def __init__(self, buf): self.destMac = utils.mac_addr(buf[0:6]) self.sourceMac = utils.mac_addr(buf[6:12]) self.type = consts.eth_types[''.join('%02x' % compat_ord(b) for b in buf[12:14]).upper()] self.type_code = ''.join('%02x' % compat_ord(b) for b in buf[12:14]).upper()
def mac_parser(eth): """ Parse and convert src & dst Mac address in hex to string Args: eth: dpkt.ethernet.Ethernet Returns: tuple: (src_mac, dst_mac) """ return (':'.join('%02x' % compat_ord(b) for b in eth.src), ':'.join('%02x' % compat_ord(b) for b in eth.dst))
def mac_addr(address): """Convert a MAC address to a readable/printable string Args: address (str): a MAC address in hex form (e.g. '\x01\x02\x03\x04\x05\x06') Returns: str: Printable/readable MAC address """ return ':'.join('%02x' % compat_ord(b) for b in address)
def mac_addr(address): """ Casts ip raw in string format :param address: :return: """ return ':'.join('%02x' % compat_ord(b) for b in address)
def main(): try: pcap = dpkt.pcap.Reader(open(sys.argv[1], 'rb')) except (IOError, IndexError, ValueError): print("Error: A pcap file could not be read") sys.exit() DG = nx.DiGraph() for ts, pkt in pcap: eth = dpkt.ethernet.Ethernet(pkt) srcMac = ':'.join('%02x' % compat_ord(b) for b in eth.src) dstMac = ':'.join('%02x' % compat_ord(b) for b in eth.dst) DG.add_edge(srcMac, dstMac) nx.draw(DG, with_labels=True, node_color='skyblue') plt.draw() plt.show()
def unpack_mac_addr(hex_addr): """Unpack MAC address from bytes representation. :param bytes hex_addr: MAC address bytes :returns: MAC address with colon-delimited octets :rtype: str """ return ':'.join('%02x' % compat_ord(b) for b in hex_addr)
def mac_addr(address): """ Convert a MAC address to a readable/printable string Taken from the dpkt website :param address: a string MAC address in hex form (e.g. '\x01\x02\x03\x04\x05\x06') :returns: readable string of MAC address """ return ":".join("%02x" % compat_ord(b) for b in address)
def mac_addr(address): """Convert a MAC address to a readable/printable string Args: address (str): a MAC address in hex form (e.g. '\x01\x02\x03\x04\x05\x06') Returns: str: Printable/readable MAC address """ return ':'.join('%02x' % compat_ord(b) for b in address)
def parse_data(udp_data): """Conver data in UDP to readable string Args: udp_data: hex form Returns: str: """ return ' '.join('%02x' % compat_ord(b) for b in udp_data)
def _sniff(e, iface, queue): prctl.set_name('AI detector - sniff packet') pc = pcap.pcap(iface, promisc=True, immediate=True) pc.setfilter('ip') for ptime, pdata in pc: eth = dpkt.ethernet.Ethernet(pdata) ip = eth.data sip = socket.inet_ntoa(ip.src) smac = ':'.join('%02x' % compat_ord(b) for b in eth.src) queue.put((sip, smac, str(pdata), ptime)) if e.is_set(): break
def mac_addr(address): """Convert a MAC address to a readable/printable string Args: address (str): a MAC address in hex form (e.g. '\x01\x02\x03\x04\x05\x06') Returns: str: Printable/readable MAC address """ global _macnum, _macdic mac = ':'.join('%02x' % compat_ord(b) for b in address) if mac not in _macdic: _macdic[mac] = chr(_macnum) _macnum += 1 return mac
def mac_addr(address):#converts mac address from hex to a readable format return ':'.join('%02x' % compat_ord(b) for b in address)
def mac_addr(address): ''' Borrowed. ''' return ':'.join('%02x' % compat_ord(b) for b in address)
def mac_addr(address): return ':'.join('%02x' % compat_ord(b) for b in address)
