def printInfo(eth):
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn,
tcp.flag_fin))
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
def tcp():
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
interfaceSelection = input("Please enter the interface to sniff-> ")
conn.bind((interfaceSelection, 0))
n = 0
print('[TCP]')
numberInput = input("Please enter numbers of packet to scan: ")
number = int(numberInput)
while True:
while n < number:
raw_data, addr = conn.recvfrom(65535)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
#IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 +
'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
#TCP Segments
if ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
n += 1
sys.exit()
def main():
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
eth = Ethernet(raw_data)
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 9010 or tcp.dest_port == 9010:
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
if 'Authorization' in line:
#print(str(line))
try:
p = re.compile(
'Authorization: Basic (([A-Za-z0-9@#$%^&+=]+)):'
)
if p.match(line):
username = p.match(line).group(1)
if (username == default_u):
logdefaultcred(
ipv4.src, username)
trackLogin(ipv4.src, username)
except Exception as ex:
print("Regex exception")
print(ex)
except:
print("HTTP exception")
else:
print('\t\tTCP Data:')
print(format_multi_line(TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
# Other IPv4
else:
pass
else:
pass
pcap.close()
def packet_sniffer():
connection = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
socket.ntohs(3))
while True:
data, addr = connection.recvfrom(65535)
ethernet_frame = EthernetFrame(data)
print(ethernet_frame)
#IPv4
if ethernet_frame.protocal == 8:
ipv4 = IPv4(ethernet_frame.data)
print(ipv4)
#ICMP
if ipv4.protocal == 1:
icmp = ICMP(ipv4.data)
print(icmp)
#TCP
elif ipv4.protocal == 6:
tcp = TCP(ipv4.data)
print(tcp)
if len(tcp.data) > 0:
#HTTP
if tcp.sourcePort == 80 or tcp.destinationPort == 80:
print(Tab[1] + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DataTab[2] + line)
except:
print(format_multi_line(DataTab[2], tcp.data))
else:
print(Tab[1] + 'TCP Data:')
print(format_multi_line(DataTab[2], tcp.data))
#UDP
elif ipv4.protocal == 17:
udp = UDP(ipv4.data)
print(udp)
#other IPv4 protocals
else:
print(Tab[0] + 'Other IPv4 Data:')
print(format_multi_line(DataTab[0], ipv4.data))
else:
print('Ethernet Data:')
print(format_multi_line(DataTab[0], ethernet_frame.data))
def main():
pcap = Pcap("capture.pcap")
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print("\nEthernet Frame:")
print(
f"{TAB_1}Destination: {eth.dest_mac}, Source: {eth.src_mac}, Protocol: {eth.proto}"
)
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + "IPv4 Packet:")
print(TAB_2 + "Version: {}, Header Length: {}, TTL: {},".format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + "Protocol: {}, Source: {}, Target: {}".format(
ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + "ICMP Packet:")
print(TAB_2 + "Type: {}, Code: {}, Checksum: {},".format(
icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + "ICMP Data:")
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + "TCP Segment:")
print(TAB_2 + "Source Port: {}, Destination Port: {}".format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + "Sequence: {}, Acknowledgment: {}".format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + "Flags:")
print(TAB_3 + "URG: {}, ACK: {}, PSH: {}".format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + "RST: {}, SYN: {}, FIN:{}".format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + "HTTP Data:")
try:
http = HTTP(tcp.data)
http_info = str(http.data).split("\n")
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + "TCP Data:")
print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + "UDP Segment:")
print(TAB_2 +
"Source Port: {}, Destination Port: {}, Length: {}".
