def listen(self, sniff_sni=False, sniff_cn=False, sniff_san=False, packet_count: int = None, debug: bool = False) -> Iterator[TLSHandshakeMessage]: # Workaround for pyshark, because SIGINT handling does not work properly original_sigint_handler = signal.getsignal(signal.SIGINT) if original_sigint_handler == signal.default_int_handler: signal.signal(signal.SIGINT, lambda *args: os._exit(0)) try: # Currently only IPv4 is supported for BPF tcp data access. Manpage says: "this will be fixed in the future" for IPv6. # Until then, only the 'tcp' filter is applied # bpf_filter = 'tcp[((tcp[12:1] & 0xf0) >> 2):1] = 22' bpf_filter = 'tcp' display_filter = f'(ssl.record.content_type == 22 && ssl.handshake.type)' if self.bpf_filter != '': bpf_filter += f' && {self.bpf_filter.strip()}' if self.display_filter != '': display_filter += f' && {self.display_filter.strip()}' if packet_count is not None and packet_count <= 0: packet_count = None if self.input_file is not None: packet_iterator = FileCapture( input_file=self.input_file, display_filter=display_filter, keep_packets=False, debug=debug ) elif not sys.stdin.isatty(): packet_iterator = PipeCapture( pipe=sys.stdin.buffer, display_filter=display_filter, debug=debug ) else: capture = LiveCapture( interface=self.interface, bpf_filter=bpf_filter, display_filter=display_filter, debug=debug ) packet_iterator = capture.sniff_continuously() if not (sniff_sni or sniff_cn or sniff_san): sniff_sni = True sniff_cn = True sniff_san = True for packet in packet_iterator: handshake_message = self._get_handshake_message( packet, sniff_sni=sniff_sni, sniff_cn=sniff_cn, sniff_san=sniff_san ) if handshake_message is not None: yield handshake_message if packet_count is not None: packet_count -= 1 if packet_count <= 0: break except Exception: pass # Restore original SIGINT handler signal.signal(signal.SIGINT, original_sigint_handler) return
def monitor_wifi(capture: pyshark.LiveCapture, dictionary): capture.sniff(packet_count=1) for packet in capture.sniff_continuously(): address = packet.layers[2].ta_resolved signal_strength = int(packet.radiotap.dbm_antsignal) frequency = int(packet.radiotap.channel_freq) if address in dictionary.keys(): dictionary[address].update_strength(signal_strength) if len( np.where( np.asarray(dictionary[address].distance) > MAX_DIST) ) > 2: del dictionary[address] else: device = Device(signal_strength=signal_strength, frequency=frequency, address=address) if not device.distance[-1] > MAX_DIST: dictionary[address] = device print(f'NEW DEVICE WITHIN RANGE: ADDRESS: {address}') print( f' DISTANCE: {device.distance[-1]}' ) print( f' DISTANCES: {device.distance}' ) keys_to_del = [] for k, v in dictionary.items(): since_last_seen = time.time() - v.time_last_seen if since_last_seen > TIME_OUT: print( f'Device {k} was last seen {since_last_seen} s ago, REMOVING FROM LIST' ) keys_to_del.append(k) for k in keys_to_del: del dictionary[k] num_devices = len(dictionary.keys()) print(f'TOTAL NUMBER OF DEVICES WITHIN RANGE: {num_devices}') if num_devices == 0: adjust_light(devices_within_range, 0, MAX_DIST, lamp, intensity=0) else: adjust_light(devices_within_range, min=0, max=MAX_DIST, arduino=lamp)
def run(self): self.db.drop_collection('packet') self._packet = self.db.packet self._cap = LiveCapture(self.interface, only_summaries=True) count_per_sniff = 30 if self.count < count_per_sniff: count_per_sniff = self.count while self.count > 0: import sys print(self.count, file=sys.stderr) packets = self._cap.sniff_continuously( packet_count=count_per_sniff) self.count -= count_per_sniff self.process_packet(packets)
