def test_open_good_file(self):
import os
input_filename = tempfile.mktemp()
f = open(input_filename, "wb")
f.write(struct.pack("IHHIIII", 0xa1b2c3d4, 2, 4, 0, 0, 65535, 1))
f.close()
reader = pure_pcapy.open_offline(input_filename)
self.assertTrue(isinstance(reader, pure_pcapy.Reader))
os.unlink(input_filename)
def listIPs(infpath):
result=[]
linkdecoder=None
ipdecoder=ImpactDecoder.IPDecoder()
tcpdecoder=ImpactDecoder.TCPDecoder()
gredecoder=gre.GREDecoder()
def getTCP(plink):
if plink.get_ether_type() == ImpactPacket.IP.ethertype:
pip=ipdecoder.decode(plink.get_data_as_string())
if pip.get_ip_p() == ImpactPacket.TCP.protocol:
ptcp=tcpdecoder.decode(pip.get_data_as_string())
return ptcp
elif pip.get_ip_p() == gre.GRE.protocol:
ptcp=getTCP(gredecoder.decode(pip.get_data_as_string()))
return ptcp
return None
def f(h,rawp):
plink=linkdecoder.decode(rawp)
ptcp=getTCP(plink)
if ptcp:
if ptcp.get_th_dport() == 1863 or ptcp.get_th_sport() == 1863:
load=ptcp.get_data_as_string()
process(load,h)
def process(load,h):
if load:
if load.count('4vPI')>0 or load.count('IPv4')>0:
ls=load.split('\r\n')
ffrom=''
ip=''
for l in ls:
if l.startswith('From: '):
ffrom=l.split(':')[2].split(';')[0].rstrip('>').lstrip(' ')
else:
ips=''
if l.count('4vPI')>0 and l.count('Addrs'[::-1])>0:
ips=l.split(':',1)[1][::-1].split(':')[0].split(' ')
if l.count('IPv4')>0 and l.count('Addrs')>0:
ips=l.split(':',1)[1].split(':')[0].split(' ')
if ffrom and ips:
for ip in ips:
ip=ip.strip(' ')
if ip and not (ip.startswith('192.168.') or
ip.startswith('127.') or
ip.startswith('10.') ):
k=ip+'\t'+ffrom.strip(' ')
t=time.localtime(h.ts[0]+h.ts[1]*0.000001)
ts=time.strftime('%Y-%m-%d %X %Z',t)
owner=''
try:
owner=whois.whois(ip)
except:
pass
result.append(k+'\t'+ts+'\t'+owner)
def g(h,p):
try:
f(h,p)
except KeyboardInterrupt:
sys.exit(1)
except:
print sys.exc_info()
pass
r=pure_pcapy.open_offline(infpath)
datalink=r.datalink()
if datalink == pure_pcapy.DLT_LINUX_SLL:
linkdecoder=ImpactDecoder.LinuxSLLDecoder()
elif datalink == pure_pcapy.DLT_EN10MB:
linkdecoder=ImpactDecoder.EthDecoder()
else:
raise Exception("Datalink type not supported: %i"%datalink)
r.dispatch(-1,g)
return result
l3 = l2.child()
proto = 'TCP'
src_ip = l2.get_ip_src()
dst_ip = l2.get_ip_dst()
src_port = 0
dst_port = 0
if isinstance(l3, UDP):
proto = 'UDP'
dst_port = l3.get_uh_sport()
src_port = l3.get_uh_dport()
reader = pcapy.open_offline('../LFS Client-Server 0.6E.pcap')
decoder = EthDecoder()
next = reader.next()
data = ''
while next and next[0] <> None:
print ".",
data += grab_tcp(decoder, next)
next = reader.next()
print "Done parsing pcap. Got TCP data. Attempting to splt packets."
