class WrpcapSink(Sink): """Packets received on low input are written to PCAP file .. code:: +----------+ >>-| |->> | | >-|--[pcap] |-> +----------+ """ def __init__(self, fname, name=None, linktype=None): Sink.__init__(self, name=name) self.fname = fname self.f = None self.linktype = linktype def start(self): self.f = PcapWriter(self.fname, linktype=self.linktype) def stop(self): if self.f: self.f.flush() self.f.close() def push(self, msg): if msg: self.f.write(msg)
def clsMessagesByIp(fileFrom, fileTo): packages = scapy.rdpcap(fileFrom) t_results = {} for p in packages: srcIp = MessageConvert.getClsSrcIp(p) desIp = MessageConvert.getClsDesIp(p) if srcIp == 'null' or desIp == 'null': continue mesKeyFirst = srcIp + desIp mesKeySecond = desIp + srcIp if mesKeyFirst in t_results: t_results[mesKeyFirst].append(p) elif (mesKeySecond in t_results): t_results[mesKeySecond].append(p) else: t_results[mesKeyFirst] = [] t_results[mesKeyFirst].append(p) for key in t_results: t_temp = t_results[key] t_writer = PcapWriter('%s%s.pcap' %(fileTo, key), append=True) #t_writer = PcapWriter('/home/wxw/data/cip_datanew/' + key + '.pcap', append=True) for p in t_results[key]: t_writer.write(p) t_writer.flush() t_writer.close()
class WrpcapSink(Sink): """ Writes :py:class:`Packet` on the low entry to a ``pcap`` file. Ignores all messages on the high entry. .. note:: Due to limitations of the ``pcap`` format, all packets **must** be of the same link type. This class will not mutate packets to conform with the expected link type. .. code:: +----------+ >>-| |->> | | >-|--[pcap] |-> +----------+ :param fname: Filename to write packets to. :type fname: str :param linktype: See :py:attr:`linktype`. :type linktype: None or int .. py:attribute:: linktype Set an explicit link-type (``DLT_``) for packets. This must be an ``int`` or ``None``. This is the same as the :py:func:`wrpcap` ``linktype`` parameter. If ``None`` (the default), the linktype will be auto-detected on the first packet. This field will *not* be updated with the result of this auto-detection. This attribute has no effect after calling :py:meth:`PipeEngine.start`. """ def __init__(self, fname, name=None, linktype=None): # type: (str, Optional[str], Optional[int]) -> None Sink.__init__(self, name=name) self.fname = fname self.f = None # type: Optional[PcapWriter] self.linktype = linktype def start(self): # type: () -> None self.f = PcapWriter(self.fname, linktype=self.linktype) def stop(self): # type: () -> None if self.f: self.f.flush() self.f.close() def push(self, msg): # type: (Packet) -> None if msg and self.f: self.f.write(msg)
def gen_traffic(self, output_filename, dst_ip_addr, dst_mac, src_mac="00:00:00:00:00:01", ip_num=10000, packet_num=500000, payload="Normal Traffic pkts"): print("PAcket Number: %d" % packet_num) if not output_filename.endswith(".pcap"): print("Invalid PCAP filename! Exiting...") return self.pcap_filename = output_filename self.ip_hc_filename = str.join(".", output_filename.split(".")[:-1]) + "_ip_hc.txt" self.ip_fake_ttl_filename = str.join(".", output_filename.split(".")[:-1]) + "_fake_ttl.txt" # show modify request request = "Generating " + output_filename + " with\n" if src_mac is not None: request += " src mac:" + src_mac + "\n" if dst_mac is not None: request += " dst mac:" + dst_mac + "\n" if dst_ip_addr is not None: request += " dst ip addr:" + dst_ip_addr + "\n" print(request + "\n") pcap_writer = PcapWriter(output_filename) src_ips = [] src_hosts_with_ttl = {} for i in range(packet_num): if len(self.src_hosts) < ip_num: # pick a random src ip src_ip = self.__generate_ip() # pick a random hc ttl = self.__generate_rand_ttl() else: src_ip = src_ips[random.randint(0, len(src_ips) - 1)] ttl = src_hosts_with_ttl[src_ip] # calculate ttl according to hc pkt = Ether(src=src_mac, dst=dst_mac)/IP(src=self.__ip_int2str(src_ip), dst=dst_ip_addr, ttl=ttl)/TCP(flags=0x10)/payload pcap_writer.write(pkt) if src_ip not in src_ips: src_ips.append(src_ip) src_hosts_with_ttl[src_ip] = ttl self.src_hosts[src_ip] = self.__ttl2hc(ttl) if i % 10000 == 0: print("%d packets have been produced\n" % i) print(str(len(self.src_hosts)) + " source hosts produced") print("Writing ip,hc dict into " + self.ip_hc_filename + "...") with open(self.ip_hc_filename, "w") as f: json.dump(self.src_hosts, f) f.close() pcap_writer.flush() pcap_writer.close()