format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + "Other IPv4 Data:")
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print("Ethernet Data:")
print(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
def main(packetSize=1000):
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
count = 0
while packetSize > count:
count += 1
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(
icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
pcap.close()
def main():
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
info =""
Data=""
# if StartCapture==1:
Tstart=int(round(time.time() * 1000))
#StartCapture=0
while True:
raw_data, addr = conn.recvfrom(65535)
l=[]
l.append(Tstart-int(round(time.time() * 1000)))
pcap.write(raw_data)
eth = Ethernet(raw_data)
#print('\nEthernet Frame:')
Data+="\nEthernet Frame:"+TAB_1 + "Destination:"+str(eth.dest_mac)+"Source: "+str(eth.src_mac)+"Protocol: "+str(eth.proto)
#print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
Data += TAB_2 + 'Protocol: ' + str(ipv4.proto) + ' Source:' + str(ipv4.src) + 'Target:' + str(ipv4.target)
# print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
l.append(ipv4.src)
l.append(ipv4.target)
# print(TAB_1 + 'IPv4 Packet:')
# print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
Data+=TAB_1 + 'IPv4 Packet:'+TAB_2 + 'Version:'+str(ipv4.version)+'Header Length:'+ str(ipv4.header_length)+'TTL:'+str(ipv4.ttl)
l.append(ipv4.header_length)
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
l.append('ICMP')
# print(TAB_1 + 'ICMP Packet:')
# print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
# print(TAB_2 + 'ICMP Data:')
# print(format_multi_line(DATA_TAB_3, icmp.data))
Data+=TAB_1 + 'ICMP Packet:'+TAB_2 + 'Type: '+str(icmp.type)+"Code:"+str(icmp.code)+"Checksum:"+str( icmp.checksum)+TAB_2 + 'ICMP Data:'+str(format_multi_line(DATA_TAB_3, icmp.data))
l.append(icmp.data)
l.append(" ")
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
#print(TAB_1 + 'TCP Segment:')
l.append('TCP')
#print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
info+=str(tcp.src_port)+"->"+str(tcp.dest_port)+"ACK="+str(tcp.flag_ack)+"len ="+str(len(tcp.data))
#print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
#print(TAB_2 + 'Flags:')
#print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
#print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
Data+=TAB_1 + 'TCP Segment:'+TAB_2 + 'Source Port:'+str(tcp.src_port)+"Destination Port:"+str( tcp.dest_port)+TAB_2 + 'Sequence:'+str(tcp.sequence)+" Acknowledgment:"+str(tcp.acknowledgment)
Data+=TAB_2 + 'Flags:'+TAB_3 + 'URG:'+str(tcp.flag_urg)+'ACK'+str(tcp.flag_ack)+'PSH'+str(tcp.flag_psh)+TAB_3 + 'RST:'+str(tcp.flag_rst)+'SYN'+str(tcp.flag_syn)+'FIN'+str(tcp.flag_fin)
l.append(tcp.data)
l.append(info)
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
Data+=TAB_2 + 'HTTP Data:'
# print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
Data+=DATA_TAB_3 + str(line)
# print(DATA_TAB_3 + str(line))
except:
# print(format_multi_line(DATA_TAB_3, tcp.data))
Data+=format_multi_line(DATA_TAB_3, tcp.data)
else:
# print(TAB_2 + 'TCP Data:')
# print(format_multi_line(DATA_TAB_3, tcp.data))
Data+=TAB_2 + 'TCP Data:'+format_multi_line(DATA_TAB_3, tcp.data)
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
l.append('UDB')
#print(TAB_1 + 'UDP Segment:')
#print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
Data+=TAB_1 + 'UDP Segment:'+TAB_2 + 'Source Port:'+str(udp.src_port)+'Destination Port:'+str( udp.dest_port)+'Length'+str(udp.size)
info += str(udp.src_port) + "->" +str (udp.dest_port) + "len =" + str(udp.size) # + "ACK=" + str(udp.flag_ack)
l.append(0)
l.append(info)
# Other IPv4
else:
#print(TAB_1 + 'Other IPv4 Data:')
l.append('other')
l.append(0)
l.append('other')
#print(format_multi_line(DATA_TAB_2, ipv4.data))
Data+=TAB_1 + 'Other IPv4 Data:'+format_multi_line(DATA_TAB_2, ipv4.data)
else:
#print('Ethernet Data:')
#print(format_multi_line(DATA_TAB_1, eth.data))
l.append(" ")#src
l.append(" ")#target
l.append(" ")#Hlength
l.append(" ")#protocol
Data+='Ethernet Data:'+format_multi_line(DATA_TAB_1, eth.data)
