예제 #1
0
def parent(ip_version):
    msg("============================================================")
    msg("starting dig process USING IPv{}".format(ip_version))
    p = Process(target=dig, args=(ip_version, ))
    p.start()
    msg("starting sniff")
    pkts = sniff("eth0", lfilter=lambda x: (UDP in x and DNS in x), timeout=6)
    msg("sniff done, joining dig")
    p.join()

    msg("\noriginal\n----------------------------------------")
    pkts.nsummary()

    msg("\nsave and reload 1\n----------------------------------------")
    pktfile = "pkts2.pcap"
    wrpcap(pktfile, pkts)
    pkts2 = rdpcap(pktfile)
    pkts2.nsummary()

    msg("\nsave and reload 2\n----------------------------------------")
    for p in pkts:
        if IP in p:
            del(p[IP].len)
        if UDP in p:
            del(p[UDP].len)
            del(p[UDP].chksum)
    pktfile = "pkts3.pcap"
    wrpcap(pktfile, pkts)
    pkts3 = rdpcap(pktfile)
    pkts3.nsummary()
    msg("----------------------------------------\n")
예제 #2
0
    def combine_pcap(self, dest_pcap, src_pcap):
        pkts = rdpcap(dest_pcap)
        if len(pkts) != 1:
            return

        pkts_src = rdpcap(src_pcap)
        pkts += pkts_src

        wrpcap(dest_pcap, pkts)
def load_pcap(pcap):
    # @todo: possibly generate a packet list using sniff
    # sniff(offline=pcap,prn=method_filter_HTTP,store=0)

    # read pcap into memory
    packet_list = rdpcap(pcap)
    count = len(packet_list)
    print("[*]: Reading %d packets" % count)

    # get human readable types
    dns_type_enum = read_dns_record_enum()

    # extract information
    dns_queries = []
    dns_responses = []
    for packet in packet_list:
        if packet.haslayer(DNSRR):
            dnsr = packet[DNSRR]
            rrname = dnsr.rrname.decode('UTF-8')
            rdata = dnsr.rdata
            rrtype = dns_type_enum[dnsr.rclass]
            ttl = dnsr.ttl
            dns_queries.append((rrname, rrtype))
            dns_responses.append((rrname, rrtype, ttl, rdata))
        elif packet.haslayer(DNSQR):
            dnsr = packet[DNSQR]
            query = dnsr.qname.decode('UTF-8')
            query_type = dns_type_enum[dnsr.qtype]
            dns_queries.append((query, query_type))

    return dns_queries, dns_responses
예제 #4
0
def replay_packet(host):
    global pcap_file
    global speed
    global quick
    # global module

    debugger("Load pcap")
    packets = rdpcap(pcap_file)

    # tamper = module

    own_packet_index = get_packet_index(packets)
    
    packet_num = len(packets)

    info("Start replay packet")

    t0 = time.time()
    for i in range (0, packet_num):
        if i in own_packet_index:
            if (i != 0) and not quick:
                delta = (packets[i].time - packets[i-1].time)/speed
                time.sleep(delta)
            send_packet(host, packets, i, t0)
        else:
            recv_packet(host, packets, t0)
            
    info("Send all packets finished, connection will be closed")
    if listen:
        info("Server wiil continue listening on port %d" %port)
    else:
        info("Exit")
        host.close()
    sys.exit(0)
def replay(file):
    packets = rdpcap(file)

    # try:
    # 	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    # 	s.connect(("127.0.0.1", 445))
    # except:
    # 	print>>sys.stderr, "err: connect"
    # 	return

    for p in packets:
        try:
            if p.haslayer(TCP) and p.getlayer(TCP).dport == 445 and len(
                    p.getlayer(TCP).payload) > 6:
                try:
                    if p.getlayer(TCP).flags > 1 and "\x90" in p.getlayer(
                            TCP).load:
                        #	s.sendall(str(p.getlayer(TCP).payload))
                        #	print p.getlayer(TCP).payload
                        print repr(p.getlayer(TCP).load)
                        break
                except:
                    print >> sys.stderr, "err: send"
                    return
        except:
            print >> sys.stderr, "err: read"
            return
        # time.sleep(1)
    # s.shutdown(0)
    return
예제 #6
0
 def read_pcap_file(self, iface, filename):
     try:
         pcap_file = os.path.join(self.config['pcap_dir'], filename)
         for pkt in rdpcap(pcap_file):
             self.fprn(pkt, iface)
     except Exception:
         self.logger.exception('Cant read pcap file %s', pcap_file)
예제 #7
0
def pcap_to_csv(input_filename, output_handle, mappings):
    '''This funciton takes a pcap (by filename), and for each packet between
    any two of (client, server, thirdparty) and extracts:
    timestamp
    sender/receiver
    size of payload (where "payload" is defined as everything after the TCP/UDP header
    protocol ("IP/TCP", etc).
    
    input_filename: filename of the input file ("foo.pcap")
    output_handle: handle to direct output to (open("foo.csv"))
    mappings: a dict mapping of ip address to role, where role is one of:
        "client", "server", or "thirdparty".  For example:
        { "10.10.5.7" : "client1", "192.168.2.7" : "client2", 
        "10.15.20.30": "server", "10.40.50.70" : "thirdparty" }
    returns: nothing
    '''

    fields = ["time", "direction", "payloadlength", "protocol"]
    
    # rdpcap returns pcap, essentially an array of packets
    # Packet fields can be read via packet[layer].field
    # layers are in scapy.layers
    # packet.show() displays the contents of each packet
    pcap = rdpcap(input_filename)
    csvwriter = csv.DictWriter(output_handle, fields, delimiter=',',
                                quotechar='"', quoting=csv.QUOTE_MINIMAL)
    csvwriter.writeheader()

    for packet in pcap:        
        row = get_packet_info(packet, mappings)
        if row != None:
            csvwriter.writerow(row)
예제 #8
0
def send_pkts(args, rewriteinfo):
    """Replays the pcap after rewriting with supplied details"""

    proto, iface, ethsrc, ethdst, ipsrc, ipdst = rewriteinfo

    pkts = rdpcap('{}.pcap'.format(proto))
    for p in pkts:

        # Update Ether common for all proto
        p.getlayer(Ether).src = ethsrc
        p.getlayer(Ether).dst = ethdst
        if proto == 'sgi':
            continue

        del p[IP].chksum
        del p[UDP].chksum

        p.getlayer(IP).src = ipsrc
        p.getlayer(IP).dst = ipdst
        if proto == 's11':
            # Update s11 MME GTPC IP for Create Session
            if p.getlayer(UDP).gtp_type == 32:
                p.getlayer(UDP).IE_list[8].ipv4 = ipsrc
            # Update s11 MME GTPC IP and s1u ENB GTPU IP for Modify Bearer
            if p.getlayer(UDP).gtp_type == 34:
                p.getlayer(UDP).IE_list[0][2].ipv4 = args.enb.addr
                p.getlayer(UDP).IE_list[1].ipv4 = ipsrc

        checksum_silent(p)

    wrpcap('tosend-{}.pcap'.format(proto), pkts)
예제 #9
0
파일: packet.py 프로젝트: ScottDaniels/vfd
def load_sniff_packets(index=''):
    pkts = []
    child_exit = False
    if index in SNIFF_PIDS.keys():
        pipe, intf, timeout = SNIFF_PIDS[index]
        time_elapse = int(time.time() - float(index))
        while time_elapse < timeout:
            if pipe.poll() is not None:
                child_exit = True
                break

            time.sleep(1)
            time_elapse += 1

        if not child_exit:
            pipe.send_signal(signal.SIGINT)
            pipe.wait()

