def __init__(self, user_querier: UserQuerier, interface="mon0"): self.async_sniffer = AsyncSniffer(prn=self.handle_packet, store=False, iface=interface, monitor=True) self.device_dectect_stream = Subject() self.user_querier = user_querier
def __init__(self, dhcp_store: MutableMapping[str, DHCPDescriptor], gw_info: UplinkGatewayInfo, dhcp_wait: Condition, iface: str = "dhcp0", lease_renew_wait_min: int = 200): """ Implement DHCP client to allocate IP for given Mac address. DHCP client state is maintained in user provided hash table. Args: dhcp_store: maintain DHCP transactions, key is mac address. gw_info_map: stores GW IP info from DHCP server dhcp_wait: notify users on new DHCP packet iface: DHCP egress and ingress interface. """ self._sniffer = AsyncSniffer(iface=iface, filter="udp and (port 67 or 68)", prn=self._rx_dhcp_pkt) self.dhcp_client_state = dhcp_store # mac => DHCP_State self.dhcp_gw_info = gw_info self._dhcp_notify = dhcp_wait self._dhcp_interface = iface self._msg_xid = 0 self._lease_renew_wait_min = lease_renew_wait_min self._monitor_thread = threading.Thread( target=self._monitor_dhcp_state) self._monitor_thread.daemon = True self._monitor_thread_event = threading.Event()
class Sniffer: """Sniff incoming packets for SYN/ACK responses.""" def __init__(self, scan_filter, timeout): """Initialize Sniffer.""" self.packets = list() self.sniffer = AsyncSniffer( filter=scan_filter, prn=self.packets.append, ) self.timeout = timeout def start(self): """Start sniffing.""" self.sniffer.start() def stop(self): """Stop sniffing.""" time.sleep(self.timeout) self.sniffer.stop() def open_ports(self): """Return open ports.""" live_ports = set() for packet in self.packets: if packet["TCP"].flags == "SA": live_ports.add(packet.sport) return sorted(live_ports)
def start(self, asynchronous: bool = False) -> None: """ This function starts the netbios spoofer (and the network sniffer). """ self.run = True logger.warning("The netbios spoofer starts up...") if asynchronous: sniffer = AsyncSniffer( store=False, filter="(port 5353 or port 5355 or port 137) and proto UDP", stop_filter=lambda x: not self.run, prn=self.identify_packet, iface=self.iface, ) sniffer.start() else: sniff( store=False, filter="(port 5353 or port 5355 or port 137) and proto UDP", stop_filter=lambda x: not self.run, prn=self.identify_packet, iface=self.iface, ) logger.critical("The netbios spoofer is stopped.")
class Sniffer(object): def __init__(self, iface, *args, **kwargs): self.iface = iface self.sniffer = None self.stop_filter = None def start_sniff(self, stop_filter): assert self.sniffer is None self.stop_filter = stop_filter self.sniffer = AsyncSniffer( iface=self.iface, stop_filter=stop_filter, ) self.sniffer.start() def wait_for_sniff_results(self, timeout=5): assert self.sniffer is not None self.sniffer.join(timeout=timeout) sniffer = self.sniffer self.sniffer = None if sniffer.results is None: return [] return [ p for p in sniffer.results # filter out packets only belonging to stop_filter if # it existed if sniffer.kwargs.get("stop_filter") is None or sniffer.kwargs["stop_filter"](p) ]
def test_scapy_sniffer(self): send_data = [ Ether(src="99:54:8f:91:12:f6", dst="44:35:a2:a6:d0:bd") / IPv6(src="fe80::1", dst="fe80::2") / ICMPv6EchoRequest(), Ether(src="44:35:a2:a6:d0:bd", dst="99:54:8f:91:12:f6") / IPv6(src="fe80::2", dst="fe80::1") / ICMPv6EchoReply(), Ether(src="1f:db:ed:9c:26:6e", dst="18:39:3c:e8:1f:ad") / IPv6(src="2001:db8:8a5a:4020:f160:162:c83d:527d", dst="2001:db8:2932:29c9:35eb:9377:ae68:634d") / UDP(sport=31245, dport=8788) / b"abcdef", Ether(src="18:39:3c:e8:1f:ad", dst="1f:db:ed:9c:26:6e") / IPv6(src="2001:db8:2932:29c9:35eb:9377:ae68:634d", dst="2001:db8:8a5a:4020:f160:162:c83d:527d") / UDP(sport=8788, dport=31245) / b"12345", ] sniffer = AsyncSniffer() sniffer.start() self.spawn.expect(r"Initializing L2listen with arguments") self.spawn.expect(r"Bound socket to '(.*)'\s") remote = self.spawn.match.group(1) # wait a bit to avoid race where socket is not bound yet time.sleep(.5) for packet in send_data: time.sleep(.001) # some spacing for test stability self.assertEqual(len(raw(packet)), self.comm_sock.sendto(raw(packet), remote)) for packet in send_data: self.spawn.expect(r"Receiving on L2listen with arguments") results = sniffer.stop() self.assertIsNotNone(results) self.assertEqual(len(send_data), len(results)) for pkt in send_data: self.assertIn(Ether(raw(pkt)), results)
