def main():
args = parse_args()
all_packet_dic = []
pkts = rdpcap(args.pcap)
for pkt in pkts:
if 'DNS' in pkt:
raw = str(pkt['DNS'])
d = read_dns_packet(raw, pkt, args.domain)
if d:
all_packet_dic.append(d)
if args.action == 'display':
for p in all_packet_dic:
pretty_print(p)
else:
n = args.pcap
ind = n.rfind('.')
new_pcap = n[:ind] + '.' + args.domain + '.' + n[ind + 1:]
pktdump = PcapWriter(new_pcap, append=True, sync=True)
addresses = []
for p in all_packet_dic:
pktdump.write(p['packet'])
if p['Answers']:
for a in p['Answers']:
if a[1] == 1:
addresses.append(a[4])
for pkt in pkts:
try:
if 'IP' in pkt and pkt[IP].src in addresses or pkt[
IP].dst in addresses:
pktdump.write(pkt)
except:
IndexError
def __init__(self, psk=None, essid=None, pcap=False):
self.pt = PE.pt
if psk is not None and essid is not None:
if os.path.isfile('handshakes.sqlite'):
os.remove('handshakes.sqlite')
self.con = lite.connect('handshakes.sqlite')
self.con.text_factory = str
self.db = self.con.cursor()
self.tgtInfo = {}
self.availTgts = set()
self.catchDict = {}
self.encDict = {}
self.alert = set()
self.pke = 'Pairwise key expansion'
self.pmk = PBKDF2(psk, essid, 4096).read(32)
self.db.execute('CREATE TABLE IF NOT EXISTS\
"shakes"("pkt" TEXT,\
"vmac" TEXT,\
"bmac" TEXT,\
"nonce" TEXT,\
"e_num" TEXT,\
UNIQUE(vmac, bmac, e_num));')
self.con.commit()
if pcap is True:
self.eapolTrack = PcapWriter('eapols.pcap', sync=True)
self.pcap = pcap
else:
self.eapolTrack = None
self.pcap = None
def refresh(self):
self._nlogs = self._get_log_count()
self.packet_logger = PcapWriter(
self.destination_folder +
"packet_log{n}.cap".format(n=self._nlogs),
append=True,
sync=True)
def analyze(self,pcapFilename):
hl7Output =BASE_DIR+"/hl7/networkFiles/hl7PacketDump.pcap"
hl7Dump = PcapWriter((hl7Output),append=True,sync=True)
G = nx.DiGraph(directed=True)
print(unquote(pcapFilename))
pcapFilename = unquote(pcapFilename)
packets = rdpcap(pcapFilename)
networkSession = packets.sessions()
for session in networkSession:
for packet in networkSession[session]:
try:
if (str(packet[TCP].payload).startswith("b\'")) and str(packet[TCP].payload).endswith("r\'"):
hl7Dump.write(packet)
G.add_edge( (str(packet[IP].dst)+":"+str(packet[IP].dport)),(str(packet[IP].src)+":"+str(packet[TCP].sport)))
except:
continue
nx.draw(G, with_labels=True)
plt.show()
hl7Dump.close()
return hl7Output
def clsMessagesByIp(fileFrom, fileTo):
packages = scapy.rdpcap(fileFrom)
t_results = {}
for p in packages:
srcIp = MessageConvert.getClsSrcIp(p)
desIp = MessageConvert.getClsDesIp(p)
if srcIp == 'null' or desIp == 'null':
continue
mesKeyFirst = srcIp + desIp
mesKeySecond = desIp + srcIp
if mesKeyFirst in t_results:
t_results[mesKeyFirst].append(p)
elif (mesKeySecond in t_results):
t_results[mesKeySecond].append(p)
else:
t_results[mesKeyFirst] = []
t_results[mesKeyFirst].append(p)
for key in t_results:
t_temp = t_results[key]
t_writer = PcapWriter('%s%s.pcap' %(fileTo, key), append=True)
#t_writer = PcapWriter('/home/wxw/data/cip_datanew/' + key + '.pcap', append=True)
for p in t_results[key]:
t_writer.write(p)
t_writer.flush()
t_writer.close()
def create_flows(num_packets, bytes_per_packet, output_file, zipf_param,
