Exemplo n.º 1
0
def EthDecoder1(hdr,data):
    eth = EthDecoder().decode(data)
    sdsReq = eth.child()
    str1 = sdsReq.__str__()
    print len(str1)
    print str1
    print "1 "+str1[5:9]+" 2 "+str1[10:14]
    ver = str1[5:7]
    typ = str1[7:9]
    rlen = str1[10:14]
    tid1 = (str1[15:17], str1[17:19], str1[20:22], str1[22:24])
    tid = tuple(int('0x'+i, 16) for i in tid1)
    sid1 = str1[25:29]+str1[30:34]+str1[35:39]+ str1[40:44]+str1[65:69] #sid in hex
    sid4 = tuple(re.findall('..', sid1))
    sid2 = tuple(chr(int('0x'+i, 16)) for i in sid4) #hex->char
    sid3 = ''.join(sid2) #stringified
    
    sid = tuple(int('0x'+i, 16) for i in sid4) #hex->dec
    print ver, typ, rlen, tid, sid1, sid4, sid
    role = int(str1[70:74],16)
    print eth.get_ether_shost()

    ep = smp_ep()
    ep.serviceID = sid3
    ep.r = role
    res = directory_smp(ep)
    print res
    
    ethAddr = res[0]
    port = res[1]
    ttl = res[2]
    
    sdsResp1 = SDSResponse()
    sdsResp1.set_tid(tid)
    sdsResp1.set_sid(sid)
    sdsResp1.set_role(role)
    sdsResp1.set_ethAddress(ethAddr)
    sdsResp1.set_ttl(ttl)
    sdsResp1.set_port(port)

    ethResp = ImpactPacket.Ethernet()
    ethResp.set_ether_type(eth.get_ether_type())
    ethResp.set_ether_shost(eth.get_ether_dhost())
    ethResp.set_ether_dhost(eth.get_ether_shost())
    ethResp.contains(sdsResp1)
    s1 = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(ETH_SDS_TYPE))
    s1.bind(("eth0",0))
    s1.send(ethResp.get_packet())
Exemplo n.º 2
0
    def activateLearningMode(self):
        f = open(self.location)
        pcap = dpkt.pcap.Reader(f)
        checker = ICMP6.ICMP6.protocol
        listOfMessages = []
        for ts, buf in pcap:
            eth = EthDecoder().decode(buf)
            ethChild = eth.child()
            ethChild2 = ethChild.child()

            try:
                #print ethChild2
                if ethChild2.get_ip_protocol_number() == 58:
                    destination_MAC_address = []
                    source_MAC_address = []
                    destination_MAC_address = eth.get_ether_dhost()
                    source_MAC_address = eth.get_ether_shost()
                    source_MAC_address_final = ""
                    destination_MAC_address_final = ""
                    override_flag = False
                    router_flag = False
                    x = 0

                    for x in range(6):
                        temp_decimal = source_MAC_address[x]
                        temp_hex = hex(temp_decimal)
                        source_MAC_address_final = source_MAC_address_final + temp_hex[2:] + ":"
                        temp_decimal = destination_MAC_address[x]
                        temp_hex = hex(temp_decimal)
                        destination_MAC_address_final = destination_MAC_address_final + temp_hex[2:] + ":"

                    source_MAC_address_final = source_MAC_address_final[:-1].zfill(2)
                    destination_MAC_address_final = destination_MAC_address_final[:-1]
                    target_link_layer_address = ""

                    packetData = (ethChild2.get_originating_packet_data())
                    packetHex = []
                    for data in packetData:
                        packetHex.append(hex(data))
                    # print packetHex
                    source_link_layer_address = ""
                    target_address = ""
                    ip_source_address = ethChild.get_source_address()
                    ip_destination_address = ethChild.get_destination_address()
                    ndp_message_number = ethChild2.get_type()
                    x = 0
                    #print packetHex
                    contains_source, offset = self.check_ipv6_options(packetHex)
                    if str(ndp_message_number) == "134":  #Router Advertisement
                        if str(contains_source) == "true-source":
                            for x in range(6):
                                source_link_layer_address = source_link_layer_address + packetHex[x + offset + 1][
                                                                                        2:].zfill(2) + ":"
                            target_address = "n/a"
                            source_link_layer_address = source_link_layer_address[:-1]
                            target_link_layer_address = "n/a"
                            #print "*****************************************************************************************"
                            #print source_link_layer_address
                            #print "*****************************************************************************************"
                        else:
                            source_link_layer_address = "n/a"



                    message_details = SLAAC_Message.SLAAC_Message(ndp_message_number, source_link_layer_address,
                                                                  ip_source_address, ip_destination_address,
                                                                  source_MAC_address_final,
                                                                  destination_MAC_address_final, target_address,
                                                                  target_link_layer_address,override_flag,router_flag)


