def parse_pcap_file(filename, net_mask, time): try: p = open_offline(filename) except PcapPyException as e: print(e.message) sys.exit(1) p.filter = 'icmp' request_packets = dict() print("Parsing " + filename) stats = {'icmp_count': 0, 'suspect': 0} try: while(True): packet = p.next_ex() if packet is None: print("Done parsing the file!") break got_icmp_packet(stats, packet[0], packet[1], net_mask, request_packets, time) except KeyboardInterrupt: print("File parsing canceled by user") except PcapPyException as e: print(e.message) print("Found " + str(stats['icmp_count']) + " ICMP packets") print("Found " + str(stats['suspect']) + " suspicious ICMP packets")
def live_capture(interface="", net_mask=24, time=100): SNAP_LEN = 65536 #Maximum size of a packet request_packets = dict() if interface == "": print("Looking for a default interface...") try: interface = lookupdev() except PcapPyException as e: print("Unable to find default network interface. Aborting!") sys.exit(1) print("Performing capture on: " + interface) #We need network capabilities or root permission to sniff packets, unfortunately #if we dont have them the libpcap library generates a segmentation fault and #I cant think of a way to detect it and warn the user (except checking the euid for root) try: p = open_live(interface, SNAP_LEN, 1, 0) except PcapPyException as e: print(e.message) sys.exit(1) p.filter = 'icmp' stats = {'icmp_count': 0, 'suspect': 0} try: while(True): (header, packet) = p.next_ex() got_icmp_packet(stats, header, packet, net_mask, request_packets, time) except KeyboardInterrupt: #FIXME This is only caught when control is handed back to the python code from the pcap library print("Capture canceled by user") except PcapPyException as e: print(e.message) print("Captured " + str(stats['icmp_count']) + " ICMP packets") print("Captured " + str(stats['suspect']) + " suspicious ICMP packets")