def save(p): global filepath global filename if _is_need_change(filepath,filename): filename = _change_filename(filepath,filename) print "modifying filename: {}".format(filename) writer = PcapWriter(filepath+filename,append=True) writer.write(p) writer.flush() writer.close() if _is_need_change(filepath,filename): shutil.move(filepath+filename,toUploadPath+filename)
def modify_traffic(self, output_filename, fake_ttl=False, src_mac=None, dst_mac=None, src_ip_addr=None, dst_ip_addr=None): if fake_ttl is True and len(self.src_hosts_with_fake_ttl) == 0: print("Please extract ip2hc table before modify traffic with fake ttl.") # show modify request request = "Generating " + output_filename + " with\n" if fake_ttl: request += " fake ttl\n" if src_mac is not None: request += " src mac:" + src_mac + "\n" if dst_mac is not None: request += " dst mac:" + dst_mac + "\n" if src_ip_addr is not None: request += " src ip addr:" + src_ip_addr + "\n" if dst_ip_addr is not None: request += " dst ip addr:" + dst_ip_addr + "\n" print(request + "\n") pcap_reader = PcapReader(self.pcap_filename) pcap_writer = PcapWriter(output_filename) counter = 0 while True: pkt = pcap_reader.read_packet() if pkt is None: break if not pkt.haslayer('Ether') or not pkt.haslayer('IP'): continue # ipv4 packets counter += 1 ip_int = self.__ip_str2int(pkt['IP'].src) if fake_ttl: pkt['IP'].ttl = self.src_hosts_with_fake_ttl[ip_int] if src_mac is not None: pkt['Ethernet'].src = src_mac if dst_mac is not None: pkt['Ethernet'].dst = dst_mac if src_ip_addr is not None: pkt['IP'].src = src_ip_addr if dst_ip_addr is not None: pkt['IP'].dst = dst_ip_addr pcap_writer.write(pkt) if counter % 10000 == 0: print("%d packets have been processed\n" % counter) pcap_writer.flush() pcap_writer.close() pcap_reader.close()
class WrpcapSink(Sink): """Packets received on low input are written to PCA file +----------+ >>-| |->> | | >-|--[pcap] |-> +----------+ """ def __init__(self, fname): self.f = PcapWriter(fname) def stop(self): self.f.flush() def push(self, msg): self.f.write(msg)
def scapy_sniff(self): file = open('iface.setting', 'r') iface = file.read() file.close() if iface == 'None': data = sniff(prn=lambda x: x.summary()) #scapy的sniff嗅探 else: data = sniff(iface=iface, prn=lambda x: x.summary()) print("Start analyzing packets...") file = "sniff_data/" + time.strftime('%Y_%m_%d_%H_%M_%S') + ".pcap" writer = PcapWriter(file, append=True) for i in data: writer.write(i) writer.flush() writer.close()
def classify_bysrc(file_name, file_to): packages = scapy.rdpcap(file_name) t_results = {} for p in packages: if (get_srcip(p) + get_dstip(p) in t_results): t_results[get_srcip(p) + get_dstip(p)].append(p) elif (get_dstip(p) + get_srcip(p) in t_results): t_results[get_dstip(p) + get_srcip(p)].append(p) else: t_results[get_srcip(p) + get_dstip(p)] = [] t_results[get_srcip(p) + get_dstip(p)].append(p) for key in t_results: t_temp = t_results[key] t_writer = PcapWriter(file_to + key + '.pcap', append=True) for p in t_results[key]: t_writer.write(p) t_writer.flush() t_writer.close()
def split_pcap(self, filename, rate): package_pr = scapy.PcapReader(filename) package_one = [] i = 1 while (True): package = package_pr.read_packet() if package is None: break package_one.append(package) package_pr.close() length = len(package_one) i = 0 final_len = int(length * length) t_writer = PcapWriter('/home/wxw/data/Ethernetip/' + 'modbus_pure' + '.pcap', append=True) for p in package_one[0:final_len]: t_writer.write(p) t_writer.flush() t_writer.close()