        # wait pcap file ready
        time.sleep(1)
        try:
            cap_pkts = rdpcap("/tmp/sniff_%s.pcap" % intf)
            for pkt in cap_pkts:
                # packet gen should be scapy
                packet = Packet(tx_port=intf)
                packet.pktgen.assign_pkt(pkt)
                pkts.append(packet)
        except:
            pass

    return pkts
예제 #10
0
 def stop_sniffing(self):
     self.tcmpdump_proc.terminate()
     self.tcmpdump_proc.wait()
     for packet in rdpcap(self.pcap_file_path):
         if IP in packet:
             self.collect_packet(packet[IP])
     return self.packets
예제 #11
0
def process_pcap(file_name):
    head = '424d36d51b0000000000360000002800000060090000be00000001002000000000000000000000000000000000000000000000000000'
    f = [b'' for _ in range(22)]
    of = open('fparse.bmp', 'wb')

    s = rdpcap(file_name).sessions()
    for s_name in s:
        recflag = False
        idx = 0
        for p in s[s_name]:
            try:
                raw = p[TCP].load
                if recflag and len(raw) > 1000:
                    f[idx] += raw

                if raw.startswith(b'\x42\x01') and len(
                        raw) == 40:  #MPI (BTL) header
                    idx = raw[12]
                    recflag = True
            except:
                pass
        f[idx] = f[idx][24:]
    of.write(bytes.fromhex(head))
    for d in f:
        of.write(d)
    of.close()
예제 #12
0
    def get_chksums(self, pcap=None):
        """
        get chksum values of Outer and Inner packet L3&L4
        Skip outer udp for it will be calculated by software
        """
        chk_sums = {}
        pkts = rdpcap(pcap)
        for number in range(len(pkts)):
            if pkts[number].guess_payload_class(pkts[number]).name == "gre":
                payload = pkts[number][GRE]
            else:
                payload = pkts[number]

            if payload.guess_payload_class(payload).name == "IP":
                chk_sums['outer_ip'] = hex(payload[IP].chksum)

            if pkts[number].haslayer(GRE) == 1:
                inner = pkts[number][GRE]
                if inner.haslayer(IP) == 1:
                    chk_sums['inner_ip'] = hex(inner[IP].chksum)
                    if inner[IP].proto == 6:
                        chk_sums['inner_tcp'] = hex(inner[TCP].chksum)
                    if inner[IP].proto == 17:
                        chk_sums['inner_udp'] = hex(inner[UDP].chksum)
                    if inner[IP].proto == 132:
                        chk_sums['inner_sctp'] = hex(inner[SCTP].chksum)
                break

        return chk_sums
예제 #13
0
    def __init__(self, packets, localport=50002, remoteport=4172, isUDP=True):
        '''
		Initialise a conversation from a pcap file or a list otherwise obtained from scapy 
		using scapy.rdpcap (also available as udpanal.rdpcap).
		
		Args:
		* packets - either string representing relative or absolute filename for pcap file
					or PacketList object returned by rdpcap
		* localport - the UDP port you communicated from
		* remoteport - the UDP port you are communicating with
		* isUDP - for future use when TCP & SCTP are also implemented
		'''
        if type(packets) == type(''):
            pktlist = rdpcap(packets)
        elif type(PacketList()) == type(packets):
            pktlist = packets  # re-initialise, take the penalty to kill that annoying 'filter multiplicity)
        else:
            self = packets

        self.lport = localport
        self.rport = remoteport

        if isUDP:
            pktlist = pktlist.filter(lambda x: x.haslayer(UDP))
            pktlist = pktlist.filter(
                lambda x: x.getlayer(UDP).dport == self.lport or x.getlayer(
                    UDP).sport == self.lport or x.getlayer(UDP).dport == self.
                rport or x.getlayer(UDP).sport == self.rport)
            self.pktlist = PacketList(pktlist)
        self.count = len(self.pktlist)
        return
예제 #14
0
def injection_goose(interface):
    pcap_name = input(
        "\n[*] Enter the name of the PCAP file to be used (without extension): "
    )

    traffic = rdpcap(pcap_name + '.pcap')  # name of the.pcap
    for frame in traffic:  # frame = line
        if frame.haslayer(Ether) == 1 and frame.haslayer(
                Dot1Q) == 1 and frame.haslayer(Raw) == 1:
            frame.src = "00:50:56:3C:BB:7C"
            print(frame)
            sendp(frame, iface=interface)
            time.sleep(0.1)
    '''
        header_content = Ether()
        header_content.dst = "00:50:56:3D:9E:FD"
        header_content.src = "00:50:56:3C:BB:7B"
        header_content.type = 0x8100
        # CONSTRUCTING VLAN HEADER  0x88b8
        header_VLAN = Dot1Q()
        header_VLAN.prio = 4
        header_VLAN.id = 0
        header_VLAN.vlan = 0
        header_VLAN.type = 0x88b8
        # CONSTRUCTING GOOSE MESSAGE
        goose_msg = Raw()
        goose_msg.load = "b'\x00\x01\x00P\x00\x00\x00\x00aF\x80\tLLN0$gcb1\x81\x02\x0f\xa0\x82\x08LLN0$DS4\x83\x02G1\x84\x08Y\xde8\xa2\xd6\x04\x13x\x85\x01\x07\x86\x01\x11\x87\x01\x01\x88\x01\x01\x89\x01\x00\x8a\x01\x03\xab\x0b\x83\x01\x01\x85\x01\n\x84\x03\x03@\x00'"
        # blablabla
        ls(header_VLAN)
        ls(goose_msg)
        ls(header_content)
        new_Goose_Frame = header_content / header_VLAN / goose_msg
        sendp(new_Goose_Frame , iface=interface)
    '''
    break
예제 #15
0
    def test_pcap_drop(self):
        """ Drop Packet Capture Filter Test """
        self.cli("pcap trace drop max 1000 "
                 "error {ip4-udp-lookup}.{No listener for dst port} "
                 "file vpp_test_trace_filter_test_pcap_drop.pcap")
        # the packet we are trying to match
        p = list()
        for i in range(17):
            # this packet should be forwarded
            p.append((
                Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                IP(src=self.pg0.remote_hosts[0].ip4, dst=self.pg1.remote_ip4) /
                UDP(sport=2345, dport=1234) / Raw('\xa5' * 100)))
            # this packet should be captured (no listener)
            p.append(
                (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                 IP(src=self.pg0.remote_hosts[0].ip4, dst=self.pg0.local_ip4) /
                 UDP(sport=2345, dport=1234) / Raw('\xa5' * 100)))
        # this packet will be blackholed but not captured
        p.append((Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                  IP(src=self.pg0.remote_hosts[0].ip4, dst="0.0.0.0") /
                  UDP(sport=2345, dport=1234) / Raw('\xa5' * 100)))

        self.send_and_expect(self.pg0, p, self.pg1, n_rx=17, trace=False)

        self.cli("pcap trace drop off")

        # check captured pcap
        pcap = rdpcap("/tmp/vpp_test_trace_filter_test_pcap_drop.pcap")
        self.assertEqual(len(pcap), 17)
 def extract_data(self):
     # First of all, sleep for 1 minute
     self._log.info(self.__class__.__name__, 'Sleeping waiting for data to extract.')
     time.sleep(15)
     self._log.info(self.__class__.__name__, 'I woke up. I am starting to extract data.')
     # Load the sniff
     pkts = rdpcap(self._fs.get_tmp_folder() + '/sniff.pcap')
     # The list of all openflow packets in the sniffing.
     openflow_packets = []
     for pkt in pkts:
         # OpenFlow is not yet implemented as dissector in Scapy, thus just count TCP packets from/to standard
         # OpenFlow controller port.
         if TCP in pkt and (pkt[TCP].sport == 6633 or pkt[TCP].dport == 6633):
             if TCP in pkt:
                 # Add to the openflow_packet list
                 openflow_packets.append(pkt)
     self._log.debug(self.__class__.__name__, 'Calculating the time of the of the last sniffed packet.')
     # Take the time of the last sniffed packet
     time_last_packet = openflow_packets[len(openflow_packets) - 1].time
     self._log.debug(self.__class__.__name__, 'Calculating the time of the of the first sniffed packet.')
     # Take the time of the first sniffed packet
     time_first_packet = openflow_packets[0].time
     self._log.debug(self.__class__.__name__, 'Calculating the convergence time.')
     # Calculate the convergence time
     convergence_time = time_last_packet - time_first_packet
     self._log.debug(self.__class__.__name__, 'Starting to write the convergence time into extractor folder.')
     # Write it into a file inside the extractor folder
     output_file_name = self._simulation_path + '/' + self._extractor_folder + '/time.data'
     output_file = open(output_file_name, 'w')
     output_file.write('Convergence time (seconds): %s' % str(convergence_time))
     self._log.info(self.__class__.__name__, 'All data has been correctly extracted.')
     # Notify all observers
     self.notify_all()
예제 #17
0
def load_sniff_packets(index=''):
    """
    Stop sniffer and return packet objects
    """
    pkts = []
    child_exit = False
    if index in SNIFF_PIDS.keys():
        pipe, intf, timeout = SNIFF_PIDS[index]
        time_elapse = int(time.time() - float(index))
        while time_elapse < timeout:
            if pipe.poll() is not None:
                child_exit = True
                break

            time.sleep(1)
            time_elapse += 1

        if not child_exit:
            pipe.send_signal(signal.SIGINT)
            pipe.wait()

