def sniffSlaac(self, buf): #f = open(self.location) #pcap = dpkt.pcap.Reader(f) #checker = ICMP6.ICMP6.protocol #listOfMessages = [] #i = 1 #for ts, buf in pcap: eth = EthDecoder().decode(buf) ethChild = eth.child() ethChild2 = ethChild.child() try: #print ethChild2 if ethChild2.get_ip_protocol_number() == 58: destination_MAC_address = [] source_MAC_address = [] destination_MAC_address = eth.get_ether_dhost() source_MAC_address = eth.get_ether_shost() source_MAC_address_final = "" destination_MAC_address_final = "" override_flag = False router_flag = False x = 0 for x in range(6): temp_decimal = source_MAC_address[x] temp_hex = hex(temp_decimal) source_MAC_address_final = source_MAC_address_final + temp_hex[ 2:] + ":" temp_decimal = destination_MAC_address[x] temp_hex = hex(temp_decimal) destination_MAC_address_final = destination_MAC_address_final + temp_hex[ 2:] + ":" source_MAC_address_final = source_MAC_address_final[:-1].zfill( 2) destination_MAC_address_final = destination_MAC_address_final[: -1] target_link_layer_address = "" packetData = (ethChild2.get_originating_packet_data()) packetHex = [] for data in packetData: packetHex.append(hex(data)) # print packetHex source_link_layer_address = "" target_address = "" ip_source_address = ethChild.get_source_address() ip_destination_address = ethChild.get_destination_address() ndp_message_number = ethChild2.get_type() x = 0 #print packetHex contains_source, offset = self.check_ipv6_options(packetHex) if str(ndp_message_number) == "134": #Router Advertisement if str(contains_source) == "true-source": for x in range(6): source_link_layer_address = source_link_layer_address + packetHex[ x + offset + 1][2:].zfill(2) + ":" target_address = "n/a" source_link_layer_address = source_link_layer_address[: -1] target_link_layer_address = "n/a" #print "*****************************************************************************************" #print source_link_layer_address #print "*****************************************************************************************" else: source_link_layer_address = "n/a" elif str(ndp_message_number) == "135": #Neighbor Solicitation for x in range(16): target_address = target_address + packetHex[x][ 2:].zfill(2) if (x > 0): if x % 2 != 0: target_address = target_address + ":" target_address = target_address[:-1] target_link_layer_address = "n/a" if str(contains_source) == "true-source": for x in range(6): source_link_layer_address = source_link_layer_address + packetHex[ x + offset + 1][2:].zfill(2) + ":" source_link_layer_address = source_link_layer_address[: -1] #print "*****************************************************************************************" #print source_link_layer_address #print "*****************************************************************************************" else: source_link_layer_address = "n/a" elif str(ndp_message_number) == "136": #Neighbor Advertisement #print ethChild2.get_router_flag() #sample code to get router flag of NA #print ethChild2.get_override_flag() #router_flag = ethChild2.get_router_flag() #if router_flag == False: # print "if else of flag worked" if str(contains_source) == "true-target" and hex( ethChild2.child().get_bytes()[0:1][0]) == "0xa0": for x in range(6): target_link_layer_address = target_link_layer_address + packetHex[ 1 + offset + x][2:].zfill(2) + ":" target_link_layer_address = target_link_layer_address[: -1] else: target_link_layer_address = "n/a" for x in range(16): target_address = target_address + packetHex[x][ 2:].zfill(2) if (x > 0): if x % 2 != 0: target_address = target_address + ":" target_address = target_address[:-1] override_flag = ethChild2.get_override_flag() router_flag = ethChild2.get_router_flag() message_details = SLAAC_Message.SLAAC_Message( ndp_message_number, source_link_layer_address, ip_source_address, ip_destination_address, source_MAC_address_final, destination_MAC_address_final, target_address, target_link_layer_address, override_flag, router_flag) #detection_module.detect_rogue_advertisement(message_details) #print "-----------Packet Details----------" #print "NDP Message Type %s" % message_details.get_ndp_message_number() #print "Source Link Layer Address: %s" % message_details.get_source_link_layer_address() #print "Source IPv6 Address %s " % message_details.get_ip_source_address() #print "Destination IPv6 Address %s" % message_details.get_ip_destination_address() #print "Source MAC Address %s" % message_details.get_source_MAC_address() #print "Destination MAC Address %s" % message_details.get_destination_MAC_address() #print "Target Address %s" % message_details.get_target_address() #print "Target Link Layer Address %s" % message_details.get_target_link_layer_address() #print "Override Flag %s" %message_details.get_override_flag() #print "Router Flag %s" %message_details.get_router_flag() #print "----------------END----------------" #detect_module = Detection() #if message_details.get_ndp_message_number()=="134": #Last Hop Router Attack # detect_module.detect_rogue_advertisement(message_details) #elif message_details.get_ndp_message_number()=="135":#Dos in DAD # detect_module.detect_dos_dad(message_details) #elif message_details.get_ndp_message_number()=="136": #Neigbor Spoofing # if ethChild2.get_router_flag()=="false": # detect_module.detect_neighbor_spoofing((message_details)) #listOfMessages.append(message_details) except: # x = 1 print "Packet Discarded"