def tcpdump_process(ns, vif, filter):
"""
Runs the tcpdump process on hosts
"""
p = subprocess.Popen('sudo ip netns exec %s timeout %d tcpdump -l -evvvnn -i %s %s -w "../pcap/%s.pcap"' % (ns, TIMEOUT, vif, filter, vif), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
output, err = p.communicate()
err = err.decode()
if "No such device exists" in err:
writer=scapy.PcapWriter("../pcap/%s.pcap" % vif)
writer.write([])
writer.flush()
def generate_pcap(d):
# 1. Assemble frame
input = d['frame_raw'][1]
output = assemble_frame(d, None)
print(input)
print(output)
# 2. Testing: compare input and output for not modified json
if (input != output):
print("Modified frames: ")
s1 = input
s2 = output
print(s1)
print(s2)
if (len(s1) == len(s2)):
d = [i for i in range(len(s1)) if s1[i] != s2[i]]
print(d)
# 3. Generate pcap
outfile = sys.argv[0] + ".pcap"
pcap_out = scapy.PcapWriter(outfile, append=False, sync=False)
new_packet = scapy.Packet(bytearray.fromhex(output))
pcap_out.write(new_packet)
print("Generated " + outfile)
fake_pkt = sp.IP(dst=pkt.src_addr, src=pkt.dst_addr) / sp.TCP(
dport=pkt.src_port, sport=pkt.dst_port)
else:
fake_pkt = sp.IPv6(dst=pkt.src_addr, src=pkt.dst_addr) / sp.TCP(
dport=pkt.src_port, sport=pkt.dst_port)
fake_pkt[sp.TCP].flags = 'AR'
fake_pkt[sp.TCP].ack = pkt.tcp.seq_num + 1
fake_pkt[sp.TCP].seq = pkt.tcp.ack_num + 1
fake_pkt[sp.TCP].window = 0
return fake_pkt
if __name__ == "__main__":
print("start")
pktdump = sp.PcapWriter("test.pcap", append=True, sync=True)
with pydivert.WinDivert(
"inbound and (tcp.DstPort == 5000 or udp.DstPort == 5000)") as w:
for pkt in w:
print(pkt)
# dump received packet
if pkt.ipv4:
pktdump.write(sp.Ether() / sp.IP(bytes(pkt.raw)))
else:
pktdump.write(sp.Ether() / sp.IPv6(bytes(pkt.raw)))
# send rst for tcp packet
if (pkt.tcp):
rst_pkt = get_rstpkt(pkt)
pktdump.write(sp.Ether() / rst_pkt)
sys.exit()
af = AnonymizedField(a, 1)
anonymize[af.field] = af
input_frame_raw = ''
frame_raw = ''
frame_time = None
salt = args.salt
if salt is None:
# generate random salt if no salt was provided
salt = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(10))
# Generate pcap
if args.python == False:
pcap_out = scapy.PcapWriter(outfile, append=False, sync=False)
# Iterate over packets in JSON
for packet in ijson.items(data_file, "item", buf_size=200000):
_list = []
linux_cooked_header = False;
# get flat raw fields into _list
for raw in raw_flat_collector(packet['_source']['layers']):
if len(raw) >= 2:
if (raw[0] == "frame_raw"):
frame_raw = raw[1][0]
frame_amask = "0"*len(frame_raw) # initialize anonymization mask
input_frame_raw = copy.copy(frame_raw)
frame_time = None
if 'frame.time_epoch' in packet['_source']['layers']['frame']: