def main(): args = parse_args() all_packet_dic = [] pkts = rdpcap(args.pcap) for pkt in pkts: if 'DNS' in pkt: raw = str(pkt['DNS']) d = read_dns_packet(raw, pkt, args.domain) if d: all_packet_dic.append(d) if args.action == 'display': for p in all_packet_dic: pretty_print(p) else: n = args.pcap ind = n.rfind('.') new_pcap = n[:ind] + '.' + args.domain + '.' + n[ind + 1:] pktdump = PcapWriter(new_pcap, append=True, sync=True) addresses = [] for p in all_packet_dic: pktdump.write(p['packet']) if p['Answers']: for a in p['Answers']: if a[1] == 1: addresses.append(a[4]) for pkt in pkts: try: if 'IP' in pkt and pkt[IP].src in addresses or pkt[ IP].dst in addresses: pktdump.write(pkt) except: IndexError
def __init__(self, psk=None, essid=None, pcap=False): self.pt = PE.pt if psk is not None and essid is not None: if os.path.isfile('handshakes.sqlite'): os.remove('handshakes.sqlite') self.con = lite.connect('handshakes.sqlite') self.con.text_factory = str self.db = self.con.cursor() self.tgtInfo = {} self.availTgts = set() self.catchDict = {} self.encDict = {} self.alert = set() self.pke = 'Pairwise key expansion' self.pmk = PBKDF2(psk, essid, 4096).read(32) self.db.execute('CREATE TABLE IF NOT EXISTS\ "shakes"("pkt" TEXT,\ "vmac" TEXT,\ "bmac" TEXT,\ "nonce" TEXT,\ "e_num" TEXT,\ UNIQUE(vmac, bmac, e_num));') self.con.commit() if pcap is True: self.eapolTrack = PcapWriter('eapols.pcap', sync=True) self.pcap = pcap else: self.eapolTrack = None self.pcap = None
def refresh(self): self._nlogs = self._get_log_count() self.packet_logger = PcapWriter( self.destination_folder + "packet_log{n}.cap".format(n=self._nlogs), append=True, sync=True)
def analyze(self,pcapFilename): hl7Output =BASE_DIR+"/hl7/networkFiles/hl7PacketDump.pcap" hl7Dump = PcapWriter((hl7Output),append=True,sync=True) G = nx.DiGraph(directed=True) print(unquote(pcapFilename)) pcapFilename = unquote(pcapFilename) packets = rdpcap(pcapFilename) networkSession = packets.sessions() for session in networkSession: for packet in networkSession[session]: try: if (str(packet[TCP].payload).startswith("b\'")) and str(packet[TCP].payload).endswith("r\'"): hl7Dump.write(packet) G.add_edge( (str(packet[IP].dst)+":"+str(packet[IP].dport)),(str(packet[IP].src)+":"+str(packet[TCP].sport))) except: continue nx.draw(G, with_labels=True) plt.show() hl7Dump.close() return hl7Output
def clsMessagesByIp(fileFrom, fileTo): packages = scapy.rdpcap(fileFrom) t_results = {} for p in packages: srcIp = MessageConvert.getClsSrcIp(p) desIp = MessageConvert.getClsDesIp(p) if srcIp == 'null' or desIp == 'null': continue mesKeyFirst = srcIp + desIp mesKeySecond = desIp + srcIp if mesKeyFirst in t_results: t_results[mesKeyFirst].append(p) elif (mesKeySecond in t_results): t_results[mesKeySecond].append(p) else: t_results[mesKeyFirst] = [] t_results[mesKeyFirst].append(p) for key in t_results: t_temp = t_results[key] t_writer = PcapWriter('%s%s.pcap' %(fileTo, key), append=True) #t_writer = PcapWriter('/home/wxw/data/cip_datanew/' + key + '.pcap', append=True) for p in t_results[key]: t_writer.write(p) t_writer.flush() t_writer.close()