        # wait pcap file ready
        time.sleep(1)
        try:
            cap_pkts = rdpcap("/tmp/sniff_%s.pcap" % intf)
            for pkt in cap_pkts:
                # packet gen should be scapy
                packet = Packet(tx_port=intf)
                packet.pktgen.assign_pkt(pkt)
                pkts.append(packet)
        except:
            pass

    return pkts
예제 #18
0
    def get_pcap_info(file_prefix):
        """Get the Dest IP from the RX pcap file

        :param file_prefix: the test case pcap file prefix
        :type file_prefix: str
        :returns: packet counts, dest ip, is or not ipv4
        :rtype: tuple(int, str, bool).
        """
        exec_dir = BuiltIn().get_variable_value("${EXECDIR}")

        rx_pcapfile = '{0}/{1}/{2}_rx.pcap' \
            .format(exec_dir, con.TLDK_TESTCONFIG, file_prefix)
        packets = rdpcap(rx_pcapfile)
        count = len(packets)

        ### the first packet
        pkt = packets[0]
        if pkt.type == 0x0800:
            ### this is a IPv4 packet
            dest_ip = pkt[IP].dst
            is_ipv4 = True
        elif pkt.type == 0x86dd:
            ### this is a IPv6 packet
            dest_ip = pkt[IPv6].dst
            is_ipv4 = False

        return count, dest_ip, is_ipv4
예제 #19
0
    def get_capture(self, remark=None, filter_fn=is_ipv6_misc):
        """
        Get captured packets

        :param remark: remark printed into debug logs
        :param filter_fn: filter applied to each packet, packets for which
                          the filter returns True are removed from capture
        :returns: iterable packets
        """
        try:
            self.wait_for_capture_file()
            output = rdpcap(self.out_path)
            self.test.logger.debug("Capture has %s packets" % len(output.res))
        except IOError:  # TODO
            self.test.logger.debug(
                "File %s does not exist, probably because no"
                " packets arrived" % self.out_path)
            if remark:
                raise Exception("No packets captured on %s(%s)" %
                                (self.name, remark))
            else:
                raise Exception("No packets captured on %s" % self.name)
        before = len(output.res)
        if filter_fn:
            output.res = [p for p in output.res if not filter_fn(p)]
        removed = len(output.res) - before
        if removed:
            self.test.logger.debug(
                "Filtered out %s packets from capture (returning %s)" %
                (removed, len(output.res)))
        return output
예제 #20
0
 def stop_sniffing(self):
     self.tcmpdump_proc.terminate()
     self.tcmpdump_proc.wait()
     for packet in rdpcap(self.pcap_file_path):
         if IP in packet:
             self.collect_packet(packet[IP])
     return self.packets
예제 #21
0
def timeCSV(folder):
    """
    This method creates a CSV file of all the times each IP address sends a packet to the given IoT device
    Args:
        folder: folder containing pcap files
    """

    ipAddresses = []
    ipandTimes = []
    old_mac_address = folder[len(folder)-12:len(folder)]
    mac_address = ""
    # The MAC address for the device
    for i in range(len(old_mac_address)//2 - 1):
        mac_address += old_mac_address[i * 2] + old_mac_address[i * 2 + 1] + ":"
    mac_address += old_mac_address[-2] + old_mac_address[-1]
    
    output_file_name = "./results/CSVtimes/CSVtimes" + old_mac_address + ".csv"

    out_file = open(output_file_name,'w')

    # Ordering Files in the directory (useful for window purposes)
    files = sorted(os.listdir(folder))

    for filename in files:
                
        if not filename.endswith(".pcap"):
            print("Not processed {} ...".format(filename))
            continue
            
        file_name = folder + "/" + filename
        print("Processing {} ...".format(file_name))

        packets = rdpcap(file_name)
        for ether_pkt in packets:
            
            if 'type' not in ether_pkt.fields:
                # LLC frames will have 'len' instead of 'type'.
                # We disregard those
                continue
            
            if ether_pkt.type != protocol_mapping_l2.get('IPv4'):
                continue
            
            ip_pkt = ether_pkt[IP]

            # Compare to Mac Address, as IP address is variable due to the network
            if ether_pkt.dst != mac_address:
                continue

            if not ip_pkt.src in ipAddresses:
                ipAddresses.append(ip_pkt.src)
                ipandTimes.append([ip_pkt.src,float(ether_pkt.time)])
            else:
                for item in ipandTimes:
                    if item[0] == ip_pkt.src:
                        item.append(float(ether_pkt.time))

    for item in ipandTimes:
        out_file.write("IPAddress: {}, {}\n".format(item[0], str(item[1:len(item)]).replace(']','').replace('[','')))
예제 #22
0
def test__update_twotupleuni_update():
    afg = AnubisFG(bidirectional=False)
    capture = rdpcap('tests/data/test_100_rows.pcap')
    # Second packet is a SYN TCP packet.
    packet = capture[1]

    ip_src = '172.16.0.5'
    ip_dst = '192.168.50.1'
    timestamp = datetime(2018, 12, 1, 13, 17, 11, 183810)
    src_port = 60675
    dst_port = 80
    protocol = 6
    hdr_len = 20
    length = 74
    ttl = 63
    pkt_flag_counter = [0] * 8
    # SYN flag
    pkt_flag_counter[1] = 1

    # Creating
    afg._update_twotupleuni(packet)
    expected = {
        'fst_timestamp': timestamp,
        'lst_timestamp': timestamp,
        'set_src_ports': {src_port},
        'set_dst_ports': {dst_port},
        'pkt_flag_counter': pkt_flag_counter,
        'pkt_protocol_counter': {
            protocol: 1
        },
        'tot_header_len': hdr_len,
        'tot_packet_len': length,
        'tot_ttl': ttl
    }
    assert len(afg.memory_twotup) == 1
    assert afg.memory_twotup[(ip_src, ip_dst)].__dict__ == expected

    # Updating
    # Third packet is another SYN TCP packet with same IPs and Ports
    packet = capture[2]
    new_timestamp = datetime(2018, 12, 1, 13, 17, 11, 183813)
    # SYN flag
    pkt_flag_counter[1] += 1
    afg._update_twotupleuni(packet)
    expected = {
        'fst_timestamp': timestamp,
        'lst_timestamp': new_timestamp,
        'set_src_ports': {src_port},
        'set_dst_ports': {dst_port},
        'pkt_flag_counter': pkt_flag_counter,
        'pkt_protocol_counter': {
            protocol: 2
        },
        'tot_header_len': hdr_len * 2,
        'tot_packet_len': length * 2,
        'tot_ttl': ttl * 2
    }
    assert len(afg.memory_twotup) == 1
    assert afg.memory_twotup[(ip_src, ip_dst)].__dict__ == expected
def extract_iodine(root, source, destination):
    dns_packets = rdpcap(source)

    downstream = b''
    upstream = b''

    is_transfer = False
    real_packets = []

    for packet in dns_packets:
        if not packet.haslayer(DNS):
            continue
            
        if DNSRR in packet and len(packet[DNSRR].rdata) > 0:
            # downstream
            data = packet[DNSRR].rdata
            if isinstance(data, str):
                # should be some bug in scapy?
                data = data.encode()
            
            if not is_transfer:
                continue

            downstream += data[2:]

            headers = ServerHeader(data)
            if headers.last and len(downstream) > 0:
                try:
                    raw_data = zlib.decompress(downstream)
                    real_packets.append(IP(raw_data[4:]))
                except zlib.error:
                    pass

                downstream = b''
        elif DNSQR in packet:
            # client
            hostname = packet[DNSQR].qname
            if hostname[0] not in b"0123456789abcdefABCDEF":
                continue
                
            is_transfer = True
            
            if not hostname.endswith(root):
                print("Warning: skipped upstream packet:", hostname, file=sys.stderr)
                continue
            
            upstream += hostname[5:-len(root)].replace(b".", b"")

            headers = ClientHeader(hostname)
            if headers.last and len(upstream) > 0:
                try:
                    raw_data = zlib.decompress(b128decode(upstream))
                    real_packets.append(IP(raw_data[4:]))
                except zlib.error:
                    pass

                upstream = b''

    wrpcap(destination, real_packets)
예제 #24
0
    def read_all(self, ipg_usec, min_ipg_usec, speedup, split_mode=None):
        # get the packets
        if split_mode is None:
            pkts = RawPcapReader(self.pcap_file).read_all()
        else:
            pkts = rdpcap(self.pcap_file)

