def arp_cb(pargs): """ARP DoS, eg for switches""" #logger.debug("%s %s %s %s", pargs.mac_src, pargs.mac_dst, pargs.ip_src, pargs.ip_dst) pkt_arp_req = ethernet.Ethernet(dst=b"\xFF" * 6, src_s=pargs.mac_src, type=ethernet.ETH_TYPE_ARP) +\ arp.ARP(sha_s=pargs.mac_src, spa_s=pargs.ip_src, tha=b"\xFF" * 6, tpa_s=pargs.ip_dst, op=arp.ARP_OP_REQUEST) pkt_arp_resp = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src, type=ethernet.ETH_TYPE_ARP) + \ arp.ARP(sha_s=pargs.mac_src, spa_s=pargs.ip_src, tha_s=pargs.mac_dst, tpa_s=pargs.ip_dst, op=arp.ARP_OP_REPLY) psock = psocket.SocketHndl(iface_name=pargs.iface_name) for cnt in range(pargs.count): # request from various sources mac = pypacker.get_rnd_mac() pkt_arp_req.src = mac pkt_arp_req.arp.sha = mac pkt_arp_req.arp.spa = pypacker.get_rnd_ipv4() psock.send(pkt_arp_req.bin()) # response from various sources mac = pypacker.get_rnd_mac() pkt_arp_resp.src = mac pkt_arp_resp.arp.sha = mac pkt_arp_resp.arp.spa = pypacker.get_rnd_ipv4() psock.send(pkt_arp_resp.bin()) psock.close()
def test_icmp_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]): src_mac = "00:00:00:12:34:ff" dst_mac = "00:00:00:ff:00:1e" src_ip = "21.53.78.255" dst_ip = "10.0.0.255" icmp_echo_type = 8 bpf_filter = "ip" display_filter = "icmp" expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "ip.src": src_ip, "ip.dst": dst_ip, "icmp.type": icmp_echo_type, } packet = ( ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac) + ip.IP(src_s=src_ip, dst_s=dst_ip, p=ip.IP_PROTO_ICMP) + icmp.ICMP(type=icmp_echo_type) + icmp.ICMP.Echo() ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=None, expected_passed=True, expected_output=expected_output, )
def tcp_packet(tcp_payload) -> bytes: packet = ( ethernet.Ethernet(src_s="00:00:00:12:34:ff", dst_s="00:00:00:ff:00:1e") + ip.IP(src_s="10.0.0.255", dst_s="21.53.78.255") + tcp.TCP( sport=16424, dport=41799, flags=tcp.TH_ACK, body_bytes=tcp_payload)) return packet.bin()
def test_tcp_packet_filter_and_parse_with_field_template_with_non_existing_field_first( marine_or_marine_pool: Union[Marine, MarinePool] ): src_mac = "00:00:00:12:34:ff" dst_mac = "00:00:00:ff:00:1e" src_ip = "21.53.78.255" dst_ip = "10.0.0.255" src_port = 16424 dst_port = 41799 bpf_filter = "ip" display_filter = "tcp" field_templates = {"macro.ip.src": ["ipv6.src", "ip.src"]} expected_output = { "macro.ip.src": src_ip, } packet = ( ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac) + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP(sport=src_port, dport=dst_port) ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=field_templates, expected_passed=True, expected_output=expected_output, )
def test_filter_and_parse_without_filters( marine_or_marine_pool: Union[Marine, MarinePool] ): src_mac = "00:00:00:12:34:ff" dst_mac = "00:00:00:ff:00:1e" src_ip = "21.53.78.255" dst_ip = "10.0.0.255" src_port = 16424 dst_port = 41799 expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "ip.src": src_ip, "ip.dst": dst_ip, "tcp.srcport": src_port, "tcp.dstport": dst_port, } packet = ( ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac) + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP(sport=src_port, dport=dst_port) ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=None, display_filter=None, field_templates=None, expected_passed=True, expected_output=expected_output, )
