def pylibpcap_sniff():
"""
Capture Packet
:param iface: Iface
:param count: Capture packet num, default ``-1``
:param promisc: Promiscuous mode, default ``0``
:param snaplen: Cut packet lenght, default ``65535``
:param filters: BPF filter rules, default ``""``
:param out_file: Output pcap file, default ``""``
"""
parser = argparse.ArgumentParser(description="Sniff")
parser.add_argument("-i", "--iface", type=str, help="Iface", required=True)
parser.add_argument("-c",
"--count",
type=int,
default=-1,
help="Capture packet num")
parser.add_argument("-m",
"--promisc",
type=int,
default=0,
help="Promiscuous mode")
parser.add_argument("filter", nargs="*", type=str, help="BPF filter rules")
parser.add_argument("-o", "--output", type=str, help="Output pcap file")
parser.add_argument("-v",
"--view",
action="store_true",
help="Show Packet Info")
parser.add_argument("-p",
"--view-payload",
action="store_true",
help="Show Payload")
args = parser.parse_args()
print("[+]:", args)
num = 0
try:
for plen, t, buf in sniff(iface=args.iface,
count=args.count,
promisc=args.promisc,
filters=" ".join(args.filter),
out_file=args.output):
num += 1
if args.view and plen:
print(num, Packet(buf, plen).to_string(args.view_payload))
# print("[+]: Payload len=", plen)
# print("[+]: Time", t)
# print("[+]: Payload", buf)
except KeyboardInterrupt:
pass
print("\nPacket Count:", num)
from pylibpcap.pcap import sniff
from pylibpcap import get_iface_list
using_iface = get_iface_list()[0]
for plen, t, buf in sniff(using_iface, filters='ip src naver.com', count=10):
print("[+]: Payload len=", plen)
print("[+]: Time", t)
print("[+]: Payload", buf)
# -*- coding: utf-8 -*-
# @Author: JanKinCai
# @Date: 2019-09-04 14:35:32
# @Last Modified by: JanKinCai
# @Last Modified time: 2019-11-12 09:18:03
from pylibpcap.pcap import sniff
for plen, t, buf in sniff("enp2s0",
count=3,
promisc=1,
filters="port 53",
out_file="pcap.pcap"):
print("[+]: Payload len=", plen)
print("[+]: Time", t)
print("[+]: Payload", buf)
def main():
global IP_DST,IP_SRC,PORT_SRC,PORT_DST,sampling_rate,buffer_count, current_iface
if os.getuid() != 0:
print "You need to be root to run this, sorry."
exit()
ifaces_in_device=psutil.net_if_addrs().keys()
parser = argparse.ArgumentParser(description='Netflow generator for laptops')
parser.add_argument('-i', '--interface', dest='int',
help='Monitored interface')
parser.add_argument('-s', '--source', dest='src_ip',
help='Source IP address. Used to send packets to collector')
parser.add_argument('-sp', '--sport', dest='src_port',
help='Source port. Used to send packets to collector. Default 5000')
parser.add_argument('-d', '--destination', dest='dst_ip',
help='Destination IP address. Used to send packets to collector')
parser.add_argument('-dp', '--dport', dest='dst_port',
help='Destination port. Used to send packets to collector. Default 2055')
parser.add_argument('-r', '--rate', dest='sampling_rate',
help='Sampling 1 out of r packets. Default 5')
parser.add_argument('-b', '--buffer', dest='buffer_count',
help='Number of packets stored in buffer before sending them. Default 10')
args = parser.parse_args()
if not args.src_ip:
print "Source IP Address not provided....trying to get interface IP Address"
else:
IP_SRC=args.src_ip
if not args.dst_ip:
print "Destination IP Address is mandatory. Aborting..."
exit()
else:
IP_DST=args.dst_ip
if not args.int:
print "Monitored interface is mandatory. Aborting..."