        if not pkts:
            raise STLError("'%s' does not contain any packets." %
                           self.pcap_file)

        self.pkts_arr = []
        last_ts = 0
        # fix times
        for pkt in pkts:
            if split_mode is None:
                pkt_data, meta = pkt
                ts_usec = meta[0] * 1e6 + meta[1]
            else:
                pkt_data = pkt
                ts_usec = pkt.time * 1e6

            if ipg_usec is None:
                loco = locals()
                if 'prev_time' in loco:
                    delta_usec = (ts_usec - loco['prev_time']) / float(speedup)
                else:
                    delta_usec = 0
                if min_ipg_usec and delta_usec < min_ipg_usec:
                    delta_usec = min_ipg_usec
                prev_time = ts_usec
                last_ts += delta_usec
            else:  # user specified ipg
                if min_ipg_usec:
                    last_ts += min_ipg_usec
                elif ipg_usec:
                    last_ts += ipg_usec / float(speedup)
                else:
                    raise STLError(
                        'Please specify either min_ipg_usec or ipg_usec, not both.'
                    )
            self.pkts_arr.append([pkt_data, last_ts])

        if split_mode is None:
            return self.pkts_arr

        # we need to split
        self.graph = Graph()

        self.pkt_groups = [[], []]

        if split_mode == 'MAC':
            self.generate_mac_groups()
        elif split_mode == 'IP':
            self.generate_ip_groups()
        else:
            raise STLError('unknown split mode for PCAP')

        return self.pkt_groups
예제 #25
0
    def read_pcap(self, file):
        pcap_pkts = []
        try:
            pcap_pkts = rdpcap(file)
        except:
            pass

        return pcap_pkts
예제 #26
0
    def read_pcap_file(self, pcap_file):
        pcap_pkts = []
        try:
            pcap_pkts = rdpcap(pcap_file)
        except:
            raise Exception("write pcap error")

        return pcap_pkts
예제 #27
0
def send_packet(intf, fname, pkt_cnt):

    pkts = rdpcap(fname)
    for pkt in pkts:
        #logging.debug("Tx packet: {}".format(pkt.show()))
        logging.info('[%s] Sending %d packets on interface %s' %
                     (get_curr_time(), int(pkt_cnt), intf))
        sendp(pkt, iface=intf, count=pkt_cnt)
예제 #28
0
def main():
    pcap_file = rdpcap("SynFloodSample.pcap")
    # create set with all ip's from packets with sync flag
    black_set = {p[IP].src for p in pcap_file if p[TCP].flags == 'S'}
    # remove all the ip's that answered with ack
    black_set.difference_update({p[IP].src for p in pcap_file if 'A' in p[TCP].flags})
    with open('blacklist ips.txt', 'w') as ips_file:
        ips_file.write('\n'.join(sorted(black_set)))
예제 #29
0
def main():
    file = rdpcap('arpspoofing.pcap')

    for i, bman in enumerate(file):
        if (bman.haslayer(ARP)):
            getting(bman)
            found = identity(bman)
            printing(found, i + 1)
예제 #30
0
파일: loader.py 프로젝트: techge/nemesys
    def __init__(self, pcapfilename, importLayer=5):
        # l5msgs = PCAPImporter.readFile(pcap, importLayer=absLayer).values()  # type: List[AbstractMessage]
        self.importLayer = importLayer
        self.packets = rdpcap(pcapfilename)
        self._messages = SortedTypedList(AbstractMessage)
        self._rawmessages = SortedTypedList(AbstractMessage)

        for pkt in self.packets:  # type: Packet
            self.packetHandler(pkt)
예제 #31
0
파일: framework.py 프로젝트: schevalier/vpp
 def pg_get_capture(cls, o):
     pcap_filename = "/tmp/pg%u_out.pcap" % o
     try:
         output = rdpcap(pcap_filename)
     except IOError:  # TODO
         cls.log("WARNING: File %s does not exist, probably because no"
                 " packets arrived" % pcap_filename)
         return []
     return output
예제 #32
0
def cmp_left_to_right(file1, file2):

    pkt_match_cnt = 0
    pkts1 = rdpcap(file1)

    try:
        pkts2 = rdpcap(file2)
    except IOError:
        #there was no PCAP with received packets, assume nothing was received
        return False

    pkts1 = map(lambda x: str(x), pkts1)
    pkts2 = map(lambda x: str(x), pkts2)

    for p1 in pkts1:
        for i in range(len(pkts2)):

            try:
                p2 = pkts2[i]
            except IndexError:
                #print
                #print 'Packet with index %s has been already matched' % i
                continue

            if pkt_cmp(p1, p2):
                pkt_match_cnt += 1
                """
				Once the packet is matched remove it from the list of
				received packets. This helps to avoid double matching
				a packet if there are more than one identical packets contained in a given
				PCAP
				"""

                del pkts2[i]

    if VERBOSE:
        print
        print "%s packets matched out of %s sent" % (pkt_match_cnt, len(pkts1))
    print "[%s/%s]" % (pkt_match_cnt, len(pkts1))

    if pkt_match_cnt == len(pkts1):
        return True
    else:
        return False
예제 #33
0
def test__update_fivetuplebi_noupdate():
    afg = AnubisFG(bidirectional=True)
    capture = rdpcap('tests/data/test_100_rows.pcap')
    # First packet is a STP packet that should not be read.
    packet = capture[0]

    afg._update_fivetuplebi(packet)
    assert afg.memory_fivetup == dict()
    with pytest.raises(IndexError, match='Packet does not have an IP layer'):
        afg._update_fivetuplebi(packet, ignore_errors=False)
예제 #34
0
 def load_cap(file_name) -> PacketList:
     """
     Load .cap into scapy.plist
     """
     try:
         cap = rdpcap(f"{CAP_PATH}{file_name}{CAP_EXTENSION}")
         logger.info(f"\"{file_name}{CAP_EXTENSION}\" loaded")
         return cap
     except FileNotFoundError as error:
         logger.warning(f"{type(error).__name__}: \"{format(error)}\"")
예제 #35
0
파일: target.py 프로젝트: ederollora/p4c
    def check_outputs(self):
        """ Checks if the output of the filter matches expectations """
        report_output(self.outputs["stdout"],
                      self.options.verbose, "Comparing outputs")
        direction = "out"
        for file in glob(self.filename('*', direction)):
            report_output(self.outputs["stdout"],
                          self.options.verbose, "Checking file %s" % file)
            interface = self.interface_of_filename(file)
            if os.stat(file).st_size == 0:
                packets = []
            else:
                try:
                    packets = rdpcap(file)
                except Exception as e:
                    report_err(self.outputs["stderr"],
                               "Corrupt pcap file", file, e)
                    self.showLog()
                    return FAILURE

            if interface not in self.expected:
                expected = []
            else:
                # Check for expected packets.
                if self.expected[interface]["any"]:
                    if self.expected[interface]["pkts"]:
                        report_err(self.outputs["stderr"],
                                   ("Interface " + interface +
                                    " has both expected with"
                                    " packets and without"))
                    continue
                expected = self.expected[interface]["pkts"]
            if len(expected) != len(packets):
                report_err(self.outputs["stderr"], "Expected", len(
                    expected), "packets on port",
                    str(interface), "got", len(packets))
                return FAILURE
            for i in range(0, len(expected)):
                cmp = compare_pkt(
                    self.outputs, expected[i], packets[i])
                if cmp != SUCCESS:
                    report_err(self.outputs["stderr"], "Packet", i, "on port",
                               str(interface), "differs")
                    return cmp
            # Remove successfully checked interfaces
            if interface in self.expected:
                del self.expected[interface]
        if len(self.expected) != 0:
            # Didn't find all the expects we were expecting
            report_err(self.outputs["stderr"], "Expected packets on port(s)",
                       self.expected.keys(), "not received")
            return FAILURE
        report_output(self.outputs["stdout"],
                      self.options.verbose, "All went well.")
        return SUCCESS
예제 #36
0
 def test_omni(self):
   sniffer = self.get_sniffer()
   packets = rdpcap(get_full_path(self.PCAP_FILE))
   for i, packet in enumerate(packets):
     try:
       message = sniffer.message_from_packet(packet)
       print ('TEST OMNI DUMP MESSAGE(%d): %s' % (i, message))
       if i in self.PCAP_MESSAGES:
         self.assertIsInstance(message, self.PCAP_MESSAGES[i])
     except (BadPacket, struct.error) as ex:
       # exception happens on TCP SYN, RST and so on
       pass
예제 #37
0
def main():
    mp = MuninProfiler()
    for pkt in rdpcap(sys.argv[1]):
        mp.handle_packet(pkt)
    print("Client idle time during connection: %.2fs" % sum(mp.idles))
    times = [(key, sum(value)) for key, value in mp.times.items()]
    times.sort(key=lambda tpl: -tpl[1])
    total = sum(value for key, value in times)
    print("Total time waiting for the node:    %.2fs" % total)
    print("Top 10 plugins using most of the time")
    for key, value in times[:10]:
        print("%-40s: %.2fs (%d%%)" % (key, value, 100 * value / total))
def process_file(file_name):

    connections = extract_connections(rdpcap(file_name))

    orig_retrans, scan_retrans = extract_retransmissions(connections)

    for connection in connections.values():
        if not has_exponential_backoff(connection):
            print "Connections don't follow exponential backoff."

