from scapy.packet import bind_layers, split_layers, Raw # Custom imports import pysap from pysap.SAPNI import SAPNI from pysap.SAPDiag import SAPDiag, SAPDiagDP from pysap.SAPDiagItems import * # Bind the SAPDiag layer bind_layers(SAPNI, SAPDiag,) bind_layers(SAPNI, SAPDiagDP,) bind_layers(SAPDiagDP, SAPDiag,) bind_layers(SAPDiag, SAPDiagItem,) bind_layers(SAPDiagItem, SAPDiagItem,) # Unbind the SAPNI layer so we can perform the reassemble split_layers(TCP, SAPNI, dport=3200) # Set the verbosity to 0 conf.verb = 0 class DiagParser(object): packets_metadata = {} def __init__(self, options): self.options = options self.port = options.port def parse_packet(self, pkt):
name = "IKEv2 Certificate" fields_desc = [ ByteEnumField("next_payload", None, IKEv2_payload_type), ByteField("res", 0), FieldLenField("length", None, "cert_data", "H", adjust=lambda pkt, x: x + 5), # noqa: E501 ByteEnumField("cert_type", 0, IKEv2CertificateEncodings), StrLenField("cert_data", "", length_from=lambda x:x.length - 5), ] IKEv2_payload_type_overload = {} for i, payloadname in enumerate(IKEv2_payload_type): name = "IKEv2_payload_%s" % payloadname if name in globals(): IKEv2_payload_type_overload[globals()[name]] = {"next_payload": i} del i, payloadname, name IKEv2_class._overload_fields = IKEv2_payload_type_overload.copy() split_layers(UDP, ISAKMP, sport=500) split_layers(UDP, ISAKMP, dport=500) bind_layers(UDP, IKEv2, dport=500, sport=500) # TODO: distinguish IKEv1/IKEv2 bind_layers(UDP, IKEv2, dport=4500, sport=4500) def ikev2scan(ip, **kwargs): """Send a IKEv2 SA to an IP and wait for answers.""" return sr(IP(dst=ip) / UDP() / IKEv2(init_SPI=RandString(8), exch_type=34) / IKEv2_payload_SA(prop=IKEv2_payload_Proposal()), **kwargs) # noqa: E501
return pkt def build_hmac_sha1(self, pw=b'\x00' * 20, ip4l=[], ip6l=[]): h = hmac.new(pw, digestmod=hashlib.sha1) # XXX: this is a dirty hack. it needs to pack version and type into a single 8bit field # noqa: E501 h.update(b'\x21') # XXX: mac addy if different from special link layer. comes before vhid h.update(struct.pack('!B', self.vhid)) sl = [] for i in ip4l: # sort ips from smallest to largest sl.append(inet_aton(i)) sl.sort() for i in sl: h.update(i) # XXX: do ip6l sorting return h.digest() warning("CARP overwrites VRRP !") # This cancel the bindings done in vrrp.py split_layers(IP, VRRP, proto=IPPROTO_VRRP) split_layers(IP, VRRPv3, proto=IPPROTO_VRRP) # CARP bindings bind_layers(IP, CARP, proto=112, dst='224.0.0.18')
def tearDown(self): split_layers(Ether, self.RandomHeader, type=0x801) super(RandomPSATest, self).tearDown()
"cert_data", "H", adjust=lambda pkt, x: x + 5), # noqa: E501 ByteEnumField("cert_type", 0, IKEv2CertificateEncodings), StrLenField("cert_data", "", length_from=lambda x: x.length - 5), ] IKEv2_payload_type_overload = {} for i, payloadname in enumerate(IKEv2_payload_type): name = "IKEv2_payload_%s" % payloadname if name in globals(): IKEv2_payload_type_overload[globals()[name]] = {"next_payload": i} del i, payloadname, name IKEv2_class._overload_fields = IKEv2_payload_type_overload.copy() split_layers(UDP, ISAKMP, sport=500) split_layers(UDP, ISAKMP, dport=500) bind_layers(UDP, IKEv2, dport=500, sport=500) # TODO: distinguish IKEv1/IKEv2 bind_layers(UDP, IKEv2, dport=4500, sport=4500) def ikev2scan(ip, **kwargs): """Send a IKEv2 SA to an IP and wait for answers.""" return sr( IP(dst=ip) / UDP() / IKEv2(init_SPI=RandString(8), exch_type=34) / IKEv2_payload_SA(prop=IKEv2_payload_Proposal()), **kwargs) # noqa: E501
def main(): if len(sys.argv) < 2: raise ValueError("Usage: %s <pcap file>" % os.path.basename(sys.argv[0])) # Use scapy for IP/UDP/TCP parsing only - not for parsing DNS split_layers(UDP, DNS) split_layers(TCP, DNS) pcap_filename = sys.argv[1] packets = rdpcap(pcap_filename) LOG.info("Loaded %s: %r", pcap_filename, packets) #LOG.debug("%s", packets[1667].show()) #parsePartialDNS(packets[2589].load, packets[2589].proto) dns_num = 0 total = 0 rcode_catagory = {} sizelist = [] total_size = 0 roundtrip = {} domainDic = {} maxAn = 0 for pkt in packets: total += 1 # Packet size = IP size + 14 frame size if hasattr(pkt, 'len'): # frame