exit()
else:
if args.int not in ifaces_in_device:
print "Wrong interface name. Please select an interface available on your system:"
for items in ifaces_in_device:
print items
exit()
current_iface=psutil.net_if_addrs()[args.int]
IP_INT=args.int
if not args.src_port:
PORT_SRC=int(5000)
else:
PORT_SRC=int(args.src_port)
if not args.dst_port:
PORT_DST=int(2055)
else:
PORT_DST=int(args.dst_port)
if args.dst_port:
PORT_DST = int(args.dst_port)
else:
PORT_DST = int(2055)
if not args.sampling_rate:
sampling_rate=5
else:
sampling_rate=int(args.sampling_rate)
if not args.buffer_count:
buffer_count=int(10)
else:
buffer_count=int(args.buffer_count)
print "Capturing packets on interface ",IP_INT
try:
for plen, t, buf in sniff(IP_INT, filters="ip and (udp or tcp)", count=-1, promisc=1):
process(buf)
except KeyboardInterrupt:
print 'Service interrupted.'
print 'Total packets captured: ',total_packets_captured
print 'Total Flow packets sent to collector: ',total_flow_packets_sent
src_udp_port = list()
dst_udp_port = list()
udp_len = list()
udp_checksum = list()
for dst_i in udp_header[2:4]:
dst_udp_port.append(dst_i.hex())
for src_i in udp_header[0:2]:
src_udp_port.append(src_i.hex())
for type_i in udp_header[4:6]:
udp_len.append(type_i.hex())
for type_i in udp_header[6:]:
udp_checksum.append(type_i.hex())
dst_udp_port = "".join(dst_udp_port)
src_udp_port = "".join(src_udp_port)
udp_len = "".join(udp_len)
udp_checksum = "".join(udp_checksum)
print("###### [UDP_Header] ######")
print("Source Port:", int(src_udp_port, 16))
print("Destination Port:", int(dst_udp_port, 16))
print("Length:", int(udp_len, 16))
print("Checksum:", "0x" + udp_checksum)
if __name__ == '__main__':
for plen, t, buf in sniff(using_iface, count=3):
split_header(buf)
print("==================================")
def main():
config = configparser.ConfigParser()
config.read(CONFIG_PATH)
WITH_UDP_TEST = False
if len(sys.argv) > 1:
if sys.argv[1] == '--udp':
WITH_UDP_TEST = True
print('WITH_UDP_TEST =', WITH_UDP_TEST)
# Check if this program was started as root.
# If yes: will attempt to add arp table entry
if os.geteuid() != 0:
print('You are not root. Program will not work, exiting...')
exit(1)
else:
pass
# set_arp_entry(config['address']['proxy_out_ip'], config['address']['proxy_out_mac_address'])
TARGET_IP = config['address']['proxy_out_ip']
SELF_IP = config['address']['self_ip_address']
RECEIVE_PORT = config['address']['port_number']
SEND_PORT = PORT
# Create lookup table
TABLE = create_lookup_table(config)
# Create sending socket
sock_send = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
# Starting the main server loop:
try:
# sniff() returns a generator object, this can be iterated like a loop
# TODO: local ethernet interface cannot be hardcoded!
for plen, t, data in sniff("enp3s0",
filters="port 60000",
count=10,
promisc=1,
out_file="pcap.pcap"):
# print('len type:', type(plen))
# print('time type:', type(t))
# print('data (payload) type:', type(data))
print("[+]: Payload len=", plen)
print("[+]: Time", t)
print("[+]: Payload:", '0x ' + data.hex(), end='\n\n')
# Add code to extract APDU here
print('APDU extraction:')
apdu = extract_apdu(data, WITH_UDP_TEST)
if WITH_UDP_TEST:
# convert apdu to list of integers
data_received = str(apdu)
print('Length of data received:', len(data_received))
print('data received:', data_received, end='\n\n\n')
continue
# forward data into diode
if valid(apdu, TABLE):
print('Apdu valid, re-transmitting...')
sock_send.sendto(apdu, (TARGET_IP, int(SEND_PORT)))
finally:
print("closing sockets, do not interrupt ...")
# sock_recv.close()
sock_send.close()
print("finished ...")