def test_arp_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]): src_mac = "00:00:00:12:34:ff" broadcast_mac = "ff:ff:ff:ff:ff:ff" src_ip = "21.53.78.255" target_ip = "10.0.0.255" bpf_filter = "arp" display_filter = "arp" expected_output = { "eth.src": src_mac, "eth.dst": broadcast_mac, "arp.src.hw_mac": src_mac, "arp.src.proto_ipv4": src_ip, "arp.dst.hw_mac": broadcast_mac, "arp.dst.proto_ipv4": target_ip, } packet = ethernet.Ethernet(src_s=src_mac, dst_s=broadcast_mac) + arp.ARP( sha_s=src_mac, spa_s=src_ip, tha_s=broadcast_mac, tpa_s=target_ip ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=None, expected_passed=True, expected_output=expected_output, )
def pcap_to_object(pcap_file, obj_file): """Create a Python serialized graph object. Read the pcap file given in parameter, extracts source and destination IP and write a serialized graph object. """ dic_ip = ip_dict() reader = ppcap.Reader(filename=pcap_file) if options.verbose: print("Reading pcap file...") for ts, buf in reader: eth = ethernet.Ethernet(buf) if eth[ip.IP] is not None: # print("%d: %s:%s -> %s:%s" % (ts, eth[ip.IP].src_s, # eth[tcp.TCP].sport, eth[ip.IP].dst_s, # eth[tcp.TCP].dport)) dic_ip[eth[ip.IP].src_s][eth[ip.IP].dst_s] += 1 if options.verbose: print("Serialization...") dic_obj = open(obj_file, "wb") pickle.dump(dic_ip, dic_obj) dic_obj.close()
def buildtcp(): # Ethernet header eth = ethernet.Ethernet() eth.src = b"\x00\x0c\x29\xdf\xe3\xc0" eth.dst = b"\x00\x0c\x29\x29\x85\xd2" eth.type = ethernet.ETH_TYPE_IP # IP header ipp = ip.IP() ipp.src = socket.inet_aton("172.16.13.165") ipp.dst = socket.inet_aton("172.16.13.162") ipp.p = ip.IP_PROTO_TCP # TCP header tcpp = tcp.TCP() tcpp.sport = 60001 tcpp.dport = 80 tcpp.flags = tcp.TH_SYN ipp.data = tcpp ipp.len = len(str(ip)) ipp.id = 1 tcpp._TCP__calc_sum() ipp._IP__calc_sum() eth.data = ipp # open sockets using the socket handler #sock_l2 = SocketHndl(iface_name="eth1", mode=SocketHndl.MODE_LAYER_2) # send raw bytes #sock_l2.send(eth.bin()) #print(eth.bin()) return eth.bin()
def extract(filename, cnt=1000): bts_l = get_pcap(filename, cnt) pkts = [ethernet.Ethernet(bts) for bts in bts_l] pkts_tcp = [pkt.upper_layer.upper_layer for pkt in pkts] print("tcp packets: {}".format(len(pkts_tcp))) # mmartin: Works, just noisy #for pkt in pkts_tcp: # print("%d %d <-> %d %d" % (pkt.sport, pkt.seq, pkt.dport, pkt.ack)) # mmartin: When the 0th packet is chosen, this returns the first few HTTP exchanges. This is the same as one of the files output by tcpflow. tcp_start = pkts_tcp[0] # mmartin: This returns the Javascript segments w/ some errors #tcp_start = pkts_tcp[20] tcp_start.ra_collect(pkts_tcp) segments_cnt = len(tcp_start.ra_segments) segments_ra = tcp_start.ra_bin() print('segment count:\n\n{}'.format(segments_cnt)) print('number of packets:\n\n{}'.format(len(pkts_tcp))) print('ra_segments:\n\n{}'.format(tcp_start.ra_segments)) print('segments_ra:\n\n{}'.format(segments_ra.decode('ISO-8859-1'))) return segments_ra
def main(): #override some warning settings in pypacker. May need to change this to .CRITICAL in the future, but for now we're trying .ERROR #without this when parsing http for example we get "WARNINGS" when packets aren't quite right in the header. logger = pypacker.logging.getLogger("pypacker") pypacker.logger.setLevel(pypacker.logging.ERROR) counter = 0 startTime = time.time() print('listening on interface {}'.format(interface)) try: preader = pcapy.open_live(interface, 65536, False, 1) preader.setfilter('tcp port 80 or tcp port 443') except Exception