def parse_tcp(self, ctx, pkt, ofs, last): ctx.tcp= tcp= empty() tcp.src, tcp.dst, tcp.seq, tcp.ack, hlen, tcp.flags, tcp.window, tcp.check, tcp.urgent = struct.unpack_from(">HHLLBBHHH", pkt, ofs) tcp.hlen = hlen>>4 tcp.URG, tcp.ACK, tcp.PSH, tcp.RST, tcp.SYN, tcp.FIN= bitfields(tcp.flags, 1, 1, 1, 1, 1, 1) # PSH: sender has emptied its buffers ( usually last of burst of packets ) hdrendofs= ofs+tcp.hlen*4 if tcp.hlen<5: raise Exception("SHORT tcp header: hlen=%02x" % hlen) if hdrendofs > last: raise Exception("tcp header too large") if tcp.hlen>5: self.parse_tcp_options(ctx, pkt, ofs+0x14, hdrendofs) ctx.tcp.payload= pkt[hdrendofs:last]
def parse_tcp(self, ctx, pkt, ofs, last): ctx.tcp = tcp = empty() tcp.src, tcp.dst, tcp.seq, tcp.ack, hlen, tcp.flags, tcp.window, tcp.check, tcp.urgent = struct.unpack_from( ">HHLLBBHHH", pkt, ofs) tcp.hlen = hlen >> 4 tcp.URG, tcp.ACK, tcp.PSH, tcp.RST, tcp.SYN, tcp.FIN = bitfields( tcp.flags, 1, 1, 1, 1, 1, 1) # PSH: sender has emptied its buffers ( usually last of burst of packets ) hdrendofs = ofs + tcp.hlen * 4 if tcp.hlen < 5: raise Exception("SHORT tcp header: hlen=%02x" % hlen) if hdrendofs > last: raise Exception("tcp header too large") if tcp.hlen > 5: self.parse_tcp_options(ctx, pkt, ofs + 0x14, hdrendofs) ctx.tcp.payload = pkt[hdrendofs:last]
def parse_80211(self, ctx, pkt, ofs, last): # type FCTYPE_MGMT = 0 FCTYPE_CTRL = 1 FCTYPE_DATA = 2 # CTRL subtypes CTRL_CTS = 0xc, CTRL_ACK = 0xd, CTRL_BLOCKACKREQUEST = 0x8, CTRL_BLOCKACK = 0x9, # data subtype bits FCDATA_QOS = 8 FCDATA_NODATA = 4 def have_a2(wifi): if wifi.type in (FCTYPE_DATA, FCTYPE_MGMT): return True if wifi.type != FCTYPE_CTRL: return False return wifi.subtype not in (CTRL_CTS, CTRL_ACK) def have_a3(wifi): if wifi.type in (FCTYPE_DATA, FCTYPE_MGMT): return True def have_seqctl(wifi): if wifi.type in (FCTYPE_DATA, FCTYPE_MGMT): return True if wifi.type != FCTYPE_CTRL: return False return wifi.subtype in (CTRL_BLOCKACKREQUEST, CTRL_BLOCKACK) def have_a4(wifi): return wifi.type == FCTYPE_DATA and wifi.toDS and wifi.fromDS def have_qos(wifi): return wifi.type == FCTYPE_DATA and (wifi.subtype & FCDATA_QOS) wifi = ctx.wifi = empty() fctl, associd = struct.unpack_from("<HH", pkt, ofs) ofs += 4 wifi.Order, wifi.WEP, wifi.moreData, wifi.pwrMgmt, wifi.retry, wifi.moreFrag, wifi.fromDS, wifi.toDS, \ wifi.subtype, wifi.type, wifi.proto = bitfields(fctl, 1,1,1,1, 1,1,1,1, 4,2,2) a1 = pkt[ofs:ofs + 6] ofs += 6 if have_a2(wifi): a2 = pkt[ofs:ofs + 6] ofs += 6 if have_a3(wifi): a3 = pkt[ofs:ofs + 6] ofs += 6 if have_seqctl(wifi): if ofs >= last: # workaround return seqctl, = struct.unpack_from("<H", pkt, ofs) ofs += 2 if have_a4(wifi): a4 = pkt[ofs:ofs + 6] ofs += 6 if have_qos(wifi): qos, = struct.unpack_from("<H", pkt, ofs) ofs += 2 # data if wifi.type == FCTYPE_DATA and not (wifi.subtype & FCDATA_NODATA): if not wifi.WEP: self.parse_llc(ctx, pkt, ofs, last) elif not self.parse_wlan: pass elif wifi.type == FCTYPE_MGMT: print("wlan mgmt: %s." % pkt[ofs:last].encode("hex")) elif wifi.type == FCTYPE_CTRL and wifi.subtype == CTRL_BLOCKACK: print("wlan ctrl: %s." % pkt[ofs:last].encode("hex")) else: print("wlan ????: %s." % pkt[ofs:last].encode("hex"))
