def parsePcapFile(pcapFileName, pcapIndex): # open the pcap file for reading pcap_file_f = open(path + "/" + pcapFileName) capfile = savefile.load_savefile(pcap_file_f, verbose=True) for pkt in capfile.packets: eth_frame = ethernet.Ethernet(pkt.raw()) eth_type = eth_frame.type if (eth_type == 2048): ip_packet = ip.IP(binascii.unhexlify(eth_frame.payload)) # foundIPs[pcapFileName][ip_packet.dst] = ip_packet.dst # push ip into table foundIPs[pcapIndex][ip_packet.dst] = 1 # push ip into table pcap_file_f.close() # close file descriptor
def index(request): answer = [] for packet in capfile.packets: try: udp_packet = None ptype = " " mac_packet = ethernet.Ethernet(packet.raw()); if mac_packet.type == 2048: ip_packet = ip.IP(binascii.unhexlify(ethernet.Ethernet(packet.raw()).payload)) ptype = "IPv4" if ip_packet.p == 17: udp_packet = udp.UDP(binascii.unhexlify(ethernet.Ethernet(packet.raw()).payload)) ptype = "UDP" else: ptype = "unknown" answer.extend([ str(packet.timestamp), #timestamp str(mac_packet.src), #Sender Mac Address str(mac_packet.dst), #Receiver Mac Address str(ip_packet.src), #Sender IP str(ip_packet.dst), #Receiver IP str(ip_packet.len)+ " " +"byte", #Payload lenght with IP header # str(ip_packet), #Print whole packet information str(mac_packet.type), #Protocol Type str(len(capfile.packets)) + " " + "Packets", # Lenght of Pcacp file str(ptype), ]) if udp_packet is not None: answer.extend([ str(udp_packet.dst_port), str(udp_packet.src_port) ]) else: answer.extend([ str(ptype) #add port details of TCP packets ]) answer.append("") except: import traceback traceback.print_exc() return HttpResponse("<br>" . join(answer))
def my_pcap_reader(filename): testcap = open('../Samples/' + filename + ".pcap", 'rb') capfile = savefile.load_savefile(testcap, verbose=True) f = open('Results/Traces/' + filename + ".txt", 'w') # eth_frame = ethernet.Ethernet(capfile.packets[0].raw()) # print eth_frame # ip_packet = ip.IP(binascii.unhexlify(eth_frame.payload)) # print ip_packet for i in range(len(capfile.packets)): eth_frame = ethernet.Ethernet(capfile.packets[i].raw()) try: ip_packet = ip.IP(binascii.unhexlify(eth_frame.payload)) except Exception as e: print e.message continue packet = capfile.packets[i] packet_type = "" if ip_packet.p == 6: packet_type = "TCP" elif ip_packet.p == 17: packet_type = "UDP" else: packet_type = "Unknown_type" milisecond = str(packet.timestamp_ms) while len(milisecond) < 6: milisecond = "0" + milisecond t1 = float(str(packet.timestamp % 100000) + "." + milisecond) t2 = float( str(capfile.packets[0].timestamp % 100000) + "." + str(capfile.packets[0].timestamp_ms)) t3 = t1 - t2 t3 = "{0:.6f}".format(t3) row = str(i + 1) + " " + str( t3 ) + " " + ip_packet.src + " " + ip_packet.dst + " " + packet_type + " " + str( packet.packet_len) print(row) f.write(row + "\n") print("------------------------------------------------") f.close()
def generate_graph(self, filename): # Open the .pcap file capture = open(filename, "rb") self.packets = savefile.load_savefile(capture, verbose=True).packets # Process the packets and generate the adjacency list based on the graph for p in self.packets: try: eth_frame = ethernet.Ethernet(p.raw()) ip_packet = ip.IP(binascii.unhexlify(eth_frame.payload)) source = ip_packet.src destination = ip_packet.dst packet_length = ip_packet.len protocol = constants.PROTOCOLS[ip_packet.p] #if source not in _infected_ips and source not in _normal_ips: # u = ("WAN", protocol) #else: infected = True if source in _infected_ips else False u = (source, protocol, infected) #if destination not in _infected_ips and destination not in _normal_ips: # v = ("WAN", protocol) #else: infected = True if destination in _infected_ips else False v = (destination, protocol, infected) if self.graph.has_edge(u, v): self.graph[u][v]['weight'] += packet_length else: self.graph.add_edge(u, v, weight=packet_length) self.statistics["total_packets"] += 1 self.statistics["largest_packet"] = max( packet_length, self.statistics["largest_packet"]) if settings.VERBOSE: if self.statistics["total_packets"] % 50000 == 0: print("Processed " + str(self.statistics["total_packets"]) + " packets") except Exception, e: self.statistics["non_ip_packets"] += 1
def get_all_flows(capdata): #input capdata flows = [] timestamps = [] for pkt in capdata.packets: eth_frame = ethernet.Ethernet(pkt.raw()) try: ip_packet = ip.IP(binascii.unhexlify(eth_frame.payload)) tcp_packet = tcp.TCP(binascii.unhexlify(eth_frame.payload)) except: continue flows.append([ ip_packet.src.decode("utf-8"), ip_packet.dst.decode("utf-8"), str(tcp_packet.src_port), str(tcp_packet.dst_port), str(ip_packet.p) ]) timestamps.append(normalized_timestamp(pkt.timestamp)) return np.unique(flows, axis=0), flows, timestamps