as e: print(e, end='\n', flush=True) sys.exit(1) while True: try: counter = counter + 1 (header, buf) = preader.next() ts = header.getts()[0] tcpPacket = False pkt = None layer = None # try to determine what type of packets we have, there is the chance that 0x800 # may be in the spot we're checking, may want to add better testing in future eth = ethernet.Ethernet(buf) if hex(eth.type) == '0x800': layer = 'eth' pkt = eth if (eth[ethernet.Ethernet, ip.IP, tcp.TCP] is not None): tcpPacket = True lcc = linuxcc.LinuxCC(buf) if hex(lcc.type) == '0x800': layer = 'lcc' pkt = lcc if (lcc[linuxcc.LinuxCC, ip.IP, tcp.TCP] is not None): tcpPacket = True if tcpPacket and pkt and layer: tcpProcess(pkt, layer, ts) except (KeyboardInterrupt, SystemExit): raise except Exception as e: error_string = traceback.format_exc() print(str(error_string)) endTime = time.time() totalTime = endTime - startTime if verbose: print ('Total Time: %s, Total Packets: %s, Packets/s: %s' % (totalTime, counter, counter / totalTime ))
def remove_flags(input, nflags=5): output = f'{input}_tmp' writer = ppcap.Writer(filename=output) try: reader = pcap.pcap(input) for timestamp, raw in reader: try: pkt = ethernet.Ethernet(raw) if pkt[ip.IP] is not None: ip_body = pkt[ip.IP] if ip_body[tcp.TCP] is not None: tcp_body = ip_body[tcp.TCP] print(tcp_body.flags) flags = decode_tcp_flags_value(tcp_body.flags, nflags)[::-1] flags = int(''.join([str(i) for i in flags]), 2) print(flags) pkt[ip.IP][tcp.TCP].flags = flags writer.write(pkt.bin(), ts=timestamp * 1e9) except Exception as e: print(e) except Exception as e: print(e) writer.close() shutil.copyfile(output, input) os.remove(output)
def _generate_zero_pkt(self, src_ip, src_port, dst_ip, dst_port, proto): assert proto == 6 zp = ethernet.Ethernet() + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP( sport=src_port, dport=dst_port, flags=24, body_bytes=bytearray(self.zpp)) return zp.bin()
def split_by_label(input, labeler, meta_fpath, nulify_dscp=True): # meta try: with open(meta_fpath, 'r') as jf: meta = json.load(jf) if 'labels' not in meta.keys(): meta['labels'] = [] except: meta = {'labels': []} # read and write labels = [] pwriters = [] try: reader = pcap.pcap(input) for ts, raw in reader: eth = ethernet.Ethernet(raw) if eth[ethernet.Ethernet, ip.IP] is not None: src = eth[ip.IP].src_s dst = eth[ip.IP].dst_s if eth[tcp.TCP] is not None: sport = eth[tcp.TCP].sport dport = eth[tcp.TCP].dport elif eth[udp.UDP] is not None: sport = eth[udp.UDP].sport dport = eth[udp.UDP].dport else: sport = 0 dport = 0 label, description = labeler(ts, src, dst, sport, dport) if label in labels: idx = labels.index(label) else: labels.append(label) pwriters.append( ppcap.Writer(filename=f'{input}_label:{label}')) idx = -1 if nulify_dscp: eth[ip.IP].tos = 0 pwriters[idx].write(eth.bin(), ts=ts * 1e9) except Exception as e: print(e) os.remove(input) for pwriter in pwriters: pwriter.close() meta['labels'] += labels meta['labels'] = np.unique(meta['labels']).tolist() with open(meta_fpath, 'w') as jf: json.dump(meta, jf)
def _create_udp_base_packets( conversation: Layer3Conversation) -> Tuple[Packet, Packet]: src_port, dst_port = _generate_port(), _generate_port() base_src_to_dst = (ethernet.Ethernet( src_s=conversation.src_mac, dst_s=conversation.dst_mac, type=ethernet.ETH_TYPE_IP, ) + ip.IP(p=ip.IP_PROTO_UDP, src_s=conversation.src_ip, dst_s=conversation.dst_ip) + udp.UDP(sport=src_port, dport=dst_port)) base_dst_to_src = (ethernet.Ethernet( src_s=conversation.dst_mac, dst_s=conversation.src_mac, type=ethernet.ETH_TYPE_IP, ) + ip.IP(p=ip.IP_PROTO_UDP, src_s=conversation.dst_ip, dst_s=conversation.src_ip) + udp.UDP(sport=dst_port, dport=src_port)) return base_src_to_dst, base_dst_to_src
