class Sniffer(object): def __init__(self, pid=None): self.sessions = {} self.connections = {} self.dbg = PtraceDebugger() self.processes = {} def __del__(self): for pid in dict(self.processes): self.deleteProcess(pid) self.dbg.quit() def tcp_handler(self, tcp): if tcp.nids_state == nids.NIDS_JUST_EST and tcp.addr[1][1] in PORTS: self.connections[tcp.addr] = Connection(self, tcp) elif tcp.nids_state == nids.NIDS_DATA: if tcp.addr not in self.connections: return connection = self.connections[tcp.addr] try: if tcp.client.count_new: connection.handle_data( connection.server, tcp.client.data[:tcp.client.count_new]) if tcp.server.count_new: connection.handle_data( connection.client, tcp.server.data[:tcp.server.count_new]) except Connection.InvalidDataException: del self.connections[tcp.addr] elif tcp.nids_state in (nids.NIDS_CLOSE, nids.NIDS_TIMEOUT, nids.NIDS_RESET): if tcp.addr in self.connections: del self.connections[tcp.addr] def message_handler(self, message): pass def session_handler(self, session): pass def addProcess(self, pid): self.processes[pid] = self.dbg.addProcess(pid, False) self.processes[pid].cont() def deleteProcess(self, pid): self.dbg.deleteProcess(pid) del self.processes[pid]
class Sniffer(object): def __init__(self, pid=None): self.sessions = {} self.connections = {} self.dbg = PtraceDebugger() self.processes = {} def __del__(self): for pid in dict(self.processes): self.deleteProcess(pid) self.dbg.quit() def tcp_handler(self, tcp): if tcp.nids_state == nids.NIDS_JUST_EST and tcp.addr[1][1] in PORTS: self.connections[tcp.addr] = Connection(self, tcp) elif tcp.nids_state == nids.NIDS_DATA: if tcp.addr not in self.connections: return connection = self.connections[tcp.addr] try: if tcp.client.count_new: connection.handle_data(connection.server, tcp.client.data[:tcp.client.count_new]) if tcp.server.count_new: connection.handle_data(connection.client, tcp.server.data[:tcp.server.count_new]) except Connection.InvalidDataException: del self.connections[tcp.addr] elif tcp.nids_state in (nids.NIDS_CLOSE, nids.NIDS_TIMEOUT, nids.NIDS_RESET): if tcp.addr in self.connections: del self.connections[tcp.addr] def message_handler(self, message): pass def session_handler(self, session): pass def addProcess(self, pid): self.processes[pid] = self.dbg.addProcess(pid, False) self.processes[pid].cont() def deleteProcess(self, pid): self.dbg.deleteProcess(pid) del self.processes[pid]