예제 #1
0
def do_test_scaled_ep_basic(test, client, server, backend):
    """
    This function validates the functionality of the scaled endpoint.
    1. Tcpdumps to a pcap file with a timeout of 10 seconds.
    2. Test HTTP, ICMP, TCP, and UDP between client and scaled endpoint.
    3. Validate that the client has sent packets with the 4 protocol layers.
    4. Validate that the backend has recieved packets with the 4 protocol layers.
    """
    logger.info("{} Testing basic scaled endpoint! {}".format(
        '=' * 20, '=' * 20))
    do_start_pcap_scaled_ep(test, client, server, backend, 10)
    do_ping_test(test, client, server, False)
    do_start_backend_servers(test, backend)
    do_start_clients(test, client, server)
    sleep(10)  # Wait for tcpdump to timeout

    backend_packets = {}
    client_pkts = rdpcap("test/trn_func_tests/output/" + client.host.ip + "_" +
                         client.host.agent_pcap_file[client.veth_peer] +
                         "_dump.pcap")
    for ep in backend:
        backend_packets[ep.host.ip] = (
            rdpcap("test/trn_func_tests/output/" + ep.host.ip + "_" +
                   ep.host.agent_pcap_file[ep.veth_peer] + "_dump.pcap"))
    test.assertEqual(do_check_proto(test, {client.host.ip: client_pkts}), 4)
    test.assertEqual(do_check_proto(test, backend_packets), 4)
예제 #2
0
def comparePcaps(src, dst):
    pcap1 = scapy.rdpcap(open(src, 'rb'))
    pcap2 = scapy.rdpcap(open(dst, 'rb'))

    pkts2 = []
    for pkt in pcap2:
        if scapy.IP in pkt:
            pkt[scapy.IP].chksum = 0
        pkts2.append(str(pkt))

    fail = False

    for input in pcap1:
        if scapy.IP in input:
            input[scapy.IP].chksum = 0
        if str(input) in pkts2:
            del pkts2[pkts2.index(str(input))]
        else:
            print("FAIL: Packet %s is not in dst" % (input.show2(dump=True)))
            fail = True

    if not fail:
        print("Success! All packets from src in dst")
        exit(0)
    exit(-1)
예제 #3
0
    async def post(self):
        db = self.settings["db"]
        fsdb = MotorGridFSBucket(db)
        success = False
        """Gather file data."""
        file_info = self.request.files['file'][0]
        file_name = file_info['filename']
        file_content = file_info['body']
        file_checksum = util.checksum(file_content)
        """Check if file exists already."""
        document = await db["fs.files"].find_one(
            {"metadata.checksum": file_checksum})
        if document:
            document_id = str(document["_id"])
            uploaded = False
        else:
            """Esure that the uploaded file is parsable as PCAP."""
            try:
                ftmp = tempfile.NamedTemporaryFile(delete=True)
                ftmp.write(file_content)
                ftmp.flush()
                rdpcap(ftmp.name)
                ftmp.close()
            except Scapy_Exception as e:
                self.write(
                    dict(success=False,
                         data=dict(
                             message=
                             "Submitted file does not qualify as a PCAP file.",
                             exception=str(e))))
                self.set_status(500)
                return
            """File does not exist, proceed with upload."""
            async with fsdb.open_upload_stream(file_name,
                                               metadata=dict(
                                                   sha256=file_checksum,
                                                   analyzed=False,
                                               )) as grid_in:
                document_id = str(grid_in._id)
                uploaded = True
                await grid_in.write(file_content)

            await db.tasks.insert_one(
                dict(type="pcap_inserted",
                     data=grid_in._id,
                     date=datetime.utcnow()))
            """Send success=true due to upload success. also refer to sha256."""
            success = True
        """Send success=false due to the upload failure, however, send the sha256 in return."""
        self.write(
            dict(success=success,
                 data=dict(
                     filename=file_name,
                     id=document_id,
                     sha256=file_checksum,
                     uploaded=uploaded,
                 )))

        return
예제 #4
0
파일: ptp_pcap.py 프로젝트: folde01/PTP
    def concatenate_files(self, pcap1, pcap2):
        '''Appends second file's packets onto the first. For creating pcap files used in 
        unit testing.'''

        pkts1 = rdpcap(pcap1)
        pkts1_writer = PcapWriter(pcap1, append=True, sync=True)
        pkts2 = rdpcap(pcap2)

        for pkt in pkts2:
            pkts1_writer.write(pkt)

        pkts1 = rdpcap(pcap1)
예제 #5
0
	def test_split_by_round_robin(self, tmpdir):
		divide_by = 10
		args = {
			'-f': os.path.join('pcap_examples', 'many-protocols.pcap'),
			'-o': tmpdir,
			'-m': 'round-robin',
			'-p': str(divide_by)
		}
		self.run_example(args=args)
		num_of_packets_per_file = int(len(rdpcap(os.path.join('pcap_examples', 'many-protocols.pcap'))) / divide_by)
		assert len(os.listdir(tmpdir)) == divide_by
		for filename in os.listdir(tmpdir):
			assert num_of_packets_per_file <= len(rdpcap(os.path.join(tmpdir, filename))) <= num_of_packets_per_file + 1
예제 #6
0
def read_dump(pcap_file):
    """
    Read PCAP file
    Return dict of packets with serialized flat packet as key
    """
    dump = defaultdict(list)
    packs = []
    count = 0

    if not be_quite:
        sys.stdout.write("Reading file " + pcap_file + "\n")
        sys.stdout.flush()

    for packet in rdpcap(pcap_file):
        if not be_quite:
            sys.stdout.write(":")
            sys.stdout.flush()

        count += 1
        ser = serialize(packet)
        dump[ser].append(packet)
        packs.append(packet)

    if not be_quite:
        sys.stdout.write("\nFound " + str(count) + " packets\n\n")

    return (dump, packs)
예제 #7
0
def sepaByIP(phonename, value):
    ipdict = {}

    pcapfiles = glob.glob('/tmp/' + phonename + '/' + str(value) + '/*.pcap')

    for p in pcapfiles:
        pcaplength = os.path.getsize(p)

        if pcaplength > 150 and pcaplength < 2e+5:
            pkgs = scapy.rdpcap(p)

            srcip = repr(pkgs[0]['IP'].src).split('.')
            dstip = repr(pkgs[0]['IP'].dst).split('.')

            srckey = srcip[0][1:] + '.' + srcip[1]
            dstkey = dstip[0][1:] + '.' + dstip[1]

            ipkey = ''

            if srckey not in appset.localiplist:
                ipkey = srckey
            elif dstkey not in appset.localiplist:
                ipkey = dstkey

            if ipkey == '':
                continue

            if ipkey not in ipdict:
                ipdict[ipkey] = [p]
            else:
                ipdict[ipkey].append(p)

    return ipdict
예제 #8
0
    def read(self, pcap_path_read: str = '/tmp/test.pcap') -> None:
        """
        Read encrypted 802.11 packets from pcap file
        :param pcap_path_read: Path to PCAP file for read encrypted packets (example: '/tmp/test.pcap')
        :return: None
        """
        try:
            # Check pcap file for reading exists
            assert isfile(
                pcap_path_read), 'Pcap file: ' + pcap_path_read + ' not found!'
            self.print_info('Read packets from: ', pcap_path_read, ' ....')

