def action_sniff(db, args):
"Run sniffing thread"
from sniffer import Sniffer
sniffer = Sniffer(db,
args.interface,
args.related_interface,
sniffer_name=args.sniffer_name,
enable_hopping=args.enable_hopping,
use_24=args.use_24,
use_pop5=args.use_pop5)
sniffer.run()
def test_capture(self):
print ""
print "TEST CAPTURE"
print ""
config_client = {
"sync_server_ip": "stacksync.urv.cat",
"sync_server_port": 8080,
"packet_limit": -1,
"max_bytes": 65535,
"promiscuous": False,
"read_timeout": 100
}
print config_client
sniff = Sniffer(self.personal_cloud, config_client)
result = sniff.run()
print result
result = sniff.rage_quit()
# pdb.set_trace()
self.assertEqual(0, 0)
class SnifferSession:
DELAY = 1
sniffer = None
def __init__(self, args, loop=None, packet_callback=None, **kwargs):
self.sniffer = Sniffer(argv=args,
packet_callback=packet_callback,
loop=loop,
**kwargs)
self.packets_count = 0
self.packets = []
self.packets_by_time = defaultdict(list)
self.start_time = None
self.last_time = None
self.ips = set()
self.ports_by_addr = defaultdict(set)
self.filters = defaultdict(lambda: ANY)
self.online = None
def set_callback(self, callback):
self.sniffer.packet_callback = callback
def start_sniffer(self):
self.online = True
self.sniffer.run()
def stop_sniffer(self):
self.sniffer.running = False
def setup_sniffer(self):
self.sniffer.setup()
def open_pcap(self):
self.online = False
self.sniffer.open_pcap()
def set_pcap_filename(self, filename):
self.sniffer.pcap_filename = filename
def get_stream_stat(self):
return self.sniffer.analyze_stream()
@staticmethod
def _round_time(dt, round_to=60):
seconds = (dt.replace(tzinfo=None) - dt.min).seconds
rounding = (seconds + round_to / 2) // round_to * round_to
return dt + timedelta(0, rounding - seconds, -dt.microsecond)
def get_interval_position(self, start, end):
return ((end - start) / self.DELAY).seconds
def get_last_interval(self):
return self.get_interval_position(self.start_time, self.last_time)
def add_packet(self, packet):
# packet.packet.frame_info
# .time_relative - no need to be converted
# .time_epoch - need to be converted
t = datetime.fromtimestamp(
int(packet.packet.frame_info.time_epoch.split('.')[0]))
t = self._round_time(t, self.DELAY)
if self.start_time is None:
self.start_time = t
self.ips.add(packet.src_addr)
self.ports_by_addr[packet.src_addr].add(packet.src_port)
self.ports_by_addr['ANY'].add(packet.src_port)
self.sniffer.update_stream(packet)
item = {
'packet': packet,
'time': t,
'packet_capacity': int(packet.packet.length)
}
self.packets.append(item)
self.packets_count += 1
self.last_time = t
self.packets_by_time[self.get_last_interval()].append(item)
def get_packets_by_number(self,
first=None,
second=None,
enable_filtration=False):
first = first or 0
second = second or self.packets_count
result = {}
for idx in range(first, min(len(self.packets), second + 1)):
packet = self.packets[idx]
if not enable_filtration or self.apply_filter(packet):
result[idx] = [packet]
return result
def apply_filter(self, packet):
def any_any():
return faddr1 == faddr2 == fport1 == fport2 == 'ANY'
def equal(var1, var2):
return var1 == var2 or var2 == 'ANY'
def equals(addr1, addr2, port1, port2):
return equal(addr1, addr2) and equal(port1, port2)
src_addr = packet['packet'].src_addr
dst_addr = packet['packet'].dst_addr
src_port = str(int(packet['packet'].src_port))
dst_port = str(int(packet['packet'].dst_port))
faddr1 = self.filters['addr1']
faddr2 = self.filters['addr2']
fport1 = self.filters['port1']
fport2 = self.filters['port2']
if any_any():
return True
if faddr1 != 'ANY':
if src_addr == faddr1 and equal(src_port, fport1):
if equals(dst_addr, faddr2, dst_port, fport2):
return True
if dst_addr == faddr1 and equal(dst_port, fport1):
if equals(src_addr, faddr2, src_port, fport2):
return True
if faddr2 != 'ANY':
if src_addr == faddr2 and equal(src_port, fport2):
if equals(dst_addr, faddr1, dst_port, fport1):
return True
if dst_addr == faddr2 and equal(dst_port, fport2):
if equals(src_addr, faddr1, src_port, fport1):
return True
if fport1 != 'ANY':
if src_port == fport1 and equal(src_addr, faddr1):
if equals(dst_port, fport2, dst_addr, faddr2):
return True
if dst_port == fport1 and equal(dst_addr, faddr1):
if equals(src_port, fport2, src_addr, faddr2):
return True
if fport2 != 'ANY':
if src_port == fport2 and equal(src_addr, faddr2):
if equals(dst_port, fport1, dst_addr, faddr1):
return True
if dst_port == fport2 and equal(dst_addr, faddr2):
if equals(src_port, fport1, src_addr, faddr1):
return True
return False
def get_packets_by_descret_times(self,
start,
end,
callback=lambda x: x,
enable_filtration=False):
result = defaultdict(list)
for t in range(self.get_last_interval()):
if t in self.packets_by_time:
packets = self.packets_by_time[t]
else:
packets = []
if t < start:
continue
if end < t:
break
if not enable_filtration:
result[t] = callback(packets)
continue
filtered_packets = []
for pkt in packets:
if self.apply_filter(pkt):
filtered_packets.append(pkt)
result[t] = callback(filtered_packets)
return result
def get_ips(self):
return self.ips
def get_ports(self, addr='ANY'):
return self.ports_by_addr[addr]
def save(self):
pass
def clear_session(self):
pass
def main():
proxyips = Crawler.run()
logger.info('Crawler finish, total ip: %s', len(proxyips))
sniffer = Sniffer()
sniffer.run(proxyips)
def main():
proxyips = Crawler.run()
logger.info('Crawler finish, total ip: %s', len(proxyips))
sniffer = Sniffer()
sniffer.run(proxyips)
ip = packet[IP]
tcp = packet[TCP]
flags = tcp.flags
logging_packet(packet)
if flags == "S":
i = IP(src=ip.dst, dst=ip.src)
t = TCP(sport=tcp.dport, dport=tcp.sport, flags='SA', seq=random.randint(1, 45536), ack=(tcp.seq + 1))
frame = i / t
send(frame, verbose=False)
elif 'P' in list(str(flags)):
i = IP(src=ip.dst, dst=ip.src)
t = TCP(sport=tcp.dport, dport=tcp.sport, flags='A', seq=tcp.ack, ack=(tcp.seq + len(packet)))
frame = i / t
send(frame, verbose=False)
if __name__ == "__main__":
# sniff filter
print(f"Filter: TCP and IpAddress: {TARGET_IP_ADDRESS}")
# フィルタ作成
packet_filter = lambda p: is_tcp_packet(p) and has_ip_address(p, TARGET_IP_ADDRESS)
# sniffing用Thread作成・実施
sniffer = Sniffer(prn=find_tcp_packet, packet_filter=packet_filter)
sniffer.run()