def __init__(self, scan_filter, timeout): """Initialize Sniffer.""" self.packets = list() self.sniffer = AsyncSniffer( filter=scan_filter, prn=self.packets.append, ) self.timeout = timeout
def start_sniff(self, stop_filter): assert self.sniffer is None self.stop_filter = stop_filter self.sniffer = AsyncSniffer( iface=self.iface, stop_filter=stop_filter, ) self.sniffer.start()
def main(): t = AsyncSniffer(iface=s.INT, filter=filter, prn=lambda pkt: pkt_receiver(pkt, p_tracker)) t.start() log("Service started successfully") while True: time.sleep(10) tracker_cleanup()
def start_sniffer(iface, count=None, stop_filter=None): sniffer = AsyncSniffer( iface=iface, filter="udp and dst port 547", count=count, stop_filter=stop_filter, ) sniffer.start() return sniffer
def sniff_start(self, ifname): p_list[:] = [] self.summary_txt = '' self.detail_txt = '' self.hexdump_txt = '' self.prev_idx = 0 self.curr_idx = 0 self.sniffer = AsyncSniffer(iface=ifname, prn=lambda x: p_list.append(x)) self.sniffer.start()
def make_pcaps(): #don't think I'll need more but make an hour worth of #one minute pcap files for i in range(60): #if we need we can narrow the interface we use to sniff by changing #the args to AsyncSniffer() t = AsyncSniffer() t.start() time.sleep(60) z = t.stop() wrpcap(f"test_{i}.pcap", z)
def sniff(self, count=0): """ start async sniffer """ logger.info("starting to sniff packets") # TODO filter all outcoming packets self.sniffer = AsyncSniffer(session=TCPSession, prn=self._store, iface=self.interface, count=count, store=False) self.sniffer.start()
def async_monitoring(self): """ Start threads for each interface that will sniff all packets incoming to the network :return: self.threads_monitor """ if len(self.ifaces_names) != 0: self.threads_monitor = [] for name, ip in zip(self.ifaces_names, self.ifaces_ip): monitor_process = AsyncSniffer(iface=name, filter='icmp and not host %s' % ip) monitor_process.start() self.threads_monitor.append(monitor_process)
def start_listen_data(self): ''' The different mac address make the filter very hard to match ''' hard_code_mac = '04:00:00:00:00:04' filter_exp = 'ether src host {0} or {1}'.format( self.dst_mac, hard_code_mac) self.async_sniffer = AsyncSniffer(iface=self.iface, prn=self.handle_recive_packet, filter=filter_exp, store=0) self.async_sniffer.start() time.sleep(0.1)
def send_and_exp_any_dhcp6(cls, send_pkt, client=True, ipv6_src=None): sniffer = AsyncSniffer(iface=cls.tap) sniffer.start() time.sleep(cls.pre_sniffer_wait) cls._sendp(send_pkt, client=client, ipv6_src=ipv6_src) time.sleep(cls.post_sniffer_wait) return [ pkt for pkt in sniffer.stop() if cls._contains_dhcp(pkt) and # filter out sent packet (UDP not in pkt or raw(pkt[UDP].payload) != raw(send_pkt)) and # filter out ICMPv6 since error notifications can also contain # the sent packets and we are not interested in error # notifications ICMPv6DestUnreach not in pkt ]
class Sniffer(Thread): def __init__(self, filter): super().__init__() self.filter = "host %s" % filter self.daemon = True self.socket = None self.use_pcap = True self.is_admin = False logger.info( 'Local network adapter information, choose a network you want to ' 'capture.' ) message = '----- Local IP Address -----\n' ifaces = [] if WINDOWS: import ctypes from scapy.all import IFACES if ctypes.windll.shell32.IsUserAnAdmin(): self.is_admin = True for i, iface in enumerate(sorted(IFACES)): dev = IFACES[iface] ifaces.append(dev.description) message += "{0} {1} {2}\n".format( i, dev.description, dev.ip) else: if os.getuid() == 0: self.is_admin = True ifaces = get_if_list() for i, iface in enumerate(ifaces): ip = get_if_addr(iface) message += "{0} {1} {2}\n".format(i, iface, ip) data_to_stdout(message) choose = input('Choose>: ').strip() self.interface = ifaces[int(choose)] self.use_pcap = True self.stop_sniffer = Event() self.pcap = None def run(self): self.pcap = AsyncSniffer() # In order to ensure that all packets can be captured, # a adapter must be specified. If it is all adapters, # it will lost the data package self.pcap._run(iface=self.interface, filter=self.filter) def join(self, timeout=None): self.pcap.continue_sniff = False super().join(timeout)
def setUpClassDevices(cls): BridgeTools.delete_ns_all() BridgeTools.create_veth_pair(cls.gtp_veth, cls.gtp_veth_ns) BridgeTools.ifup_netdev(cls.gtp_veth, cls.gtp_pkt_dst + "/24") BridgeTools.create_veth_pair(cls.sgi_veth, cls.sgi_veth1) BridgeTools.create_ns_and_move_veth(cls.NS_NAME, cls.sgi_veth1, cls.inner_src_ip + "/24") BridgeTools.ifup_netdev(cls.sgi_veth, cls.inner_dst_ip + "/24") BridgeTools.ifup_netdev(cls.gtp_veth_ns, cls.gtp_pkt_src + "/24") gw_ip = IPAddress(version=IPAddress.IPV4, address=socket.inet_aton(cls.sgi_veth_ip)) cls.ebpf_man = EbpfManager(cls.sgi_veth, cls.gtp_veth, gw_ip, bpf_ul_file=UL_HANDLER, bpf_dl_file=DL_HANDLER, bpf_header_path=BPF_HEADER_PATH) cls.ebpf_man.detach_dl_ebpf() cls.ebpf_man.attach_dl_ebpf() cls.sniffer = AsyncSniffer( iface='gtpu_sys_2152', store=False, prn=cls.pkt_cap_fun, ) cls.sniffer.start()
def setUpClassDevices(cls): BridgeTools.delete_ns_all() BridgeTools.create_veth_pair(cls.gtp_veth, cls.gtp_veth_ns) BridgeTools.ifup_netdev(cls.gtp_veth, cls.gtp_pkt_dst + "/24") BridgeTools.create_veth_pair(cls.sgi_veth, cls.sgi_veth1) BridgeTools.create_ns_and_move_veth(cls.NS_NAME, cls.gtp_veth_ns, cls.gtp_pkt_src + "/24") BridgeTools.ifup_netdev(cls.sgi_veth, cls.sgi_veth_ip + "/24") BridgeTools.ifup_netdev(cls.sgi_veth1) cls.ebpf_man = ebpf_manager(cls.sgi_veth, cls.gtp_veth, cls.sgi_veth_ip, True, UL_HANDLER) cls.ebpf_man.detach_ul_ebpf() cls.ebpf_man.attach_ul_ebpf() time.sleep(2) cls.sniffer = AsyncSniffer( iface=cls.sgi_veth1, store=False, prn=cls.pkt_cap_fun, ) cls.sniffer.start()
async def _slice_one_pcap(self, path: str): load_delay = 1 self._logger.debug(f'Slicing pcap: {path}') try: sn = AsyncSniffer(filter='tcp', offline=path, session=IPSession) sn.start() while sn.running: await asyncio.sleep(load_delay) sessions = sn.results.sessions(full_duplex) sessions = await self.sessions_dumper.retrieve(sessions) await self.db.push_streams(sessions) except Exception as e: self._logger.error(f'Got an exception {e}', e) self._logger.debug(f'Finished slicing of {path} with total {len(sessions)} sessions')
def init_test_sniffer(): """ For testing """ # packets = AsyncSniffer(monitor=True, count=0) packets = AsyncSniffer(count=0) packets.start() input("Press enter to stop sniffing: ") packets.stop() packets.join()
def sniff_routine() -> PacketList: sniffer = AsyncSniffer(prn=lambda x: x.summary(), filter='ip') while True: start = input("Type start to start capturing\n") if start == "start": print("Starting to capture...") break sniffer.start() while True: stop = input("To stop capturing type stop\n") if stop == "stop": break sniff_result = sniffer.stop() wrpcap("output/output.cap", sniff_result) return sniff_result
def __init__(self, publishers, params): """Initializes and starts the background scanning for Dash Button ARP packets, publishing the MAC address to the destination when one is detected. """ super().__init__(publishers, params) self.log.info("Configuing Dash Scanner") self.devices = get_sequential_param_pairs(params, "MAC", "Destination") if self.poll > 0: raise ValueError("DashSensor is not a polling sensor!") self.sniffer = AsyncSniffer(prn=self.arp_received, filter="arp", store=0, count=0) self.sniffer.start()
