def extract(folder, filename): http_payload = '' extracted_images = 1 pcap = PcapReader(filename) pcap.parse() for packet in pcap.get_packets(): if packet.layers[2]: if packet.layers[2]['Source port'] == 80 or packet.layers[2]['Destination port'] == 80: http_payload += str(packet.layers[2]['Data']) boundaries = get_payload_boundaries(http_payload) headers = get_http_headers_and_content(http_payload, boundaries) clean_name = filename.split('/') clean_name = clean_name[len(clean_name) - 1] if headers: for h in headers: if 'image/jpeg' in h['Content-Type']: image, image_type = extract_images(h, http_payload, boundaries) if image is not None and image_type is not None: filename = '%s-pycket_%s.%s' %(clean_name, extracted_images, image_type) fd = open('%s/%s' % (folder, filename), 'wb') fd.write(image) fd.close() extracted_images += 1 return extracted_images
def extract(folder, filename): http_payload = '' extracted_images = 1 pcap = PcapReader(filename) pcap.parse() for packet in pcap.get_packets(): if packet.layers[2]: if packet.layers[2]['Source port'] == 80 or packet.layers[2][ 'Destination port'] == 80: http_payload += str(packet.layers[2]['Data']) boundaries = get_payload_boundaries(http_payload) headers = get_http_headers_and_content(http_payload, boundaries) clean_name = filename.split('/') clean_name = clean_name[len(clean_name) - 1] if headers: for h in headers: if 'image/jpeg' in h['Content-Type']: image, image_type = extract_images(h, http_payload, boundaries) if image is not None and image_type is not None: filename = '%s-pycket_%s.%s' % ( clean_name, extracted_images, image_type) fd = open('%s/%s' % (folder, filename), 'wb') fd.write(image) fd.close() extracted_images += 1 return extracted_images
def open_pcap(self): fileName = QtGui.QFileDialog.getOpenFileName(self, "Open File", "/home", "Pcap files (*.pcap)") if fileName: try: pcap_reader = PcapReader(fileName) pcap_reader.parse() for packet in pcap_reader.get_packets(): self.add_packet(packet) except ValueError: QtGui.QMessageBox.information(self, "Error", "'"+fileName+"' is not a pcap file.") except: print "Unexpected error:", sys.exc_info()[0]
def main(argv): """ runs the ui main loop """ try: inputfile = argv[0] reader = PcapReader(inputfile) while True: selection = show_main_menu() handle_user_selection(selection, reader) except Exception as e: print(e)
def filter(pcap_file_name, hosts, ports): """Given the file name pcap_file_name, scans the named packet dump for packets matching the given transport layer ports and/or hosts, and yields a PacketSynopsis. hosts and ports are sequences. To match any port, provide an empty sequence; similarly for hosts.""" for p, m in PcapReader(pcap_file_name): try: e = dpkt.ethernet.Ethernet(p) i = e.data t = i.data src = ip_address(i.src) dstntn = ip_address(i.dst) if ports and (t.dport not in ports) and (t.sport not in ports): continue if hosts and (src not in hosts) and (dstntn not in hosts): continue # This bit of cheese with Decimal is an attempt to avoid # floating-point rounding errors, to maintain the same # timestamps as found when you look at the pcap in # Wireshark. It appears to work so far. yield PacketSynopsis(timestamp=Decimal("%d.%06d" % m[:2]), source_host=src, source_port=t.sport, destination_host=dstntn, destination_port=t.dport, frame_bytes=len(p), ip_bytes=len(e.data), transport_bytes=len(i.data), application_bytes=len(t.data), application_payload=t.data) except Exception, e: sys.stderr.write(str(type(e)) + ": " + e.message + "\n")
Config = ConfigParser() Config.read(CONFIG_FILE) HOST = Config.get('network', 'host') PORT = Config.getint('network', 'port') MAX_BYTES = Config.getint('logging', 'maxBytes') BACKUP_COUNT = Config.getint('logging', 'backupCount') BUFFER_OUTPUT = Config.getboolean('logging', 'useFileForOutput') splunkLogger = SplunkLogger(path.join(LOG_PATH, 'output.log'), MAX_BYTES, BACKUP_COUNT) debugLogger = SplunkLogger(path.join(LOG_PATH, 'debug.log'), MAX_BYTES, BACKUP_COUNT) # ProcessPcap is about testing, we're reading a previously captured .pcap file captureFile = Config.get('testing', 'file') pkts = PcapReader(captureFile) # For each packet in the pcap file, extract, decode and print AppFlow IPFIX records. # NOTE: for testing, we want high log output (unless we care about speed) debugLogger.setLevel(logging.WARNING) f1 = time() for p in pkts: # assume layer 2 is Ethernet l3type = unpack(">H", p[12:14])[0] if l3type != 0x800: # not IP debugLogger.info("DISCARD: Non-IP Packet") continue pos = 14 # Ethernet length
bdy = stream[dlmtr + 4:end] if "gzip" in hdrs.get("content-encoding", "").lower(): return GzipFile(fileobj=StringIO(bdy)).read() return bdy if __name__ == "__main__": import sys from PcapReader import PcapReader if 2 != len(sys.argv): print "Usage: summarize_http pcap-file" sys.exit(1) frms = ethernet_frames([p for p, m in PcapReader(sys.argv[1])]) dt_grms = ip_datagrams(frms) strms = tcp_streams(dt_grms) for s in [t for t in strms]: if (80 not in s) and (443 not in s) and (53 not in s): continue #print s #for m in REQUEST_MATCHER.finditer(strms[s]): # print m.group() #for m in RESPONSE_MATCHER.finditer(strms[s]): # print m.group() #for m in REQUEST_RESPONSE_MATCHER.finditer(strms[s]): # print m.group() print[m.group() for m in summarize_http_connection(strms[s])]
cnctns[c].sort(compare_by_sequence) d = [] for p in cnctns[c]: try: d.append(p.data) except AttributeError, e: pass cnctns[c] = "".join(d) except TypeError, e: print "Packet:", type(e), str(e) return cnctns if __name__ == "__main__": import sys from PcapReader import PcapReader if 2 != len(sys.argv): print "Usage: reassemble.py pcap-file" sys.exit(1) strms = streams(PcapReader(sys.argv[1])) for s in strms: print "(begin", str(s), ")" print strms[s] print "(end", str(s), ")" print