예제 #1
0
def pylibpcap_sniff():
    """
    Capture Packet

    :param iface: Iface
    :param count: Capture packet num, default ``-1``
    :param promisc: Promiscuous mode, default ``0``
    :param snaplen: Cut packet lenght, default ``65535``
    :param filters: BPF filter rules, default ``""``
    :param out_file: Output pcap file, default ``""``
    """

    parser = argparse.ArgumentParser(description="Sniff")
    parser.add_argument("-i", "--iface", type=str, help="Iface", required=True)
    parser.add_argument("-c",
                        "--count",
                        type=int,
                        default=-1,
                        help="Capture packet num")
    parser.add_argument("-m",
                        "--promisc",
                        type=int,
                        default=0,
                        help="Promiscuous mode")
    parser.add_argument("filter", nargs="*", type=str, help="BPF filter rules")
    parser.add_argument("-o", "--output", type=str, help="Output pcap file")
    parser.add_argument("-v",
                        "--view",
                        action="store_true",
                        help="Show Packet Info")
    parser.add_argument("-p",
                        "--view-payload",
                        action="store_true",
                        help="Show Payload")
    args = parser.parse_args()

    print("[+]:", args)

    num = 0

    try:
        for plen, t, buf in sniff(iface=args.iface,
                                  count=args.count,
                                  promisc=args.promisc,
                                  filters=" ".join(args.filter),
                                  out_file=args.output):
            num += 1

            if args.view and plen:
                print(num, Packet(buf, plen).to_string(args.view_payload))
                # print("[+]: Payload len=", plen)
                # print("[+]: Time", t)
                # print("[+]: Payload", buf)
    except KeyboardInterrupt:
        pass

    print("\nPacket Count:", num)
예제 #2
0
from pylibpcap.pcap import sniff
from pylibpcap import get_iface_list

using_iface = get_iface_list()[0]

for plen, t, buf in sniff(using_iface, filters='ip src naver.com', count=10):
	print("[+]: Payload len=", plen)
	print("[+]: Time", t)
	print("[+]: Payload", buf)



예제 #3
0
# -*- coding: utf-8 -*-
# @Author: JanKinCai
# @Date:   2019-09-04 14:35:32
# @Last Modified by:   JanKinCai
# @Last Modified time: 2019-11-12 09:18:03
from pylibpcap.pcap import sniff

for plen, t, buf in sniff("enp2s0",
                          count=3,
                          promisc=1,
                          filters="port 53",
                          out_file="pcap.pcap"):
    print("[+]: Payload len=", plen)
    print("[+]: Time", t)
    print("[+]: Payload", buf)
예제 #4
0
def main():
    global IP_DST,IP_SRC,PORT_SRC,PORT_DST,sampling_rate,buffer_count, current_iface
    if os.getuid() != 0:
        print "You need to be root to run this, sorry."
        exit()
    ifaces_in_device=psutil.net_if_addrs().keys()
    parser = argparse.ArgumentParser(description='Netflow generator for laptops')
    parser.add_argument('-i', '--interface', dest='int',
                        help='Monitored interface')
    parser.add_argument('-s', '--source', dest='src_ip',
                        help='Source IP address. Used to send packets to collector')
    parser.add_argument('-sp', '--sport', dest='src_port',
                        help='Source port. Used to send packets to collector. Default 5000')
    parser.add_argument('-d', '--destination', dest='dst_ip',
                        help='Destination IP address. Used to send packets to collector')
    parser.add_argument('-dp', '--dport', dest='dst_port',
                        help='Destination port. Used to send packets to collector. Default 2055')
    parser.add_argument('-r', '--rate', dest='sampling_rate',
                        help='Sampling 1 out of r packets. Default 5')
    parser.add_argument('-b', '--buffer', dest='buffer_count',
                        help='Number of packets stored in buffer before sending them. Default 10')

    args = parser.parse_args()

    if not args.src_ip:
        print "Source IP Address not provided....trying to get interface IP Address"
    else:
        IP_SRC=args.src_ip
    if not args.dst_ip:
        print "Destination IP Address is mandatory. Aborting..."
        exit()
    else:
        IP_DST=args.dst_ip
    if not args.int:
        print "Monitored interface is mandatory. Aborting..."
        exit()
    else:
        if args.int not in ifaces_in_device:
            print "Wrong interface name. Please select an interface available on your system:"
            for items in ifaces_in_device:
                print items
            exit()
        current_iface=psutil.net_if_addrs()[args.int]
        IP_INT=args.int
    if not args.src_port:
        PORT_SRC=int(5000)
    else:
        PORT_SRC=int(args.src_port)
    if not args.dst_port:
        PORT_DST=int(2055)
    else:
        PORT_DST=int(args.dst_port)