def noise_remove(self, filename, protocolname, t_lo): package_two = FileCapture(filename) package_pr = scapy.PcapReader(filename) package_one = [] i = 1 while (True): package = package_pr.read_packet() if package is None: break package_one.append(package) package_pr.close() package_three = [] length = len(package_one) i = 0 while (i < length): if package_two[i].layers[t_lo].layer_name == protocolname: package_three.append(package_one[i]) i = i + 1 t_writer = PcapWriter('/home/wxw/data/' + 'modbus_pure' + '.pcap', append=True) for p in package_three: t_writer.write(p) t_writer.flush() t_writer.close()
def PCAPwrite(file_name, packets): writer = PcapWriter(file_name, append=True) for p in packets: writer.write(p) writer.flush() writer.close()
def gen_spoofing_attack(self, output_filename, dst_ip_addr, dst_mac, src_mac="00:00:00:00:00:11", syn=True, ack=True, udp=True, packet_num=500000, payload="Spoofing pkts"): if len(self.src_hosts_with_fake_ttl) == 0: print("Please extract ip2hc table before modify traffic with fake ttl.") # convert dict to array src_hosts_array = [] for (src_ip, hc) in self.src_hosts.items(): src_hosts_array.append(src_ip) # show modify request request = "Generating " + output_filename + " including\n" if syn: request += " spoofing SYN packets\n" if ack: request += " spoofing ACK packets\n" if udp: request += " spoofing UDP packets\n" request += "with\n" if src_mac is not None: request += " src mac:" + src_mac + "\n" if dst_mac is not None: request += " dst mac:" + dst_mac + "\n" if dst_ip_addr is not None: request += " dst ip addr:" + dst_ip_addr + "\n" print(request + "\n") pkt_types = [] if syn: pkt_types.append("SYN") if ack: pkt_types.append("ACK") if udp: pkt_types.append("UDP") pcap_writer = PcapWriter(output_filename) for i in range(packet_num): # pick a random packet type pkt_type = pkt_types[random.randint(0, len(pkt_types) - 1)] # pick a random src ip src_host = src_hosts_array[random.randint(0, len(src_hosts_array) - 1)] # pick a random hc rand_ttl = self.__generate_rand_ttl() # calculate ttl according to hc if pkt_type == "SYN": pkt = Ether(src=src_mac, dst=dst_mac)/IP(src=self.__ip_int2str(int(src_host)), dst=dst_ip_addr, ttl=rand_ttl)/TCP(flags=0x02)/payload elif pkt_type == "ACK": pkt = Ether(src=src_mac, dst=dst_mac)/IP(src=self.__ip_int2str(int(src_host)), dst=dst_ip_addr, ttl=rand_ttl)/TCP(flags=0x10)/payload elif pkt_type == "UDP": pkt = Ether(src=src_mac, dst=dst_mac)/IP(src=self.__ip_int2str(int(src_host)), dst=dst_ip_addr, ttl=rand_ttl)/UDP()/payload pcap_writer.write(pkt) if i % 10000 == 0: print("%d packets have been produced\n" % i) pcap_writer.flush() pcap_writer.close()
def write(file_name, packets): writer = PcapWriter(file_name, append = True) for p in packets: writer.write(p) writer.flush() writer.close()
def write_Packets(self, filePath, datas): t_writer = PcapWriter(filePath, append=True) for p in datas: t_writer.write(p) t_writer.flush() t_writer.close()
pcap_name = get_pcap_name(sys.argv[3]) target_pcap = target_path + '/' target_pcap += "%s_by_%s_part_%d.pcap" % (pcap_name, split_type, i + 1) writer = PcapWriter(target_pcap) writer_array.append(writer) # Start to split according to split type if split_type == "mod": split_by_mod(reader) elif split_type == "mod_execution": split_by_mod_without_for_train(reader, train_num, split_num) elif split_type == "random": split_by_random(reader, split_num) elif split_type == "random_execution": split_by_random_without_for_train(reader, train_num, split_num) elif split_type == "ecmp": split_by_ecmp(reader, split_num) elif split_type == "ecmp_execution": split_by_ecmp_without_for_train(reader, train_num, split_num) elif split_type == "host": split_by_host(reader, split_num) elif split_type == "host_execution": split_by_host_without_for_train(reader, train_num, split_num) # Flush and close all parts' writers for i in range(split_num): writer = writer_array[i] writer.flush() writer.close()