def create_flows(num_packets, bytes_per_packet, output_file, zipf_param, n_flows): pktdump = PcapWriter(output_file, append=False) #fs = np.random.zipf(zipf_param, num_packets) fs = genZipf(zipf_param, n_flows, num_packets) flows = {} ip_table = IPTable() for i in xrange(num_packets): f = fs[i] # generate a single sample from zipfian distribution if f not in flows: flows[f] = 1 else: flows[f] += 1 src_ip, dst_ip, prot, sport, dport = ip_table.lookup_flow(f) pkt = IP(src=src_ip, dst=dst_ip) pkt = pkt / UDP(sport=sport, dport=dport) pkt.len = bytes_per_packet pktdump.write(pkt) flows_file = open("result-flws.txt", 'w') flows_file.write("flw_id n_pkts\n") for k, v in flows.iteritems(): flows_file.write('{} {}\n'.format(k, v)) flows_file.close()
def showPacket(packet): # method 1 : save pcap and convert csv # method 2 : input data into csv # find csv output module # first all wirte # second time save global packetcont global model # traffic info timestamp = datetime.fromtimestamp(packet[0][1].time) print(packet[0][1]) print('timestamp:', timestamp) print('Now packetcont:', packetcont) print('------------------------------------------------------') # seleuchel edit - save packet in real time filename = "./packet/pcap/packet.pcap" pktdump = PcapWriter(filename, append=True, sync=True) pktdump.write(packet) packetcont += 1 if packetcont >= 1000: # extract pcap -> csv ext_feature() #model test model = AutoEncoder('./packet/csv/exfeature/packet.pcap_Flow.csv') result_csv = model.get_result() print(result_csv) #send to server sendjson.send(result_csv) packetcont = 0
def wr_pkt(self, mode='node', port=2231): file_name = ''.join([dir_prefix, mode, '_', str(port), '.pcap']) try: pktdump = PcapWriter(file_name, append=True, sync=True) pktdump.write(self.pkt) except: raise Exception
def sniff_goose(interface): print( "GOOSE messages use IEEE 802.1Q for VLAN tagging and prioritization. Many network cards filter out the " "content of this layer. If this is also the case for you, there are often ways to change this. Since it " "varies from card to card you should google it. Otherwise you can answer 'Tagged VLANs' with n." ) time_to_capture = int(input("Time to capture (in seconds) : ")) with_iee = input("Does your interface support tagged VLANs? (y/n): ") capture_name = input("Name of the pcap file (without extension) : ") print('\nSniffing GOOSE traffic from ' '\n[*] Interface: {} ' '\n[*] For:{} seconds ' '\n[*] Tagged VLANs: {} ' '\n'.format(interface, time_to_capture, with_iee)) if with_iee == "y": # Sniffing the traffic from Publisher print( "All network packets with Ethernet, IEEE 802.1Q and RAW Layer are captured!" ) traffic = sniff(iface=interface, timeout=time_to_capture) output = PcapWriter(capture_name + ".pcap", append=True, sync=True) for frame in traffic: # Checks all frames in traffic if frame.haslayer(Ether) == 1 and frame.haslayer( Dot1Q ) == 1 and frame.haslayer( Raw ) == 1: # Checks if the frame has the Ethernet, IEEE802.1Q and Raw layer output.write(frame) # Saves the frame print("File saved as: " + capture_name) elif with_iee == "n": # Sniffing the traffic from Publisher print("All network packets with Ethernet and RAW Layer are captured!") traffic = sniff(iface=interface, timeout=time_to_capture) output = PcapWriter(capture_name + ".pcap", append=True, sync=True) for frame in traffic: # Checks all frames in traffic if frame.haslayer(Ether) == 1 and frame.haslayer( Raw ) == 1: # Checks if the frame has the Ethernet, and Raw layer output.write(frame) # Saves the frame print("File saved as: " + capture_name) else: print("Your Input was: ", with_iee, "It should be 'y' or 'n'!")
def __init__(self, interface=None, debug=False, ip_inbound=None, ip_outbound=None, protocols=None, dns=None, dports=None, sports=None, extensions=None, action_inbound_IPRule=0, action_outbound_IPRule=0, action_DNSRule=0, action_source_portRule=0, action_dest_portRule=0, action_HTTPResponse=1, action_HTTPRequest=1, action_protocolRule=0, action_scanLoad=0): """Initilize PacketFilter class.""" self.logger = logger.SecureTeaLogger(__name__, debug) # Initialize with empty list if ip_inbound is None: ip_inbound = [] if ip_outbound is None: ip_outbound = [] if protocols is None: protocols = [] if dns is None: dns = [] if sports is None: sports = [] if dports is None: dports = [] if extensions is None: extensions = [] self._action_inbound_IPRule = action_inbound_IPRule self._action_outbound_IPRule = action_outbound_IPRule self._action_protocolRule = action_protocolRule self._action_DNSRule = action_DNSRule self._action_source_portRule = action_source_portRule self._action_dest_portRule = action_dest_portRule self._action_HTTPRequest = action_HTTPRequest self._action_HTTPResponse = action_HTTPResponse self._action_scanLoad = action_scanLoad self._IP_INBOUND = ip_inbound self._IP_OUTBOUND = ip_outbound self._PROTCOLS = protocols self._DNS = dns self._DPORTS = dports self._SPORTS = sports self._EXTENSIONS = extensions # Initialize PcapWriter for PCAP dumping self.pktdump = PcapWriter("blocked.pcap", append=True, sync=True)
def __spawn_sniffer(self): """ Saves pcaps to a file. Should be run as a thread. Ends when the stop_sniffing_flag is set. Should not be called by user """ self.packet_dumper = PcapWriter(self.location, append=True, sync=True) while (self.stop_sniffing_flag == False): sniff(stop_filter=self.__packet_callback, timeout=1)
def gen_ipv4_assemble_pcap(): """Generate ipv4 assemble test case input pcap file.""" writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv4_assemble_rx.pcap", append=False) packets = create_packet(1066, False, 1024) for packet in packets: writer.write(packet) writer.close()
def create_pcap_file_from_frames(self, file_name, frames): writer = PcapWriter(file_name, append=False) for frame in frames: writer.write(frame) writer.close()
def sanitize(filepath_in, filepath_out=None, sequential=True, ipv4_mask=0, ipv6_mask=0, mac_mask=0, start_ipv4='10.0.0.1', start_ipv6='2001:aa::1', start_mac='00:aa:00:00:00:00'): if not filepath_out: timestamp = datetime.datetime.now().strftime('%y%m%d-%H%m%S') filepath_out = os.path.splitext(filepath_in)[ 0] + '_sanitized_' + timestamp + os.path.splitext(filepath_in)[1] mac_gen = MACGenerator(sequential=sequential, mask=mac_mask, start_mac=start_mac) ip4_gen = IPv4Generator(sequential=sequential, mask=ipv4_mask, start_ip=start_ipv4) ip6_gen = IPv6Generator(sequential=sequential, mask=ipv6_mask, start_ip=start_ipv6) with open(filepath_in) as capfile: #open cap file with pcapfile cap = savefile.load_savefile(capfile, verbose=False) #use scapy's pcapwriter pktwriter = PcapWriter(filepath_out, append=True) try: for pkt in cap.packets: #create scapy packet from pcapfile packet raw output pkt = Ether(pkt.raw()) #MAC addresses pkt.src = mac_gen.get_mac(pkt.src) pkt.dst = mac_gen.get_mac(pkt.dst) #IP Address try: pkt['IP'].src = ip4_gen.get_ip(pkt['IP'].src) pkt['IP'].dst = ip4_gen.get_ip(pkt['IP'].dst) except IndexError: pkt['IPv6'].src = ip6_gen.get_ip(pkt['IPv6'].src) pkt['IPv6'].dst = ip6_gen.get_ip(pkt['IPv6'].dst) pktwriter.write(pkt) finally: pktwriter.close() return filepath_out.split('/')[-1]