                  #  print "-----------Packet Details----------"
                  #  print "NDP Message Type %s" % message_details.get_ndp_message_number()
                  #  print "Source Link Layer Address: %s" % message_details.get_source_link_layer_address()
                  #  print "Source IPv6 Address %s " % message_details.get_ip_source_address()
                   # print "Destination IPv6 Address %s" % message_details.get_ip_destination_address()
                   # print "Source MAC Address %s" % message_details.get_source_MAC_address()
                   # print "Destination MAC Address %s" % message_details.get_destination_MAC_address()
                  #  print "Target Address %s" % message_details.get_target_address()
                   # print "Target Link Layer Address %s" % message_details.get_target_link_layer_address()
                   # print "Override Flag %s" %message_details.get_override_flag()
                 #   print "Router Flag %s" %message_details.get_router_flag()
                   # print "----------------END----------------"

                    listOfMessages.append(message_details)


            except:
                x = 1
                 #print "Packet Discarded"
                #print "fail"

        return listOfMessages
Exemplo n.º 3
0
    def sniffSlaac(self,buf):
        #f = open(self.location)
        #pcap = dpkt.pcap.Reader(f)
        #checker = ICMP6.ICMP6.protocol
        #listOfMessages = []
        #i = 1
        #for ts, buf in pcap:
            eth = EthDecoder().decode(buf)
            ethChild = eth.child()
            ethChild2 = ethChild.child()

            try:
                #print ethChild2
                if ethChild2.get_ip_protocol_number() == 58:
                    destination_MAC_address = []
                    source_MAC_address = []
                    destination_MAC_address = eth.get_ether_dhost()
                    source_MAC_address = eth.get_ether_shost()
                    source_MAC_address_final = ""
                    destination_MAC_address_final = ""
                    override_flag= False
                    router_flag = False

                    x = 0

                    for x in range(6):
                        temp_decimal = source_MAC_address[x]
                        temp_hex = hex(temp_decimal)
                        source_MAC_address_final = source_MAC_address_final + temp_hex[2:] + ":"
                        temp_decimal = destination_MAC_address[x]
                        temp_hex = hex(temp_decimal)
                        destination_MAC_address_final = destination_MAC_address_final + temp_hex[2:] + ":"

                    source_MAC_address_final = source_MAC_address_final[:-1].zfill(2)
                    destination_MAC_address_final = destination_MAC_address_final[:-1]
                    target_link_layer_address = ""

                    packetData = (ethChild2.get_originating_packet_data())
                    packetHex = []
                    for data in packetData:
                        packetHex.append(hex(data))
                    # print packetHex
                    source_link_layer_address = ""
                    target_address = ""
                    ip_source_address = ethChild.get_source_address()
                    ip_destination_address = ethChild.get_destination_address()
                    ndp_message_number = ethChild2.get_type()
                    x = 0
                    #print packetHex
                    contains_source, offset = self.check_ipv6_options(packetHex)

                    if str(ndp_message_number) == "134":  #Router Advertisement
                        if str(contains_source) == "true-source":
                            for x in range(6):
                                source_link_layer_address = source_link_layer_address + packetHex[x + offset + 1][
                                                                                        2:].zfill(2) + ":"
                            target_address = "n/a"
                            source_link_layer_address = source_link_layer_address[:-1]
                            target_link_layer_address = "n/a"
                            #print "*****************************************************************************************"
                            #print source_link_layer_address
                            #print "*****************************************************************************************"
                        else:
                            source_link_layer_address = "n/a"


                    elif str(ndp_message_number) == "135":  #Neighbor Solicitation
                        for x in range(16):
                            target_address = target_address + packetHex[x][2:].zfill(2)
                            if (x > 0):
                                if x % 2 != 0:
                                    target_address = target_address + ":"
                        target_address = target_address[:-1]
                        target_link_layer_address = "n/a"
                        if str(contains_source) == "true-source":
                            for x in range(6):
                                source_link_layer_address = source_link_layer_address + packetHex[x + offset + 1][
                                                                                        2:].zfill(2) + ":"
                            source_link_layer_address = source_link_layer_address[:-1]
                            #print "*****************************************************************************************"
                            #print source_link_layer_address
                            #print "*****************************************************************************************"
                        else:
                            source_link_layer_address = "n/a"