            # Reading encrypted packets from pcap file
            encrypted_packets = rdpcap(args.pcap_path_read)
            self.print_info(
                'All packets are read, packet analysis is in progress ....')

            # Analyze encrypted packets from pcap file
            for encrypted_packet in encrypted_packets:
                self.analyze_packet(packet=encrypted_packet)

            # Check the number of kr00k packets with NULL TK
            assert self.number_kr00k_packets > 0, 'Not found kr00k packets'
            self.print_success(
                'Found ', str(kr00k.number_kr00k_packets),
                ' kr00ked packets and decrypted packets save in: ',
                args.pcap_path_result)

        except AssertionError as Error:
            self.print_error(Error.args[0])
            exit(1)
예제 #9
0
 def LoadPcap(self, PcapFileDirectory, PktList):
     if self.LivePcap is None:
         self.LivePcap = rdpcap(PcapFileDirectory)
         frame = 1
         for i in self.LivePcap:
             Packet(i, frame, PktList, True)
             frame += 1
예제 #10
0
def read_pcap(filename):
    """
    @param filename: Filesystem path to the pcap.

    Returns:
      [{"client": "\x17\x52\x15"}, {"server": "\x17\x15\x13"}]
    """
    from scapy.all import IP, Raw, rdpcap

    packets = rdpcap(filename)

    checking_first_packet = True
    client_ip_addr = None
    server_ip_addr = None

    ssl_packets = []
    messages = []

    """
    pcap assumptions:

    pcap only contains packets exchanged between a Tor client and a Tor
    server.  (This assumption makes sure that there are only two IP addresses
    in the pcap file)

    The first packet of the pcap is sent from the client to the server. (This
    assumption is used to get the IP address of the client.)

    All captured packets are TLS packets: that is TCP session
    establishment/teardown packets should be filtered out (no SYN/SYN+ACK)
    """

    """
    Minimally validate the pcap and also find out what's the client
    and server IP addresses.
    """
    for packet in packets:
        if checking_first_packet:
            client_ip_addr = packet[IP].src
            checking_first_packet = False
        else:
            if packet[IP].src != client_ip_addr:
                server_ip_addr = packet[IP].src

        try:
            if (packet[Raw]):
                ssl_packets.append(packet)
        except IndexError:
            pass

    """Form our list."""
    for packet in ssl_packets:
        if packet[IP].src == client_ip_addr:
            messages.append({"client": str(packet[Raw])})
        elif packet[IP].src == server_ip_addr:
            messages.append({"server": str(packet[Raw])})
        else:
            raise("Detected third IP address! pcap is corrupted.")

    return messages
예제 #11
0
    def seq_analysis(self, pcapfile):
        """
        this method act as an interface for the dissect() method.
        and to represents the data in the required format.
        @param pcapfile: path to a pcap/cap library
        """
        packetslist = rdpcap(pcapfile)
        pktsfields = []
        protocols = []
        entry = {}
        recognized = False
        for pkt in packetslist:
            firstlayer = True
            if pkt:
                if firstlayer:
                    firstlayer = False
                    self.packet = pkt
                    fields = self.dissect(self.packet)

                load = pkt
                while load.payload:
                    load = load.payload
                    self.packet = load

                    fields = self.dissect(self.packet)

                    if fields[0]:
                        if fields[0] == "NoPayload":
                            break
예제 #12
0
def test_recv_many_packets_out_of_order():
    """
    We should be able to put multiple packets together, if they come
    out of order and are repeated.
    """
    packet_log = rdpcap("test/inputs/wget-36000-nums.pcap")
    listener, conn = create_session(packet_log)
    _, syn_ack, _, push_ack = packet_log[:4]

    listener.dispatch(syn_ack)
    payload = get_payload(push_ack)
    conn.send(payload)

    p1, p2, p3  = packet_log[5], packet_log[7], packet_log[8]

    # Send the packets out of order and repeated
    listener.dispatch(p2)
    listener.dispatch(p3)
    listener.dispatch(p2)
    listener.dispatch(p1) # Right
    listener.dispatch(p3)
    listener.dispatch(p2) # Right
    listener.dispatch(p3) # Right

    # Check that the contents of the packet is right
    # This is a good test because one of the packets starts with a 6 or
    # something
    conn.state = "CLOSED"
    recv = conn.recv(38000)
    assert recv[-36001:-1]  == "1234567890" * 3600
예제 #13
0
    def _test_dhcp_change():
        fd = open(ipaddr_log, 'r')
        run_dhcp_change = False
        dhcp_change_ip = None
        for line in fd:
            if run_dhcp_change:
                if ip_notification in line:
                    dhcp_parts = line.split(ip_notification + ' ')[1].rstrip()
                    dhcp_change_ip = dhcp_parts.split()[0]
                    break
            if running_dhcp_change in line:
                run_dhcp_change = True
        fd.close()

        if not running_dhcp_change:
            return 'skip', 'DHCP change test did not run.'

        if not ip_notification:
            return 'fail', 'No ip change found.'

        print('dhcp_change looking for ping src IP %s' % dhcp_change_ip)

        capture = rdpcap(scan_file)
        for packet in capture:
            if ICMP in packet:
                print('ping from src %s' % packet[IP].src)
                if packet[IP].src == dhcp_change_ip:
                    return 'pass', 'Device has received new IP address.'
        return 'fail', 'Device has not received new IP address.'
예제 #14
0
def read_capture(filename):
    packets = scapy.rdpcap(filename)
    # Hold the TCP packet fields
    tcp = []
    # Hold the UDP packet fields
    udp = []
    for p in packets:
        if p.haslayer(scapy.TCP) == 1:
            p[scapy.TCP].fields.update({"src": p[scapy.IP].fields["src"]})
            p[scapy.TCP].fields.update({"dst": p[scapy.IP].fields["dst"]})
            if p.haslayer(scapy.Raw) == 1:
                p[scapy.TCP].fields.update({"Raw": (p[scapy.Raw].load)})
            else:
                p[scapy.TCP].fields.update({"Raw": ""})
            tcp.append(p[scapy.TCP].fields)
        elif p.haslayer(scapy.UDP) == 1:
            p[scapy.UDP].fields.update({"src": p[scapy.IP].fields["src"]})
            p[scapy.UDP].fields.update({"dst": p[scapy.IP].fields["dst"]})
            if p.haslayer(scapy.Raw) == 1:
                p[scapy.UDP].fields.update({"Raw": (p[scapy.Raw].load)})
            else:
                p[scapy.UDP].fields.update({"Raw": ""})
            udp.append(p[scapy.UDP].fields)
    # Order the packets by sequence in case the stream needs to be reconstructed
    tcp = sorted(tcp, key=lambda paq: paq["seq"])
    packets = {}
    packets["tcp"] = tcp
    packets["udp"] = udp