def get_data(): #interface = "イーサネットのインターフェイス" #cap = LiveCapture(interface="\\Device\\NPF_{7C999537-85AB-4220-B1F9-21D7B6EDA43F}") # itoh cap = LiveCapture( interface="\\Device\\NPF_{70B7AD93-4936-429F-9CD3-481AB236A4C0}" ) # itoh #cap = LiveCapture(interface="\\Device\\NPF_{B4C621AF-E6E9-4870-BA69-291B0CB317C5}") # genta # フィルタ cap._display_filter = "ip.dst == 192.168.11.4 && websocket" #itoh #cap._display_filter = "ip.dst == 192.168.1.4 && websocket" # genta #cap._display_filter = "ip.src == 160.16.234.177 || ip.src == 160.16.100.237 || ip.src == 160.16.123.55 || ip.src == 160.16.146.234 || ip.src == 160.16.102.148 || ip.src == 160.16.235.36 && ip.dst == 192.168.11.4 && websocket" # リアルタイムスニッフィング cap.apply_on_packets(callback, None, None)
def start_capture(interface='eth0', packet_count=10): capture = LiveCapture(interface) traffic_list = [] for packet in capture.sniff_continuously(packet_count): try: traffic_list.append({ 'protocol': packet.transport_layer, 'src': packet.ip.src, 'dest': packet.ip.dst }) except Exception: continue remove_duplicates(traffic_list)
def gen_arp_communications_matrix(data: LiveCapture): arp_communications_matrix = {} while True: try: pkt = data.next_packet() pkt_key = pkt.arp.src_proto_ipv4 + "." + pkt.arp.dst_proto_ipv4 if pkt_key in arp_communications_matrix: old_rec = arp_communications_matrix[pkt_key] arp_communications_matrix[pkt_key] = (old_rec[0], old_rec[1], old_rec[2] + 1, int(old_rec[3]) + int(pkt.length)) else: arp_communications_matrix[pkt_key] = (pkt.arp.src_proto_ipv4, pkt.arp.dst_proto_ipv4, 1, pkt.length) except StopIteration: break def get_key(p): return p[2] return sorted(arp_communications_matrix.values(), key=get_key, reverse=True)
class Monitor(threading.Thread): def __init__(self, interface, count): super(Monitor, self).__init__() self.interface = interface self.count = count self.client = MongoClient() self.db = self.client.ids self._packet = self.db.packet self.packet_id = 0 def run(self): self.db.drop_collection('packet') self._packet = self.db.packet self._cap = LiveCapture(self.interface, only_summaries=True) count_per_sniff = 30 if self.count < count_per_sniff: count_per_sniff = self.count while self.count > 0: import sys print(self.count, file=sys.stderr) packets = self._cap.sniff_continuously( packet_count=count_per_sniff) self.count -= count_per_sniff self.process_packet(packets) def process_packet(self, packets): temp = [] for packet in packets: # print(packet) item = { "id": self.packet_id, "src": packet.source, "dst": packet.destination, "time": packet.time, "protocol": packet.protocol, "info": packet.info, "length": packet.length } self.packet_id += 1 temp.append(item) self._packet.insert(temp) def __del__(self): self._cap.clear() self._cap.close() self.client.close()
def sniff(): print("_________________________________\n") print("Network Sniffer") print("Press CTRL+C at any time to exit\n") time.sleep(0.5) with sqlite3.connect("info.sqlite3") as db: cursor = db.cursor() #This creates a connection to the database try: wireTap = LiveCapture(interface='eth0') for packet in wireTap.sniff_continuously(): if packet.highest_layer == "URLENCODED-FORM": #For html web form getHTTPinfo(packet, cursor, db, str(packet['urlencoded-form'])) print(packet['urlencoded-form']) elif packet.highest_layer == "HTTP": #For get