n_flows):
pktdump = PcapWriter(output_file, append=False)
#fs = np.random.zipf(zipf_param, num_packets)
fs = genZipf(zipf_param, n_flows, num_packets)
flows = {}
ip_table = IPTable()
for i in xrange(num_packets):
f = fs[i] # generate a single sample from zipfian distribution
if f not in flows:
flows[f] = 1
else:
flows[f] += 1
src_ip, dst_ip, prot, sport, dport = ip_table.lookup_flow(f)
pkt = IP(src=src_ip, dst=dst_ip)
pkt = pkt / UDP(sport=sport, dport=dport)
pkt.len = bytes_per_packet
pktdump.write(pkt)
flows_file = open("result-flws.txt", 'w')
flows_file.write("flw_id n_pkts\n")
for k, v in flows.iteritems():
flows_file.write('{} {}\n'.format(k, v))
flows_file.close()
def showPacket(packet):
# method 1 : save pcap and convert csv
# method 2 : input data into csv
# find csv output module
# first all wirte
# second time save
global packetcont
global model
# traffic info
timestamp = datetime.fromtimestamp(packet[0][1].time)
print(packet[0][1])
print('timestamp:', timestamp)
print('Now packetcont:', packetcont)
print('------------------------------------------------------')
# seleuchel edit - save packet in real time
filename = "./packet/pcap/packet.pcap"
pktdump = PcapWriter(filename, append=True, sync=True)
pktdump.write(packet)
packetcont += 1
if packetcont >= 1000:
# extract pcap -> csv
ext_feature()
#model test
model = AutoEncoder('./packet/csv/exfeature/packet.pcap_Flow.csv')
result_csv = model.get_result()
print(result_csv)
#send to server
sendjson.send(result_csv)
packetcont = 0
def wr_pkt(self, mode='node', port=2231):
file_name = ''.join([dir_prefix, mode, '_', str(port), '.pcap'])
try:
pktdump = PcapWriter(file_name, append=True, sync=True)
pktdump.write(self.pkt)
except:
raise Exception
def sniff_goose(interface):
print(
"GOOSE messages use IEEE 802.1Q for VLAN tagging and prioritization. Many network cards filter out the "
"content of this layer. If this is also the case for you, there are often ways to change this. Since it "
"varies from card to card you should google it. Otherwise you can answer 'Tagged VLANs' with n."
)
time_to_capture = int(input("Time to capture (in seconds) : "))
with_iee = input("Does your interface support tagged VLANs? (y/n): ")
capture_name = input("Name of the pcap file (without extension) : ")
print('\nSniffing GOOSE traffic from '
'\n[*] Interface: {} '
'\n[*] For:{} seconds '
'\n[*] Tagged VLANs: {} '
'\n'.format(interface, time_to_capture, with_iee))
if with_iee == "y":
# Sniffing the traffic from Publisher
print(
"All network packets with Ethernet, IEEE 802.1Q and RAW Layer are captured!"
)
traffic = sniff(iface=interface, timeout=time_to_capture)
output = PcapWriter(capture_name + ".pcap", append=True, sync=True)
for frame in traffic: # Checks all frames in traffic
if frame.haslayer(Ether) == 1 and frame.haslayer(
Dot1Q
) == 1 and frame.haslayer(
Raw
) == 1: # Checks if the frame has the Ethernet, IEEE802.1Q and Raw layer
output.write(frame) # Saves the frame
print("File saved as: " + capture_name)
elif with_iee == "n":
# Sniffing the traffic from Publisher
print("All network packets with Ethernet and RAW Layer are captured!")
