def __init__(self, rules):
self.__rules = rules
self._attack_pcap = open_offline(AttackPacket)
self._normal_pcap = open_offline(NormalPacket)
self.right_detected, self.wrong_detected = self.__check_detected_packet(
)
self.__score = self.right_detected - self.wrong_detected
def testPacketDumper(self):
"""
#6 test that the dumper writes correct payload
"""
try:
r = pcapy.open_offline(TestPcapy._96PINGS)
dumper = r.dump_open('tmp.pcap')
hdr, body = r.next()
i = 0
while hdr is not None:
dumper.dump(hdr, body)
i += 1
hdr, body = r.next()
# make sure file closes
del dumper
# check that the dumper wrote a legal pcap
# file with same packer data
r = pcapy.open_offline(TestPcapy._96PINGS)
r2 = pcapy.open_offline('tmp.pcap')
h1, b1 = r.next()
h2, b2 = r2.next()
while h1 is not None and h2 is not None:
self.assertEqual(b1, b2)
h1, b1 = r.next()
h2, b2 = r2.next()
self.assertTrue(h1 is None)
self.assertTrue(h2 is None)
del r2
finally:
os.unlink('tmp.pcap')
def read_pcap(data_date, flabels, labels):
dataset_dir = "/home/baskoro/Documents/Dataset/ISCX12/without retransmission/"
if data_date != "11jun":
filename = data_date[data_date.index("Testbed"):len(data_date) - 4]
date_to_filename = {
'TestbedSatJun12Flows': '12jun',
'TestbedSunJun13Flows': '13jun',
'TestbedMonJun14Flows': '14jun',
'TestbedTueJun15-1Flows': '15jun',
'TestbedTueJun15-2Flows': '15jun',
'TestbedTueJun15-3Flows': '15jun',
'TestbedWedJun16-1Flows': '16jun',
'TestbedWedJun16-2Flows': '16jun',
'TestbedWedJun16-3Flows': '16jun',
'TestbedThuJun17-1Flows': '17jun',
'TestbedThuJun17-2Flows': '17jun',
'TestbedThuJun17-3Flows': '17jun',
}
cap = pcapy.open_offline(dataset_dir + "testbed-" +
date_to_filename[filename] + ".pcap")
else:
cap = pcapy.open_offline(dataset_dir + "testbed-11jun.pcap")
while (1):
(header, packet) = cap.next()
if not header:
break
parse_packet(flabels, labels, header, packet)
def testPacketDumper(self):
"""
#6 test that the dumper writes correct payload
"""
try:
r = pcapy.open_offline(TestPcapy._96PINGS)
dumper = r.dump_open('tmp.pcap')
hdr, body = r.next()
i = 0
while hdr is not None:
dumper.dump(hdr, body)
i += 1
hdr, body = r.next()
# make sure file closes
del dumper
# check that the dumper wrote a legal pcap
# file with same packer data
r = pcapy.open_offline(TestPcapy._96PINGS)
r2 = pcapy.open_offline('tmp.pcap')
h1, b1 = r.next()
h2, b2 = r2.next()
while h1 is not None and h2 is not None:
self.assertEqual(b1, b2)
h1, b1 = r.next()
h2, b2 = r2.next()
self.assertTrue(h1 is None)
self.assertTrue(h2 is None)
del r2
finally:
os.unlink('tmp.pcap')
def AltDataSendt(path):
File_list = []
PcapFiles = []
Overheadsum = 0
Samlet = 0
#Vi finder alle Pcap filer i den folderen vi er i
substring = '.pcap'
for Allfiles in os.popen('ls %s' % path):
if substring in Allfiles:
PcapFiles.append(Allfiles)
#Vi kan nu finde alt data sendt som er i pcap filen.
for pcap in PcapFiles:
#We read one pcap file at a time.