size = len(data)
offset = 0
def pcapdiff(self):
try:
self.pcap_remote = pcapy.open_offline(self.arguments.pcap_file2)
except:
self.rtxtctrl.WriteText(
"Error opening file. Please ensure the packet capture is in .pcap format"
)
self.rtxtctrl.Newline()
try:
self.pcap_local = pcapy.open_offline(self.arguments.pcap_file)
except:
self.rtxtctrl.WriteText(
"Error opening file. Please ensure the packet capture is in .pcap format"
)
self.rtxtctrl.Newline()
local_packets = list()
remote_packets = list()
local_tpackets = list()
remote_tpackets = list()
missingpaks = list()
tdata = list()
yes_out_of_sync = 0
zero_pak_error = 0
self.rtxtctrl.WriteText("Source File: %s\n" %
(self.arguments.pcap_file))
self.rtxtctrl.WriteText("Destination File: %s\n" %
(self.arguments.pcap_file2))
self.rtxtctrl.WriteText("Analyzing traffic between % s and %s\n" %
(self.arguments.ip_local.strip(),
self.arguments.ip_remote.strip()))
# if self.Time_tpcat == "yes":
# self.rtxtctrl.Newline()
# StartTimeTimestamp = time.strftime("%H:%M:%S", time.localtime())
# self.rtxtctrl.WriteText("Start Time %s" % (StartTimeTimestamp))
# self.rtxtctrl.Newline()
self.rtxtctrl.Newline()
self.rtxtctrl.Newline()
self.rtxtctrl.Newline()
next = {}
next['local'] = self.get_packet(self.pcap_local,
1) #1 means ignore ip addresses
next['remote'] = self.get_packet(self.pcap_remote, 1)
#########################
##### Remote PACKET CAPTURE######
#########################
# if self.Time_tpcat == "yes":
# self.rtxtctrl.Newline()
# RemoteTimestamp = time.strftime("%H:%M:%S", time.localtime())
# self.rtxtctrl.WriteText("Starting the processing Remote capture")
while next['remote'] != 0:
if next['remote'] == 0:
break
next['remote'] = self.get_packet(self.pcap_remote)
if self.arguments.debug == 'debug':
try:
dpak = 'next[remote] = ', next[
'remote'] # print the whole packet
except:
dpak = "couldn't print the whole packet"
self.debugfile.append(dpak)
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
try: # If the header matches the part we are interested in.
if next['remote']['ip_src'] == self.arguments.ip_local and next['remote']['ip_dest'] == self.arguments.ip_remote or \
next['remote']['ip_src'] == self.arguments.ip_remote and next['remote'][
'ip_dest'] == self.arguments.ip_local:
try:
datapacket2 = next['remote']['ip_src'], next['remote'][
'ip_dest'], next['remote']['ip_ident']
if self.arguments.debug == 'debug':
drpak = "Data Packet Remote : ", datapacket2
self.debugfile.append(drpak)
self.debugfile.append("\n")
self.debugfile.append("\n")
remote_packets.append(datapacket2)
except:
pass
if self.ignore_timestamps == 1: # This portion is if you want to check latency. The clocks must be correct or it will cause issues.
try:
timepacket2 = next['remote']['ip_src'], next[
'remote']['ip_dest'], next['remote'][
'ip_ident'], next['remote'][
'timestamp'], next['remote'][
'ip_flags']
remote_tpackets.append(
timepacket2
) # and we add it to our packet list
if self.arguments.debug == 'debug':
dtrpak = "Data tPacket remote: ", timepacket2
self.debugfile.append(dtrpak)
self.debugfile.append("\n")
self.debugfile.append("\n")
except:
pass
except:
pass
# if self.Time_tpcat == "yes":
# # self.rtxtctrl.WriteText("Completed Remote Capture")
# self.rtxtctrl.Newline()
# RemoteTimestamp2 = time.strftime("%H:%M:%S", time.localtime())
# # self.rtxtctrl.WriteText(RemoteTimestamp2)
# # self.rtxtctrl.Newline()
# edited_RemoteTimestamp = RemoteTimestamp.replace(":", "")
# edited_RemoteTimestamp2 = RemoteTimestamp2.replace(":", "")
# delta = (int(edited_RemoteTimestamp2) - int(edited_RemoteTimestamp))
# self.rtxtctrl.WriteText("Completed Remote Capture - Process Time: %s" % (str(delta)))
# # self.rtxtctrl.WriteText(str(delta))
# self.rtxtctrl.Newline()
# self.rtxtctrl.Newline()
#########################
###//Remote PACKET CAPTURE//######
#########################
#########################
##### LOCAL PACKET CAPTURE######
#########################
# if self.Time_tpcat == "yes":
# self.rtxtctrl.WriteText("Starting the processing Local capture")
# LocalTimestamp = time.strftime("%H:%M:%S", time.localtime())
# # self.rtxtctrl.WriteText(LocalTimestamp)
while next[
'local'] != 0: # Look through every packet in the local file. We get a 0 if there is no more pacekts to go through.