traffic = sniff(iface=interface, timeout=time_to_capture)
output = PcapWriter(capture_name + ".pcap", append=True, sync=True)
for frame in traffic: # Checks all frames in traffic
if frame.haslayer(Ether) == 1 and frame.haslayer(
Raw
) == 1: # Checks if the frame has the Ethernet, and Raw layer
output.write(frame) # Saves the frame
print("File saved as: " + capture_name)
else:
print("Your Input was: ", with_iee, "It should be 'y' or 'n'!")
def __init__(self,
interface=None,
debug=False,
ip_inbound=None,
ip_outbound=None,
protocols=None,
dns=None,
dports=None,
sports=None,
extensions=None,
action_inbound_IPRule=0,
action_outbound_IPRule=0,
action_DNSRule=0,
action_source_portRule=0,
action_dest_portRule=0,
action_HTTPResponse=1,
action_HTTPRequest=1,
action_protocolRule=0,
action_scanLoad=0):
"""Initilize PacketFilter class."""
self.logger = logger.SecureTeaLogger(__name__, debug)
# Initialize with empty list
if ip_inbound is None:
ip_inbound = []
if ip_outbound is None:
ip_outbound = []
if protocols is None:
protocols = []
if dns is None:
dns = []
if sports is None:
sports = []
if dports is None:
dports = []
if extensions is None:
extensions = []
self._action_inbound_IPRule = action_inbound_IPRule
self._action_outbound_IPRule = action_outbound_IPRule
self._action_protocolRule = action_protocolRule
self._action_DNSRule = action_DNSRule
self._action_source_portRule = action_source_portRule
self._action_dest_portRule = action_dest_portRule
self._action_HTTPRequest = action_HTTPRequest
self._action_HTTPResponse = action_HTTPResponse
self._action_scanLoad = action_scanLoad
self._IP_INBOUND = ip_inbound
self._IP_OUTBOUND = ip_outbound
self._PROTCOLS = protocols
self._DNS = dns
self._DPORTS = dports
self._SPORTS = sports
self._EXTENSIONS = extensions
# Initialize PcapWriter for PCAP dumping
self.pktdump = PcapWriter("blocked.pcap", append=True, sync=True)
def __spawn_sniffer(self):
"""
Saves pcaps to a file. Should be run as a thread.
Ends when the stop_sniffing_flag is set. Should not be called by user
"""
self.packet_dumper = PcapWriter(self.location, append=True, sync=True)
while (self.stop_sniffing_flag == False):
sniff(stop_filter=self.__packet_callback, timeout=1)
def gen_ipv4_assemble_pcap():
"""Generate ipv4 assemble test case input pcap file."""
writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv4_assemble_rx.pcap",
append=False)
packets = create_packet(1066, False, 1024)
for packet in packets:
writer.write(packet)
writer.close()
def create_pcap_file_from_frames(self, file_name, frames):
writer = PcapWriter(file_name, append=False)
for frame in frames:
writer.write(frame)
writer.close()
def sanitize(filepath_in,
filepath_out=None,
sequential=True,
ipv4_mask=0,
ipv6_mask=0,
mac_mask=0,
start_ipv4='10.0.0.1',
start_ipv6='2001:aa::1',
start_mac='00:aa:00:00:00:00'):
if not filepath_out:
timestamp = datetime.datetime.now().strftime('%y%m%d-%H%m%S')
filepath_out = os.path.splitext(filepath_in)[
0] + '_sanitized_' + timestamp + os.path.splitext(filepath_in)[1]
mac_gen = MACGenerator(sequential=sequential,
mask=mac_mask,
start_mac=start_mac)
ip4_gen = IPv4Generator(sequential=sequential,
mask=ipv4_mask,
start_ip=start_ipv4)
ip6_gen = IPv6Generator(sequential=sequential,
mask=ipv6_mask,
start_ip=start_ipv6)
with open(filepath_in) as capfile:
#open cap file with pcapfile
cap = savefile.load_savefile(capfile, verbose=False)
#use scapy's pcapwriter
pktwriter = PcapWriter(filepath_out, append=True)
try:
for pkt in cap.packets:
#create scapy packet from pcapfile packet raw output
pkt = Ether(pkt.raw())
#MAC addresses
pkt.src = mac_gen.get_mac(pkt.src)