    analyse_retransmissions(orig_retrans, scan_retrans)

    return 0
예제 #39
0
def use_pcap(prn=None, lfilter=None, filename=None):
    pcp = rdpcap(filename=filename)

    if prn is None:
        prn = lambda pkt: pkt

    if lfilter is None:
        lfilter = lambda pkt: True

    for packet in pcp:
        if lfilter(packet):
            out_line = prn(packet)

            if out_line:
                print out_line
예제 #40
0
def main(argv):
	inputfile = ''
	outputfile = ''
	hookfile = ''
	try:
		opts, args = getopt.getopt(argv,"hi:o:t:",["ifile=","ofile=","transformation="])
	except getopt.GetoptError:
		print sys.argv[0] + ' -i inputfile -o outputfile -t [hook script]'
		print sys.argv[0] + ' -i sample.pcap -o result.pcap -t example'
		sys.exit(2)
	for opt, arg in opts:
		if opt == '-h':
			print 'test.py -i <inputfile> -o <outputfile>'
			sys.exit()
		elif opt in ("-i", "--ifile"):
			inputfile = arg
		elif opt in ("-o", "--ofile"):
			outputfile = arg
		elif opt in ("-t", "--transformation"):
			hookfile = arg

	pkts=rdpcap(inputfile)
	for pkt in pkts:
	    try:
		my_array = []
		if pkt.haslayer(TCP):
		    for d in str(pkt.getlayer(TCP).payload):
		        my_array.append(d)
		if pkt.haslayer(UDP):
		    for d in str(pkt.getlayer(UDP).payload):
		        my_array.append(d)
		
		modname = "hooks." + hookfile
		module = __import__(modname, globals(), locals(), ['modify_payload'])
		func = getattr(module, "modify_payload")
		data = func(my_array)
		str1 = ''.join(data)
		
		#replace payload in origional packet
		if pkt.haslayer(TCP):
		    pkt.getlayer(TCP).payload=str1
		if pkt.haslayer(UDP):
		    pkt.getlayer(UDP).payload=str1
		    
	    except:
		raise
	wrpcap(outputfile, pkts)
def main():
    """
    :return: void
    """
    # Parse arguments & scan each packet
    parser = argparse.ArgumentParser()
    parser.add_argument('source_file')
    args = parser.parse_args()
    found_attack = 0

    packets = rdpcap(args.source_file)
    for pkt in packets:
        update_icmp_dict(pkt)
    found_attack += find_icmp_tunneling()
    found_attack += find_syn_flood(packets)
    found_attack += find_ftp_bounce(packets)
    report_attack(found_attack)
예제 #42
0
 def _get_capture(self, timeout, filter_out_fn=is_ipv6_misc):
     """ Helper method to get capture and filter it """
     try:
         if not self.wait_for_capture_file(timeout):
             return None
         output = rdpcap(self.out_path)
         self.test.logger.debug("Capture has %s packets" % len(output.res))
     except:
         self.test.logger.debug("Exception in scapy.rdpcap (%s): %s" %
                                (self.out_path, format_exc()))
         return None
     before = len(output.res)
     if filter_out_fn:
         output.res = [p for p in output.res if not filter_out_fn(p)]
     removed = before - len(output.res)
     if removed:
         self.test.logger.debug(
             "Filtered out %s packets from capture (returning %s)" %
             (removed, len(output.res)))
     return output
예제 #43
0
def b_Darbeleme(pcap_file):
	packets = rdpcap(pcap_file)
	
	for packet_content in packets:
		packet_list = []
		if packet_content.haslayer(TCP) and packet_content.dport == int(args.port):
		    for packet_payload in str(packet_content.getlayer(TCP).payload):
		    	if len(packet_payload) != 0:
		        	packet_list.append(packet_payload)

		if packet_content.haslayer(UDP) and packet_content.dport == int(args.port):
		    for packet_payload in str(packet_content.getlayer(UDP).payload):
		    	if len(packet_payload) != 0:	
		        	packet_list.append(packet_payload)	

		#if len packet_list == 0
		#XXX

		data = " ".join("{:02x}".format(ord(sla)) for sla in packet_list).split()

		if args.byteflip == True:
			fuzzed_list = b_Flip(data)

		elif args.smash == True:
			fuzzed_list = b_Smash(data)
		
		else:
			print "[!] Wrong method was chosen!"
			sys.exit(1)
		
		i = 0
		for sending_now in fuzzed_list:
			count_packet = range(len(sending_now))
			if i > len(sending_now)-1:
				i = 0
			i += 1
			last_tsend = "".join(sending_now).decode("hex")
			b_Connection(last_tsend, count_packet[i-1])
예제 #44
0
 def extract_data(self):
     # First of all, sleep for 1 minute
     self._log.info(self.__class__.__name__, 'Sleeping waiting for data to extract.')
     time.sleep(15)
     self._log.info(self.__class__.__name__, 'I woke up. I am starting to extract data.')
     # Load the sniff
     pkts = rdpcap(self._fs.get_tmp_folder() + '/sniff.pcap')
     # Counter for counting all openflow packets included into the sniffing.
     count = 0
     self._log.debug(self.__class__.__name__, 'Calculating the total number of exchanged control plane messages.')
     for pkt in pkts:
         # OpenFlow is not yet implemented as dissector in Scapy, thus just count TCP packets from/to standard
         # OpenFlow controller port.
         if TCP in pkt and (pkt[TCP].sport == 6633 or pkt[TCP].dport == 6633):
             if TCP in pkt:
                 count += 1
     self._log.debug(self.__class__.__name__, 'Starting to write the convergence time into extractor folder.')
     # Write it into a file inside the extractor folder
     output_file_name = self._simulation_path + '/' + self._extractor_folder + '/overhead.data'
     output_file = open(output_file_name, 'w')
     output_file.write('Exchanged packets: %s' % str(count))
     self._log.info(self.__class__.__name__, 'All data has been correctly extracted.')
     # Notify all observers
     self.notify_all()
예제 #45
0
#!/usr/bin/python
__author__ = 'kilroy'
#  (c) 2014, WasHere Consulting, Inc.
#  Written for Infinite Skills

from scapy.all import *
from scapy.utils import rdpcap

src_mac = "12:45:ff:aa:bb:3d"
dst_mac = "05:34:10:df:ef:ab"
src_ip = "1.5.4.2"
dst_ip = "4.5.4.2"

frames=rdpcap("file.pcap") #  could also read in only a small number of packets
for frame in frames:
    try:
        frame[Ether].src = src_mac
        frame[Ether].dst = dst_mac
        if IP in frame:
            frame[IP].src = src_ip
            frame[IP].dst = dst_ip
        sendp(frame)
    except Exception as e:
        print(e)
예제 #46
0
    try:
        parser = argparse.ArgumentParser("Replay packets from a pcap_file")
        parser.add_argument("pcap_file_path", type=str, help ="The path of the pcap file to replay")
        args = parser.parse_args()
        pcap_path, pcap_file_name = path.split(args.pcap_file_path)
        pcap_file_name, ext = path.splitext(pcap_file_name)

        print (pcap_path, pcap_file_name)
        subprocess.call(['editcap','-c','1024','-F','libpcap',args.pcap_file_path,'_'+pcap_file_name+'_out.pcap'])
        out,err = subprocess.Popen(['ls | grep '+pcap_file_name+'_out'], stdout=subprocess.PIPE, shell=True).communicate()

        fragments = {}

        for pcap_file in out.splitlines():
            print 'Processing %s'%(pcap_file)
            pkts = rdpcap(pcap_file)
            timestamp = pkts[0].time
            for pkt in pkts:
                if pkt.haslayer('IP'):
                    dst = pkt['IP'].dst
                    if dst in mcastsocket.keys():
                        print "id: %d offset: %d"%(pkt['IP'].id,pkt['IP'].frag*8)
                        time.sleep((pkt.time - timestamp)*scale)
                        timestamp = pkt.time
                        if pkt['IP'].flags == 1:
                            #print [(pkt.time, fragment_id, fragments[fragment_id].len) for fragment_id in fragments.keys()]
                            if pkt['IP'].frag == 0:
                                #fragments[pkt['IP'].id] = [pkt]
                                #print pkt['IP'].payload
                                buffer=StringIO.StringIO()
                                buffer.seek(pkt['IP'].frag*8)
예제 #47
0
파일: print.py 프로젝트: ejialan/tools
#!/usr/bin/env python

import sys
from scapy.all import *
from scapy.utils import rdpcap

pkts=rdpcap(sys.argv[1])  # could be used like this rdpcap("filename",500) fetches first 500 pkts
for pkt in pkts:
     print """____________________________________"""
     pkt.show()
     print ""