def get_all_flows_2(cap, attackers, write_to_file): #input file object and a file to write the flows in formation flow_file = open(write_to_file, 'a') flows = [] timestamps = [] for pkt in savefile.load_savefile(cap, lazy=True).packets: eth_frame = ethernet.Ethernet(pkt.raw()) try: ip_packet = ip.IP(binascii.unhexlify(eth_frame.payload)) tcp_packet = tcp.TCP(binascii.unhexlify(eth_frame.payload)) except: continue if ip_packet.src.decode("utf-8") in attackers: flow_file.write('{},{},{},{},{},{}\n'.format( ip_packet.src.decode("utf-8"), ip_packet.dst.decode("utf-8"), str(tcp_packet.src_port), str(tcp_packet.dst_port), str(ip_packet.p), normalized_timestamp(pkt.timestamp))) else: continue flow_file.close()
def run(self): for time, buf in pcap.pcap(promisc=True, immediate=True): eth_frame = ethernet.Ethernet(buf) try: ip_packet = ip.IP(binascii.unhexlify(eth_frame.payload)) except AssertionError: continue # ignore this packet self.queue.put({ #'vhl': ip_packet.vhl, 'tos': ip_packet.tos, 'len': ip_packet.len, 'id': ip_packet.id, 'off': ip_packet.off, 'ttl': ip_packet.ttl, 'p': ip_packet.p, 'sum': ip_packet.sum, 'src': ip_packet.src, 'dst': ip_packet.dst })
def main(args): for file in get_pcaps_list(args.input): with open(file, 'rb') as file: sf = savefile.load_savefile(file) for packet in sf.packets: eth_frame = ethernet.Ethernet(packet.raw()) ip_packet = ip.IP(binascii.unhexlify(eth_frame.payload)) ip_addr = ip_packet.src.decode("utf-8") if args.e: if ip_addr not in args.e: add_packet(ip_addr, ip_packet) # print(results.items()) newlist = sorted(results.values(), key=lambda x: x.total_packets, reverse=True) if args.l: if len(newlist) > int(args.l): print_list(newlist[:int(args.l)]) else: print_list(newlist) else: print_list(newlist)
print("No packets") exit(1) def ts(pkt): return pkt.timestamp + pkt.timestamp_ms/1000 first_packet = capfile.packets[0] first_timestamp = ts(first_packet) for p in capfile.packets: eth_frame = ethernet.Ethernet(p.raw()) tcp_packet = tcp.TCP(binascii.unhexlify(eth_frame.payload)) if tcp_packet.seqnum in seqnums: continue seqnums.add(tcp_packet.seqnum) ip_packet = ip.IP(binascii.unhexlify(eth_frame.payload)) final_timestamp = ts(p) - first_timestamp if (ip_packet.len < 1500): packet_lengths[ip_packet.len] = 1 if (ip_packet.dst == bridge): print("{:f}\t{}".format(final_timestamp, 1)) packet_directions.append(1) outgoing_packets += 1 x_out.append(p.timestamp_ms) y_out.append(ip_packet.len) outgoing_total_bytes += ip_packet.len else: print("{:f}\t{}".format(final_timestamp, -1)) packet_directions.append(-1) incoming_packets += 1 x_in.append(p.timestamp_ms)
from pcapfile import savefile from pcapfile.protocols.linklayer import ethernet from pcapfile.protocols.network import ip import binascii import sys in_pcap = input ("Enter the file name/path ::") test_pcap = open(in_pcap,'rb') capfile = savefile.load_savefile(test_pcap, verbose = True) #Now capfile file will be traeted as the normal file input for python # Store data in normal decoded format # 2019-12-25-traffic-analysis-exercise.pcap File to refer #(ip.IP(binascii.unhexlify(ethernet.Ethernet (capfile.packets[0].raw()).payload))) This is a payload for raw file data = [] for i in range (len(capfile.packets)): data.append((ip.IP(binascii.unhexlify(ethernet.Ethernet (capfile.packets[i].raw()).payload)))) #Now lets create new file with all logs as strigs print ("="*23) with open('out.txt', 'w') as f: for i in range (len(data)): print (data[i], file=f) print ("out.txt is created") print ("="*23)
def get_IP_packet(eth_frame): #print('[DEBUG] Starting get_ethernet_frame() method') ip_packet = ip.IP(binascii.unhexlify(eth_frame.payload)) #print('[DEBUG] Returning ethernet frame') return ip_packet
def parse(packet) -> (ethernet.Ethernet, ip.IP, tcp.TCP): eth_frame: ethernet.Ethernet = ethernet.Ethernet(packet.raw()) ip_packet: ip.IP = ip.IP(binascii.unhexlify(eth_frame.payload)) tcp_pkt: tcp.TCP = tcp.TCP(binascii.unhexlify(ip_packet.payload)) return eth_frame, ip_packet, tcp_pkt
# File parsing file = HA0.parse_file("nazir.txt") [_nazir_ip, _mix_ip, _num_partners, filename] = list(map(lambda x: x.split(": ")[1], file)) nazir = ip_to_int("b'"+_nazir_ip+"'") mix = ip_to_int("b'"+_mix_ip+"'") num_partners = int(_num_partners) testcap = open(filename, 'rb') capfile = savefile.load_savefile(testcap, verbose = True) # Create a list of (sender, reciever) as integer for all packets adresses = [] for i in range(0, len(capfile.packets)): eth_frame = ethernet.Ethernet(capfile.packets[i].raw()) ip_packet = ip.IP(HA0.hex_to_bytes(str(eth_frame.payload)[2:-1])) adresses.append((ip_to_int(ip_packet.src), ip_to_int(ip_packet.dst))) sets = [] disjoint = [] senders = set({}) recievers = set({}) last_source = -1 # Discovery phase for t in adresses: (src, dst) = t if mix == dst and mix == last_source: if nazir in senders: if (is_disjoint_all(recievers, disjoint)): disjoint.append(recievers)