def feature_extract(pkt_tuple): global flow_statics, src_addr_list, info raw_pkt = pkt_tuple[0] pkt_time = pkt_tuple[1] eth = dpkt.ethernet.Ethernet(raw_pkt) ip = eth.data sip = socket.inet_ntoa(ip.src) dip = socket.inet_ntoa(ip.dst) smac = ':'.join('%02x' % compat_ord(b) for b in eth.src) dmac = ':'.join('%02x' % compat_ord(b) for b in eth.dst) protocol = None global miss_count if ip.p == dpkt.ip.IP_PROTO_UDP: protocol = 'UDP' elif ip.p == dpkt.ip.IP_PROTO_TCP: protocol = 'TCP' elif ip.p == dpkt.ip.IP_PROTO_ICMP: protocol = 'ICMP' proto = ip.data try: sport = str(proto.sport) except: sport = None try: dport = str(proto.dport) except: dport = None if (sip, smac) not in src_addr_list: src_addr_list.append((sip, smac)) ip_key = None mac_key = None pid = str(ip.id) if sport != None or protocol == 'ICMP': ip_key = (sip, dip, sport, dport, protocol) mac_key = (smac, dmac, sport, dport, protocol) if ip.off & dpkt.ip.IP_MF: if (sip, pid) not in info: if sport == None: ip_key = (sip, dip, sport, dport, protocol, pid) info[(sip, pid)] = ip_key else: ip_key = info[(sip, pid)] if (smac, pid) not in info: if sport == None: mac_key = (smac, dmac, sport, dport, protocol, pid) info[(smac, pid)] = mac_key else: mac_key = info[(smac, pid)] else: pass # fragment packet has no UDP/TCP layer if ip.off & dpkt.ip.IP_MF and sport != None: if (sip, pid) in info: old_key = info[(sip, pid)] if old_key in flow_statics: flow_statics[ip_key] = flow_statics[old_key].copy() del flow_statics[old_key] info[(sip, pid)] = ip_key if (smac, pid) in info: old_key = info[(smac, pid)] if old_key in flow_statics: flow_statics[mac_key] = flow_statics[old_key].copy() del flow_statics[old_key] info[(smac, pid)] = mac_key elif ip.off & dpkt.ip.IP_MF == 0: if (sip, pid) in info: if sport == None: ip_key = info[(sip, pid)] else: if info.get((sip, pid), None): old_key = info[(sip, pid)] if old_key in flow_statics: flow_statics[ip_key] = flow_statics[old_key].copy() del flow_statics[old_key] info.pop((sip, pid), None) if (smac, pid) in info: if sport == None: mac_key = info[(smac, pid)] else: if info.get((smac, pid), None): old_key = info[(smac, pid)] if old_key in flow_statics: flow_statics[mac_key] = flow_statics[old_key].copy() del flow_statics[old_key] info.pop((sip, pid), None) if ip_key == None or mac_key == None: miss_count += 1 return update_data(ip_key, eth, protocol, pkt_time) update_data(mac_key, eth, protocol, pkt_time)
def mac_addr(address): #转换mac地址为字符串 return ':'.join('%02x' % compat_ord(b) for b in address)
def feature_extract(pkt_tuple): global flow_statics, src_addr_list, total_count, info total_count += 1 #outputfile.write('new packet\n') if total_count % 10000 == 0: print total_count tmp = time.time() raw_pkt = pkt_tuple[0] pkt_time = pkt_tuple[1] eth = dpkt.ethernet.Ethernet(raw_pkt) ip = eth.data sip = socket.inet_ntoa(ip.src) dip = socket.inet_ntoa(ip.dst) smac = ':'.join('%02x' % compat_ord(b) for b in eth.src) dmac = ':'.join('%02x' % compat_ord(b) for b in eth.dst) protocol = None global miss_count if ip.p == dpkt.ip.IP_PROTO_UDP: protocol = 'UDP' elif ip.p == dpkt.ip.IP_PROTO_TCP: protocol = 'TCP' elif ip.p == dpkt.ip.IP_PROTO_ICMP: protocol = 'ICMP' proto = ip.data try: sport = str(proto.sport) except: sport = None try: dport = str(proto.dport) except: dport = None if (sip, smac) not in src_addr_list: src_addr_list.append((sip, smac)) ip_key = None mac_key = None pid = str(ip.id) #outputfile.write('count ' + sip + ' ' + dip + ' ' + str(sport) + ' ' + pid + ' ' + str(ip.off) + '\n') #outputfile.flush() #if protocol == 'UDP' or protocol == 'TCP' or protocol == 'ICMP': if sport != None or protocol == 'ICMP': ip_key = (sip, dip, sport, dport, protocol) mac_key = (smac, dmac, sport, dport, protocol) if ip.off & dpkt.ip.IP_MF: if (sip, pid) not in info: #if protocol == None: if sport == None: ip_key = (sip, dip, sport, dport, protocol, pid) #outputfile.write('Add ' + str((sip, pid)) + ' ' + str(ip_key) + '\n') #outputfile.flush() info[(sip, pid)] = ip_key else: ip_key = info[(sip, pid)] if (smac, pid) not in info: #if protocol == None: if sport == None: mac_key = (smac, dmac, sport, dport, protocol, pid) info[(smac, pid)] = mac_key else: mac_key = info[(smac, pid)] else: pass # fragment packet has no UDP/TCP layer #if ip.off & dpkt.ip.IP_MF and protocol != None: if ip.off & dpkt.ip.IP_MF and sport != None: if (sip, pid) in info: old_key = info[(sip, pid)] if old_key in flow_statics: flow_statics[ip_key] = flow_statics[old_key].copy() del