l.append(format_multi_line(DATA_TAB_1, eth.data))#hex
l.append(" ") # info
l.append(Data)
temp=l[3]
l[3]=l[4]
l[4]=temp
temp2=l[5]
l[5]=l[6]
l[6]=l[7]
l[7]=temp2
print (*l ,sep=',')
info=""
Data=""
pcap.close()
def checkSniffer(eth, _listFrameEth):
_WarningEth = 0
listblackip1 = blackIP()
listblackip = listblackip1.readIP()
if eth.proto == 8:
ipv4 = IPv4(eth.data)
ipsource = ipv4.src
ipdesti = ipv4.target
proto = ipv4.proto
_tcpsrc_port = 0
_tcpdest_port = 0
_tcplendata = 0
if ipv4.proto != 6:
flagfin = 0
flagsyn = 0
flagrst = 0
flagpsh = 0
flagack = 0
flagurg = 0
else:
tcp = TCP(ipv4.data)
flagfin = int(tcp.flag_fin)
flagsyn = int(tcp.flag_syn)
flagrst = int(tcp.flag_rst)
flagpsh = int(tcp.flag_psh)
flagack = int(tcp.flag_ack)
flagurg = int(tcp.flag_urg)
_tcpsrc_port = tcp.src_port
_tcpdest_port = tcp.dest_port
_tcpldata = tcp.data
if (ipv4.proto == 6 and _tcpsrc_port == 80 or _tcpdest_port == 80):
_WarningEth = checkSqlInjection(HTTP(tcp.data)).check
elif ipsource == ipdesti:
_WarningEth = checkLandAttack(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn, flagrst, flagpsh, flagack, flagurg).check
elif (proto == 1):
icmp = ICMP(ipv4.data)
_lenicmp = len(icmp.data)
_WarningEth = checkpingofDead(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn, flagrst, flagpsh, flagack, flagurg, _lenicmp).check
elif(_WarningEth == 0 and proto == 6):
if (flagfin == 1
and flagurg == 1
and flagpsh == 1
and proto == 6):
_WarningEth = checkXmasScan(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn ,flagrst ,flagpsh, flagack, flagurg).check
elif(flagfin == 1
and proto == 6):
_WarningEth = checkFINScan(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn ,flagrst ,flagpsh, flagack, flagurg).check
elif(flagfin == 0
and flagsyn == 0
and flagrst == 0
and flagpsh == 0
and flagack == 0
and flagurg == 0
and proto == 6):
_WarningEth = checkNULLScan(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn ,flagrst ,flagpsh, flagack, flagurg).check
elif(ipv4.proto ==17 and len(UDP(ipv4.data).data) == 0):
_WarningEth = checkUDPscan(_listFrameEth, ipsource, ipdesti, proto, flagfin, flagsyn ,flagrst ,flagpsh, flagack, flagurg).check
RefeshlistFrame(_listFrameEth, ipsource, ipdesti, proto,flagfin, flagsyn ,flagrst ,flagpsh ,flagack ,flagurg)
AddtoFrame(_listFrameEth, ipsource, ipdesti, 1, proto, flagfin, flagsyn ,flagrst ,flagpsh ,flagack ,flagurg)
if(_WarningEth != 0):
inBlackIP = 0
for x in range(0,len(listblackip)):
if ipsource + '\n' == listblackip[x]:
inBlackIP = 1
if (inBlackIP == 0):
Ip = blackIP()
Ip.appendIP(ipsource+'\n')
elif(len(listblackip) > 0 and _WarningEth == 0):
for x in range(0,len(listblackip)):
if ipsource + '\n' == listblackip[x]:
_WarningEth = 99
if ipdesti + '\n' == listblackip[x]:
_WarningEth = 98
#printFrame(_listFrameEth)
return _WarningEth
def start(self):
pcap = Pcap('capture.pcap')
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
for i in range(0, 70):
x=time.clock()
raw_data, addr = conn.recvfrom(65535)
pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
mydialog.print_to_tabl(self, i, 0, str(i+1))
mydialog.print_to_tabl(self, i, 1, str(x))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
mydialog.print_to_tabl(self, i, 2, ipv4.src)
mydialog.print_to_tabl(self, i, 3, ipv4.target)
mydialog.print_to_tabl(self, i, 5,str(ipv4.header_length))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
mydialog.print_to_tabl(self,i, 4, "ICMP")
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
mydialog.print_to_tabl(self,i, 4, "tcp")
mydialog.print_to_tabl(self, i, 6,'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment) )
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port,
udp.size))
mydialog.print_to_tabl(self,i, 4, "UDP")
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(self,DATA_TAB_2, ipv4.data))
mydialog.print_to_tabl(self, i, 4, "ICMP")
# else:
#print('Ethernet Data:')
#print(format_multi_line(DATA_TAB_1, eth.data))
#mydialog.print_to_tabl(self, i, 6, str(eth.data))
# if pushButton_2.clicked :
# break
pcap.close()
def main():
report = Report()
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
#check if date passes
if report.current_date != date.today().strftime("%d_%m_%Y"):
#create new report
report = Report()
print ("New Date")
raw_data, addr = conn.recvfrom(65535)
#pcap.write(raw_data)
eth = Ethernet(raw_data)
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto))
# IPv4
if eth.proto == 8:
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
icmp = ICMP(ipv4.data)
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
tcp = TCP(ipv4.data)
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
if len(tcp.data) > 0:
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80 or tcp.dest_port == 443 or tcp.src_port == 443 :
print(TAB_2 + 'HTTP Data:')
try:
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
# add line to report
report.add_row(ipv4.src,ipv4.target)
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
# UDP
elif ipv4.proto == 17:
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size))
# Other IPv4
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
def main():
#pcap is used to live capture network traffic
pcap = Pcap('capture.pcap')
#Creates a socket using
#Check that its compatible and make sure its in little or big indian
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
#Keeps looping and capturing data
while True:
#buffer size is set to 65535
raw_data, addr = conn.recvfrom(65535)
#storing the data
#capturing it
pcap.write(raw_data)
eth = Ethernet(raw_data)
#{} place order for each variable
print('\nEthernet Frame:')
print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(
eth.dest_mac, eth.src_mac, eth.proto))
#Unpacking IP Headers
# IPv4
#Make sure using regular internet traffic
#which is IPv4
if eth.proto == 8:
#calling class ip4
#passing capture data into class
#analysing and using its methods
ipv4 = IPv4(eth.data)
print(TAB_1 + 'IPv4 Packet:')
print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(
ipv4.version, ipv4.header_length, ipv4.ttl))
print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(
ipv4.proto, ipv4.src, ipv4.target))
# ICMP
if ipv4.proto == 1:
#after analysing the capture data
#ipv4 determines which type of protocol the prackage is from
#1 for ICMP
ipv4 = IPv4(eth.data)
icmp = ICMP(ipv4.data)
#analyses using icmp class
print(TAB_1 + 'ICMP Packet:')
print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(
icmp.type, icmp.code, icmp.checksum))
print(TAB_2 + 'ICMP Data:')
print(format_multi_line(DATA_TAB_3, icmp.data))
# TCP
elif ipv4.proto == 6:
#after analysing the capture data
#ipv4 determines which type of protocol the prackage is from
#6 for ICMP
tcp = TCP(ipv4.data)
#analyses using icmp class
print(TAB_1 + 'TCP Segment:')
print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(
tcp.src_port, tcp.dest_port))
print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(
tcp.sequence, tcp.acknowledgment))
print(TAB_2 + 'Flags:')
print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(
tcp.flag_urg, tcp.flag_ack, tcp.flag_psh))
print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(
tcp.flag_rst, tcp.flag_syn, tcp.flag_fin))
#at least some thing is capture
if len(tcp.data) > 0:
#protocol port for HTTP is 80
# HTTP
if tcp.src_port == 80 or tcp.dest_port == 80:
print(TAB_2 + 'HTTP Data:')
try:
#analyses using icmp class
http = HTTP(tcp.data)
http_info = str(http.data).split('\n')
for line in http_info:
print(DATA_TAB_3 + str(line))
except:
print(format_multi_line(DATA_TAB_3, tcp.data))
else:
print(TAB_2 + 'TCP Data:')
print(format_multi_line(DATA_TAB_3, tcp.data))
#analyses using UDP class
# UDP
#17 for UDP
elif ipv4.proto == 17:
#analyses using UDP class
udp = UDP(ipv4.data)
print(TAB_1 + 'UDP Segment:')
print(TAB_2 +
'Source Port: {}, Destination Port: {}, Length: {}'.
format(udp.src_port, udp.dest_port, udp.size))
# Other
else:
print(TAB_1 + 'Other IPv4 Data:')
print(format_multi_line(DATA_TAB_2, ipv4.data))
else:
#this remaining is the payload of data
#data that meaningless or which we cant yet interpret
print('Ethernet Data:')
print(format_multi_line(DATA_TAB_1, eth.data))
#closing the library after use
pcap.close()