fil = path + "/" + pcap.rstrip()
reader = pcapy.open_offline("%s" % fil)
#Vi finder hvor mange frames der er i den givne pcap filen
Lenght = os.popen('tshark -r %s | wc -l' % fil).read()
PcapLenght = int(Lenght)
#Vi koerer igennem alle frames/pakker og finder deres laengder i bytes
for x in range(0, PcapLenght):
(header, payload) = reader.next()
# Summer alle frames laengder
Overheadsum = Overheadsum + header.getlen()
Samlet = Samlet + Overheadsum
#print(Samlet)
return (Overheadsum)
def create_streams(pcap, f):
p = open_offline(pcap)
global folder
folder = f
p.setfilter(r'ip proto \tcp or \udp')
Decoder(p, folder).start()
return files
def usage():
print sys.argv[0] + """
-i <dev>
-r <input_file>
-w <output_file>"""
sys.exit(1)
# Parse parameter
try:
cmd_opts = "i:r:w:"
opts, args = getopt.getopt(sys.argv[1:], cmd_opts)
except getopt.GetoptError:
usage()
for opt in opts:
if opt[0] == "-w":
dump_file = opt[1]
elif opt[0] == "-i":
dev = opt[1]
elif opt[0] == "-r":
input_file = opt[1]
else:
usage()
# Start sniffing and write packet to a pcap dump file
if input_file == None:
pcap = pcapy.open_live(dev, 1500, 0, 100)
dumper = pcap.dump_open(dump_file)
pcap.loop(0, write_packet)
# Read a pcap dump file and print it
else:
pcap = pcapy.open_offline(input_file)
pcap.loop(0, read_packet)
def main():
out = os.fdopen(1, "wb") if write_file == "-" else open(write_file, "wb")
pcap_header_out(out, link_type)
r = pcapy.open_offline(read_file)
while True:
try:
hdr, payload = r.next()
except pcapy.PcapError:
break
if hdr == None:
break
secs, usecs = hdr.getts()
tlv = read_tlv(payload)
if evaluate(query, tlv).value():
data = slice_data(slicer, tlv)
try:
out.write(pcap_packet_header(secs, usecs, len(data)))
out.write(data)
out.flush()
except(IOError, e):
if e.errno == errno.EPIPE:
return
raise
def __init__(self, filename, cap_filter=r'ip proto \tcp'):
self.filename = filename
self.__cap_filter = cap_filter
self.__pcapObj = pcapy.open_offline(self.filename)
self.datalink = self.__pcapObj.datalink()
if use_progressbar:
self.filesize = os.stat(self.filename)[stat.ST_SIZE]
self.read_len = 0
if pcapy.DLT_EN10MB == self.datalink:
#self.decoder = EthDecoder()
self.decoder_str = "EthDecoder"
elif pcapy.DLT_LINUX_SLL == self.datalink:
#self.decoder = LinuxSLLDecoder()
self.decoder_str = "LinuxSLLDecoder"
else:
raise Exception("Datalink type not supported: " % self.datalink)
if self.__cap_filter:
self.__pcapObj.setfilter(self.__cap_filter)
print "Reading from %s: linktype=%s" % (filename, self.decoder_str)
if use_progressbar:
filetransfer = progressbar.FileTransferSpeed()
filetransfer.units = ['B','KB','MB','GB','TB','PB']
# widgets = ['Reading DUMP ', progressbar.FileTransferSpeed(),' <<<', progressbar.Bar(), '>>> ', progressbar.Percentage(),' ', progressbar.ETA()]
widgets = ['Reading DUMP ', filetransfer,' <<<', progressbar.Bar(), '>>> ', progressbar.Percentage(),' ', progressbar.ETA()]
self.pbar = progressbar.ProgressBar(widgets=widgets, maxval=self.filesize).start()
def scan(filename):
global decoder
p = pcapy.open_offline(filename)
p.setfilter(r"ip proto \tcp")
assert p.datalink() == pcapy.DLT_EN10MB
decoder = impacket.ImpactDecoder.EthDecoder()
p.loop(0, handler)
def pcap_to_object(pcap_file, obj_file):
"""Create a Python serialized graph object.
Read the pcap file given in parameter, extracts source and destination IP
and write a serialized graph object.
"""
reader = pcapy.open_offline(pcap_file)
print reader.datalink()
print pcapy.DLT_LINUX_SLL
eth_decoder = Decoders.EthDecoder()
sll_decoder = Decoders.LinuxSLLDecoder()
ip_decoder = Decoders.IPDecoder()
dic_ip = ip_dict()
tts_min = 1000
tts_max = 2000
if options.verbose:
print "Reading pcap file..."