    return packets
예제 #15
0
def upload():
    filepath = app.config['UPLOAD_FOLDER']
    upload = Upload()
    if request.method == 'GET':
        return render_template('./upload/upload.html')
    elif request.method == 'POST':
        pcap = upload.pcap.data
        if upload.validate_on_submit():
            pcapname = pcap.filename
            if allowed_file(pcapname):
                name1 = random_name()
                name2 = get_filetype(pcapname)
                global PCAP_NAME, PCAPS
                PCAP_NAME = name1 + name2
                try:
                    pcap.save(os.path.join(filepath, PCAP_NAME))
                    PCAPS = rdpcap(os.path.join(filepath, PCAP_NAME))
                    os.system('rm -rf ' + filepath + '*')
                    flash('恭喜你,上传成功!')
                    return render_template('./upload/upload.html')
                except Exception as e:
                    flash('上传错误,错误信息:' +str(e))
                    return render_template('./upload/upload.html')
            else:
                flash('上传失败,请上传允许的数据包格式!')
                return render_template('./upload/upload.html')
        else:
            return render_template('./upload/upload.html')
    def testBasic(self):
        iface = self.tap.name
        record = PacketRecord()

        # start capture
        process = Popen([APP, iface, CAPTURE_FILE], stdout=DEV_NULL, stderr=DEV_NULL)

        # send packets
        for i in range(PACKET_COUNT):
            packet = IP(dst="www.google.com")/ICMP()
            sendp(packet, iface=iface, verbose=False)
            record.add_sent(packet)

        # wait for stragglers
        time.sleep(1)

        # stop capture
        process.terminate()
        # hack: send one more packet to make sure capture closes immediately
        sendp(IP(), iface=iface, verbose=False)
        process.poll()

        # verify capture file
        for packet in rdpcap(CAPTURE_FILE):
            record.add_received(packet)
        self.assertTrue(record.verify())
예제 #17
0
    def analyze(self, data):
        '''
        start analyzing pcap logic, add descriptions and get words and wordsstripped from the file 

        '''
        data["PCAP"] = deepcopy(self.datastruct)
        packets = scapy.rdpcap(data["Location"]["File"])
        all, ports, ips, rarp, rdns, http, urlshttp, domains = self.read_all_packets(
            packets)
        data["PCAP"]["Domains"] = domains
        data["PCAP"]["URLs"] = urlshttp
        data["PCAP"]["ARP"] = rarp
        data["PCAP"]["DNS"] = rdns
        data["PCAP"]["HTTP"] = http
        data["PCAP"]["ALL"] = all
        data["PCAP"]["PORTS"] = ports
        data["PCAP"]["IP4S"] = ips
        self.waf.analyze(data["PCAP"]["HTTP"], data["PCAP"]["WAF"], "waf.json")
        add_description("Ports", data["PCAP"]["ALL"], "SourcePort")
        add_description("Ports", data["PCAP"]["ALL"], "DestinationPort")
        add_description("Ports", data["PCAP"]["PORTS"], "Port")
        add_description("DNSServers", data["PCAP"]["IP4S"], "IP")
        add_description("ReservedIP", data["PCAP"]["IP4S"], "IP")
        add_description("CountriesIPs", data["PCAP"]["IP4S"], "IP")
        get_words(data, data["Location"]["File"])
예제 #18
0
파일: PAD.py 프로젝트: fengssq/pmonitoring
    def en_code(self,d_file):
        '''主操作,加载参数过滤并展示信息'''
        global coun_num
        #增加数据库计数器
        regx=r'[A-Z]{3,4}.*?\ HTTP'
        d_packet=scapy.rdpcap(d_file)
        one_regx=regx_raw()
        for i in xrange(len(d_packet)):
            #获取每一个数据包信息
            try:
                if d_packet[i]['Raw'].load.startswith('GET'):

                    vlue_s,snffer_url=one_regx.attack_url(d_packet[i]['Raw'].load)
                    shost=one_regx.regx_host(d_packet[i]['Raw'].load)
                    sscrip=d_packet[i]['IP'].src
                    if vlue_s=='100' or vlue_s=='200':
                        print '警告',sscrip,snffer_url
                        coun_num=coun_num+1
                        dd.insurl(coun_num,snffer_url,'GET',sscrip,one_regx.regx_host(d_packet[i]['Raw'].load),'1','A')
                    else:
                        print '正常:',sscrip,snffer_url
                        pass
                '''
                if d_packet[i]['Raw'].load.startswith('GET') or d_packet[i]['Raw'].load.startswith('POST'):
                    print d_packet[i]['IP'].src,'==>',d_packet[i]['IP'].dst,re.findall(regx,d_packet[i]['Raw'].load)[0]
                    print d_packet[i]['Raw'].load
                else:
                    pass
                '''
            except:
                pass
예제 #19
0
def pkgLengthDisturb(feature2nd):
    fea2nddict = {}

    for k, v in feature2nd.items():
        fea2nd = [0 for x in range(17)]
        # pkgsum = 0

        for add in v:
            pkgs = scapy.rdpcap(add)
            # pkgsum += len(pkgs)

            for p in pkgs:
                # print(repr(p))
                if 'TCP' in p:
                    ploadlen = len(p['TCP'].payload)
                    print(ploadlen)

                    for i in range(17):
                        if 2**i - 1 <= ploadlen < 2**(i + 1) - 1:
                            fea2nd[i] += 1
        if sum(fea2nd) != 0:
            fea2ndratio = [float(y) / float(sum(fea2nd)) for y in fea2nd]
            print(fea2nd)
            fea2nddict[k] = fea2ndratio
        else:
            fea2nddict[k] = [0.0 for x in range(17)]

        return fea2nddict
예제 #20
0
    def scapy_sniff(self, sniff_timeout=180, sniff_filter=''):
        """
        @summary: PTF runner -  runs a sniffer in PTF container.
        Running sniffer in sonic-mgmt container has missing SOCKET problem
        and permission issues (scapy and tcpdump require root user)
        The remote function listens on all intfs. Once found, all packets
        are dumped to local pcap file, and all packets are saved to
        self.all_packets as scapy type.