flow_statics[old_key] info[(sip, pid)] = ip_key if (smac, pid) in info: old_key = info[(smac, pid)] if old_key in flow_statics: flow_statics[mac_key] = flow_statics[old_key].copy() del flow_statics[old_key] info[(smac, pid)] = mac_key elif ip.off & dpkt.ip.IP_MF == 0: if (sip, pid) in info: #if protocol == None: #outputfile.write('info\n') #outputfile.write(str(info)+'\n') #outputfile.flush() if sport == None: #outputfile.write('info: '+str(info[(sip, pid)]) + '\n') ip_key = info[(sip, pid)] else: if info.get((sip, pid), None): old_key = info[(sip, pid)] if old_key in flow_statics: flow_statics[ip_key] = flow_statics[old_key].copy() del flow_statics[old_key] #del info[(sip, pid)] info.pop((sip, pid), None) #outputfile.write('Remove ' + str((sip, pid)) + '\n') #outputfile.write('IP key: '+str(ip_key)+'\n') #outputfile.flush() if (smac, pid) in info: #if protocol == None: if sport == None: #outputfile.write('info: '+str(info[(smac, pid)]) + '\n') mac_key = info[(smac, pid)] else: if info.get((smac, pid), None): old_key = info[(smac, pid)] if old_key in flow_statics: flow_statics[mac_key] = flow_statics[old_key].copy() del flow_statics[old_key] #del info[(smac, pid)] info.pop((smac, pid), None) #outputfile.write('Remove ' + str((smac, pid)) + '\n') #outputfile.write('MAC key: '+str(mac_key)+'\n') #outputfile.flush() else: pass #outputfile.write(str(ip_key)+'\n') #outputfile.write(str(mac_key)+'\n') if ip_key == None or mac_key == None: miss_count += 1 #print miss_count, pkt.time outputfile.write('miss_count ' + str(miss_count)+' '+ str(pkt_time)+'\n') #outputfile.write(str(ip_key)+'\n') #outputfile.write(str(mac_key)+'\n') #outputfile.write(str(sport)+' '+str(protocol)+' '+str(pid) + ' '+str(ip.off)+'\n') #outputfile.write(str(info)+'\n') outputfile.flush() return global attacker if protocol == 'TCP' and proto.flags & dpkt.tcp.TH_SYN: if (dip, dport) in ddos_target1: if str(ip_key) not in attacker: attacker.append(str(ip_key)) if str(mac_key) not in attacker: attacker.append(str(mac_key)) if (sip, dip) in ddos_target2: if str(ip_key) not in attacker: attacker.append(str(ip_key)) if str(mac_key) not in attacker: attacker.append(str(mac_key)) update_data(ip_key, eth, protocol, pkt_time) update_data(mac_key, eth, protocol, pkt_time) return
try: # gets the packets from the pcap file that have the source address from the dot, and are tcp packets #for packet in PcapReader('alexa10_B.pcap'): #('alexa_7_7_16.pcap'): # use PcapReader rather than rdpcap bc rdpcap creates a list in memory #while rcapreader doesn't so it makes it possible to process huge pcap files for filename in os.listdir("weather"): if filename.endswith(".pcap"): f = open("weather/" + filename, 'rb') for packet in PcapReader("weather/" + filename): #for packet in dpkt.pcap.Reader(f): pcap = dpkt.pcap.Reader(f) for ts, buf in pcap: if (pcap is not None): #check for SSL here eth = dpkt.ethernet.Ethernet(buf) #print examples.print_packets.mac_addr(eth.src) mac_source = ':'.join('%02x' % compat_ord(b) for b in eth.src) # MAC address!!!! mac_dest = ':'.join('%02x' % compat_ord(b) for b in eth.dst) if (mac_source == mac_address or mac_dest == mac_address): if isinstance(eth.data, dpkt.ip.IP): #checks if the Ethernet data contains an IP packet ip = eth.data print ip.p if isinstance(ip.data, dpkt.tcp.TCP): # check if there's a tcp layer packets.append(buf) #if (packet[Ether].src == mac_address or packet[Ether].dst == mac_address): # if (IP in packet): # ath - if IP doesn't exist, could it then be a tcp layer or not? # if (packet[IP].proto == 6): # 6 means it's the TCP layer # packets.append(packet)
def mac_addr(addr): from dpkt.compat import compat_ord return ":".join("%02x"%compat_ord(b) for b in addr)
def mac_to_str(mac): return ':'.join('%02x' % compat_ord(b) for b in mac)
def mac_addr( address ): #Refer to Reference #Used to convert binary to mac addresses return ":".join("%02x" % compat_ord(b) for b in address)