def icmp_cb(pargs): """ICMP DoS""" pkt_icmpreq = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src) +\ ip.IP(src_s=pargs.ip_src, dst_s=pargs.ip_dst, p=ip.IP_PROTO_ICMP) +\ icmp.ICMP(type=8) +\ icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"A" * 1460) psock = psocket.SocketHndl(iface_name=pargs.iface_name) for cnt in range(pargs.count): psock.send(pkt_icmpreq.bin()) psock.close()
def test_dhcp_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]): src_mac = "00:00:00:12:34:ff" dst_mac = "00:00:00:ff:00:1e" src_ip = "21.53.78.255" given_ip = "10.0.0.255" broadcast_ip = "255.255.255.255" src_port = 16424 dst_port = 68 bpf_filter = "ip" display_filter = "dhcp" expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "ip.src": src_ip, "ip.dst": broadcast_ip, "udp.srcport": src_port, "udp.dstport": dst_port, "dhcp.ip.your": given_ip, "dhcp.option.dhcp_server_id": src_ip, } packet = ( ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac) + ip.IP(src_s=src_ip, dst_s=broadcast_ip, p=ip.IP_PROTO_UDP) + udp.UDP(sport=src_port, dport=dst_port) + dhcp.DHCP( yiaddr_s=given_ip, magic=dhcp.DHCP_MAGIC, opts=[ dhcp.DHCPOpt( type=dhcp.DHCP_OPT_SERVER_ID, len=4, body_bytes=bytes(int(num) for num in src_ip.split(".")), ) ], ) ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=None, expected_passed=True, expected_output=expected_output, )
def ip_cb(pargs): """ IP fragment DOS """ eth_l = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src) ip_l = ip.IP(src_s=pargs.ip_src, dst_s=pargs.ip_dst) ip_l.body_bytes = b"A" * 4000 psock = psocket.SocketHndl(iface_name=pargs.iface_name) ip_frags = ip_l.create_fragments(fragment_len=8) for cnt in range(pargs.count): for ip_frag in ip_frags: eth_l.upper_layer = ip_frag psock.send(eth_l.bin()) psock.close()
def read_pkt(raw, read_ip_proto=True): id = None features = None flags = None tos = None try: pkt = ethernet.Ethernet(raw) if pkt[ip.IP] is not None: frame_size = len(raw) src_ip, dst_ip, src_port, dst_port, proto, header_size, payload_size, flags, window, tos = read_ip_pkt( pkt[ip.IP], read_proto=read_ip_proto) id = [src_ip, src_port, dst_ip, dst_port, proto] features = [frame_size, header_size, payload_size, window] flags = [int(item) for item in flags.split(',')] except Exception as e: print(e) return id, features, flags, pkt, tos
def test_http_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]): src_mac = "00:00:00:12:34:ff" dst_mac = "00:00:00:ff:00:1e" src_ip = "21.53.78.255" dst_ip = "10.0.0.255" src_port = 16424 dst_port = 80 http_type = "GET" uri = "/subtest/subsubtest" version = "HTTP/1.1" domain_name = "www.testwebsite.com" body = "random body \x09\xff\x00" bpf_filter = "ip" display_filter = "http" expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "ip.src": src_ip, "ip.dst": dst_ip, "tcp.srcport": src_port, "tcp.dstport": dst_port, "http.request.method": http_type, "http.request.uri": uri, "http.request.version": version, "http.host": domain_name, } packet = ( ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac) + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP(sport=src_port, dport=dst_port) + http.HTTP( f"{http_type} {uri} {version}\r\nHost: {domain_name}\r\n\r\n{body}\r\n".encode() ) ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=None, expected_passed=True, expected_output=expected_output, )