def parameter_problem_pointer(self): self.comment = "\n ICMPv6_PARAMETER_PROBLEM_POINTER" self.packet_error = True for ptr_value in range(0, 40): self.m_finished = False q = Queue() v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address) sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 38)) sniffer.daemon = True sniffer.start() count = 0 while not self.m_finished: ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address) icmp = ICMPv6ParamProblem() icmp.code = 0 icmp.ptr = ptr_value ip1 = IPv6(src=self.ipv6_destination_address, dst=self.ipv6_source_address) udp = UDP(sport=self.ipv6_udp_or_tcp_destination_port, dport=self.ipv6_udp_or_tcp_source_port) payload = "H" * 10 send(ip / icmp / ip1 / udp / payload, iface=self.ipv6_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) while not q.empty(): pkt = q.get() # print(pkt.show()) pktdump.write(pkt) try: pkt except NameError: self.comment += "\n ICMPv4 Packet not received" print "Upstream Parameter Problem Pointer Translation: FAIL" return if pkt[0][1].proto != 1: self.comment += "\n ICMPv4 not received" self.packet_error = True if pkt[0][2].type != 12: self.comment += "\n Incorrect Type Number" self.packet_error = True if pkt[0][2].code != 0: self.comment += "\n Incorrect Code Number" self.packet_error = True ipv4_ptr_values = [x for x in range(17)] if pkt[0][ICMP].ptr not in ipv4_ptr_values: self.comment += "\n Incorrect Pointer values" self.packet_error = True count += 1 if count != 39: self.comment += "\n All packets not received" self.packet_error = True if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "Upstream Parameter Problem Pointer Translation: FAIL" if not self.packet_error: print "Upstream Parameter Problem Pointer Translation: PASS"
def gen_ipv6_fragment_pcap(): """Generate ipv6 fragment test case input pcap file.""" writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv6_fragment_rx.pcap", append=False) for i in range(1, 1454): packets = create_packet(i, True) for packet in packets: writer.write(packet) writer.close()
def gen_ipv4_checksum_pcap(): """Generate ipv4 checksum test case input pcap file.""" writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv4_checksum_rx.pcap", append=False) for i in range(1, 1474): packets = create_packet(i, False) for packet in packets: writer.write(packet) writer.close()
def save(self): global WRITE__ if WRITE__: _wr = PcapWriter(WRITE__, append=False, sync=True) _wr.write(self.THEPOL) pull.use("Handshake >> [%s] Count [%s] %s[Saved]%s" % (pull.DARKCYAN+WRITE__+pull.END, str(len(self.THEPOL)), pull.GREEN, pull.END )) else: pull.error("Handshake not saved. Use -w, --write for saving handshakes. ")
def save(): global buf global filename #filename = "/home/seleuchel/libcap/packet/"+"packet_" + str(filenum) + ".pcap" pktdump = PcapWriter(filename, append=True, sync=True) pktdump.write(buf) buf = [] filenum += 1
def gen_traffic(self, output_filename, dst_ip_addr, dst_mac, src_mac="00:00:00:00:00:01", ip_num=10000, packet_num=500000, payload="Normal Traffic pkts"): print("PAcket Number: %d" % packet_num) if not output_filename.endswith(".pcap"): print("Invalid PCAP filename! Exiting...") return self.pcap_filename = output_filename self.ip_hc_filename = str.join(".", output_filename.split(".")[:-1]) + "_ip_hc.txt" self.ip_fake_ttl_filename = str.join(".", output_filename.split(".")[:-1]) + "_fake_ttl.txt" # show modify request request = "Generating " + output_filename + " with\n" if src_mac is not None: request += " src mac:" + src_mac + "\n" if dst_mac is not None: request += " dst mac:" + dst_mac + "\n" if dst_ip_addr is not None: request += " dst ip addr:" + dst_ip_addr + "\n" print(request + "\n") pcap_writer = PcapWriter(output_filename) src_ips = [] src_hosts_with_ttl = {} for i in range(packet_num): if len(self.src_hosts) < ip_num: # pick a random src ip src_ip = self.__generate_ip() # pick a random hc ttl = self.__generate_rand_ttl() else: src_ip = src_ips[random.randint(0, len(src_ips) - 1)] ttl = src_hosts_with_ttl[src_ip] # calculate ttl according to hc pkt = Ether(src=src_mac, dst=dst_mac)/IP(src=self.__ip_int2str(src_ip), dst=dst_ip_addr, ttl=ttl)/TCP(flags=0x10)/payload pcap_writer.write(pkt) if src_ip not in src_ips: src_ips.append(src_ip) src_hosts_with_ttl[src_ip] = ttl self.src_hosts[src_ip] = self.__ttl2hc(ttl) if i % 10000 == 0: print("%d packets have been produced\n" % i) print(str(len(self.src_hosts)) + " source hosts produced") print("Writing ip,hc dict into " + self.ip_hc_filename + "...") with open(self.ip_hc_filename, "w") as f: json.dump(self.src_hosts, f) f.close() pcap_writer.flush() pcap_writer.close()