while True:
try:
(header, payload) = reader.next()
if True: #tts_min <= header.getts()[0] <= tts_max:
#ethernet = eth_decoder.decode(payload)
sll = sll_decoder.decode(payload)
if sll.get_ether_type() == Packets.IP.ethertype:
#ip = ip_decoder.decode(payload[ethernet.get_header_size():])
ip_src = sll.child().get_ip_src()
ip_dst = sll.child().get_ip_dst()
dic_ip[ip_src][ip_dst] += 1
except Packets.ImpactPacketException, e:
print e
except:
def main(filename):
# Open file
p = open_offline(filename)
# At the moment the callback only accepts TCP/IP packets.
p.setfilter(r'ip proto \tcp')
print "Reading from %s: linktype=%d" % (filename, p.datalink())
# Start decoding process.
m_decoder = Decoder(p, filename)
m_decoder.start()
streams = []
for stream in m_decoder.connections.values():
streams.append(dStream(stream))
if flag_csv:
csv_filename = os.path.abspath(m_decoder.dir) + '.csv'
csv_out = open(csv_filename, 'w')
first_line = ('stream_num,' +
','.join(dPacket.attr_names_as_list()) + "\n")
csv_out.write(first_line)
count_streams = 0
for stream in streams:
for packet in stream.packets:
line = str(count_streams) + ',' + packet.csv_line() + "\n"
csv_out.write(line)
count_streams += 1
csv_out.close()
return streams, m_decoder.packet_list,
def __init__(self, dups, infile, outfile):
self.dups = open(dups)
self.infile = open_offline(infile)
self.outfile = self.infile.dump_open(outfile)
self.deleted = self.infile.dump_open(outfile + '_deleted.cap')
self._next = 0
self._pos = 0
def __init__(self, infile, outfile, pkts):
self.infile = open_offline(infile)
self.outfile = self.infile.dump_open(outfile)
self.pkts = self._parse(pkts)
self._next = 0
self._pos = 0
self._stop = len(self.pkts)
def parse_file(filename):
f = pcapy.open_offline(filename)
count = 0
stage = 0
len_to_read = 0
while 1:
(hdr, data) = f.next()
if not hdr:
break
urb_type = ord(data[8])
ep = ord(data[10])
if ep == 0x81 and urb_type == 0x43:
d = 'RX'
elif ep == 0x02 and urb_type == 0x53:
d = 'TX'
print('')
else:
continue
payload = data[0x40:]
if len_to_read > 0: # data...
print('>>> %s' % payload.encode('hex'))
len_to_read -= len(payload)
else:
if len(payload) < 12:
continue
print('current data: %s' % payload.encode('hex'))
print('[%s] %s' % (d, parse_mtp(payload)))
len_to_read = get_total_len(payload) - len(payload)
count += 1
print 'count: %s' % (count)
def __open_pcap_file__(self):
"""
This method opens the pcap network capture file and sets the BPF filter.
"""
self.__pd__ = pcapy.open_offline(self.__pcap_filename__)
if self.__filter__:
self.__pd__.setfilter(self.__filter__)
def scan(filename):
global decoder
p = pcapy.open_offline(filename)
p.setfilter(r"ip proto \tcp")
assert p.datalink() == pcapy.DLT_EN10MB
decoder = impacket.ImpactDecoder.EthDecoder()
p.loop(0, handler)
def create_streams(pcap, f):
p = open_offline(pcap)
global folder
folder = f
p.setfilter(r'ip proto \tcp or \udp')
Decoder(p, folder).start()
return files
def main1(filename, _):
p = open_offline(filename)
# Restrict to tcp packets with only syn and ack set.
p.setfilter(r'tcp[tcpflags] == (tcp-syn | tcp-ack)')
d = Part1Decoder(p)
d.start()
d.report()
def start_capture(capfile, infilter, dev):
"""
With all information in hand, start capturing packets
Args:
capfile: in case user provides a pcap file
infilter: any tcpdump filters
dev: network device to sniffer
Returns:
cap object
position number
"""
position = 0
try:
if len(capfile) > 0:
capfile, position = check_file_position(capfile)
print "Using file %s " % capfile
cap = pcapy.open_offline(capfile)
else:
print "Sniffing device %s" % dev
cap = pcapy.open_live(dev, 65536, 1, 0)
except Exception as exception:
print "Error: %s" % exception
print "Exiting..."
sys.exit(3)
if len(infilter) is 0:
infilter = " port 6633 "
cap.setfilter(infilter)
return cap, position
def create_test_sock(pcap_filename):
rospy.sleep(0.1)
import pcapy
from StringIO import StringIO
from impacket import ImpactDecoder
body_list = []
cap = pcapy.open_offline(pcap_filename)
decoder = ImpactDecoder.EthDecoder()
while True:
header, payload = cap.next()
if not header: break
udp = decoder.decode(payload).child().child()
body_list.append(udp.child().get_packet())
data_io = StringIO(''.join(body_list))
class MockSocket(object):
def recv(self, byte_count):
rospy.sleep(0.0001)
data = data_io.read(byte_count)
if data == "":
rospy.signal_shutdown("Test completed.")