def parse(pkt, ofs, last): dns = DNSPacket() ident, flags, qdcount, ancount, nscount, arcount = struct.unpack_from( ">HHHHHH", pkt, ofs) ofs += 12 dns.ident = ident dns.isresponse, dns.opcode, dns.authoritative, dns.truncated, dns.recursive_query, dns.recursion_available, dns.reserved_bits, dns.response_code = bitfields( flags, 1, 4, 1, 1, 1, 1, 3, 4) # http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml # opcode: 0=standard query, 1=inverse query, 2=status request, 4=notify, 5=update # responsecode: 0=ok, 1=format error, 2=serverfailure, 3=nameerror, 4=notimplemented, 5=refused dns.questions, ofs = DNSPacket.readrecords(DNSPacket.Question, qdcount, pkt, ofs, last) dns.answers, ofs = DNSPacket.readrecords(DNSPacket.RRecord, ancount, pkt, ofs, last) dns.authoritatives, ofs = DNSPacket.readrecords( DNSPacket.RRecord, nscount, pkt, ofs, last) dns.additionals, ofs = DNSPacket.readrecords(DNSPacket.RRecord, arcount, pkt, ofs, last) return dns, ofs
def parse_80211(self, ctx, pkt, ofs, last): # type FCTYPE_MGMT=0 FCTYPE_CTRL=1 FCTYPE_DATA=2 # CTRL subtypes CTRL_CTS=0xc, CTRL_ACK=0xd, CTRL_BLOCKACKREQUEST=0x8, CTRL_BLOCKACK=0x9, # data subtype bits FCDATA_QOS= 8 FCDATA_NODATA= 4 def have_a2(wifi): if wifi.type in (FCTYPE_DATA, FCTYPE_MGMT): return True if wifi.type != FCTYPE_CTRL: return False return wifi.subtype not in (CTRL_CTS, CTRL_ACK) def have_a3(wifi): if wifi.type in (FCTYPE_DATA, FCTYPE_MGMT): return True def have_seqctl(wifi): if wifi.type in (FCTYPE_DATA, FCTYPE_MGMT): return True if wifi.type != FCTYPE_CTRL: return False return wifi.subtype in (CTRL_BLOCKACKREQUEST, CTRL_BLOCKACK) def have_a4(wifi): return wifi.type == FCTYPE_DATA and wifi.toDS and wifi.fromDS def have_qos(wifi): return wifi.type == FCTYPE_DATA and (wifi.subtype&FCDATA_QOS) wifi= ctx.wifi= empty() fctl, associd= struct.unpack_from("<HH", pkt, ofs) ofs += 4 wifi.Order, wifi.WEP, wifi.moreData, wifi.pwrMgmt, wifi.retry, wifi.moreFrag, wifi.fromDS, wifi.toDS, \ wifi.subtype, wifi.type, wifi.proto = bitfields(fctl, 1,1,1,1, 1,1,1,1, 4,2,2) a1= pkt[ofs:ofs+6] ; ofs += 6 if have_a2(wifi): a2= pkt[ofs:ofs+6] ; ofs += 6 if have_a3(wifi): a3= pkt[ofs:ofs+6] ; ofs += 6 if have_seqctl(wifi): if ofs>=last: # workaround return seqctl,= struct.unpack_from("<H", pkt, ofs) ; ofs += 2 if have_a4(wifi): a4= pkt[ofs:ofs+6] ; ofs += 6 if have_qos(wifi): qos,= struct.unpack_from("<H", pkt, ofs) ; ofs += 2 # data if wifi.type==FCTYPE_DATA and not (wifi.subtype&FCDATA_NODATA): if not wifi.WEP: self.parse_llc(ctx, pkt, ofs, last) elif wifi.type==FCTYPE_MGMT: print "wlan mgmt: %s." % pkt[ofs:last].encode("hex") elif wifi.type==FCTYPE_CTRL and wifi.subtype==CTRL_BLOCKACK: print "wlan ctrl: %s." % pkt[ofs:last].encode("hex") else: print "wlan ????: %s." % pkt[ofs:last].encode("hex")
def parse(pkt, ofs, last): dns= DNSPacket() ident, flags, qdcount, ancount, nscount, arcount= struct.unpack_from(">HHHHHH", pkt, ofs) ofs += 12 dns.ident= ident dns.isresponse, dns.opcode, dns.authoritative, dns.truncated, dns.recursive_query, dns.recursion_available, dns.reserved_bits, dns.response_code= bitfields(flags, 1,4,1,1,1,1,3,4) # http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml # opcode: 0=standard query, 1=inverse query, 2=status request, 4=notify, 5=update # responsecode: 0=ok, 1=format error, 2=serverfailure, 3=nameerror, 4=notimplemented, 5=refused dns.questions, ofs= DNSPacket.readrecords(DNSPacket.Question, qdcount, pkt, ofs, last) dns.answers, ofs= DNSPacket.readrecords(DNSPacket.RRecord, ancount, pkt, ofs, last) dns.authoritatives, ofs= DNSPacket.readrecords(DNSPacket.RRecord, nscount, pkt, ofs, last) dns.additionals, ofs= DNSPacket.readrecords(DNSPacket.RRecord, arcount, pkt, ofs, last) return dns, ofs