pkt.dst = mac_gen.get_mac(pkt.dst)
#IP Address
try:
pkt['IP'].src = ip4_gen.get_ip(pkt['IP'].src)
pkt['IP'].dst = ip4_gen.get_ip(pkt['IP'].dst)
except IndexError:
pkt['IPv6'].src = ip6_gen.get_ip(pkt['IPv6'].src)
pkt['IPv6'].dst = ip6_gen.get_ip(pkt['IPv6'].dst)
pktwriter.write(pkt)
finally:
pktwriter.close()
return filepath_out.split('/')[-1]
def parameter_problem_pointer(self):
self.comment = "\n ICMPv6_PARAMETER_PROBLEM_POINTER"
self.packet_error = True
for ptr_value in range(0, 40):
self.m_finished = False
q = Queue()
v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address)
sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 38))
sniffer.daemon = True
sniffer.start()
count = 0
while not self.m_finished:
ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address)
icmp = ICMPv6ParamProblem()
icmp.code = 0
icmp.ptr = ptr_value
ip1 = IPv6(src=self.ipv6_destination_address, dst=self.ipv6_source_address)
udp = UDP(sport=self.ipv6_udp_or_tcp_destination_port, dport=self.ipv6_udp_or_tcp_source_port)
payload = "H" * 10
send(ip / icmp / ip1 / udp / payload, iface=self.ipv6_interface, verbose=False)
if not q.empty():
file_name = self.comment.lower() + ".pcap"
pktdump = PcapWriter(file_name, append=True, sync=True)
while not q.empty():
pkt = q.get()
# print(pkt.show())
pktdump.write(pkt)
try:
pkt
except NameError:
self.comment += "\n ICMPv4 Packet not received"
print "Upstream Parameter Problem Pointer Translation: FAIL"
return
if pkt[0][1].proto != 1:
self.comment += "\n ICMPv4 not received"
self.packet_error = True
if pkt[0][2].type != 12:
self.comment += "\n Incorrect Type Number"
self.packet_error = True
if pkt[0][2].code != 0:
self.comment += "\n Incorrect Code Number"
self.packet_error = True
ipv4_ptr_values = [x for x in range(17)]
if pkt[0][ICMP].ptr not in ipv4_ptr_values:
self.comment += "\n Incorrect Pointer values"
self.packet_error = True
count += 1
if count != 39:
self.comment += "\n All packets not received"
self.packet_error = True
if self.packet_error:
fh = open("test_results.txt", "a")
fh.write(self.comment)
fh.close()
print "Upstream Parameter Problem Pointer Translation: FAIL"
if not self.packet_error:
print "Upstream Parameter Problem Pointer Translation: PASS"
def gen_ipv6_fragment_pcap():
"""Generate ipv6 fragment test case input pcap file."""
writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv6_fragment_rx.pcap",
append=False)
for i in range(1, 1454):
packets = create_packet(i, True)
for packet in packets:
writer.write(packet)
writer.close()
def gen_ipv4_checksum_pcap():
"""Generate ipv4 checksum test case input pcap file."""
writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv4_checksum_rx.pcap",
append=False)
for i in range(1, 1474):
packets = create_packet(i, False)
for packet in packets:
writer.write(packet)
writer.close()
def save(self):
global WRITE__
if WRITE__:
_wr = PcapWriter(WRITE__, append=False, sync=True)
_wr.write(self.THEPOL)
pull.use("Handshake >> [%s] Count [%s] %s[Saved]%s" % (pull.DARKCYAN+WRITE__+pull.END, str(len(self.THEPOL)), pull.GREEN, pull.END ))
else:
pull.error("Handshake not saved. Use -w, --write for saving handshakes. ")
def save():
global buf
global filename
#filename = "/home/seleuchel/libcap/packet/"+"packet_" + str(filenum) + ".pcap"
pktdump = PcapWriter(filename, append=True, sync=True)
pktdump.write(buf)
buf = []
filenum += 1
def gen_traffic(self, output_filename,
dst_ip_addr, dst_mac, src_mac="00:00:00:00:00:01",
ip_num=10000, packet_num=500000, payload="Normal Traffic pkts"):
print("PAcket Number: %d" % packet_num)
if not output_filename.endswith(".pcap"):
print("Invalid PCAP filename! Exiting...")