        Args:
            sniff_timeout (int): Duration in seconds to sniff the traffic
            sniff_filter (str): Filter that Scapy will use to collect only relevant packets
        """
        capture_pcap = '/tmp/capture.pcap'
        capture_log = '/tmp/capture.log'
        self.ptfhost.copy(src='scripts/dual_tor_sniffer.py', dest=self.ptf_sniffer)
        self.ptfhost.command(
            'python {} -f "{}" -p {} -l {} -t {}'.format(
                self.ptf_sniffer, sniff_filter, capture_pcap, capture_log, sniff_timeout
            )
        )
        logger.info('Fetching pcap file from ptf')
        self.ptfhost.fetch(src=capture_pcap, dest='/tmp/', flat=True, fail_on_missing=False)
        self.all_packets = scapyall.rdpcap(capture_pcap)
        logger.info("Number of all packets captured: {}".format(len(self.all_packets)))
예제 #21
0
def upload():
    filepath = app.config['UPLOAD_FOLDER']
    upload = Upload()
    if request.method == 'GET':
        return render_template('./upload/upload.html')
    elif request.method == 'POST':
        pcap = upload.pcap.data
        if upload.validate_on_submit():
            pcapname = pcap.filename
            if allowed_file(pcapname):
                name1 = random_name()
                name2 = get_filetype(pcapname)
                global PCAP_NAME, PCAPS
                PCAP_NAME = name1 + name2
                try:
                    pcap.save(os.path.join(filepath, PCAP_NAME))
                    PCAPS = rdpcap(os.path.join(filepath, PCAP_NAME))
                    flash('恭喜你,上传成功!')
                    return render_template('./upload/upload.html')
                except Exception as e:
                    flash('上传错误,错误信息:' + str(e))
                    return render_template('./upload/upload.html')
            else:
                flash('上传失败,请上传允许的数据包格式!')
                return render_template('./upload/upload.html')
        else:
            return render_template('./upload/upload.html')
예제 #22
0
파일: dhcp_tests.py 프로젝트: pbatta/daq
    def _test_ip_change():

        fd = open(ipaddr_log, 'r')
        run_ip_change = False
        ip_change_ip = None
        for line in fd:
            if run_ip_change:
                if ip_notification in line:
                    ip_change_ip = line.split(ip_notification +
                                              ' ')[1].rstrip()
                    break
            if running_ip_change in line:
                run_ip_change = True
        fd.close()

        if ip_change_ip is None:
            return 'skip', 'IP change test did not run.'

        capture = rdpcap(scan_file)
        pingFound = False
        for packet in capture:
            if ICMP in packet and packet[IP].src == ip_change_ip:
                pingFound = True
        if pingFound:
            return 'pass', 'Ping response received after IP change.'
        return 'fail', 'No ping response received after IP change.'
def read_all_pcap_files_once(pcap_dir_in):
    pcap_data = dict()
    raw_data = dict()
    fnames = sorted([
        fn for fn in os.listdir(pcap_dir_in)
        if "line_" in fn and len(fn) == 24 and "pcap" in fn
    ])
    for pcap_file_in in fnames:
        packets = rdpcap(os.path.join(pcap_dir_in, pcap_file_in))
        pcap_data[pcap_file_in] = packets
        with open(os.path.join(pcap_dir_in, pcap_file_in), "rb") as fh:
            raw_pcap = fh.read()
            #24 bytes = global header, 16+42 bytes = packet header, 1200 bytes = vlp returns, 2 bytes = vlp factory bytes
            #raw_data[pcap_file_in] = [np.frombuffer(raw_pcap, dtype = np.uint8)[24:].reshape((len(raw_pcap)//1264,1264))[:,16+42:]]
            raw_data[pcap_file_in] = np.frombuffer(
                raw_pcap, dtype=np.uint8)[24:].reshape(
                    (len(raw_pcap) // 1264, 1264))[:, 16 + 42:].flatten()

    raw_data = pd.DataFrame.from_dict(raw_data)
    raw_data = raw_data.to_records(index=False)

    timestamps = {k: [float(val[0].time)] for k, val in pcap_data.items()}
    timestamps = pd.DataFrame.from_dict(timestamps, dtype=np.float64)
    timestamps = timestamps.to_records(index=False)

    nr_packs = {k: [len(val)] for k, val in pcap_data.items()}
    nr_packs = pd.DataFrame.from_dict(nr_packs)
    nr_packs = nr_packs.to_records(index=False)

    return timestamps, nr_packs, raw_data
예제 #24
0
def process_data():
    pcap_file = scapy.rdpcap("data.pcap")

    # Parse pcap
    time_start = 0
    trip_time = -1
    for i in range(len(pcap_file.res)):
        ether_packet = pcap_file.res[i]
        ether_time = ether_packet.time
        try:
            tcp_payload = ether_packet.payload["TCP"].load.decode()[:-1]

            # Last Packet
            if tcp_payload in ["Correct", "Incorrect"] and time_start != 0:
                trip_time = ether_time - time_start

            else:
                time_start = ether_time
        except:
            continue

    # Remove Files
    os.remove("tcp_out.txt")
    os.remove("tcp_err.txt")
    os.remove("data.pcap")

    if trip_time > 0:
        # Convert time to milliseconds
        trip_time = trip_time * 1000
        return trip_time
    return "Error"
예제 #25
0
def packet_count(pcap):
    conf.verb = 0
    try:
        pkts = rdpcap(pcap)
        return len(pkts)
    except Exception as e:
        return str(e)
예제 #26
0
def pcap2packets(input_file='.pcap or pcapng'):
    """
        "transform pcap to packets"
    :param input_file: pcap or pcapng
    :return: a list of packets.
    """
    pkts_lst = []
    data = rdpcap(input_file)
    print('%s info is ', data)
    ab_pkts = {'non_Ether_pkts': 0, 'non_IPv4_pkts': 0, 'non_TCP_UDP_pkts': 0}
    print('packet info:"srcIP:srcPort-dstIP:dstPort-prtcl" + IP_payload')
    cnt = 0
    for pkt in data:
        if pkt.name == "Ethernet":
            if pkt.payload.name.upper() in ['IP', 'IPV4']:
                if pkt.payload.payload.name.upper() in ["TCP", "UDP"]:
                    if cnt == 0:
                        print('packet info: "%s:%d-%s:%d-%s"+%s' %
                              (pkt.payload.src, pkt.payload.payload.sport,
                               pkt.payload.dst, pkt.payload.payload.dport,
                               pkt.payload.payload.name, pkt.payload.payload))
                    pkts_lst.append(
                        pkt.payload)  # only include "IPv4+IPv4_payload"
                else:
                    ab_pkts['non_TCP_UDP_pkts'] += 1
            else:
                ab_pkts['non_IPv4_pkts'] += 1
        else:
            ab_pkts['non_Ether_pkts'] += 1
    print('Number of packets in %s is %d.' % (input_file, len(pkts_lst)))
    print('Abnormal packets in %s is %s' % (input_file, ab_pkts))

    return pkts_lst
예제 #27
0
def process_data():
    pcap_file = scapy.rdpcap("data.pcap")

