def __decodeLayer4(self, ipProtocolNum, l3Payload):
"""Internal method that parses the specified header and extracts
layer4 related proprieties."""
if ipProtocolNum == Packets.UDP.protocol:
l4Proto = "UDP"
l4Decoder = Decoders.UDPDecoder()
layer4 = l4Decoder.decode(l3Payload)
l4SrcPort = layer4.get_uh_sport()
l4DstPort = layer4.get_uh_dport()
l4Payload = layer4.get_data_as_string()
return (l4Proto, l4SrcPort, l4DstPort, l4Payload)
elif ipProtocolNum == Packets.TCP.protocol:
l4Proto = "TCP"
l4Decoder = Decoders.TCPDecoder()
layer4 = l4Decoder.decode(l3Payload)
l4SrcPort = layer4.get_th_sport()
l4DstPort = layer4.get_th_dport()
l4Payload = layer4.get_data_as_string()
return (l4Proto, l4SrcPort, l4DstPort, l4Payload)
else:
warnMessage = _("Cannot import one of the provided packets since " +
"its layer 4 is unsupported (Only UDP and TCP " +
"are currently supported, packet IP protocol " +
"number = {0})").format(ipProtocolNum)
self._logger.warn(warnMessage)
raise NetzobImportException("PCAP", warnMessage, self.INVALID_LAYER4)
def __decodeLayer2(self, header, payload):
"""Internal method that parses the specified header and extracts
layer2 related proprieties."""
def formatMacAddress(arrayMac):
return ":".join("{0:0>2}".format(hex(b)[2:])
for b in arrayMac.tolist())
if self.datalink == pcapy.DLT_EN10MB:
l2Decoder = Decoders.EthDecoder()
l2Proto = "Ethernet"
layer2 = l2Decoder.decode(payload)
l2SrcAddr = formatMacAddress(layer2.get_ether_shost())
l2DstAddr = formatMacAddress(layer2.get_ether_dhost())
l2Payload = payload[layer2.get_header_size():]
etherType = layer2.get_ether_type()
elif self.datalink == pcapy.DLT_LINUX_SLL:
l2Decoder = Decoders.LinuxSLLDecoder()
l2Proto = "Linux SLL"
layer2 = l2Decoder.decode(payload)
l2SrcAddr = layer2.get_addr()
l2DstAddr = None
l2Payload = payload[layer2.get_header_size():]
etherType = layer2.get_ether_type()
elif self.datalink == PCAPImporter.PROTOCOL201:
l2Proto = "Protocol 201"
hdr = payload.encode('hex')[0:8]
if hdr[6:] == "01":
l2SrcAddr = "Received"
else:
l2SrcAddr = "Sent"
l2DstAddr = None
l2Payload = payload[8:]
etherType = payload[4:6]
return (l2Proto, l2SrcAddr, l2DstAddr, l2Payload, etherType)
def __decodeLayer3(self, etherType, l2Payload):
"""Internal method that parses the specified header and extracts
layer3 related proprieties."""
if etherType == Packets.IP.ethertype:
l3Proto = "IP"
l3Decoder = Decoders.IPDecoder()
layer3 = l3Decoder.decode(l2Payload)
paddingSize = len(l2Payload) - layer3.get_ip_len()
l3SrcAddr = layer3.get_ip_src()
l3DstAddr = layer3.get_ip_dst()
l3Payload = l2Payload[layer3.get_header_size():]
if paddingSize > 0 and len(l3Payload) > paddingSize:
l3Payload = l3Payload[:len(l3Payload) - paddingSize]
ipProtocolNum = layer3.get_ip_p()
return (l3Proto, l3SrcAddr, l3DstAddr, l3Payload, ipProtocolNum)
else:
warnMessage = _("Cannot import one of the provided packets since "
+ "its layer 3 is unsupported (Only IP is " +
"currently supported, packet ethernet " +
"type = {0})").format(etherType)
self._logger.warn(warnMessage)
raise NetzobImportException("PCAP", warnMessage,
self.INVALID_LAYER3)
def getMessageDetails(message):
"""Decode a raw network message and print the content of each
encapsulated layer.
:param filePathList: the messages to cluster.
:type filePathList: a list of :class:`str`
:param bpfFilter: a string representing a BPF filter.
:type bpfFilter: :class:`str`
:param importLayer: an integer representing the protocol layer to start importing.
:type importLayer: :class:`int`
"""
decoder = Decoders.EthDecoder()
return decoder.decode(
TypeConverter.convert(message.data, HexaString, Raw))