next['local'] = self.get_packet(
self.pcap_local, 1) # We now open up the next packet
if next['local'] == 0:
break
if self.arguments.debug == 'debug':
try:
dpak = 'next[local] = ', next[
'local'] # print the whole packet
except:
dpak = "couldn't print the whole packet"
self.debugfile.append(dpak)
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
if self.arguments.ignore_timestamps == 1: # This portion is if you want to check latency. The clocks must be correct or it will cause issues.
try: # Here we build our datapak
timepacket = next['local']['ip_src'], next['local']['ip_dest'], next['local']['ip_ident'], \
next['local']['timestamp'], next['local']['ip_flags']
local_tpackets.append(
timepacket) # and we add it to our packet list
if self.arguments.debug == 'debug':
dltpak = "Data tPacket Local: ", timepacket
self.debugfile.append(dltpak)
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
except:
pass
try:
if next['local']['ip_src'] == self.arguments.ip_local and next['local']['ip_dest'] == self.arguments.ip_remote or \
next['local']['ip_src'] == self.arguments.ip_remote and next['local'][
'ip_dest'] == self.arguments.ip_local:
datapacket = next['local']['ip_src'], next['local'][
'ip_dest'], next['local']['ip_ident']
local_packets.append(
datapacket) # and we add it to our packet list
except:
pass
#################################
#################################
#################################
#################################
# if self.Time_tpcat == "yes":
# # self.rtxtctrl.WriteText("Completed Local Capture")
# LocalTimestamp2 = time.strftime("%H:%M:%S", time.localtime())
# # self.rtxtctrl.WriteText(LocalTimestamp2)
# self.rtxtctrl.Newline()
# edited_LocalTimestamp = LocalTimestamp.replace(":", "")
# edited_LocalTimestamp2 = LocalTimestamp2.replace(":", "")
# delta = (int(edited_LocalTimestamp2) - int(edited_LocalTimestamp))
# self.rtxtctrl.WriteText("Completed Local Capture - Process Time: %s" % (str(delta)))
# # self.rtxtctrl.WriteText(str(delta))
# self.rtxtctrl.Newline()
# self.rtxtctrl.Newline()
# A dummy check for Matt. If either side reports 0 matching packets Error out. It's pretty pointless to continue.
if len(local_packets) == 0 or len(remote_packets) == 0:
zero_pak_error = 1
self.rtxtctrl.WriteText(
"ERROR: %s packets matched on local side and %s packets matched on remote side. Please check your IP filters"
% (len(local_packets), len(remote_packets)))
self.rtxtctrl.Newline()
self.rtxtctrl.Newline()
# Here we sync the two packet captures. Basically Take a look at the two captures and find the first matching packet. Then we analyze the data using that as our starting point.
# This will *hopefully* weed out false positives in regards to the captures being started at slightly different times
if self.arguments.out_of_sync == 1:
for syncpak in local_packets:
if not syncpak in remote_packets:
dsypak = syncpak, "was not found on the remote side"
self.debugfile.append(dsypak)
self.debugfile.append("\n")
missingpaks.append(syncpak)
yes_out_of_sync = 1
if syncpak in remote_packets:
dspak = "starting packet is", syncpak
self.debugfile.append(dspak)