    # Parse pcap
    time_start = 0
    time_stop = 0
    for i in range(len(pcap_file.res)):
        ether_packet = pcap_file.res[i]
        ether_time = ether_packet.time
        try:
            tcp_payload = ether_packet.payload["TCP"].load.decode()[:-1]
            if tcp_payload == "z":
                time_start = ether_time
            elif tcp_payload == "Done" and time_start != 0:
                time_stop = ether_time
                break
        except:
            continue

    delta = time_stop - time_start

    # Remove Files
    os.remove("tcp_out.txt")
    os.remove("tcp_err.txt")
    os.remove("data.pcap")

    if all(i != 0 for i in [time_start, time_stop]):
        return {"Time": delta}
    return "Error"
예제 #28
0
def extractLengths(streamfile, lengthfile):
  packets=rdpcap(streamfile)
  lengths=[]

  for packet in packets:
    if 'IP' in packet:
      try:
        l=packet['IP'].fields['len']
      except:
        print('IP packet has no length')
        continue
    elif 'IPv6' in packet:
      try:
        l=packet['IPv6'].fields['len']
      except:
        print('IPv6 packet has no length')
        continue
    else:
      print('Non-IP packet: '+str(packet))
      continue
    lengths.append(l)

  maxlen=max(lengths)
  lengthCount=[0]*(maxlen+1)
  for l in lengths:
    lengthCount[l]=lengthCount[l]+1

  f=open(lengthfile, 'wb')
  for count in lengthCount:
    f.write(str(count)+"\n")
  f.close()
예제 #29
0
def extractCorpus(streamfile, dict, corpus):
  from gensim.corpora.dictionary import Dictionary
  from gensim.corpora import MmCorpus
  print('extractCorpus '+str(streamfile))
  packets=rdpcap(streamfile)
  buff=b''

  maxSize=4

  words=[]

  # Limit to the first 100 packets
  for x in range(100):
    if x<len(packets):
      if 'Raw' in packets[x]:
        buff=buff+bytes(packets[x]['Raw'])

  for size in range(1, maxSize):
    for x in range(len(buff)):
      sub=buff[x:x+size]
      if len(sub)==size:
        words.append(sub)

  corpus.append(dict.doc2bow(words))

  return corpus
예제 #30
0
def step1(pcap, request=0, response=0):
    pcap = scapy.rdpcap(pcap)

    for p in pcap:

        if p.haslayer(request):
            print("*********request******")
            http_header = p[request].fields
            headers = http_header['Headers']

            Method = p[request].Method
            Path = p[request].Path
            version = http_header['Http-Version']
            request_line = Method + " " + Path + " " + version

            if 'Raw' in p:
                request_body = p['Raw'].load
                return request_line, headers, request_body
            else:
                return request_line, headers, None

        if p.haslayer(response):
            print("*********response******")
            http_header = p[response].fields
            headers = http_header['Headers']
            Status_Line = http_header['Status-Line']

            if 'Raw' in p:
                response_body = p['Raw'].load
                return Status_Line, headers, response_body
            else:
                return Status_Line, headers, None
예제 #31
0
def main(pcapFileNames):
    print(info('Started [at] {}\n'.format(fetchFormatedTime())))
    try:
        for pcapFileName in pcapFileNames:
            print(info('Opening File -> {}'.format(pcapFileName)))
            packets = rdpcap(pcapFileName)
            print(good('File read sequence compleated.'))
            data = b''
            print(
                info(
                    'Reading and, merging data from provided sniffed packets .'
                ))
            for packet in packets[Raw]:
                data += packet.load
            print(
                good('Data Successfully Extracted -> {} bytes'.format(
                    len(data))))
            print(
                info('Now, writing the Data to -> {}'.format(pcapFileName +
                                                             '.out')))
            with open(pcapFileName + '.out', 'wb') as outFile:
                outFile.write(data)
                outFile.close()
            print(good('Done!\n'))
    except KeyboardInterrupt:
        print(bad('SIGINT recieved, terminating.'))
        coolExit(0)
    except Exception as exception:
        print(bad('Ugh! Error -> {}'.format(exception)))
        coolExit(1)
    coolExit(0)
예제 #32
0
def packet_count(pcap):
    conf.verb = 0
    try:
        pkts = rdpcap(pcap)
        return len(pkts)
    except Exception as e:
        return str(e)
def analyse_pcap(pcap_file):

    really_old_seq = quite_old_seq = old_seq = current_seq = 0

    print "x, y"

    packets = scapy.rdpcap(pcap_file)
    for packet in packets:

        # Weed out SYN retransmissions.

        if is_retransmission(packet):
            continue

        really_old_seq = quite_old_seq
        quite_old_seq = old_seq
        old_seq = current_seq
        current_seq = packet[scapy.TCP].seq

        x = current_seq - old_seq
        y = old_seq - quite_old_seq
        z = quite_old_seq - really_old_seq

        if x < 0:
            x = SEQ_MAX - abs(x)
        if y < 0:
            y = SEQ_MAX - abs(y)
        if z < 0:
            z = SEQ_MAX - abs(z)

        print "%d, %d" % (x, y)
예제 #34
0
    def testBasic(self):
        iface = self.tap.name
        record = PacketRecord()

        # start capture
        process = Popen([APP, iface, CAPTURE_FILE],
                        stdout=DEV_NULL,
                        stderr=DEV_NULL)

        # send packets
        for i in range(PACKET_COUNT):
            packet = IP(dst="www.google.com") / ICMP()
            sendp(packet, iface=iface, verbose=False)
            record.add_sent(packet)

        # wait for stragglers
        time.sleep(1)

        # stop capture
        process.terminate()
        # hack: send one more packet to make sure capture closes immediately
        sendp(IP(), iface=iface, verbose=False)
        process.poll()