return data
def settimeout(self, timeout):
pass
return MockSocket()
def read_interface(self):
"""Read Packets from the packet capture interface"""
# Spin up the packet capture
if self._iface_is_file():
self.pcap = pcapy.open_offline(self.iface_name)
else:
try:
# self.pcap = pcap.pcap(name=self.iface_name, promisc=True, immediate=True)
# snaplen (maximum number of bytes to capture _per_packet_)
# promiscious mode (1 for true)
# timeout (in milliseconds)
self.pcap = pcapy.open_live(self.iface_name, 65536, 1, 0)
except OSError:
try:
logger.warning(
'Could not get promisc mode, turning flag off')
self.pcap = pcapy.open_live(self.iface_name, 65536, 0, 0)
except OSError:
log_utils.panic(
'Could no open interface with any options (may need to be sudo)'
)
# Add the BPF if it's specified
if self.bpf:
self.pcap.setfilter(self.bpf)
print('listening on %s: %s' % (self.iface_name, self.bpf))
# For each packet in the pcap process the contents
_packets = 0
while True:
# Grab the next header and packet buffer
header, raw_buf = self.pcap.next()
# If we don't get a packet header break out of the loop
if not header:
break
# Extract the timestamp from the header and yield the packet
seconds, micro_sec = header.getts()
timestamp = seconds + micro_sec * 10**-6
yield {
'timestamp': timestamp,
'raw_buf': raw_buf,
'packet_num': _packets
}
_packets += 1
# Is there a max packets set if so break on it
if self.max_packets and _packets >= self.max_packets:
break
# All done so report and raise a StopIteration
try:
print(
'Packet stats: %d received, %d dropped, %d dropped by interface'
% self.pcap.stats())
except pcapy.PcapError:
print('No stats available...')
raise StopIteration
def main():
# Vi finder alle Pcap filer i den folder vi er i
for file in os.listdir("pcaps/"):
if file.endswith(".pcap"):
File_list.append(os.path.abspath(os.path.join("pcaps/", file)))
overhead_sum = 0
# Vi kan nu finde alt data sendt som set i pcap filen
for file in File_list:
# Vi laeser fra vores oenskede pcap fil
reader = pcapy.open_offline(file)
# Vi finder hvor mange frames der er i pcap filen
Lenght = os.popen('tshark -r {} | wc -l'.format(file)).read()
test = Lenght[0] + Lenght[1] + Lenght[2]
PcapLenght = int(test)
# print(PcapLenght)
try:
# Vi koerer igennem alle pakker/frames og finder deres laengder
for x in range(0, PcapLenght - 1):
(header, payload) = reader.next()
# print(header.getlen());
# Summer alle frames laengder
if header is not None:
overhead_sum = overhead_sum + header.getlen()
except pcapy.PcapError:
# print("FEJL")
print(overhead_sum)
break
print(overhead_sum)
def main(argv):
if len(argv) != 3:
print("Usage: " + argv[0] + " [pcap file] [ctf folder]")
sys.exit(1)
pcap_filename = argv[1]
ctf_path = argv[2]
if not os.path.exists(pcap_filename):
print("Source file does not exist.")
sys.exit(1)
if os.path.exists(ctf_path):
print("Output folder exists, aborting.");
sys.exit(1)
# open source
reader = pcapy.open_offline(pcap_filename)
# create trace folder
os.mkdir(ctf_path)
# print metadata
print_metadata(ctf_path + "/metadata")
# open stream file
pp = PacketProcessor(ctf_path + "/stream")
# process packets
reader.loop(-1, pp.process_packet)
def read_dataset(filename, port, model):
# dataset_dir = "/home/baskoro/Documents/Dataset/ISCX12/without retransmission/"
dataset_dir = "/home/baskoro/Documents/Dataset/Irene/"
cap = pcapy.open_offline(dataset_dir + filename)
anomaly_scores = []
detection_decisions = []
fresult = open("results/result-lstm-{}.csv".format(port), "w")
#for i in range(2000):
while (True):
(header, packet) = cap.next()
if not header:
break
ascii_payload = parse_packet(header, packet, port, fresult)
if ascii_payload is not None:
length = len(ascii_payload)
anomaly_score = detect(model, ascii_payload) / float(length)
if anomaly_score > threshold:
fresult.write("{},1\n".format(anomaly_score))
#detection_decisions.append(1)
else:
fresult.write("{},0\n".format(anomaly_score))
#detection_decisions.append(0)
anomaly_scores.append(anomaly_score)
print anomaly_score
#print packets
#print detection_decisions
mean = numpy.mean(anomaly_scores)
stdev = numpy.std(anomaly_scores)
print mean, stdev
#numpy.savetxt("results/result-lstm-{}.csv".format(port), packets, delimiter=",")
fresult.close()
def analyze(capture_path):
feature_vector = [0, 0]
try:
cap = pcapy.open_offline(capture_path)
(header, payload) = cap.next()
while header:
# Filter out noise packets
if isNoise(header, payload):
(header, payload) = cap.next()
continue
# Number of TLS headers on uplink/downlink
tls = carveTLSHeaders(payload)
if tls[1]:
feature_vector[0] += tls[0]
else:
feature_vector[1] += tls[0]
(header, payload) = cap.next()
except pcapy.PcapError:
pass # Expected when reaching the end of the capture file
except:
print "Unexpected error", sys.exc_info()[0]
raise
return feature_vector
def process_file(self, filename):
"""Load a pcap file and process the packets contained in it."""