예제 #48
0
파일: pcap-sim.py 프로젝트: ejialan/tools
              protocol = __import__('matcher.' + p, fromlist=['*'])
              protocol.config(pconf)
            else:
              protocol = __import__('matcher.' + optValue, fromlist=['*'])
            
    if 'protocol' not in locals():
      protocol = __import__('pcap.raw', fromlist=['*'])

    print 'Run as', mode, 'mode'
    print 'Decode packet as ', protocol
    print "replace ", replace, "to", [address,port]

    for cap in caps:
        f,opts = cap[0],cap[1:]
        m_conf = conf.copy()
        for opt in opts:
          if opt == "wrap":
            m_conf["wrap"] = True
        pkts = [replace_pkt_header(pkt, replace, [address,int(port)]) for pkt in rdpcap(f)]
        print "pcap file :", f, "contains", len(pkts), "packets"
        for index, pkt in enumerate(pkts):
          if has_load(pkt):
            print index, [pkt[IP].src,pkt[TCP].sport], "->", [pkt[IP].dst,pkt[TCP].dport], " load:", repr(pkt.load)
        matchers.append(PcapMatcher(pkts, m_conf, protocol))

    if mode == "server":
        sniff(prn=lambda x : monitor_callback(x), filter="dst port %d and dst host %s" % (port, address), iface=interface, store=0)
    elif mode == "client":
        play(pkts)

예제 #49
0
    ether = Ether();
    ether.type = 0x86dd;
    ether.src = pkt.src;
    ether.dst = pkt.dst;
    header6 = header4to6 (pkt['IP']);

    if ('TCP' in pkt):
        l4type = 'TCP';
    elif ('UDP' in pkt):
        l4type = 'UDP';
    else:
        l4type = None;
    if (l4type == 'TCP' or l4type == 'UDP'):
        newpayload = payload4to6(pkt[l4type].payload);
        pkt[l4type].remove_payload();
        newpkt = ether /header6 / pkt[l4type] / newpayload;
        del pkt[l4type].chksum;
    else:
        newpkt = ether /header6 / pkt['IP'].payload;
    return newpkt;
    
if __name__ == "__main__":
    if (len(sys.argv) != 2):
        print "./pcap4to6.py <ipv4_pcap_file>";
        sys.exit(0);
    pkts = rdpcap (sys.argv[1]);
    newpkts = [];
    for pkt in pkts:
        newpkts.append (convert4to6 (pkt));
    wrpcap ("out.pcap", newpkts);
예제 #50
0
 def load(pcap_file_paths=[]):
     return list(chain(*[rdpcap(_file) for _file in pcap_file_paths]))
예제 #51
0
def to_hosts(pcap_file):
    addrs = dict()  # ip : mac, hostname, relations

    requested_local_hosts = dict()  # requested_addr : (mac, hostname)
    local_hosts = dict()  # IP: [mac, hostname]
    dns_servers = set()
    macs_count = dict()  # mac : count
    router_mac = ''

    print("Reading pcap...")
    pkts = rdpcap(pcap_file)
    print("Examining {} packets...".format(len(pkts)))

    # time duration of pcap
    s1 = datetime.utcfromtimestamp(pkts[0].time)
    s2 = datetime.utcfromtimestamp(pkts[len(pkts)-1].time)
    dur = round((s2 - s1).total_seconds()/60, 2)
    print("Packet Duration: {} minutes".format(dur))

    ip_re = re.compile("^\d{1,3}(\.\d{1,3}){3}$")
    for i, pkt in enumerate(pkts):
        try:
            if (pkt.getlayer('IP') and pkt.getlayer('DHCP options') and
                    pkt.getlayer('BOOTP') and pkt[BOOTP].op == 1):
                # DHCP REQUEST
                mac = check_mac(pkt.src)
                hostname = ''
                ip = ''

                for t in pkt[DHCP].options:
                    if t[0] == 'hostname':
                        hostname = t[1].decode('utf-8', 'ignore')
                    elif t[0] == 'requested_addr':
                        ip = t[1]

                requested_local_hosts[ip] = [mac, hostname]

            elif (pkt.getlayer('IP') and pkt.getlayer('DHCP options') and
                    pkt.getlayer('BOOTP') and pkt[BOOTP].op == 2):
                # DHCP ACK
                ip = pkt[BOOTP].yiaddr
                hostname = ''
                mac = ''

                for t in pkt[DHCP].options:
                    if t[0] == 'name_server':
                        dns_servers.add(t[1])

                if requested_local_hosts.get(ip):
                    req = requested_local_hosts[ip]
                    mac = req[0]
                    hostname = req[1]
                    local_hosts[ip] = [mac, hostname]

                relations = set()
                if addrs.get(ip):
                    relations = addrs[ip][2]

                addrs[ip] = [mac, hostname, relations]

            elif (pkt.getlayer('DNS') and pkt[DNS].an):
                # Local DNS Resolution
                router_mac = pkt.src
                """
                rdata is IP address of remote server (REGEX to verify)
                rrname is the hostname of the remote server
                ip.dst is the IP requesting to resolve the server
                """

                ip = str(pkt[DNS].an.lastlayer().rdata)
                if ip_re.match(ip):  # check if IP resolved
                    hostname = pkt[DNS].an.lastlayer().rrname.decode('utf-8', 'ignore')[:-1]
                    mac = ''
                    relations = set()
                    if addrs.get(ip):
                        mac = addrs[ip][0]
                        relations = addrs[ip][2]

                    if mac == '':
                        mac = check_mac(pkt.dst)

                    relations.add(pkt.getlayer('IP').dst)
                    addrs[ip] = [mac, hostname, relations]
            elif (pkt.getlayer('DNS') and pkt[DNS].qd and
                    pkt[DNS].qd.getlayer('DNS Question Record') and
                    pkt[DNS].rcode == 0):
                dns_servers.add(pkt.getlayer('IP').dst)
            elif pkt.getlayer('IP'):
                # Add connections
                srcip = pkt[IP].src
                dstip = pkt[IP].dst

                # for source
                src_mac = ''
                hostname = srcip
                relations = set()

                if addrs.get(srcip):
                    src_mac = addrs[srcip][0]
                    hostname = addrs[srcip][1]
                    relations = addrs[srcip][2]

                relations.add(dstip)

                if src_mac == '':
                    src_mac = check_mac(pkt.dst)

                # for destination
                dst_mac = ''
                dsthostname = dstip
                dstrelations = set()

                if addrs.get(dstip):
                    dst_mac = addrs[dstip][0]
                    dsthostname = addrs[dstip][1]
                    dstrelations = addrs[dstip][2]

                dstrelations.add(srcip)

                addrs[srcip] = [src_mac, hostname, relations]
                addrs[dstip] = [dst_mac, dsthostname, dstrelations]

        except TypeError as e:
            continue

    print('Router Mac Address: {}'.format(router_mac))
    hosts = dict()
    for ip, vals in addrs.items():
        mac = ''
        hostname = ''
        relations = ''
        mac, hostname, relations = vals[0], vals[1], vals[2]
        if mac != '' and mac == router_mac:
            # check if already local host
            if requested_local_hosts.get(ip) and not local_hosts.get(ip):
                req = requested_local_hosts[ip]
                mac = req[0]
                hostname = req[1]
                local_hosts[ip] = [mac, hostname]
            else:
                local_hosts[ip] = [mac, hostname]

        hosts[ip] = Host(ip, hostname, relations)