class DeviceSniffer: def __init__(self, user_querier: UserQuerier, interface="mon0"): self.async_sniffer = AsyncSniffer(prn=self.handle_packet, store=False, iface=interface, monitor=True) self.device_dectect_stream = Subject() self.user_querier = user_querier def __del__(self): self.device_dectect_stream.on_completed() @staticmethod def is_probe_request(packet: Packet): return packet.type == 0 and packet.subtype == 4 def handle_packet(self, packet: Packet): if not DeviceSniffer.is_probe_request(packet): return try: target_ssid = packet.getlayer(Dot11Elt).getfieldval("info").decode( "utf-8") if len(target_ssid) == 0: return source_mac_addr = packet.addr2.upper() userid = self.user_querier.get_userid(target_ssid, source_mac_addr) if userid is not None: self.device_dectect_stream.on_next(userid) except Exception as err: self.device_dectect_stream.on_error(err) def get_observable(self) -> Subject: return self.device_dectect_stream def start(self): self.async_sniffer.start() def stop(self): self.async_sniffer.stop()
def start_scapy_scan(self) -> List[bool]: """ This function starts AsyncSniffer and scapy scan, finally stops AsyncSniffer. """ no_error = False _targets = self._targets info("Start AsyncSniffer using Scapy...") sniffer = AsyncSniffer( iface=self.iface, lfilter=lambda p: ((ARP in p and p.psrc in _targets) or (IP in p and p.src in _targets)), prn=self.scapy_match, ) sniffer.start() try: results = self.scapy_scan() except Exception as e: error = e else: no_error = True finally: info("Stop AsyncSniffer, scan end.") sniffer.stop() if no_error: return results else: raise error
def campaign1(s, HOST, TCP_PORT, UDP_PORT, client_ip): conn, addr = s.accept() conn_ip = addr[0] if (conn_ip != client_ip): return if (conn): try: sniffer = AsyncSniffer(iface='lo', prn=printPacket, filter='dst port {}'.format(UDP_PORT)) sniffer.start() time.sleep(1) #Initialization check: check = conn.recv(255) print("[-] {}".format(check)) response = 'yes' conn.sendall(response) time.sleep(1) #UDP packet: request = conn.recv(255) print("[-] {}".format(request)) #Start UDP server try: sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.bind((HOST, UDP_PORT)) print('[+] UDP server started') response = 'yes' except: response = 'no' raise try: conn.sendall(response) data, address = sock.recvfrom(1024) time.sleep(1) print('[*] Received: {}'.format(data)) result = 'Success, report is: \n{}'.format(info) sock.sendto(result, address) sniffer.stop() except: result = 'Failed, report is: \n{}'.format(info) sock.sendto(result, address) sniffer.stop() except: print('[+] Error connecting to client') s.shutdown(socket.SHUT_RDWR) s.close() raise s.shutdown(socket.SHUT_RDWR) s.close()
def mac_sniffer(st=10): IFACE = "mon0" SNIFF_TIME = st t = AsyncSniffer(iface=IFACE, prn=store_packets) t.start() waiter(SNIFF_TIME) t.stop()
def collect_devices(iface, src_mac, timeout=5) -> List[EthernetDevice]: global PING_RESULT PING_RESULT = {} devices = [] filter_exp = 'ether dst host {0} and ether[16:2] == 0x01cc'.format( src_mac) command_line = message_helper.build_eth_command( dest_mac="ff:ff:ff:ff:ff:ff", src_mac=src_mac, message_type=PING_PKT, message_bytes=[] ) async_sniffer = AsyncSniffer( iface=iface, prn=handle_ping_receive_packet, filter=filter_exp ) async_sniffer.start() time.sleep(.1) sendp(command_line, iface=iface, verbose=0, count=1) time.sleep(timeout) async_sniffer.stop() for key in PING_RESULT.keys(): devices.append(EthernetDevice(key)) return devices
def wait_for_async_sniffing(*args, **kwargs): """Starts AsyncSniffer and waits until it starts sniffing.""" lock = threading.Lock() if "started_callback" in kwargs: original_started_callback = kwargs["started_callback"] def combined_started_callback(): lock.release() original_started_callback() else: combined_started_callback = lock.release kwargs["started_callback"] = combined_started_callback kwargs["L2socket"] = L2ListenSocketOutgoing lock.acquire() asniff = AsyncSniffer(*args, **kwargs) asniff.start() lock.acquire() return asniff
def run(self): a = AsyncSniffer(iface=self.iface, prn=self.callback) a.start() c = ProgressBar() while self.do_run: c.update(len(self.found)) sleep(1) # be nice to the cpu a.stop()