p = pcapy.open_offline(filename)
p.setfilter(r"ip proto \tcp")
assert p.datalink() == pcapy.DLT_EN10MB
p.loop(0, self.packet_handler)
def main(argv):
'''
This is the main function
'''
print_options, infilter, sanitizer, dev, capfile = ofp_cli.get_params(argv)
try:
if len(capfile) > 0:
print "Using file %s " % capfile
cap = pcapy.open_offline(capfile)
else:
print "Sniffing device %s" % dev
cap = pcapy.open_live(dev, 65536, 1, 0)
main_filter = " port 6633 "
cap.setfilter(main_filter + infilter)
# start sniffing packets
while (1):
(header, packet) = cap.next()
parse_packet(packet, datetime.datetime.now(), header.getlen(),
header.getcaplen(), print_options, sanitizer)
except KeyboardInterrupt:
print ofp_fsfw_v10.close()
print 'Exiting...'
sys.exit(0)
except Exception as exception:
print exception
return
def payl_detect(mode):
# load models
models = {}
for path in os.listdir(PaylModel.DIRNAME):
if path.find(".payl") == (len(path) - 5):
if os.path.isfile(PaylModel.DIRNAME + "/" + path):
path = path.split(".")[0]
port = path.split("-")[0]
length = path.split("-")[1]
models[path] = PaylModel(port, length)
models[path].load()
tmp = mode.split('/')
fresult_name = tmp[len(tmp)-1]
fresult = open('result-{}.csv'.format(fresult_name), 'w')
cap = pcapy.open_offline(mode)
while(1):
(header, packet) = cap.next()
if not header:
break
detect(models, header, packet, fresult)
# break
print "anomalies found : " + str(anomalies) + "/" + str(packet_counter)
fresult.close()
def main(argv):
arpres = []
choice = int(input("请输入 :\n1 离线工作模式\n2 在线工作模式\n"))
if choice == 1:
pcapfile = input("请输入pcap文件名:\n")
cap = pcapy.open_offline(pcapfile)
if choice == 2:
devices = pcapy.findalldevs()
print("可用网卡:")
for d in devices:
print(d)
dev = input("请输入要监听的网卡:\n")
print("正在监听网卡 " + dev)
cap = pcapy.open_live(dev, 65536, 1, 100)
myfilter = input('请输入过滤表达式:\n')
cap.setfilter(myfilter)
t1 = threading.Thread(target=loop,
args=(
cap,
arpres,
),
name='LoopThread1')
#t2=threading.Thread(target=loop,args=(cap,),name='LoopThread2')
t1.start()
#t2.start()
t1.join()
def create_test_sock(pcap_filename):
rospy.sleep(0.1)
import pcapy
from StringIO import StringIO
from impacket import ImpactDecoder
body_list = []
cap = pcapy.open_offline(pcap_filename)
decoder = ImpactDecoder.EthDecoder()
while True:
header, payload = cap.next()
if not header: break
udp = decoder.decode(payload).child().child()
body_list.append(udp.child().get_packet())
data_io = StringIO(''.join(body_list))
class MockSocket(object):
def recv(self, byte_count):
rospy.sleep(0.0001)
data = data_io.read(byte_count)
if data == "":
rospy.signal_shutdown("Test completed.")