    if args.dst_port:
        PORT_DST = int(args.dst_port)
    else:
        PORT_DST = int(2055)

    if not args.sampling_rate:
        sampling_rate=5
    else:
        sampling_rate=int(args.sampling_rate)

    if not args.buffer_count:
        buffer_count=int(10)
    else:
        buffer_count=int(args.buffer_count)
    print "Capturing packets on interface ",IP_INT
    try:
        for plen, t, buf in sniff(IP_INT, filters="ip and (udp or tcp)", count=-1, promisc=1):
            process(buf)
    except KeyboardInterrupt:
        print 'Service interrupted.'
        print 'Total packets captured: ',total_packets_captured
        print 'Total Flow packets sent to collector: ',total_flow_packets_sent
예제 #5
0
    src_udp_port = list()
    dst_udp_port = list()
    udp_len = list()
    udp_checksum = list()

    for dst_i in udp_header[2:4]:
        dst_udp_port.append(dst_i.hex())
    for src_i in udp_header[0:2]:
        src_udp_port.append(src_i.hex())
    for type_i in udp_header[4:6]:
        udp_len.append(type_i.hex())
    for type_i in udp_header[6:]:
        udp_checksum.append(type_i.hex())

    dst_udp_port = "".join(dst_udp_port)
    src_udp_port = "".join(src_udp_port)
    udp_len = "".join(udp_len)
    udp_checksum = "".join(udp_checksum)

    print("###### [UDP_Header] ######")
    print("Source Port:", int(src_udp_port, 16))
    print("Destination Port:", int(dst_udp_port, 16))
    print("Length:", int(udp_len, 16))
    print("Checksum:", "0x" + udp_checksum)


if __name__ == '__main__':
    for plen, t, buf in sniff(using_iface, count=3):
        split_header(buf)
        print("==================================")
예제 #6
0
def main():
    config = configparser.ConfigParser()
    config.read(CONFIG_PATH)

    WITH_UDP_TEST = False
    if len(sys.argv) > 1:
        if sys.argv[1] == '--udp':
            WITH_UDP_TEST = True
    print('WITH_UDP_TEST =', WITH_UDP_TEST)

    # Check if this program was started as root.
    # If yes: will attempt to add arp table entry
    if os.geteuid() != 0:
        print('You are not root. Program will not work, exiting...')
        exit(1)
    else:
        pass
        # set_arp_entry(config['address']['proxy_out_ip'], config['address']['proxy_out_mac_address'])

    TARGET_IP = config['address']['proxy_out_ip']
    SELF_IP = config['address']['self_ip_address']
    RECEIVE_PORT = config['address']['port_number']
    SEND_PORT = PORT

    # Create lookup table
    TABLE = create_lookup_table(config)
    # Create sending socket
    sock_send = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

    # Starting the main server loop:
    try:
        # sniff() returns a generator object, this can be iterated like a loop
        # TODO: local ethernet interface cannot be hardcoded!
        for plen, t, data in sniff("enp3s0",
                                   filters="port 60000",
                                   count=10,
                                   promisc=1,
                                   out_file="pcap.pcap"):
            # print('len type:', type(plen))
            # print('time type:', type(t))
            # print('data (payload) type:', type(data))
            print("[+]: Payload len=", plen)
            print("[+]: Time", t)
            print("[+]: Payload:", '0x ' + data.hex(), end='\n\n')

            # Add code to extract APDU here
            print('APDU extraction:')
            apdu = extract_apdu(data, WITH_UDP_TEST)

            if WITH_UDP_TEST:
                # convert apdu to list of integers
                data_received = str(apdu)
                print('Length of data received:', len(data_received))
                print('data received:', data_received, end='\n\n\n')
                continue
            # forward data into diode
            if valid(apdu, TABLE):
                print('Apdu valid, re-transmitting...')
                sock_send.sendto(apdu, (TARGET_IP, int(SEND_PORT)))

    finally:
        print("closing sockets, do not interrupt ...")
        # sock_recv.close()
        sock_send.close()
        print("finished ...")