    "\n".join("  {}: {}".format(v.hostname, k) for k, v in hosts.items())

    resp = ("{} DNS Servers:\n".format(len(dns_servers)) +
            "\n".join("  {}".format(dns) for dns in dns_servers))

    resp += ("\n{} Local hosts\n".format(len(local_hosts)) +
             "\n".join("  {}: {} [{}]".format(v[1], k, v[0]) for k, v in local_hosts.items()))

    return (resp, local_hosts, dns_servers, hosts)
예제 #52
0
class Display(object):
    def __init__(self, pkts):
        self.pkts = pkts

    def show(self, seq):
        self.pkts[seq].show()

    def __getitem__(self, key):
        self.show(key)

    def walk(self, index=0):
        while index < len(self.pkts):
            self.show(index)
            try:
                input("(current packet - %s) Next packet?" % index)
            except Exception as e:
                pass
            index += 1

if __name__ == '__main__':

    from scapy.utils import rdpcap
    import sys
    import code
    packets = rdpcap(sys.argv[1])
    p = Display(packets)

    def walk(index=0):
        p.walk(index=index)

    code.interact(local=locals())
CWR = 0x80

MY_IPADDR = '10.53.191.187'
TOTAL_BYTES = 0

cmhs_servers = {
        'cmhs1':'144.160.173.30',
        'cmhs2':'144.160.173.31',
        'cmhs3':'144.160.231.24',
        'cmhs4':'144.160.231.25',
        }

PRIMARY_CMHS = '144.160.231.24'
SECONDARY_CMHS = '144.160.173.30'

pkts = rdpcap('usb0.pcap')
for pkt in pkts:
        if 'IP' in pkt:
                # if pkt is goting to or coming from one of the cmhs servers, process it
                #print pkt['IP'].src, pkt['IP'].dst
                if pkt['IP'].src in cmhs_servers.values() or pkt['IP'].dst in cmhs_servers.values():
                        # add pkt length in total bytes
                        timestamp = datetime.datetime.fromtimestamp(pkt.time).strftime('%Y-%m-%d %H:%M:%S')
                        TOTAL_BYTES += len(pkt)
                        if 'TCP' in pkt:
                                FLAGS = pkt['TCP'].flags
                                if FLAGS & SYN and pkt['IP'].src == MY_IPADDR:
                                        print timestamp,':', pkt['IP'].src, '->', pkt['IP'].dst, 'SYNC'
                                if FLAGS & FIN:
                                        print timestamp,':', pkt['IP'].src, '->', pkt['IP'].dst, 'FIN'
                                if FLAGS & RST:
예제 #54
0
#!/bin/env python

from NFTest import *
from scapy.utils import rdpcap
from reg_defines_secret_flow import *

phy2loop0 = ('../connections/conn', [])

nftest_init(sim_loop = [], hw_config = [phy2loop0])
nftest_start()

pkts = rdpcap("udp.pcap")
pkt=pkts[0]
secret_pkts = rdpcap("udp-secret.pcap")
secret_pkt=secret_pkts[0]

key = 0xdeadbeef;
nftest_regwrite(SECRET_FLOW_KEY_REG(),key);
nftest_regread_expect(SECRET_FLOW_KEY_REG(),key);


nftest_send_phy('nf2c0', pkt)
nftest_expect_phy('nf2c1', secret_pkt)
if not isHW():
   nftest_expect_phy('nf2c2', secret_pkt)
   nftest_expect_phy('nf2c3', secret_pkt)


nftest_barrier()

total_errors = 0
예제 #55
0
from scapy.all import *
from scapy.utils import rdpcap
import Ubertooth


a=rdpcap("kevo-token.pcap")

        
ubertooth = Ubertooth.Ubertooth(0)
        
print "Serial Number: %s" % ubertooth.serialnum()
print "Board ID: %s" % ubertooth.boardid()
print "Part Number: %s" % ubertooth.partnum()
print "Revision Number: %s" % ubertooth.revnum()
        
#       ubertooth.reset()


for i in a:
	ubertooth.packetbuff(str(i)[24:])
	print ubertooth.packetbuff()
예제 #56
0
def main(argv):
        inputfile = ''
        outputfile = ''
        hookfile = ''
        try:
                opts, args = getopt.getopt(argv,"hi:o:t:",["ifile=","ofile=","transformation="])
        except getopt.GetoptError:
                print sys.argv[0] + ' -i inputfile -o outputfile -t [hook script]'
                print sys.argv[0] + ' -i sample.pcap -o result.pcap -t example'
                sys.exit(2)
        for opt, arg in opts:
                if opt == '-h':
                        print 'test.py -i <inputfile> -o <outputfile>'
                        sys.exit()
                elif opt in ("-i", "--ifile"):
                        inputfile = arg
                elif opt in ("-o", "--ofile"):
                        outputfile = arg
                elif opt in ("-t", "--transformation"):
                        hookfile = arg
        
        #copy packet data to dictionary object
        pktdict={}
        pkts=rdpcap(inputfile)
        i=0
        for pkt in pkts:
            try:
                my_array = []
                if pkt.haslayer(TCP):
                    for d in str(pkt.getlayer(TCP).payload):
                        my_array.append(d)
                if pkt.haslayer(UDP):
                    for d in str(pkt.getlayer(UDP).payload):
                        my_array.append(d)

                #reverse packet for backtrace on needleman wunch
                pktdict[i] = list("".join(reversed(my_array)))
                i=i+1
            except:
                raise

        #Create distance matrix
        dictSize = len(pktdict)
        diffMatrix = zeros((packetsToSample,packetsToSample))
        
        x=0
        while x < packetsToSample:
                y=0
                print ""
                print "Packet " + str(x) + ": " + str(pktdict[x])
                while y < packetsToSample:
                        #calculate common substring length between packets
                        #similarity = lcs(pktdict[x], pktdict[y])
                        gms, similarity, distance, alignedseq1Discard, alignedseq2Discard = sequencealignment(pktdict[x], pktdict[y])
                        #distance = 1 - (similarity + 1)/2
                        print "Packet " + str(x) + " similarity to packet " + str(y) + " = " + str(similarity)
                        print "Packet " + str(x) + " distance from packet " + str(y) + " = " + str(distance)
                        
                        #assign value to symmetrically opposite cells
                        #as Smith-Waterman score follows triangle equality rule
                        diffMatrix[x][y]=distance
                        diffMatrix[y][x]=distance
                        y=y+1
                x=x+1
        
        print " "
        print "Distance Matrix:"
        print diffMatrix
        print ""
        
        #Multi-Dimensional Scaling from distances to XY points
        #
        # Source: http://scikit-learn.org/stable/auto_examples/manifold/plot_mds.html#example-manifold-plot-mds-py
        #
        seed = np.random.RandomState(seed=3)
        mds = manifold.MDS(n_components=2, max_iter=1000, eps=0.8, random_state=seed, dissimilarity="precomputed", n_jobs=1)
        pos = mds.fit(diffMatrix).embedding_
        pos = manifold.MDS(dissimilarity="precomputed").fit_transform(diffMatrix)
        pos *= np.sqrt(100000) / np.sqrt((pos ** 2).sum())
        clf = PCA(n_components=2)
        pos = clf.fit_transform(pos)
        
        #Display distance matrix
        print "Coordinates of plotted packets: "
        for p in pos:
            print p.astype(int)
        
        #Calculate number of clusters
        #
        # Source: http://scikit-learn.org/stable/auto_examples/cluster/plot_mean_shift.html
        #
        print ""
        bandwidth = estimate_bandwidth(pos, quantile=0.2, n_samples=500)
        ms = MeanShift(bandwidth=bandwidth, bin_seeding=True)
        ms.fit(pos)
        labels = ms.labels_
        cluster_centers = ms.cluster_centers_
        labels_unique = np.unique(labels)
        n_clusters_ = len(labels_unique)
        print("Estimated number of clusters (k): %d" % n_clusters_)
        
        #Plot on graph
        pl.figure(1)
        pl.clf()
        colors = cycle('bgrcmykbgrcmykbgrcmykbgrcmyk')
        for k, col in zip(range(n_clusters_), colors):
            my_members = labels == k
            cluster_center = cluster_centers[k]
            pl.plot(pos[my_members, 0], pos[my_members, 1], col + '.')
            print ""
            print "Cluster: " + str(k)
            #print str(my_members)
            