return data
def settimeout(self, timeout):
pass
return MockSocket()
def parse_all_ip_port(packet_files):
all_src_ip = set()
all_dst_ip = set()
all_src_port = set()
all_dst_port = set()
if is_iterable(packet_files) is False:
packet_files = [packet_files]
for packet_file in packet_files:
pcap_handler = open_offline(packet_file)
while True:
pkt_hdr, pkt_data = pcap_handler.next()
if pkt_hdr is None:
break
p = PacketParser(pkt_data)
# What can i do..?
with ignore(AttributeError):
all_src_ip.add(p.src_ip)
with ignore(AttributeError):
all_dst_ip.add(p.dst_ip)
with ignore(AttributeError):
all_src_port.add(p.src_port)
with ignore(AttributeError):
all_dst_port.add(p.dst_port)
return all_src_ip, all_dst_ip, all_src_port, all_dst_port
def main(argv):
'''
Description : Main function to read packet from the dumped file
input_param : argv - command line arguement list
input_type : list
'''
settings.packet_reader = pcapy.open_offline(settings.dump_file)
settings.packet_reader.setnonblock(True)
#filters = ' '.join(argv[1:] ) if len(argv) > 1 else ''
filters = ''
try:
settings.packet_reader.setfilter(filters)
except pcapy.PcapError:
logger.error("Syntax error in options : {0}".format(filters))
logger.info("For Options syntax, Please refer the link http://biot.com/capstats/bpf.html")
sys.exit(-1)
# start sniffing packets
while True :
packets_read = settings.packet_reader.dispatch(1, parse_packet)
if not packets_read:
with open(settings.stats_file, "w") as stats_file:
stats_file.write(str(packet_stats))
break
def parse_file(filename):
f = pcapy.open_offline(filename)
count = 0
stage = 0
len_to_read = 0
while 1:
(hdr, data) = f.next()
if not hdr:
break
urb_type = ord(data[8])
ep = ord(data[10])
if ep == 0x81 and urb_type == 0x43:
d = 'RX'
elif ep == 0x02 and urb_type == 0x53:
d = 'TX'
print('')
else:
continue
payload = data[0x40:]
if len_to_read > 0: # data...
print('>>> %s' % payload.encode('hex'))
len_to_read -= len(payload)
else:
if len(payload) < 12:
continue
print('current data: %s' % payload.encode('hex'))
print('[%s] %s' % (d, parse_mtp(payload)))
len_to_read = get_total_len(payload) - len(payload)
count += 1
print 'count: %s' % (count)
def start_capture(capfile, infilter, dev):
"""
With all information in hand, start capturing packets
Args:
capfile: in case user provides a pcap file
infilter: any tcpdump filters
dev: network device to sniffer
Returns:
cap object
position number
"""
position = 0
try:
if len(capfile) > 0:
capfile, position = check_file_position(capfile)
print("Using file %s " % capfile)
cap = pcapy.open_offline(capfile)
else:
print("Sniffing device %s" % dev)
cap = pcapy.open_live(dev, 65536, 1, 0)
except Exception as exception:
print("Error: %s" % exception)
print("Exiting...")
sys.exit(3)
if len(infilter) is 0:
# Super specific filter to overcome the python-pcapy performance issue
# reported on https://github.com/CoreSecurity/pcapy/issues/12
# infilter = "tcp and port 6633 and (tcp[13] & 8!=0 or (tcp[13] & 1!=0 and tcp[13] & 16!=0))"
infilter = "port 6633 or port 6634 or port 6653"
cap.setfilter(infilter)
return cap, position
def read_dataset(filename, seq_length, port):
# dataset_dir = "/home/baskoro/Documents/Dataset/ISCX12/without retransmission/"
dataset_dir = "/home/baskoro/Documents/Dataset/Irene/"
print(dataset_dir + filename)
cap = pcapy.open_offline(dataset_dir + filename)
#for i in range(5000):
while(True):
(header, packet) = cap.next()
if not header:
break
payload = parse_packet(header, packet, port, seq_length)
if payload is None:
continue
for i in range(0, len(payload) - seq_length, 1):
seq_in = payload[i:i + seq_length]
seq_out = payload[i + seq_length]
dataX.append(seq_in)
dataY.append(seq_out)
n_pattern = len(dataX)
print n_pattern
counter[port] += n_pattern
del dataX[:]
del dataY[:]
def reader(filename):
reader = pcapy.open_offline(filename)
while True:
try:
yield array('B', reader.next()[1])
except (StopIteration, pcapy.PcapError):
raise StopIteration
def OpenFile(
): #this fn restarts all global vars and clears all containers (trees and txt) to startover with the pcap file
global data, cap, times, word, Row, sniffing, packets, captureFromFile
filename = QtGui.QFileDialog.getOpenFileName(ui_main.centralwidget,
"Save file", "",
"pcap (*.pcap)")
if filename != "":
msg = "This pcap file is going to overwrite the current captured data...continue without saving?"