def _toggle_write_pcap_generated(self, flag): if flag: if not self.write_pcap_generated_writer: self.write_pcap_generated_writer = PcapWriter(self.pcap_generated_path, append=True, sync=True) else: try: self.write_pcap_generated_writer.close() self.write_pcap_generated_writer = None except AttributeError: pass
def packethandler(pkt): pktdump = PcapWriter(pcap_file, append=True, sync=True) if pkt.haslayer(Dot11): if pkt.haslayer(EAPOL) or (pkt.type == 0 and pkt.addr3 == ap.lower()): pktdump.write(pkt) if pkt.haslayer(EAPOL): print( f"{Bcolors.OKGREEN}Captured EAPOL Packet from SRC:{pkt.addr2} and DST:{pkt.addr1}{Bcolors.ENDC}" ) PACKET_LIST.append(pkt)
def __init__(self): parser = argparse.ArgumentParser(description='Version: 3.0; Running in Py2.x') parser.add_argument("-i", default='', help="the interface you want to use") parser.add_argument("-mi", default='mon0', help="name of the interface in monitor mode") parser.add_argument("-f", default='', help="local pcap filename(in the offline mode)") parser.add_argument("-o", default='1', help="show msg in the terminal? 0: No, 1: Yes") parser.add_argument("-sPkt", default='1', help="save Pkts during snifffing? 0: No, 1: Yes") parser.add_argument("-sPcap", default='0', help="save Pcap during snifffing? 0: No, 1: Yes") parser.add_argument("-fm", default='', help="filter syntax used in scapy") parser.add_argument("-iHF", default='iHost.txt', help="highlight these hosts when stop the sniffer(in the iHost.txt") parser.add_argument("-fHF", default='fHost.txt', help="filter these hosts when show msg in terminal(in the fHost.txt") args = parser.parse_args() self.iface = args.i #old interface self.newiface = args.mi #a new interface in monitor mode self.sign = ['—','\\' ,'|' ,'/'] #stupid thing :) self.filename = args.f #local pcap filename self.sfilename = str(int(time.time())) self.outputmode = args.o #0->don't output, 1->output self.savingPkt = args.sPkt #0->don't save, 1->save self.savingPcap = args.sPcap self.filtermode = '( tcp[13:1]==24 )'#'tcp[13:1]==24' -> only sniff tcp self.SrcIP = [] self.fHF = args.fHF if args.fm: self.filtermode += ' and ( %s )' %args.fm # if self.savingPkt == '1': InitPktsFile(self.sfilename) if self.savingPcap == '1': self.pktdump = PcapWriter("./Pcaps/%s.pcap" %(self.sfilename), append=True, sync=True) try: with open(args.iHF, 'r') as fp: self.iHost = re.findall('(\S+)', fp.read()) except: ErrorDog(self.Exit) if self.iface == '' and self.filename: print putColor('[!]Offline Mode!', 'green') print ' [-]Filter:', putColor(self.filtermode, 'green') print ' [-]', ClearLine() try: pkt = sniff(offline = './Pcaps/' + self.filename, prn = self.Collector, filter = self.filtermode, store = 0)#DO NOT USING store = 1!!! #Or you'll see your memory BOOM print except: ErrorDog(self.Exit) else: self.Init() self.Exit()
def parameter_problem(self): self.m_finished = False self.packet_error = False self.comment = "\n ICMPv6_PARAMETER_PROBLEM" q = Queue() v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address) sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 2)) sniffer.daemon = True sniffer.start() while not self.m_finished: code_values = [1, 2] for code_value in code_values: ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address) icmp = ICMPv6ParamProblem() icmp.code = code_value ip1 = IPv6(src=self.ipv6_destination_address, dst=self.ipv6_source_address) udp = UDP(sport=self.ipv6_udp_or_tcp_destination_port, dport=self.ipv6_udp_or_tcp_source_port) payload = "H" * 10 send(ip / icmp / ip1 / udp / payload, iface=self.ipv6_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) count = 0 while not q.empty(): pkt = q.get() # print(pkt.show()) pktdump.write(pkt) try: pkt except NameError: self.comment += "\n ICMPv4 Packet not received" print "Upstream Parameter Problem Translation: FAIL" return self.v4_address_check(pkt) if pkt[0][1].proto != 1: self.comment += "\n ICMPv6 not received" self.packet_error = True if pkt[0][2].type != 3: self.comment += "\n Incorrect Type Number" self.packet_error = True if pkt[0][2].code != 0: self.comment += "\n Incorrect Code Number" self.packet_error = True count += 1 if count == 2: self.comment += "\n Received two packets. Code 2 should be dropped" self.packet_error = True if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "Upstream Parameter Problem Translation: FAIL" if not self.packet_error: print "Upstream Parameter Problem Translation: PASS"