break
# if self.Time_tpcat == "yes":
# self.rtxtctrl.WriteText("Analyzing the two packet captures...")
# self.rtxtctrl.Newline()
# Local_to_RemoteTimestamp = time.strftime("%H:%M:%S", time.localtime())
# # self.rtxtctrl.WriteText(Local_to_RemoteTimestamp)
# self.rtxtctrl.Newline()
# Using set, we're going to put it in a format set understands..
setted_local_packets = set(local_packets)
setted_remote_packets = set(remote_packets)
if self.arguments.debug == "debug":
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("LOCAL PACKET LIST:")
self.debugfile.append(setted_local_packets)
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("\n")
self.debugfile.append("REMOTE PACKET LIST:")
self.debugfile.append(setted_remote_packets)
# if the packet captures appear out of sync
total_mpaks = 0
if yes_out_of_sync == 1:
self.rtxtctrl.WriteText(
"-Warning, packet captures appear out of sync. Cleaning things up for you..-"
)
self.rtxtctrl.Newline()
for mpak in missingpaks:
dmpak = "missing packet", mpak
self.debugfile.append(dmpak)
self.debugfile.append("\n")
setted_local_packets.discard(mpak)
total_mpaks = total_mpaks + 1
self.rtxtctrl.WriteText(
"Removed %s packets to sync the two captures" % (total_mpaks))
self.rtxtctrl.Newline()
# Do a quick check, do these two already match?
stare_and_compare = setted_local_packets <= setted_remote_packets
if stare_and_compare == True and zero_pak_error == 0:
self.rtxtctrl.WriteText(
"Packet Captures Match. Terminating..Man that was easy!")
self.rtxtctrl.Newline()
self.rtxtctrl.Newline()
self.rtxtctrl.Newline()
else:
differences = setted_local_packets ^ setted_remote_packets
for datapak in differences:
if not datapak in remote_packets:
self.total['problems'] += 1
src, dst, ipid = datapak
self.rtxtctrl.BeginBold()
self.rtxtctrl.WriteText("Packet Dropped - Source:")
self.rtxtctrl.EndBold()
self.rtxtctrl.WriteText(" %s " % (src))
self.rtxtctrl.BeginBold()
self.rtxtctrl.WriteText(" Destination: ")
self.rtxtctrl.EndBold()
self.rtxtctrl.WriteText(" %s " % (dst))
self.rtxtctrl.BeginBold()
self.rtxtctrl.WriteText(" IPID: ")
self.rtxtctrl.EndBold()
self.rtxtctrl.WriteText(" %s " % (ipid))
self.rtxtctrl.Newline()
if not datapak in local_packets:
self.total['problems'] += 1
src, dst, ipid = datapak
self.rtxtctrl.BeginBold()
self.rtxtctrl.WriteText("Packet Forged - Source:")
self.rtxtctrl.EndBold()
self.rtxtctrl.WriteText(" %s " % (src))
self.rtxtctrl.BeginBold()
self.rtxtctrl.WriteText(" Destination: ")
self.rtxtctrl.EndBold()
self.rtxtctrl.WriteText(" %s " % (dst))
self.rtxtctrl.BeginBold()
self.rtxtctrl.WriteText(" IPID: ")
self.rtxtctrl.EndBold()
self.rtxtctrl.WriteText(" %s " % (ipid))
self.rtxtctrl.Newline()
self.rtxtctrl.Newline()
self.rtxtctrl.WriteText(
"Total number of problematic packets : %s\n" %
self.total['problems'])
