, extracting relevant data from the packet capture. analysis = self.decoder.decode(packet) return { 'source': mac_address(analysis.get_ether_shost().tolist()), 'destination': mac_address(analysis.get_ether_dhost().tolist()), 'station_id': mac_address(analysis.get_ether_shost().tolist()), 'reporter': [0], 'protocol': [0], 'timestamp': datetime.datetime.utcnow(), 'rawdata': packet, 'decode': analysis }
def extract_info(self, packet): eth_packet = self.decoder.decode(packet) ip_packet = self.decoder.decode(packet).child() return { 'source': ipaddr.IPv4Address(ip_packet.get_ip_src()), 'destination': ipaddr.IPv4Address(ip_packet.get_ip_dst()), 'station_id': mac_address(eth_packet.get_ether_shost().tolist()), 'reporter': [0, 0x800], 'protocol': [0, 0x800], 'timestamp': datetime.datetime.utcnow(), 'rawdata': packet, 'decode': eth_packet }
def extract_info(self, packet): eth = self.decoder.decode(packet) arp = eth.child() return { 'source': ipaddr.IPv4Address(self.ip_list2int(arp.get_ar_spa())), 'destination': ipaddr.IPv4Address(self.ip_list2int(arp.get_ar_tpa())), 'station_id': mac_address(eth.get_ether_shost().tolist()), 'reporter': [0, 0x806], 'protocol': [0, 0x800], 'timestamp': datetime.datetime.utcnow(), 'rawdata': packet, 'decode': eth }
def extract_info(self, packet): eth_packet = self.decoder.decode(packet) ip_packet = self.decoder.decode(packet).child() udp_packet = ip_packet.child() nbns_packet = nmb.NetBIOSPacket(udp_packet.child().get_packet()) nbns_name = nmb.decode_name(nbns_packet.get_answers())[1][0:15] nbns_type = ord(nmb.decode_name(nbns_packet.get_answers())[1][15]) return { 'source': [nbns_name, nbns_type], 'destination': None, 'station_id': mac_address(eth_packet.get_ether_shost().tolist()), 'reporter': [0, 0x800, 17, 137], 'protocol': [0, 0x800, 17, 137], 'timestamp': datetime.datetime.utcnow(), 'rawdata': packet, 'decode': eth_packet }
def extract_info(self, packet): #The data dumper for the class. Replace this with your own, extracting relevant data from the packet capture. analysis = self.decoder.decode(packet) if analysis.get_ether_type( ) < 1536: #Not an ethertype. LLC travels within frame llc = analysis.child() ethertype = llc.get_DSAP() else: ethertype = analysis.get_ether_type() if ethertype == 170: #Still not a DSAP/Ethertype/PID, but a SNAP packet snap = llc.child() ethertype = snap.get_protoID() return { 'protocol': ethertype, 'station_id': mac_address(analysis.get_ether_shost().tolist()), 'timestamp': datetime.datetime.utcnow(), 'rawdata': packet, 'decode': analysis }