def __init__(self, iface, save, file__, curses): self.iface=iface self.save=save self.file__ = PcapWriter(file__, append=True, sync=True) if self.save else '' self.handshakes = 0 self.stop_hopper = False self.thread = self.chain_thread() self.curses = curses if self.curses: self.display = Display(self) signal.signal(signal.SIGINT, self.print_exit)
def packet_too_big(self): mtu_values = [512, 513, 1024, 1025, 1278, 1279, 1280, 1281, 1282, 1472, 1480, 1498, 1499, 1500, 1518, 1550, 1600] for mtu_value in mtu_values: self.m_finished = False self.packet_error = False self.comment = "\n ICMPv6_PACKET_TOO_BIG" q = Queue() v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address) sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 17)) sniffer.daemon = True sniffer.start() rx_mtu = mtu_value - 20 while not self.m_finished: ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address) icmp = ICMPv6PacketTooBig() icmp.mtu = mtu_value ip1 = IPv6(src=self.ipv6_destination_address, dst=self.ipv6_source_address) udp = UDP(sport=self.ipv6_udp_or_tcp_destination_port, dport=self.ipv6_udp_or_tcp_source_port) payload = "H" * 10 send(ip / icmp / ip1 / udp / payload, iface=self.ipv6_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) while not q.empty(): pkt = q.get() #print(pkt.show()) pktdump.write(pkt) q.task_done() try: pkt except NameError: self.comment += "\n ICMPv4 Packet not received" print "Upstream Packet too Big Translation: FAIL" return self.v4_address_check(pkt) if pkt[0][1].proto != 1: self.comment += "\n ICMPv6 not received" self.packet_error = True if pkt[0][2].type != 3: self.comment += "\n Incorrect Type Number" self.packet_error = True if pkt[0][2].code != 4: self.comment += "\n Incorrect Code Number" self.packet_error = True if pkt[0][ICMP].nexthopmtu != rx_mtu: self.comment += "\n Incorrect MTU values - should be " + str(rx_mtu) + " but was " + str(pkt[0][ICMP].nexthopmtu) self.packet_error = True if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "Upstream Packet Too Big Translation (IPv6: " + str(mtu_value) + ", IPv4: " + str(rx_mtu) + "): FAIL" if not self.packet_error: print "Upstream Packet Too Big Translation (IPv6: " + str(mtu_value) + ", IPv4: " + str(rx_mtu) + "): PASS"
def __init__(self, ami, pcapout): self.pcap = [] self.args = {} self.current_time = time.time() self.ami = ami if self.ami.GetStartTime() > 0: self.packet_time = self.ami.GetStartTime() else: self.packet_time = self.current_time - self.ami.GetSleepCursor() self.outpcap = PcapWriter(pcapout, append=True, sync=True)
def remove_a_packet_from_pcap(file='test.pcap'): # acquire all packets from pcap pkts = rdpcap(file) # ignore the first packet pkts = pkts[1:] # recreate pcap os.remove(file) pktdump = PcapWriter(file, append=True, sync=True) # write other packets to pcap for pkt in pkts: pktdump.write(pkt) pktdump.close()
def pcap_truncate(path_in, path_out): print(f"'{path_in.name}' ({os.path.getsize(str(path_in))/(1024 * 1024)})...") cap = rdpcap(str(path_in)) out = PcapWriter(str(path_out)) for packet in tqdm(cap, desc="Truncating PCAP", leave=False): if packet.haslayer("IP"): if packet.haslayer("TCP"): packet["IP"]["TCP"].remove_payload() elif packet.haslayer("UDP"): packet["IP"]["UDP"].remove_payload() out.write(packet) out.close()
def save(p): global filepath global filename if _is_need_change(filepath,filename): filename = _change_filename(filepath,filename) print "modifying filename: {}".format(filename) writer = PcapWriter(filepath+filename,append=True) writer.write(p) writer.flush() writer.close() if _is_need_change(filepath,filename): shutil.move(filepath+filename,toUploadPath+filename)