# if self.Time_tpcat == "yes":
# Local_to_RemoteTimestamp2 = time.strftime("%H:%M:%S", time.localtime())
# # self.rtxtctrl.WriteText(LocalTimestamp2)
# # self.rtxtctrl.Newline()
# edited_Local_to_RemoteTimestamp = Local_to_RemoteTimestamp.replace(":", "")
# edited_Local_to_RemoteTimestamp2 = Local_to_RemoteTimestamp2.replace(":", "")
# delta = (int(edited_Local_to_RemoteTimestamp2) - int(edited_Local_to_RemoteTimestamp))
# self.rtxtctrl.WriteText("Completed Analyzing of all packets - Process Time: %s" % (str(delta)))
#################################
#################################
#################################
#################################
#################################
# Kinda ugly, but it works..
if self.arguments.ignore_timestamps == 1:
self.rtxtctrl.Newline()
self.rtxtctrl.Newline()
self.rtxtctrl.WriteText(
"Calculating latency between the two packet captures:")
self.rtxtctrl.Newline()
self.rtxtctrl.Newline()
for l_tdatapak in local_tpackets: # For each data packet in the local packet capture
ip_src, ip_dest, ipid, timestamp, ip_flags = l_tdatapak # unpack the data to search for the ipheader
l_ipheader = (ip_src, ip_dest, ipid, ip_flags
) # Rebuild the packet
# print l_ipheader
# x = l_ipheader in remote_tpackets
# print x
# if ipheader in remote_packets: # Search the remote side. Did it come through? If it did, lets compare timestamps
for r_tdatapak in remote_tpackets:
ip_src, ip_dest, ipid, timestamp, ip_flags = r_tdatapak # unpack the data to search for the ipheader
r_ipheader = (ip_src, ip_dest, ipid, ip_flags)
if r_ipheader == l_ipheader:
# print "Match found - ", r_ipheader, l_ipheader
src, dst, ipid, timestamp, ip_flags = l_tdatapak
rsrc, rdst, ripid, rtimestamp, rip_flags = r_tdatapak
tdelta = float(rtimestamp) - float(timestamp)
tdata.append(tdelta)
# self.rtxtctrl.WriteText( "IPID: %s Packet Type: %s Time Delta(Latency): %s \n" %(ipid,ip_flags, tdelta))
self.rtxtctrl.BeginBold()
self.rtxtctrl.WriteText("IPID:")
self.rtxtctrl.EndBold()
self.rtxtctrl.WriteText(" %s " % (ipid))
self.rtxtctrl.BeginBold()
self.rtxtctrl.WriteText("Packet Type:")
self.rtxtctrl.EndBold()
self.rtxtctrl.WriteText(" %s " % (ip_flags))
self.rtxtctrl.BeginBold()
self.rtxtctrl.WriteText("Time Delta (Latency):")
self.rtxtctrl.EndBold()
self.rtxtctrl.WriteText(" %s " % (tdelta))
self.rtxtctrl.Newline()
# self.rtxtctrl.WriteText( "Source:%s Destination:%s IPID: %s TimeStamp: %s \n" %(rsrc,rdst,ripid, rtimestamp))
# if self.arguments.debug== 'debug':
# print tdatapak, "Was found"
if self.arguments.ignore_timestamps == 1:
self.rtxtctrl.Newline()
total_tdata = sum(tdata)
num_tdata = len(tdata)
avg_tdata = total_tdata / num_tdata
hi_tdata = max(tdata)
lo_tdata = min(tdata)
self.rtxtctrl.BeginBold()
self.rtxtctrl.WriteText("Average Latency Seen:")
self.rtxtctrl.EndBold()
self.rtxtctrl.WriteText(" %s \n" % (tdelta))
self.rtxtctrl.BeginBold()
self.rtxtctrl.WriteText("Max Latency Seen:")
self.rtxtctrl.EndBold()
self.rtxtctrl.WriteText(" %s \n" % (hi_tdata))
self.rtxtctrl.BeginBold()
self.rtxtctrl.WriteText("Min Latency Seen:")
self.rtxtctrl.EndBold()
self.rtxtctrl.WriteText(" %s \n" % (lo_tdata))
self.rtxtctrl.Newline()
self.rtxtctrl.Newline()
# if self.Time_tpcat == "yes":
# EndTimeTimestamp = time.strftime("%H:%M:%S", time.localtime())
# # self.rtxtctrl.WriteText(LocalTimestamp2)
# self.rtxtctrl.Newline()
# self.rtxtctrl.Newline()
# edited_EndTimeTimestamp = EndTimeTimestamp.replace(":", "")
# edited_StartTimeTimestamp = StartTimeTimestamp.replace(":", "")
# delta = (int(edited_EndTimeTimestamp) - int(edited_StartTimeTimestamp))
# self.rtxtctrl.WriteText("Total Process Time: %s" % (str(delta)))
self.rtxtctrl.Newline()
self.rtxtctrl.Newline()
self.rtxtctrl.WriteText(
"Number of Packets in the Source Capture : %s\n" %
(len(local_packets)))
self.rtxtctrl.WriteText(
"Number of Packets in the Destination Capture : %s\n" %
(len(remote_packets)))
if self.arguments.debug == "debug":
sfile = self.rtxtctrl.GetValue()
sys.stderr.write(sfile)