return
self.pcap_filename = output_filename
self.ip_hc_filename = str.join(".", output_filename.split(".")[:-1]) + "_ip_hc.txt"
self.ip_fake_ttl_filename = str.join(".", output_filename.split(".")[:-1]) + "_fake_ttl.txt"
# show modify request
request = "Generating " + output_filename + " with\n"
if src_mac is not None:
request += " src mac:" + src_mac + "\n"
if dst_mac is not None:
request += " dst mac:" + dst_mac + "\n"
if dst_ip_addr is not None:
request += " dst ip addr:" + dst_ip_addr + "\n"
print(request + "\n")
pcap_writer = PcapWriter(output_filename)
src_ips = []
src_hosts_with_ttl = {}
for i in range(packet_num):
if len(self.src_hosts) < ip_num:
# pick a random src ip
src_ip = self.__generate_ip()
# pick a random hc
ttl = self.__generate_rand_ttl()
else:
src_ip = src_ips[random.randint(0, len(src_ips) - 1)]
ttl = src_hosts_with_ttl[src_ip]
# calculate ttl according to hc
pkt = Ether(src=src_mac, dst=dst_mac)/IP(src=self.__ip_int2str(src_ip), dst=dst_ip_addr, ttl=ttl)/TCP(flags=0x10)/payload
pcap_writer.write(pkt)
if src_ip not in src_ips:
src_ips.append(src_ip)
src_hosts_with_ttl[src_ip] = ttl
self.src_hosts[src_ip] = self.__ttl2hc(ttl)
if i % 10000 == 0:
print("%d packets have been produced\n" % i)
print(str(len(self.src_hosts)) + " source hosts produced")
print("Writing ip,hc dict into " + self.ip_hc_filename + "...")
with open(self.ip_hc_filename, "w") as f:
json.dump(self.src_hosts, f)
f.close()
pcap_writer.flush()
pcap_writer.close()
def _toggle_write_pcap_generated(self, flag):
if flag:
if not self.write_pcap_generated_writer:
self.write_pcap_generated_writer = PcapWriter(self.pcap_generated_path, append=True, sync=True)
else:
try:
self.write_pcap_generated_writer.close()
self.write_pcap_generated_writer = None
except AttributeError:
pass
def packethandler(pkt):
pktdump = PcapWriter(pcap_file, append=True, sync=True)
if pkt.haslayer(Dot11):
if pkt.haslayer(EAPOL) or (pkt.type == 0 and pkt.addr3 == ap.lower()):
pktdump.write(pkt)
if pkt.haslayer(EAPOL):
print(
f"{Bcolors.OKGREEN}Captured EAPOL Packet from SRC:{pkt.addr2} and DST:{pkt.addr1}{Bcolors.ENDC}"
)
PACKET_LIST.append(pkt)
def __init__(self):
parser = argparse.ArgumentParser(description='Version: 3.0; Running in Py2.x')
parser.add_argument("-i", default='', help="the interface you want to use")
parser.add_argument("-mi", default='mon0', help="name of the interface in monitor mode")
parser.add_argument("-f", default='', help="local pcap filename(in the offline mode)")
parser.add_argument("-o", default='1', help="show msg in the terminal? 0: No, 1: Yes")
parser.add_argument("-sPkt", default='1', help="save Pkts during snifffing? 0: No, 1: Yes")
parser.add_argument("-sPcap", default='0', help="save Pcap during snifffing? 0: No, 1: Yes")
parser.add_argument("-fm", default='', help="filter syntax used in scapy")
parser.add_argument("-iHF", default='iHost.txt', help="highlight these hosts when stop the sniffer(in the iHost.txt")
parser.add_argument("-fHF", default='fHost.txt', help="filter these hosts when show msg in terminal(in the fHost.txt")
args = parser.parse_args()
self.iface = args.i #old interface
self.newiface = args.mi #a new interface in monitor mode
self.sign = ['—','\\' ,'|' ,'/'] #stupid thing :)
self.filename = args.f #local pcap filename