                    elif str(ndp_message_number) == "136":  #Neighbor Advertisement

                        #print ethChild2.get_router_flag() #sample code to get router flag of NA
                        #print ethChild2.get_override_flag()
                        #router_flag = ethChild2.get_router_flag()
                        #if router_flag == False:
                        #   print "if else of flag worked"
                        if str(contains_source) == "true-target" and hex(ethChild2.child().get_bytes()[0:1][0]) == "0xa0":
                            for x in range(6):
                                target_link_layer_address = target_link_layer_address + packetHex[1 + offset + x][
                                                                                        2:].zfill(2) + ":"
                            target_link_layer_address = target_link_layer_address[:-1]

                        else:
                            target_link_layer_address = "n/a"


                        for x in range(16):
                            target_address = target_address + packetHex[x][2:].zfill(2)
                            if (x > 0):
                                if x % 2 != 0:
                                    target_address = target_address + ":"
                        target_address = target_address[:-1]
                        override_flag = ethChild2.get_override_flag()
                        router_flag = ethChild2.get_router_flag()

                    message_details = SLAAC_Message.SLAAC_Message(ndp_message_number, source_link_layer_address,
                                                                  ip_source_address, ip_destination_address,
                                                                  source_MAC_address_final,
                                                                  destination_MAC_address_final, target_address,
                                                                  target_link_layer_address,override_flag,router_flag)

                    #detection_module.detect_rogue_advertisement(message_details)
                    #print "-----------Packet Details----------"
                    #print "NDP Message Type %s" % message_details.get_ndp_message_number()
                    #print "Source Link Layer Address: %s" % message_details.get_source_link_layer_address()
                    #print "Source IPv6 Address %s " % message_details.get_ip_source_address()
                    #print "Destination IPv6 Address %s" % message_details.get_ip_destination_address()
                    #print "Source MAC Address %s" % message_details.get_source_MAC_address()
                    #print "Destination MAC Address %s" % message_details.get_destination_MAC_address()
                    #print "Target Address %s" % message_details.get_target_address()
                    #print "Target Link Layer Address %s" % message_details.get_target_link_layer_address()
                    #print "Override Flag %s" %message_details.get_override_flag()
                    #print "Router Flag %s" %message_details.get_router_flag()
                    #print "----------------END----------------"

                    #detect_module = Detection()


                    #if message_details.get_ndp_message_number()=="134": #Last Hop Router Attack
                    #    detect_module.detect_rogue_advertisement(message_details)
                    #elif message_details.get_ndp_message_number()=="135":#Dos in DAD
                    #    detect_module.detect_dos_dad(message_details)
                    #elif message_details.get_ndp_message_number()=="136": #Neigbor Spoofing
                    #    if ethChild2.get_router_flag()=="false":
                    #        detect_module.detect_neighbor_spoofing((message_details))


                    #listOfMessages.append(message_details)


            except:
               # x = 1
                 print "Packet Discarded"
Exemplo n.º 4
0
    def activateLearningMode(self):
        f = open(self.location)
        pcap = dpkt.pcap.Reader(f)
        checker = ICMP6.ICMP6.protocol
        listOfMessages = []
        for ts, buf in pcap:
            eth = EthDecoder().decode(buf)
            ethChild = eth.child()
            ethChild2 = ethChild.child()

            try:
                #print ethChild2
                if ethChild2.get_ip_protocol_number() == 58:
                    destination_MAC_address = []
                    source_MAC_address = []
                    destination_MAC_address = eth.get_ether_dhost()
                    source_MAC_address = eth.get_ether_shost()
                    source_MAC_address_final = ""
                    destination_MAC_address_final = ""
                    override_flag = False
                    router_flag = False
                    x = 0

                    for x in range(6):
                        temp_decimal = source_MAC_address[x]
                        temp_hex = hex(temp_decimal)
                        source_MAC_address_final = source_MAC_address_final + temp_hex[
                            2:] + ":"
                        temp_decimal = destination_MAC_address[x]
                        temp_hex = hex(temp_decimal)
                        destination_MAC_address_final = destination_MAC_address_final + temp_hex[
                            2:] + ":"