def _listen_cycler(obj, sock): logger.debug("starting listen cycler") while obj._state_active: try: bts = sock.recv() pkt = ethernet.Ethernet(bts) if obj._trigger_strategy_active is not None and\ (time_now() - obj._time_last_match) > obj._timeout_reset_sec: KnockLogic._reset_condition(obj) # initial state or reset if obj._trigger_strategy_active is None: for cond_idx, strategy in enumerate(obj._trigger_strategies): if strategy[0](pkt): logger.info("found initial matching condition at strategy index %d" % cond_idx) obj._state_idx = 1 obj._trigger_strategy_active = strategy obj._time_last_match = time_now() break # some condition matched before elif obj._trigger_strategy_active[obj._state_idx](pkt): logger.info("state %d/%d matched" % (obj._state_idx + 1, len(obj._trigger_strategy_active)-1)) obj._state_idx += 1 obj._time_last_match = time_now() if obj._trigger_strategy_active is None: continue # -1 because last element is action callback if obj._state_idx >= len(obj._trigger_strategy_active) - 1: logger.info("triggering action!") obj._trigger_strategy_active[-1](pkt) KnockLogic._reset_condition(obj) except socket.timeout: # try next packet logger.debug("timeout...") except OSError: break except AttributeError: pass except Exception as ex: logger.debug("exception while parsing: %r" % ex)
def test_capture(self): port = self.xm.session.reserve_ports([self.port1])[self.port1] port.load_config( path.join(path.dirname(__file__), 'configs', 'test_config_loopback.xpc')) port.streams[0].set_attributes(ps_ratepps=10, ps_packetlimit=80) port.remove_stream(1) port.start_capture() port.start_traffic(blocking=True) port.stop_capture() packets = port.capture.get_packets(0, 1, cap_type=XenaCaptureBufferType.raw) assert (len(packets) == 1) port.capture.packets[0].get_attributes() packet = ethernet.Ethernet(binascii.unhexlify(packets[0])) assert (packet.ip.dst_s == '1.1.0.0') packets = port.capture.get_packets(10, 20, cap_type=XenaCaptureBufferType.raw) print(packets[0]) assert (len(packets) == 10) packets = port.capture.get_packets( file_name=path.join(self.temp_dir, 'xena_cap.txt')) print(packets[0]) assert (len(packets) == 80) tshark = Tshark(self.config.get('General', 'wireshark_dir')) packets = port.capture.get_packets(cap_type=XenaCaptureBufferType.pcap, file_name=path.join( self.temp_dir, 'xena_cap.pcap'), tshark=tshark) analyser = TsharkAnalyzer() analyser.add_field('ip.src') analyser.add_field('ip.dst') fields = tshark.analyze(path.join(self.temp_dir, 'xena_cap.pcap'), analyser) print(fields) assert (len(fields) == 80)
def packetType(buf): tcpPacket = False dhcpPacket = False httpPacket = False udpPacket = False sslPacket = False #try to determine what type of packets we have, there is the chance that 0x800 may be in the spot we're checking, may want to add better testing in future eth = ethernet.Ethernet(buf) if hex(eth.type) == '0x800': layer = 'eth' pkt = eth if (eth[ethernet.Ethernet, ip.IP, tcp.TCP] is not None): tcpPacket = True if (eth[ethernet.Ethernet, ip.IP, udp.UDP, dhcp.DHCP] is not None): dhcpPacket = True if (eth[ethernet.Ethernet, ip.IP, tcp.TCP, http.HTTP] is not None): httpPacket = True if (eth[ethernet.Ethernet, ip.IP, udp.UDP] is not None): udpPacket = True if (eth[ethernet.Ethernet, ip.IP, tcp.TCP, ssl.SSL] is not None): sslPacket = True lcc = linuxcc.LinuxCC(buf) if hex(lcc.type) == '0x800': layer = 'lcc' pkt = lcc if (lcc[linuxcc.LinuxCC, ip.IP, tcp.TCP] is not None): tcpPacket = True if (lcc[linuxcc.LinuxCC, ip.IP, udp.UDP, dhcp.DHCP] is not None): dhcpPacket = True if (lcc[linuxcc.LinuxCC, ip.IP, tcp.TCP, http.HTTP] is not None): httpPacket = True if (lcc[linuxcc.LinuxCC, ip.IP, udp.UDP] is not None): udpPacket = True if (lcc[linuxcc.LinuxCC, ip.IP, tcp.TCP, ssl.SSL] is not None): sslPacket = True return (pkt, layer, tcpPacket, dhcpPacket, httpPacket, udpPacket, sslPacket)
def read_write_cycler(obj, iface_in, iface_out, name): while obj._state_active: try: bts = iface_in.read() try: ip.IP( bts ) if obj._ifacetype == TYPE_TUN else ethernet.Ethernet(bts) #logger.debug("Sending in cycler %s (%s -> %s):\n%s\n%s" % # (name, iface_in._iface_name, iface_out._iface_name, bts, pkt)) iface_out.write(bts) except: pass except ValueError as ex: logger.exception(ex) break except OSError as ex: logger.exception(ex) break except Exception as ex: logger.exception(ex) break
def pass_or_dump(bts, pcap_writer): try: eth = ethernet.Ethernet(bts) if bts != eth.bin(): raise Exception("parsing was buggy: %r != %r" % (bts, eth.bin())) tmp = "%r" % eth #print(bts) #print("%r" % eth) #print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>") print(".", end="") print("%r" % eth.highest_layer.__class__.__name__, end="") sys.stdout.flush() for layer in eth: if layer.dissect_error: raise Exception("parsing was buggy: %r != %r" % (bts, eth.bin())) except Exception as ex: print("\nError while parsing: %r" % ex) pcap_writer.write(bts)
def test_dns_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]): src_mac = "00:00:00:12:34:ff" dst_mac = "00:00:00:ff:00:1e" src_ip = "21.53.78.255" dst_ip = "10.0.0.255" src_port = 16424 dst_port = 53 bpf_filter = "ip" display_filter = "dns" domain_name = "www.testwebsite.com" expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "ip.src": src_ip, "ip.dst": dst_ip, "udp.srcport": src_port, "udp.dstport": dst_port, "dns.qry.name": domain_name, } packet = ( ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac) + ip.IP(src_s=src_ip, dst_s=dst_ip, p=ip.IP_PROTO_UDP) + udp.UDP(sport=src_port, dport=dst_port) + dns.DNS(queries=[dns.DNS.Query(name_s=domain_name, type=1, cls=1)]) ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=None, expected_passed=True, expected_output=expected_output, )
from pypacker import psocket from pypacker.layer12 import ethernet from pypacker.layer3 import ip, icmp # send ICMP request psock = psocket.SocketHndl(iface_name="wlan0") icmpreq = ethernet.Ethernet(src_s="20:16:d8:ef:1f:49", dst_s="24:65:11:85:e9:00", type=ethernet.ETH_TYPE_IP) +\ ip.IP(p=ip.IP_PROTO_ICMP, src_s="192.168.178.27", dst_s="192.168.178.24") +\ icmp.ICMP(type=8) +\ icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"12345678901234567890") psock.send(icmpreq.bin())
pcapwriter = ppcap.Writer(filename="parsefail.pcap") raw_bytes = b"" cnt = 0 time_start = time.time() for bts in sockhndl: if cnt % 1000 == 0: print("%d pps" % (cnt / (time.time() - time_start))) time_start = time.time() cnt = 0 cnt += 1 try: #pkt = radiotap.Radiotap(bts) pkt = ethernet.Ethernet(bts) # print(pkt) # print(pkt.body_handler) """ if pkt[ip.IP] is not None: tmp = pkt[ip.IP].src_s tmp = pkt[ip.IP].dst_s tmp = pkt[ip.IP].body_handler.body_handler """ pkt.dissect_full() raw_bytes = pkt.bin() #print("%r" % pkt) # pcapwriter.write(raw_bytes) for layer in pkt:
import socket import pypacker.pypacker as pypacker from pypacker.pypacker import Packet from pypacker import psocket from pypacker.layer12 import arp, ethernet, ieee80211, prism from pypacker.layer3 import ip, icmp psock = psocket.SocketHndl(iface_name="lo0", mode=psocket.SocketHndl.MODE_LAYER_2, timeout=10) # send ARP request arpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", type=ethernet.ETH_TYPE_ARP) +\ arp.ARP(sha_s="12:34:56:78:90:12", spa_s="192.168.0.2", tha_s="12:34:56:78:90:13", tpa_s="192.168.0.1") psock.send(arpreq.bin()) # send ICMP request icmpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\ ip.IP(p=ip.IP_PROTO_ICMP, src_s="192.168.0.2", dst_s="192.168.0.1") +\ icmp.ICMP(type=8) +\ icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"12345678901234567890") psock.send(icmpreq.bin())
#print(dir(preader)) def handle_packet(o, src_ip, src_port, dst_ip, dst_port): if not (o[ip.IP].src_s == src_ip and o[udp.UDP].sport == src_port and o[ip.IP].dst_s == dst_ip and o[udp.UDP].dport == dst_port): return r = rtp.RTP(o[udp.UDP].body_bytes) print("%d: pt=%s ts=%s seqnum=%s" % (ts, r.pt, r.ts, r.seq)) sys.stdout.write("payload: ") for b in r.body_bytes: sys.stdout.write(hex(b) + " ") print("") for ts, buf in preader: eth = ethernet.Ethernet(buf) if eth[ethernet.Ethernet, ip.IP, udp.UDP] is not None: #print("found eth") handle_packet(eth, src_ip, src_port, dst_ip, dst_port) continue lcc = linuxcc.LinuxCC(buf) if lcc[linuxcc.LinuxCC, ip.IP, udp.UDP] is not None: #print("found lcc") handle_packet(lcc, src_ip, src_port, dst_ip, dst_port) continue
def test_tcp_packet_filter_and_parse_with_multiple_different_field_templates( marine_or_marine_pool: Union[Marine, MarinePool] ): src_mac = "00:00:00:12:34:ff" dst_mac = "00:00:00:ff:00:1e" src_ip = "21.53.78.255" dst_ip = "10.0.0.255" src_port = 16424 dst_port = 41799 bpf_filter = "ip" display_filter = "tcp" first_field_templates = { "macro.ip.src": ["ip.src", "ipv6.src"], "macro.ip.dst": ["ip.dst", "ipv6.dst"], } second_field_templates = { "macro.ip.src": ["ip.src", "ipv6.src"], "macro.ip.dst": ["ip.dst", "ipv6.dst"], "macro.srcport": ["tcp.srcport", "udp.srcport"], "macro.dstport": ["tcp.dstport", "udp.dstport"], } third_field_templates = { "macro.ip.src": ["ip.src", "ipv6.src"], "macro.ip.dst": ["ip.dst", "ipv6.dst"], "macro.dstport": ["tcp.dstport", "udp.dstport"], } first_expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "macro.ip.src": src_ip, "macro.ip.dst": dst_ip, "tcp.srcport": src_port, "tcp.dstport": dst_port, } second_expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "macro.ip.src": src_ip, "macro.ip.dst": dst_ip, "macro.srcport": src_port, "macro.dstport": dst_port, } third_expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "macro.ip.src": src_ip, "macro.ip.dst": dst_ip, "tcp.srcport": src_port, "macro.dstport": dst_port, } packet = ( ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac) + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP(sport=src_port, dport=dst_port) ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=first_field_templates, expected_passed=True, expected_output=first_expected_output, ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=second_field_templates, expected_passed=True, expected_output=second_expected_output, ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=third_field_templates, expected_passed=True, expected_output=third_expected_output, )