self.sfilename = str(int(time.time()))
self.outputmode = args.o #0->don't output, 1->output
self.savingPkt = args.sPkt #0->don't save, 1->save
self.savingPcap = args.sPcap
self.filtermode = '( tcp[13:1]==24 )'#'tcp[13:1]==24' -> only sniff tcp
self.SrcIP = []
self.fHF = args.fHF
if args.fm: self.filtermode += ' and ( %s )' %args.fm #
if self.savingPkt == '1': InitPktsFile(self.sfilename)
if self.savingPcap == '1': self.pktdump = PcapWriter("./Pcaps/%s.pcap" %(self.sfilename), append=True, sync=True)
try:
with open(args.iHF, 'r') as fp:
self.iHost = re.findall('(\S+)', fp.read())
except:
ErrorDog(self.Exit)
if self.iface == '' and self.filename:
print putColor('[!]Offline Mode!', 'green')
print ' [-]Filter:', putColor(self.filtermode, 'green')
print ' [-]',
ClearLine()
try:
pkt = sniff(offline = './Pcaps/' + self.filename,
prn = self.Collector,
filter = self.filtermode,
store = 0)#DO NOT USING store = 1!!!
#Or you'll see your memory BOOM
print
except:
ErrorDog(self.Exit)
else: self.Init()
self.Exit()
def parameter_problem(self):
self.m_finished = False
self.packet_error = False
self.comment = "\n ICMPv6_PARAMETER_PROBLEM"
q = Queue()
v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address)
sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 2))
sniffer.daemon = True
sniffer.start()
while not self.m_finished:
code_values = [1, 2]
for code_value in code_values:
ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address)
icmp = ICMPv6ParamProblem()
icmp.code = code_value
ip1 = IPv6(src=self.ipv6_destination_address, dst=self.ipv6_source_address)
udp = UDP(sport=self.ipv6_udp_or_tcp_destination_port, dport=self.ipv6_udp_or_tcp_source_port)
payload = "H" * 10
send(ip / icmp / ip1 / udp / payload, iface=self.ipv6_interface, verbose=False)
if not q.empty():
file_name = self.comment.lower() + ".pcap"
pktdump = PcapWriter(file_name, append=True, sync=True)
count = 0
while not q.empty():
pkt = q.get()
# print(pkt.show())
pktdump.write(pkt)
try:
pkt
except NameError:
self.comment += "\n ICMPv4 Packet not received"
print "Upstream Parameter Problem Translation: FAIL"
return
self.v4_address_check(pkt)
if pkt[0][1].proto != 1:
self.comment += "\n ICMPv6 not received"
self.packet_error = True
if pkt[0][2].type != 3:
self.comment += "\n Incorrect Type Number"
self.packet_error = True
if pkt[0][2].code != 0:
self.comment += "\n Incorrect Code Number"
self.packet_error = True
count += 1
if count == 2:
self.comment += "\n Received two packets. Code 2 should be dropped"
self.packet_error = True
if self.packet_error:
fh = open("test_results.txt", "a")
fh.write(self.comment)
fh.close()
print "Upstream Parameter Problem Translation: FAIL"
if not self.packet_error:
print "Upstream Parameter Problem Translation: PASS"
def __init__(self, iface, save, file__, curses): self.iface=iface self.save=save self.file__ = PcapWriter(file__, append=True, sync=True) if self.save else '' self.handshakes = 0 self.stop_hopper = False self.thread = self.chain_thread() self.curses = curses if self.curses: self.display = Display(self) signal.signal(signal.SIGINT, self.print_exit)
def packet_too_big(self):
mtu_values = [512, 513, 1024, 1025, 1278, 1279, 1280, 1281, 1282, 1472, 1480, 1498, 1499, 1500, 1518, 1550, 1600]
for mtu_value in mtu_values:
self.m_finished = False
self.packet_error = False
self.comment = "\n ICMPv6_PACKET_TOO_BIG"
q = Queue()
v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address)
sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 17))
sniffer.daemon = True
sniffer.start()
rx_mtu = mtu_value - 20
while not self.m_finished:
ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address)
icmp = ICMPv6PacketTooBig()
icmp.mtu = mtu_value
ip1 = IPv6(src=self.ipv6_destination_address, dst=self.ipv6_source_address)
udp = UDP(sport=self.ipv6_udp_or_tcp_destination_port, dport=self.ipv6_udp_or_tcp_source_port)
payload = "H" * 10
send(ip / icmp / ip1 / udp / payload, iface=self.ipv6_interface, verbose=False)
if not q.empty():
file_name = self.comment.lower() + ".pcap"
pktdump = PcapWriter(file_name, append=True, sync=True)
while not q.empty():
pkt = q.get()
#print(pkt.show())
pktdump.write(pkt)
q.task_done()
try:
pkt
except NameError:
self.comment += "\n ICMPv4 Packet not received"
print "Upstream Packet too Big Translation: FAIL"
return
self.v4_address_check(pkt)
if pkt[0][1].proto != 1:
self.comment += "\n ICMPv6 not received"
self.packet_error = True
if pkt[0][2].type != 3:
self.comment += "\n Incorrect Type Number"
self.packet_error = True
if pkt[0][2].code != 4:
self.comment += "\n Incorrect Code Number"
self.packet_error = True
if pkt[0][ICMP].nexthopmtu != rx_mtu:
self.comment += "\n Incorrect MTU values - should be " + str(rx_mtu) + " but was " + str(pkt[0][ICMP].nexthopmtu)
self.packet_error = True
if self.packet_error:
fh = open("test_results.txt", "a")
fh.write(self.comment)
fh.close()
print "Upstream Packet Too Big Translation (IPv6: " + str(mtu_value) + ", IPv4: " + str(rx_mtu) + "): FAIL"
if not self.packet_error:
print "Upstream Packet Too Big Translation (IPv6: " + str(mtu_value) + ", IPv4: " + str(rx_mtu) + "): PASS"
def __init__(self, ami, pcapout):
self.pcap = []
self.args = {}
self.current_time = time.time()
self.ami = ami
if self.ami.GetStartTime() > 0:
self.packet_time = self.ami.GetStartTime()
else:
self.packet_time = self.current_time - self.ami.GetSleepCursor()
self.outpcap = PcapWriter(pcapout, append=True, sync=True)
def remove_a_packet_from_pcap(file='test.pcap'):
# acquire all packets from pcap
pkts = rdpcap(file)
# ignore the first packet
pkts = pkts[1:]
# recreate pcap
os.remove(file)
pktdump = PcapWriter(file, append=True, sync=True)
# write other packets to pcap
for pkt in pkts:
pktdump.write(pkt)
pktdump.close()
def pcap_truncate(path_in, path_out):
print(f"'{path_in.name}' ({os.path.getsize(str(path_in))/(1024 * 1024)})...")
cap = rdpcap(str(path_in))
out = PcapWriter(str(path_out))
for packet in tqdm(cap, desc="Truncating PCAP", leave=False):
if packet.haslayer("IP"):
if packet.haslayer("TCP"):
packet["IP"]["TCP"].remove_payload()
elif packet.haslayer("UDP"):
packet["IP"]["UDP"].remove_payload()
out.write(packet)
out.close()
def save(p):
global filepath
global filename
if _is_need_change(filepath,filename):
filename = _change_filename(filepath,filename)
print "modifying filename: {}".format(filename)
writer = PcapWriter(filepath+filename,append=True)
writer.write(p)
writer.flush()
writer.close()
if _is_need_change(filepath,filename):
shutil.move(filepath+filename,toUploadPath+filename)