        # verify capture file
        for packet in rdpcap(CAPTURE_FILE):
            record.add_received(packet)
        self.assertTrue(record.verify())
예제 #35
0
def parse_pcap(filename):
    logging.info("api: parsing %s ..." % filename)

    net_id = os.path.basename(filename).replace('.pcap', '')

    if '_' in net_id:
        # /root/handshakes/ESSID_BSSID.pcap
        essid, bssid = net_id.split('_')
    else:
        # /root/handshakes/BSSID.pcap
        essid, bssid = '', net_id

    it = iter(bssid)
    bssid = ':'.join([a + b for a, b in zip(it, it)])

    info = {'essid': essid, 'bssid': bssid}

    try:
        from scapy.all import rdpcap

        for pkt in rdpcap(filename):
            info = parse_packet(pkt, info)

    except Exception as e:
        logging.error("api: %s" % e)

    return info['essid'], info['bssid']
예제 #36
0
def single_thread_pcap_ana(assigned_file_list, out_q, q_writer_lock):
    for file in assigned_file_list:
        try:
            with scapy.rdpcap(file) as packets:
                if packets is None:
                    break
                else:
                    for packet in packets:
                        if packet.haslayer('IP'):
                            value = packet.time, \
                                    packet.src, packet.dst, \
                                    packet["IP"].src, packet["IP"].dst, \
                                    packet.sprintf("%IP.proto%")
                            if packet.haslayer('TCP'):
                                value += packet["TCP"].sport, packet[
                                    "TCP"].dport
                            elif packet.haslayer('UDP'):
                                value += packet["UDP"].sport, packet[
                                    "UDP"].dport
                            with q_writer_lock:
                                out_q.put(value)
                        elif packet.haslayer('IPv6'):
                            pass
        except IOError:
            break
예제 #37
0
def main(count, input_cap, output_txt, mac_filter):
	mac_counts = {}
	pkt_count = 0
	seq['last'] = 0
	seq['init'] = False
	capture = s.rdpcap(input_cap)
	foutput = open(output_txt, 'wt')
	for pkt in capture:
		n = 0;
		pkt_count += 1
		try:
			if pkt[s.Ether].dst in mac_counts:
				mac_counts[pkt[s.Ether].dst] = mac_counts[pkt[s.Ether].dst] + 1
			else:
				mac_counts[pkt[s.Ether].dst] = 1
				
			# Deal with AVTP packets
			if pkt[s.Ether].type == 0x22f0:
				# look for the requested MAC
				if pkt[s.Ether].dst == mac_filter:
					n = pkt_avtp(pkt, foutput, pkt_count)
		except IndexError:
			print "Unknown ethernet type"
		count = count - n
		if count == 0:
			break
	foutput.close();
	if count != 0:
		print "Could not find the specified MAC, or MAC count"
		print "Mac counts"
		print mac_counts
	print "Complete"
def mymain():
	packets=scapy.rdpcap('login.pcap')
	mylist=[]
	for p in packets:
		#p.show()
		#sys.stdout=open("my", 'w')
		Get_http(p)
예제 #39
0
def read_capture(filename):
    packets = scapy.rdpcap(filename)
    #Hold the TCP packet fields
    tcp = []
    #Hold the UDP packet fields
    udp = []
    for p in packets:
        if p.haslayer(scapy.TCP) == 1:
            p[scapy.TCP].fields.update({'src': p[scapy.IP].fields['src']})
            p[scapy.TCP].fields.update({'dst': p[scapy.IP].fields['dst']})
            if p.haslayer(scapy.Raw) == 1:
                p[scapy.TCP].fields.update({'Raw': (p[scapy.Raw].load)})
            else:
                p[scapy.TCP].fields.update({'Raw': ''})
            tcp.append(p[scapy.TCP].fields)
        elif p.haslayer(scapy.UDP) == 1:
            p[scapy.UDP].fields.update({'src': p[scapy.IP].fields['src']})
            p[scapy.UDP].fields.update({'dst': p[scapy.IP].fields['dst']})
            if p.haslayer(scapy.Raw) == 1:
                p[scapy.UDP].fields.update({'Raw': (p[scapy.Raw].load)})
            else:
                p[scapy.UDP].fields.update({'Raw': ''})
            udp.append(p[scapy.UDP].fields)
    #Order the packets by sequence in case the stream needs to be reconstructed
    tcp = sorted(tcp, key=lambda paq: paq['seq'])
    packets = {}
    packets['tcp'] = tcp
    packets['udp'] = udp

    return packets
예제 #40
0
def replace_pw(FILENAME, password):
    index_list = []
    k = 1 
    found = False
    ## read and edit file
    pkts = rdpcap(FILENAME)

    # loop to find password indices
    for i in range(0, len(pkts)):
        try:
            if password[0] in str(pkts[i].load) and len(pkts[i].load) == 1:
                index_list.append(i)            
                for j in range(1, len(password)):
                    if password[j] in str(pkts[i+j+k].load) and len(pkts[i+j+k].load) == 1:
                        index_list.append(i+j+k)
                        k += 1
                    else:
                        index_list = []
                        k = 1
                if len(index_list) == len(password):
                    found = True
                    break
        except AttributeError:
            pass
    
    # replace password per packet
    for i in index_list:
        pkts[i].load = 'X'

    if found:
        wrpcap("mod.pcap", pkts)
예제 #41
0
def pcap2flows(input_f, output_dir='../2_flows_data'):
    """
        flow is based on five tuple, howerver, there is direction between srcIP and dstIP.
            srcIP->dstIP and dstIP->srcIP are recognized as different flow.

    :param input_f:
    :param output_dir:
    :return:
    """
    if not os.path.exists(output_dir):
        os.makedirs(output_dir)
    file_prefix = os.path.split(input_f)[-1].split('.')[0]
    data = rdpcap(input_f)
    data.stats
    sess = data.sessions()  # can achieve flows in default, not sessions
    others_pkts = 0
    for k, v in sess.items():
        # print(k,v)
        sess_tmp = b''
        for vv in v:
            payload = vv.payload.payload.payload.original
            sess_tmp += payload
        if sess_tmp == b'':
            print('\'%s\' is not a flow.' % k)
            others_pkts += 1
            continue
        k = os.path.join(output_dir,
                         file_prefix + '|' + k.replace(' ', '_') + '.png')
        print(k, sess_tmp)
        output_file = save_png(k, sess_tmp)
    print('others_pkts = %d' % others_pkts)

    return output_dir
예제 #42
0
    def _test_ip_change():
        fd = open(ipaddr_log, 'r')
        run_ip_change = False
        ip_change_ip = None
        for line in fd:
            if run_ip_change:
                if ip_notification in line:
                    ip_parts = line.split(ip_notification + ' ')[1].rstrip()
                    ip_change_ip = ip_parts.split()[0]
                    break
            if running_ip_change in line:
                run_ip_change = True
        fd.close()

        if not run_ip_change:
            return 'skip', 'IP change test did not run.'

        if not ip_change_ip:
            return 'fail', 'No ip change found.'