requests try: if packet.http.request_method == "GET": getHTTPinfo(packet, cursor, db) except AttributeError: pass #Not a get request elif packet.highest_layer == "DATA-TEXT-LINES": #For recieving html print("Protocol", packet.http._ws_expert_message) print(packet['DATA-TEXT-LINES']) HTTPdb([ packet.http._ws_expert_message, str(packet['DATA-TEXT-LINES']) ], cursor, db) elif packet.highest_layer == "DNS": try: if packet.dns.resp_name: print("DNS Response from", packet.ip.src, "for", packet.dns.resp_name) DNSdb( [packet.ip.src, "response", packet.dns.resp_name], cursor, db) except AttributeError: print("DNS Request from", packet.ip.src, "for", packet.dns.qry_name) DNSdb([packet.ip.src, "request", packet.dns.qry_name], cursor, db) except (KeyboardInterrupt): db.close() pass
def sniff(): cap = LiveCapture(interface='enp7s0') total_pkts = 0 amount_of_data = 0 for pkt in cap.sniff_continuously(packet_count=n): try: protocol = str(pkt.transport_layer) src_addr = str(pkt.ip.src) dst_addr = str(pkt.ip.dst) src_port = str(pkt[pkt.transport_layer].srcport) dst_port = str(pkt[pkt.transport_layer].dstport) payload_length = int(pkt.data.len) flow = (src_addr, src_port, dst_addr, dst_port) flow_dict[flow] += payload_length src_addr_dict[src_addr] += 1 dst_addr_dict[dst_addr] += 1 except AttributeError: pass
def dashboard(): capture = LiveCapture(interface=app.config['NETWORK_INTERFACE']) capture.sniff(packet_count=1000) packet_protocols = {} packets = [] packet_sizes = [] for packet in capture: try: assert packet.ip packets.append(packet) packet_protocols[packet.highest_layer] = packet_protocols.get( packet.highest_layer, 0) + 1 packet_sizes.append(int(packet.length)) except: pass packet_size_bin = [0, 100, 250, 500, 1000] packet_sizes = np.array(packet_sizes) packet_size_bins = np.array(packet_size_bin) packet_sizes_indexes = np.digitize(packet_sizes, packet_size_bins) packet_size_bin.append('1000+') colors = ["#552586", "#6A359C", "#804FB3", "#9969C7", "#B589D6"] packet_size_counts = {} unique, counts = np.unique(packet_sizes_indexes, return_counts=True) packet_bin_counts = dict(zip(unique, counts)) packet_sizes_final = [] for index, count in enumerate(packet_bin_counts): packet_sizes_final.append({ 'label': f'{packet_size_bin[count-1]}-{packet_size_bin[count]} bytes', 'value': int(packet_bin_counts[count]), 'color': colors[index] }) #print(packet_sizes, packet_sizes_final) min_time = int(packets[0].sniff_timestamp.split('.')[0]) max_time = int(packets[-1].sniff_timestamp.split('.')[0]) + 1 run_time_seconds = max_time - min_time time_based_array = [{ 'count': x, 'value': 0 } for x in range(run_time_seconds)] ip_based_array = [set() for x in range(run_time_seconds)] for packet in packets: try: packet_time = int(packet.sniff_timestamp.split('.')[0]) seconds_delta = packet_time - min_time time_based_array[seconds_delta]['value'] += 1 ip_based_array[seconds_delta].add(packet.ip.dst) except: pass ip_based_array = [{ 'count': x, 'value': len(a) } for x, a in enumerate(ip_based_array)] #print(ip_based_array) #print(time_based_array) protocols = [] for protocol in packet_protocols: protocols.append({ 'protocol': protocol, 'value': packet_protocols[protocol] }) #print(protocols) #print(packet_sizes_final) return render_template('dashboard.html', data=[], protocols=json.dumps(protocols), time_based_array=json.dumps(time_based_array), ip_based_array=json.dumps(ip_based_array), packet_sizes=json.dumps(packet_sizes_final), packets=packets)