                    source_MAC_address_final = source_MAC_address_final[:
                                                                        -1].zfill(
                                                                            2)
                    destination_MAC_address_final = destination_MAC_address_final[:
                                                                                  -1]
                    target_link_layer_address = ""

                    packetData = (ethChild2.get_originating_packet_data())
                    packetHex = []
                    for data in packetData:
                        packetHex.append(hex(data))
                    # print packetHex
                    source_link_layer_address = ""
                    target_address = ""
                    ip_source_address = ethChild.get_source_address()
                    ip_destination_address = ethChild.get_destination_address()
                    ndp_message_number = ethChild2.get_type()
                    x = 0
                    #print packetHex
                    contains_source, offset = self.check_ipv6_options(
                        packetHex)
                    if str(ndp_message_number) == "134":  #Router Advertisement
                        if str(contains_source) == "true-source":
                            for x in range(6):
                                source_link_layer_address = source_link_layer_address + packetHex[
                                    x + offset + 1][2:].zfill(2) + ":"
                            target_address = "n/a"
                            source_link_layer_address = source_link_layer_address[:
                                                                                  -1]
                            target_link_layer_address = "n/a"
                            #print "*****************************************************************************************"
                            #print source_link_layer_address
                            #print "*****************************************************************************************"
                        else:
                            source_link_layer_address = "n/a"

                    message_details = SLAAC_Message.SLAAC_Message(
                        ndp_message_number, source_link_layer_address,
                        ip_source_address, ip_destination_address,
                        source_MAC_address_final,
                        destination_MAC_address_final, target_address,
                        target_link_layer_address, override_flag, router_flag)

                    #  print "-----------Packet Details----------"
                    #  print "NDP Message Type %s" % message_details.get_ndp_message_number()
                    #  print "Source Link Layer Address: %s" % message_details.get_source_link_layer_address()
                    #  print "Source IPv6 Address %s " % message_details.get_ip_source_address()
                    # print "Destination IPv6 Address %s" % message_details.get_ip_destination_address()
                    # print "Source MAC Address %s" % message_details.get_source_MAC_address()
                    # print "Destination MAC Address %s" % message_details.get_destination_MAC_address()
                    #  print "Target Address %s" % message_details.get_target_address()
                    # print "Target Link Layer Address %s" % message_details.get_target_link_layer_address()
                    # print "Override Flag %s" %message_details.get_override_flag()
                    #   print "Router Flag %s" %message_details.get_router_flag()
                    # print "----------------END----------------"

                    listOfMessages.append(message_details)

            except:
                x = 1
                #print "Packet Discarded"
                #print "fail"

        return listOfMessages
Exemplo n.º 5
0
    def sniffSlaac(self, buf):
        #f = open(self.location)
        #pcap = dpkt.pcap.Reader(f)
        #checker = ICMP6.ICMP6.protocol
        #listOfMessages = []
        #i = 1
        #for ts, buf in pcap:
        eth = EthDecoder().decode(buf)
        ethChild = eth.child()
        ethChild2 = ethChild.child()

        try:
            #print ethChild2
            if ethChild2.get_ip_protocol_number() == 58:
                destination_MAC_address = []
                source_MAC_address = []
                destination_MAC_address = eth.get_ether_dhost()
                source_MAC_address = eth.get_ether_shost()
                source_MAC_address_final = ""
                destination_MAC_address_final = ""
                override_flag = False
                router_flag = False

                x = 0

                for x in range(6):
                    temp_decimal = source_MAC_address[x]
                    temp_hex = hex(temp_decimal)
                    source_MAC_address_final = source_MAC_address_final + temp_hex[
                        2:] + ":"
                    temp_decimal = destination_MAC_address[x]
                    temp_hex = hex(temp_decimal)
                    destination_MAC_address_final = destination_MAC_address_final + temp_hex[
                        2:] + ":"

                source_MAC_address_final = source_MAC_address_final[:-1].zfill(
                    2)
                destination_MAC_address_final = destination_MAC_address_final[:
                                                                              -1]
                target_link_layer_address = ""

                packetData = (ethChild2.get_originating_packet_data())
                packetHex = []
                for data in packetData:
                    packetHex.append(hex(data))
                # print packetHex
                source_link_layer_address = ""
                target_address = ""
                ip_source_address = ethChild.get_source_address()
                ip_destination_address = ethChild.get_destination_address()
                ndp_message_number = ethChild2.get_type()
                x = 0
                #print packetHex
                contains_source, offset = self.check_ipv6_options(packetHex)