reply = QtGui.QMessageBox.question(ui_main.centralwidget, 'overwrite',
msg, QtGui.QMessageBox.Yes,
QtGui.QMessageBox.No)
if reply == QtGui.QMessageBox.No:
None
else:
data = ""
cap = ""
times = ""
word = "" #filter word
Row = 0
sniffing = True
packets = []
captureFromFile = True
cap = pcapy.open_offline(str(filename))
ui_main.PacketTable.clear()
ui_main.PacketTree.clear()
ui_main.plainTextEdit.clear()
get_thread.start()
def openPcap(pcapFile):
global pReader
try:
pReader = pcapy.open_offline(pcapFile)
except:
print("Error reading " + pcapFile)
exit()
def __init__(self, pcapfile, bpf=None):
self._cachers = []
self._pcapfile_name = pcapfile
self._pc = pcapy.open_offline(pcapfile)
self._bpf = bpf
if bpf is not None:
self._pc.setfilter(bpf)
def view(device, count, filename):
global c
c = 0
if device != None and count == -1:
usage()
sys.exit()
if device != None and filename != None:
usage()
sys.exit()
if device != None and filename == None:
cap = pcapy.open_live(device, 2048, 1, 0)
print 'viewer: listening on ' + device
if filename != None and device == None:
cap = pcapy.open_offline(filename)
print 'viewer: reading ' + filename
if count == -1 and filename != None:
while True:
(header, packet) = cap.next()
parse_packet(packet)
if count != -1 and (filename != None or device != None):
while c < count:
(header, packet) = cap.next()
parse_packet(packet)
def main(filename):
# Open file
p = open_offline(filename)
# At the moment the callback only accepts TCP/IP packets.
p.setfilter(r'ip proto \tcp or \udp')
print "Reading from %s: linktype=%d" % (filename, p.datalink())
# Start decoding process.
Decoder(p).start()
def parse(fn):
"""Process a pcap file and return a dictionary of
(answer, query, type) -> {first, last, ttl}"""
s = Statmaker()
pcap = pcapy.open_offline(fn)
pcap.loop(0, s)
return s
def __init__(self, in_file, outputs):
self.p = pcapy.open_offline(in_file)
self.o = list()
for name, f in outputs:
p = pcapy.compile(pcapy.DLT_EN10MB, 4096, f, 0, 1)
o = self.p.dump_open(name)
self.o.append((p, o))
def testPacketHeaderRefCount(self):
"""#1:when next() creates a pkthdr it make one extra reference"""
class _Simple: pass
#r = pcapy.open_live("en1", 65000, 0, 1000)
r = pcapy.open_offline(TestPcapy._96PINGS)
#get one & check its refcount
self.assertEqual( sys.getrefcount(r.next()[0]),
sys.getrefcount(_Simple()) )
def packet_generator():
pcap = pcapy.open_offline(test_data('testdump_usbmodify.pcap'))
while True:
(hdr, pack) = pcap.next()
if hdr is None:
return # EOF
yield Packet(hdr, pack)
def runFromFile(self, filename):
reader = None
try:
reader = pcapy.open_offline(filename)
except:
print "Could not open file {0}.".format(filename)
sys.exit(-1)
else:
self.__run(reader)
def testClose(self):
"""
#7 Test the close method
"""
r = pcapy.open_offline(TestPcapy._96PINGS)
hdr, body = r.next()
assert hdr is not None
r.close()
with self.assertRaises(ValueError):
r.next()
def offline(filename):
"""Anaiza un archivo pcap."""
print "Abriendo archivo «" + filename + "»..."
cap = pcapy.open_offline(filename)
while True:
(header, packet) = cap.next()
if header != None:
parse(packet)
else:
break
def filefilter(pcapfile):
try:
print("Reading pcap file %s" % pcapfile)
packetReader = open_offline(pcapfile)
except Exception as e:
print("Error opening pcap file: %s" % str(e))
return 0
packetReader.loop(0, Process)
def testContextManager(self):
"""
#8 Test the context manager support
"""
with pcapy.open_offline(TestPcapy._96PINGS) as r:
hdr, body = r.next()
assert hdr is not None
with self.assertRaises(ValueError):
r.next()
def pcapy_io(f_in,f_out):
pt = pcapy.open_offline(f_in)
pd = pt.dump_open(f_out)
hdr, body = pt.next()
while hdr is not None:
pd.dump(hdr, body)
hdr, body = pt.next()
del pd
pt.close()
def process(filename):
global decoder
p = pcapy.open_offline(filename)
p.setfilter(r"ip proto \tcp")
assert p.datalink() == pcapy.DLT_EN10MB
decoder = impacket.ImpactDecoder.EthDecoder()
p.loop(0, handler)
for c in flows.values():
c.finish_transfer()
def SplitPcap():
# Open file
filename=APPCONFIG.GlobalConfig["pcapfilename"]
#logging.info (filename )
p = open_offline(filename)