        print('ip_change looking for ping src IP %s' % ip_change_ip)
        capture = rdpcap(scan_file)
        pingFound = False
        for packet in capture:
            if ICMP in packet:
                print('ping from src %s' % packet[IP].src)
                if packet[IP].src == ip_change_ip:
                    return 'pass', 'Ping response received after IP change.'
        return 'fail', 'No ping response received after IP change.'
예제 #43
0
 def __len__(self):
     '''
     '''
     nr = 0
     for pkt in rdpcap(self.pkts_src):
         nr += 1
     return nr
예제 #44
0
def _check_pcap(dummy_ip_a, dummy_ip_b, filepath):
    is_ok_a = False
    is_ok_b = False

    if dummy_ip_a is None:
        is_ok_a = True
    if dummy_ip_b is None:
        is_ok_b = True

    packets = rdpcap(filepath)
    for data in packets:
        proto = "IPv6" if "IPv6" in data else "IP"
        if is_ok_a is False and data[proto].dst == dummy_ip_a:
            is_ok_a = True
        if is_ok_b is False and data[proto].dst == dummy_ip_b:
            is_ok_b = True
        if is_ok_a and is_ok_b:
            return True

    missed_ip = []
    if not is_ok_a:
        missed_ip.append(dummy_ip_a)
    if not is_ok_b:
        missed_ip.append(dummy_ip_b)
    logger.error("Pcap file doesn't contain dummy syslog ips: ({})".format(", ".join(missed_ip)))
    return False
예제 #45
0
def main(count, input_cap):
	mac_data = {}
	n_avtp_streams = 0
	foutput = []
	pkt_count = 0
	ts_good = 0
	capture = s.rdpcap(input_cap)
	for pkt in capture:
		n = 0;
		pkt_count += 1
		try:
			# Deal with AVTP packets
			if (pkt[s.Ether].type == 0x8100 and pkt[s.Dot1Q].type == 0x22f0):
				avtp = pkt[AVTP]
				if avtp.controlData == 0x0:
					if pkt[s.Ether].dst in mac_data:
						mac_data[pkt[s.Ether].dst]['avtp_count'] = mac_data[pkt[s.Ether].dst]['avtp_count'] + 1
					else:
						print "Packet %d, found AVTP stream with destination MAC %s" % (pkt_count, pkt[s.Ether].dst)
						mac_data[pkt[s.Ether].dst] = {}
						mac_data[pkt[s.Ether].dst]['this_mac'] = pkt[s.Ether].dst
						mac_data[pkt[s.Ether].dst]['avtp_count'] = 1
						mac_data[pkt[s.Ether].dst]['fname'] = 'seq%d.csv' % n_avtp_streams
						mac_data[pkt[s.Ether].dst]['fout'] = open(mac_data[pkt[s.Ether].dst]['fname'], 'wt')
						mac_data[pkt[s.Ether].dst]['seq'] = {}
						mac_data[pkt[s.Ether].dst]['seq']['last'] = 0
						mac_data[pkt[s.Ether].dst]['seq']['init'] = False
						mac_data[pkt[s.Ether].dst]['wraps'] = 0
						mac_data[pkt[s.Ether].dst]['prev_pkt_ts'] = 0
						mac_data[pkt[s.Ether].dst]['ts_count'] = 0
						mac_data[pkt[s.Ether].dst]['ts_accum'] = 0
						mac_data[pkt[s.Ether].dst]['ts_uncertain_count'] = 0
						n_avtp_streams = n_avtp_streams + 1
					
					if avtp.timestampUncertain:
						ts_good = 0
						mac_data[pkt[s.Ether].dst]['ts_uncertain_count'] = mac_data[pkt[s.Ether].dst]['ts_uncertain_count'] + 1
					else:
						ts_good = ts_good + 1

					# when we have 2 MACs, process the packet
					if n_avtp_streams == 2 and ts_good > 2:
						if mac_data[pkt[s.Ether].dst]['ts_count'] == 0:
							print "At packet %d start unpacking AVTP dest MAC %s" % (pkt_count, pkt[s.Ether].dst)
						n = pkt_avtp(pkt, mac_data[pkt[s.Ether].dst]['fout'], pkt_count, mac_data[pkt[s.Ether].dst])
		except IndexError:
			print "Unknown ethernet type packet %d" % pkt_count
		count = count - n
		if count == 0:
			break
	for k, v in mac_data.items():
		v['fout'].close();
		print "MAC %s %d AVTP timestamps stored to %s" % (k, v['ts_count'], v['fname'])
		print "         Timestamp uncertain count: %d" % v['ts_uncertain_count']

	if count != 0:
		print "Could not find the specified packets counts"
	
	print "Complete"
예제 #46
0
def sniff_responses():
    packets = rdpcap("./74db9d6b62579fea4525d40e6848433f-net03.pcap")
    for packet in packets:
        if DNSRR in packet:
            data = packet[DNSRR].rdata
            # first byte is a length byte as per TXT record RFC
            data = b64decode(str(correct_base64_padding(data[1:])))
            print(" ".join("{0:02x}".format(c) for c in data))
예제 #47
0
def get_MPTCP_ack(i, dstIP):
    try:
        tf = tempfile.NamedTemporaryFile()
        execCommand("sudo tcpdump -c 1 -w " + tf.name + ".cap -i " + i + " \"tcp[tcpflags] & (tcp-ack) != 0 and tcp[tcpflags] & (tcp-syn) == 0 and dst net " + dstIP + "\" 2>/dev/null", shell = True)
        scan = rdpcap("" + tf.name + ".cap")
    finally:
        execCommand("rm -f " + tf.name + ".cap", shell = True)
    return scan[0]
예제 #48
0
def get_MPTCP_syn(i):
    try:
        tf = tempfile.NamedTemporaryFile()
        execCommand("sudo tcpdump -c 1 -w " + tf.name + ".cap -i " + i + " \"tcp[tcpflags] & tcp-syn != 0\" 2>/dev/null", shell = True)
        scan = rdpcap("" + tf.name + ".cap")
    finally:
        execCommand("rm -f " + tf.name + ".cap", shell = True)
    return scan[0]
예제 #49
0
def sniff_ackseq(i, srcIP):
    try:
        tf = tempfile.NamedTemporaryFile()
        execCommand("sudo tcpdump -c 1 -w " + tf.name + ".cap -i " + i + " \"src net " + srcIP + "\" 2>/dev/null", shell = True)
        scan = rdpcap("" + tf.name + ".cap")
    finally:
        execCommand("rm -f " + tf.name + ".cap", shell = True)
    return scan[0]
예제 #50
0
def get_time(pcap):
    try:
        p = rdpcap(pcap)
        c = len(p)
        start = datetime.datetime.fromtimestamp(p[0].time).strftime('%Y-%m-%d %H:%M:%S.%f')
        end = datetime.datetime.fromtimestamp(p[c -1].time).strftime('%Y-%m-%d %H:%M:%S.%f')
        return [start, end]
    except Exception as e:
        return str(e)
예제 #51
0
	def doTest(self):
		#redirect stdout to file
		sys.stdout = open(self.outputFile, 'w')
		pkts = rdpcap(self.inputFile)
		pkts.show()
		print '\n', '-' * 20, 'Packets Details:', '\n'
		for p in pkts:
			p.show()
			print '=' * 70
예제 #52
0
 def run(self):
     """
     Run the client and perform all the operations:
      * Connect to the server.
      * Receive video while sniffing packets.
      * Close connection.
      * Process data and extract information.
      * Run meters.
     