                if str(ndp_message_number) == "134":  #Router Advertisement
                    if str(contains_source) == "true-source":
                        for x in range(6):
                            source_link_layer_address = source_link_layer_address + packetHex[
                                x + offset + 1][2:].zfill(2) + ":"
                        target_address = "n/a"
                        source_link_layer_address = source_link_layer_address[:
                                                                              -1]
                        target_link_layer_address = "n/a"
                        #print "*****************************************************************************************"
                        #print source_link_layer_address
                        #print "*****************************************************************************************"
                    else:
                        source_link_layer_address = "n/a"

                elif str(ndp_message_number) == "135":  #Neighbor Solicitation
                    for x in range(16):
                        target_address = target_address + packetHex[x][
                            2:].zfill(2)
                        if (x > 0):
                            if x % 2 != 0:
                                target_address = target_address + ":"
                    target_address = target_address[:-1]
                    target_link_layer_address = "n/a"
                    if str(contains_source) == "true-source":
                        for x in range(6):
                            source_link_layer_address = source_link_layer_address + packetHex[
                                x + offset + 1][2:].zfill(2) + ":"
                        source_link_layer_address = source_link_layer_address[:
                                                                              -1]
                        #print "*****************************************************************************************"
                        #print source_link_layer_address
                        #print "*****************************************************************************************"
                    else:
                        source_link_layer_address = "n/a"

                elif str(ndp_message_number) == "136":  #Neighbor Advertisement

                    #print ethChild2.get_router_flag() #sample code to get router flag of NA
                    #print ethChild2.get_override_flag()
                    #router_flag = ethChild2.get_router_flag()
                    #if router_flag == False:
                    #   print "if else of flag worked"
                    if str(contains_source) == "true-target" and hex(
                            ethChild2.child().get_bytes()[0:1][0]) == "0xa0":
                        for x in range(6):
                            target_link_layer_address = target_link_layer_address + packetHex[
                                1 + offset + x][2:].zfill(2) + ":"
                        target_link_layer_address = target_link_layer_address[:
                                                                              -1]

                    else:
                        target_link_layer_address = "n/a"

                    for x in range(16):
                        target_address = target_address + packetHex[x][
                            2:].zfill(2)
                        if (x > 0):
                            if x % 2 != 0:
                                target_address = target_address + ":"
                    target_address = target_address[:-1]
                    override_flag = ethChild2.get_override_flag()
                    router_flag = ethChild2.get_router_flag()

                message_details = SLAAC_Message.SLAAC_Message(
                    ndp_message_number, source_link_layer_address,
                    ip_source_address, ip_destination_address,
                    source_MAC_address_final, destination_MAC_address_final,
                    target_address, target_link_layer_address, override_flag,
                    router_flag)

                #detection_module.detect_rogue_advertisement(message_details)
                #print "-----------Packet Details----------"
                #print "NDP Message Type %s" % message_details.get_ndp_message_number()
                #print "Source Link Layer Address: %s" % message_details.get_source_link_layer_address()
                #print "Source IPv6 Address %s " % message_details.get_ip_source_address()
                #print "Destination IPv6 Address %s" % message_details.get_ip_destination_address()
                #print "Source MAC Address %s" % message_details.get_source_MAC_address()
                #print "Destination MAC Address %s" % message_details.get_destination_MAC_address()
                #print "Target Address %s" % message_details.get_target_address()
                #print "Target Link Layer Address %s" % message_details.get_target_link_layer_address()
                #print "Override Flag %s" %message_details.get_override_flag()
                #print "Router Flag %s" %message_details.get_router_flag()
                #print "----------------END----------------"

                #detect_module = Detection()

                #if message_details.get_ndp_message_number()=="134": #Last Hop Router Attack
                #    detect_module.detect_rogue_advertisement(message_details)
                #elif message_details.get_ndp_message_number()=="135":#Dos in DAD
                #    detect_module.detect_dos_dad(message_details)
                #elif message_details.get_ndp_message_number()=="136": #Neigbor Spoofing
                #    if ethChild2.get_router_flag()=="false":
                #        detect_module.detect_neighbor_spoofing((message_details))

                #listOfMessages.append(message_details)

        except:
            # x = 1
            print "Packet Discarded"