# At the moment the callback only accepts TCP/IP packets.
#p.setfilter(r'ip proto \tcp')
p.setfilter(r'ip')
logging.info ("Reading from %s: linktype=%d" % (filename, p.datalink()) )
# Start decoding process.
Decoder(p).start()
def pcap(self,fname): """ opens a pcap file and reads the contents """ cap = pcapy.open_offline(fname) self.map = [] self.p = PacketDecoder() cap.loop(0,self.process) return self.map
def start (self):
# TODO: specify a device or select all devices
# dev = pcapy.findalldevs()[0]
if self.options['offline'] is None :
p = pcapy.open_live(self.options['interface'], 65536, False, 1)
else:
p = pcapy.open_offline(self.options['offline'])
#print "p.loop"
p.loop(-1, self.handle_packet)
def create_test_sock(pcap_filename):
rospy.sleep(0.1)
try:
import pcapy
except ImportError:
import pure_pcapy as pcapy
from StringIO import StringIO
from impacket import ImpactDecoder
body_list = []
if pcap_filename.endswith("gz"):
# From: http://projects.honeynet.org/honeysnap/changeset/35/trunk/honeysnap/__init__.py
import tempfile
import gzip
tmph, tmpf = tempfile.mkstemp()
tmph = open(tmpf, 'wb')
gfile = gzip.open(pcap_filename)
tmph.write(gfile.read())
gfile.close()
tmph.close()
pcap_filename = tmpf
cap = pcapy.open_offline(pcap_filename)
decoder = ImpactDecoder.EthDecoder()
while True:
header, payload = cap.next()
if not header:
break
try:
tcp = decoder.decode(payload).child().child()
body_list.append(tcp.child().get_packet())
except AttributeError:
print decoder.decode(payload)
raise
data_io = StringIO(''.join(body_list))
class MockSocket(object):
def recv(self, byte_count):
rospy.sleep(0.002)
data = data_io.read(byte_count)
if data == "":
rospy.signal_shutdown("Test completed.")
return data
def settimeout(self, timeout):
pass
return MockSocket()
def testBPFFilter(self):
"""
#3 test offline BPFFilter
"""
r = pcapy.open_offline(TestPcapy._96PINGS)
bpf = pcapy.BPFProgram("ip dst host 192.168.1.1")
hdr, pkt = r.next()
while hdr is not None:
f = bpf.filter(pkt)
self.assertNotEqual(f, 0)
hdr, pkt = r.next()
def main():
oc = OSC.OSCClient()
oc.connect(hostport)
kbints = 0
interface_address=options.interface_address
if openfile:
p = pcapy.open_offline(openfile)
else:
# begin listening to network traffic
interface = options.interface
interface_address = netifaces.ifaddresses(interface)[2][0]['addr']
p = pcapy.open_live(interface, 1024, False, 10240)
# create and start threads
network_traffic = communication_thread()
network_traffic.start()
try:
(header, payload) = p.next()
while header:
e = Ether(payload)
t = e.getlayer(TCP)
if t:
i = e.getlayer(IP)
nw_traffic_global.setdefault(t.dport,0)
try:
nw_traffic_global[t.dport]+=1
except KeyError:
print 'race'
nw_traffic_inout['in' if i.dst == interface_address else 'out']+=1
if e.haslayer(ICMP):
x = OSC.OSCMessage()
x.setAddress('/plinker/ping')
x.append(1)
oc.send(x)
print 'ICMP ping sent'
second = header.getts()[0] # [1] = miliseconds
try:
(header, payload) = p.next()
except Exception,e:
pass
#print type(e)
except Exception,e:
print traceback.print_exc(e)
def setUp(self):
pcap = pcapy.open_offline(test_data('usb-single-packet-2.pcap'))
self.packet = Packet(*pcap.next())
self.set_and_test = partial(self.setattr_and_test, self.packet)
# Long name, but not as long as without it
self.assertRaisesWrongPacketXferType = partial(self.assertRaises,
WrongPacketXferType, getattr, self.packet)
# Verify that we have the right test data
self.assertEqual(self.packet.length, 40, 'unmodified packet wrong--test bad?')
self.assertEqual(self.packet.busnum, 7, 'unmodified packet wrong--test bad?')