     :returns: A list of measures (see :attr:`VideoTester.measures.core.Meter.measures`) and the path to the temporary directory plus files prefix: ``<path-to-tempdir>/<prefix>``.
     :rtype: tuple
     """
     VTLOG.info("Client running!")
     VTLOG.info("XMLRPC Server at " + self.conf['ip'] + ':' + self.conf['port'])
     VTLOG.info("Evaluating: " + self.conf['video'] + " + " + self.conf['codec'] + " at " + self.conf['bitrate'] + " kbps and " + self.conf['framerate'] + " fps under " + self.conf['protocols'])
     from xmlrpclib import ServerProxy
     from scapy.all import rdpcap
     from multiprocessing import Process, Queue
     from VideoTester.gstreamer import RTSPclient
     from VideoTester.sniffer import Sniffer
     from VideoTester.measures.qos import QoSmeter
     from VideoTester.measures.bs import BSmeter
     from VideoTester.measures.vq import VQmeter
     try:
         server = ServerProxy('http://' + self.conf['ip'] + ':' + self.conf['port'])
         self.conf['rtspport'] = str(server.run(self.conf['bitrate'], self.conf['framerate']))
     except:
         VTLOG.error("Bad IP or port")
         exit()
     sniffer = Sniffer(self.conf)
     rtspclient = RTSPclient(self.conf, self.video)
     q = Queue()
     child = Process(target=sniffer.run, args=(q,))
     try:
         child.start()
         self.__ping()
         rtspclient.receiver()
         sniffer.cap = rdpcap(q.get())
         child.join()
     except KeyboardInterrupt:
         VTLOG.warning("Keyboard interrupt!")
         server.stop(self.conf['bitrate'], self.conf['framerate'])
         child.terminate()
         child.join()
         exit()
     server.stop(self.conf['bitrate'], self.conf['framerate'])
     videodata, size = rtspclient.reference()
     conf = {'codec':self.conf['codec'], 'bitrate':float(self.conf['bitrate']), 'framerate':float(self.conf['framerate']), 'size':size}
     packetdata = sniffer.parsePkts()
     codecdata, rawdata = self.__loadData(videodata, size, self.conf['codec'])
     qosm = QoSmeter(self.conf['qos'], packetdata).run()
     bsm = BSmeter(self.conf['bs'], codecdata).run()
     vqm = VQmeter(self.conf['vq'], (conf, rawdata, codecdata, packetdata)).run()
     self.__saveMeasures(qosm + bsm + vqm)
     VTLOG.info("Client stopped!")
     return qosm + bsm + vqm, self.conf['tempdir'] + self.conf['num']
예제 #53
0
def do_q4(ifile, ofile):
    pckts = rdpcap(ifile)
    flags, chksums = {}, {}
    for i, p in enumerate(pckts):
        if TCP in p:
            ip = p[IP]
            tcp = ip[TCP]
            if (ip.src, ip.dst) in flags:
                if tcp.seq < flags[(ip.src, ip.dst)]:
                    print "Suspected frame %d with sequence number %s" % (i+1, tcp.seq)
            flags[(ip.dst, ip.src)] = tcp.ack
예제 #54
0
def sniff_queries():
    packets = rdpcap("./74db9d6b62579fea4525d40e6848433f-net03.pcap")
    for packet in packets:
        if DNSRR in packet:
            data = packet[DNS].qd.qname
            # Since DNS queries are case insensitive, it's base32 rather than
            # base64 data and the format of the query name is [base32 data]-[16
            # characters].badguy.com
            data = data.decode().split("-")[0].replace(".", "")
            data = b32decode(str(data), True)
            print(" ".join("{0:02x}".format(c) for c in data))
def read_pcap_file(fname):
    """Reads a pcap file and returns the first packet in the file.

    Args:
        fname (str): Name of the file located in packet_files/.

    Returns:
        Packet: The first packet found in the file, as a scapy packet.
    """
    p = scapy.rdpcap(PACKET_DIR + '%s' % fname)
    return p[0]
def get_packets_from_pcap(pcap_path):
    """
    receives the packets from the given file path
    :param pcap_path: the path to the pcap file to load the data from
    :return: list of DataVectors holding the data in the pcap file
    """
    packets = []  # the packets of the given pcap file as a DataVector
    pcap_data = rdpcap(pcap_path)
    for p in pcap_data:
        packets.append(DataVector(p))
    return packets
예제 #57
0
def extractFirstStrings(streamfile, stringfile):
  print('extractFirstStrings '+str(streamfile)+' '+str(stringfile))
  packets=rdpcap(streamfile)

  for packet in packets:
    if 'Raw' in packet: # First packet with contents
      buff=bytes(packet['Raw'])
      f=open(stringfile, 'wb')
      f.write(buff)
      f.close()
      break
예제 #58
0
def extractFirstStrings(streamfile, stringfile):
    print ("extractFirstStrings " + str(streamfile) + " " + str(stringfile))
    packets = rdpcap(streamfile)

    for packet in packets:
        if "Raw" in packet:  # First packet with contents
            buff = bytes(packet["Raw"])
            f = open(stringfile, "wb")
            f.write(buff)
            f.close()
            break
예제 #59
0
def try_decompress():
    packets = rdpcap("./74db9d6b62579fea4525d40e6848433f-net03.pcap")
    for packet in packets:
        if DNSRR in packet:
            data = packet[DNS].qd.qname
            data = data.decode().split("-")[0].replace(".", "")
            data = b32decode(data, True)
            decode(data, "client-server")
            data = packet[DNSRR].rdata
            data = b64decode(data)
            decode(data, "server-client")
예제 #60
0
 def __init__(self):
     self.summary_string = str(random.randint(1000000000, 9999999999))
     # fileHandle = open('fake_data/' + 'packet1279077254.72')
     # temp_data = pickle.load(fileHandle)
     temp_data = ["Bogus"]
     if rdpcap_available:
         try:
             temp_data = rdpcap("fake_data/" + "http.pcap")
         except:
             pass
     self.timestamp = 1279077254.72
     self.actual_packet = Packet(self.timestamp, temp_data[0], None)