            #Create GMS for cluster using Needleman-Wunch
            #
            #This section is not part of the clustering code
            #
            clusterPackets = [];
            origionalClusterPackets = [];
            offset = 0;
            #extract packets from each cluster
            for val in my_members:
                if(str(val) == "True"):
                    clusterPackets.append(pktdict[offset]);
                offset += 1;
            origionalClusterPackets = copy.deepcopy(clusterPackets);
            
            print 'Compressing GMS .',
            #compress all GMS pairs to single GMS for the cluster
            while len(clusterPackets) > 1:
                print '.',
                gmsList1 = [];
                #calculate generic message sequence for each pair of messages
                for i in xrange(len(clusterPackets) - 1):
                    current_item, next_item = clusterPackets[i], clusterPackets[i + 1]
                    gms, totalMatch, totalDifference, alignedseq1Discard, alignedseq2Discard = sequencealignment(current_item, next_item)
                    gmsList1.append(gms)
                clusterPackets = copy.deepcopy(gmsList1)
            print ""
            gmspkt = list(reversed(clusterPackets[0]))
            #gmsbin = str("".join(gmspkt))
            
            #compress all substitution characters to a single character
            beforeGmsLen = len(gmspkt)+1
            afterGmsLen = len(gmspkt)
            while(beforeGmsLen > afterGmsLen):
                beforeGmsLen = len(gmspkt)
                for i in xrange(len(gmspkt) - 1, 0, -1):
                    if(gmspkt[i] == "-" and gmspkt[i-1] == "-"):
                        del gmspkt[i]
                afterGmsLen = len(gmspkt)
            print str(gmspkt)
            #print list(reversed(gmspkt))
            print ""
            #enumerate ngrams in variable data
            clusterTokens = [];
            for clusPkt in origionalClusterPackets:
                gmsDiscard, similarityDiscard, distanceDiscard, alignedseq1Keep, alignedseq2Keep = sequencealignment(clusPkt, list(reversed(gmspkt)))
                pktAlignedGMS1 = list(reversed(alignedseq1Keep))
                GMSAlignedData = list(reversed(alignedseq2Keep))
                tmpData = copy.deepcopy(GMSAlignedData)
                packettokens = [];
                packettoken = [];
                gmsoffset = 0
                while gmsoffset < len(GMSAlignedData):
                    if pktAlignedGMS1[gmsoffset]:
                        if(pktAlignedGMS1[gmsoffset] != "-"):
                            tmpData[gmsoffset] = "-"
                    gmsoffset+=1;
                packettokens = copy.deepcopy(tmpData)
                
                splittoken = [];
                splittokens = [];
                gmsoffset = 0
                while gmsoffset < len(packettokens):
                    if packettokens[gmsoffset]:
                        if(packettokens[gmsoffset] != "-"):
                            splittoken.append(copy.deepcopy(packettokens[gmsoffset]))
                        if(gmsoffset+1 < len(packettokens)):
                            if(packettokens[gmsoffset+1] == "-"):
                                if(len(splittoken) > 0):
                                    #TODO:
                                    # having problems with passing by reference
                                    # the beginning of the list vanishes.
                                    splittokens.append(copy.deepcopy(splittoken))
                                    del splittoken[:]
                    gmsoffset+=1
                
                clusterTokens.append(splittokens)
                
                print
                print "GMS: " + str(pktAlignedGMS1)
                print "Data: " + str(GMSAlignedData)
                print "Masked Data: " + str(tmpData)
                print "Tokens: " + str(packettokens)
                print "Split Tokens: " + str(splittokens)
                print
                
            print ""
            
            #infer token data type
            #integer, float, character, string
            fieldtype = "Blob"
            for tokens in clusterTokens:
                for token in tokens:
                    singleToken = ''.join(token)
                    newToken = str(singleToken)
                    if newToken == 'True' or newToken == 'False':
                        fieldtype = "Flag"
                    else:
                        try:
                            int(newToken)
                            fieldtype = "Number"
                        except ValueError:
                            try:
                                float(newToken)
                                fieldtype = "Number"
                            except ValueError:
                                fieldtype = "Blob"
            
            chunkOffset = 0;
            staticFieldBuff = [];
            fieldSwitch = 0;
            fieldLength = 1;
            print '<DataModel name="cluster' + str(k) + '">'
            while chunkOffset < len(gmspkt):
                
                #print conditions
                if gmspkt[chunkOffset]:
                    if(gmspkt[chunkOffset] != "-"):
                        staticFieldBuff.append(gmspkt[chunkOffset])
                    if(chunkOffset+1 < len(gmspkt)):
                        if(gmspkt[chunkOffset] != "-" and gmspkt[chunkOffset+1] == "-"):
                            #print '<Blob valueType="hex" value="' + str(staticFieldBuff).replace("[", "").replace("]", "").replace("'", "").replace("\\x", "") + '" mutable="false"/>'
                            print '<Blob valueType="hex" value="',
                            for c in staticFieldBuff:
                                print binascii.hexlify(c),
                            print '" mutable="false"/>'
                            del staticFieldBuff[:]
                           
                    if(chunkOffset == 0 and gmspkt[chunkOffset] == "-"):
                        fieldSwitch = 1
                    if(chunkOffset-1 > 0):
                        if(gmspkt[chunkOffset] == "-" and gmspkt[chunkOffset-1] != "-"):
                            fieldSwitch = 1
                    
                if(fieldSwitch == 1):
                    print '<' + str(fieldtype) + ' mutable="true"/>'
                    fieldLength=0
                    fieldSwitch = 0
                    
                chunkOffset+=1
                fieldLength+=1
                
            print '</DataModel>'
            
            
            pl.plot(cluster_center[0], cluster_center[1], 'o', markerfacecolor=col, markeredgecolor='k', markersize=8)
        pl.title('Estimated number of clusters: %d' % n_clusters_)
        pl.show()
예제 #57
0
def get_ip_address(ifname):						#Get IP Address
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    return socket.inet_ntoa(fcntl.ioctl(
        s.fileno(),
        0x8915,  # SIOCGIFADDR
        struct.pack('256s', ifname[:15])
    )[20:24])

def get_node_id(ip):							#Gets the NodeID of this node from the list of NodeIDs
	with open("Device List") as deviceList:
		for i, line in enumerate(deviceList,1):
			if ip in line:
				deviceList.close
				return i

pkts=rdpcap("FILE2.pcap")						#Seeks packets in a PCAP file. This will need to be replaced to be able to do this 'live'
ip = get_ip_address('eth0')						#Gets IP of network device executing the code
node = hex((get_node_id(ip)))[2:].zfill(2)				#Gets the NodeID
routeFile = open('Routes','w')						#Creates a file to record all the routes of packets exiting the network or ending at this node


for pkt in pkts:
	if IP in pkt:
		del pkt.chksum						#Deletes the packet's checksum. Scapy recalculates the checksum later
		#Add Marker at Source
		if pkt[IP].src == ip:					#If the packet originated at this node
			pkt = pkt/"gourd"				#Add the marker
			pkt = pkt/node					#Also add the NodeID
		#Add Node Number
		pkt = pkt/node						#If the packet is just passing through this node, add the NodeID
		#Delete Marker at Destination
예제 #58
0
def generatepacket (binfile):

    pkts=rdpcap(binfile)  # could be used like this rdpcap("filename",500) fetches first 500 pkts
    for pkt in pkts:
         sendp(pkt) #sending packet at layer 2
예제 #59
0
import datetime
FIN = 0x01
SYN = 0x02
RST = 0x04
PSH = 0x08
ACK = 0x10
URG = 0x20
ECE = 0x40
CWR = 0x80
"""
cmhs1-gr1.dlife.att.com: 144.160.173.30
cmhs2-gr1.dlife.att.com: 144.160.173.31
cmhs3-gr1.dlife.att.com: 144.160.231.24
cmhs4-gr1.dlife.att.com: 144.160.231.25
"""
pkts1=rdpcap("hbtesting_3g.pcap") 
pkts2=rdpcap("hbtesting_bb.pcap")
pkts3=rdpcap("hbtesting_3g_2nd.pcap") 
dlc="10.55.65.83"
cmhs1="144.160.173.30"
cmhs2="144.160.173.31"
cmhs3="144.160.231.24"
cmhs4="144.160.173.35"

    
servers = [cmhs1, cmhs2, cmhs3, cmhs4]
#print len(pkts)

for num, pkt in enumerate(pkts3):
    if 'DNSQR' in pkt and pkt.dport == 53:
        QRid = pkt[DNS].id