size = 14 Bytes sizelist.append(pkt.len + 14) total_size += pkt.len + 14 # DNS payload part. if hasattr(pkt, 'load'): # DNS port = 53 if (hasattr(pkt, 'dport') and pkt.dport == 53) or \ (hasattr(pkt, 'sport') and pkt.sport == 53): dns_num += 1 # UDP & TCP proto No. if pkt.proto == 17 or pkt.proto == 6: flag, id, d, an = parsePartialDNS(pkt.load, pkt.proto) rcode = flag & 0xF qr = flag & 0x8000 if qr: maxAn = max(maxAn, an) # RCODE statistic. if rcode not in rcode_catagory: rcode_catagory[rcode] = 0 else: rcode_catagory[rcode] += 1 # Latency statistic. time = pkt.time if id not in roundtrip: roundtrip[id] = time else: roundtrip[id] = abs(roundtrip[id] - time) # LOG.info("%s %s", hex(id), total) # Domain statistic. if d not in domainDic: domainDic[d] = 1 else: domainDic[d] += 1 LOG.debug("Visiting packet: %r", pkt) # TODO: Your code can start here. sorted_domain = sorted(domainDic.items(), key=lambda x: x[1]) sizelist.sort() l = len(sizelist) a = int(l / 2) b = int((l - 1) / 2) median = (sizelist[a] + sizelist[b]) / 2 LOG.info("The number of DNS is %s", dns_num) LOG.info("The most number of RRs is %s", maxAn) LOG.info("Average packet size : %.3f Bytes", total_size / l) LOG.info("Median packet size : %s Bytes", median) n = 1 while n < 6: LOG.info("top " + str(n) + " frequency domain : %s", sorted_domain.pop()) n += 1 total_latency = [] for k, v in roundtrip.items(): total_latency.append(v) LOG.info("Average Latency : %.3fs", sum(total_latency) / len(roundtrip)) total_latency.sort() latency95_idx = int(len(total_latency) * 0.95) LOG.info("95Latency: %.3fs", total_latency[latency95_idx]) printHis(rcode_catagory) LOG.info("Done.")
fields_desc = [ ShortField("ifindex", None), ShortField("vrf", None), ShortEnumField("cmd", 1, vrouter_agent_cmd_no), IntField("param", None), IntField("param_1", None), IntField("param_2", None), IntField("param_3", None), IntField("param_4", None), ByteField("param_5", None), ThreeBytesField("param_5_pack", None) ] def mysummary(self): summary = self.sprintf("%cmd% vif0/%ifindex% Vrf:%vrf%") if self.cmd == 6 or self.cmd == 15: summary += self.sprintf(" Flow:%param% Gen:%param_5%" " K(nh)=%param_1%") return summary def guess_payload_class(self, payload): return InnerEther split_layers(Ether, IP, type=0x800) bind_layers(Ether, VrouterAgentHdr, type=0x800) bind_layers(InnerEther, IP, type=0x800) bind_layers(InnerEther, IPv6, type=0x86DD) bind_layers(InnerEther, ARP, type=0x0806)
import re import time import os from test_case import TestCase from pmd_output import PmdOutput from settings import HEADER_SIZE from packet import Packet, load_pcapfile from scapy.layers.inet import UDP, IP from scapy.packet import split_layers, bind_layers from vxlan import Vxlan from vxlan import VXLAN_PORT CLOUD_PORT = 8472 split_layers(UDP, Vxlan, dport=VXLAN_PORT) bind_layers(UDP, Vxlan, dport=CLOUD_PORT) # # # Test class. # class CloudFilterConfig(object): """ Module for config/verify cloud filter rule """ RULE_TYPE = [ 'iip', 'imac', 'omac+imac+vni', 'imac+ivlan+vni', 'imac+ivlan'
ConditionalField(PacketField("frame", None, Packet), lambda pkt: pkt.management_frame==PON_FALSE), ConditionalField(PacketField("frame", None, OmciFrame), lambda pkt: pkt.management_frame==PON_TRUE) ] class PAS5211EventOnuActivation(PAS5211Event): name = "PAS5211EventOnuActivation" fields_desc = [ StrFixedLenField("serial_number", None, length=8), LEIntField("equalization_period", None) ] # bindings for messages received split_layers(Dot3, LLC) bind_layers(Dot3, PAS5211FrameHeader) bind_layers(PAS5211FrameHeader, PAS5211MsgHeader) bind_layers(PAS5211MsgHeader, PAS5211MsgGetProtocolVersion, opcode=0x3000 | 2) bind_layers(PAS5211MsgHeader, PAS5211MsgGetProtocolVersionResponse, opcode=0x2800 | 2) bind_layers(PAS5211MsgHeader, PAS5211MsgGetOltVersion, opcode=0x3000 | 3) bind_layers(PAS5211MsgHeader, PAS5211MsgGetOltVersionResponse, opcode=0x3800 | 3) bind_layers(PAS5211MsgHeader, PAS5211MsgSetOltOptics, opcode=0x3000 | 106) bind_layers(PAS5211MsgHeader, PAS5211MsgSetOltOpticsResponse, opcode=0x2800 | 106) bind_layers(PAS5211MsgHeader, PAS5211MsgSetOpticsIoControl, opcode=0x3000 | 108) bind_layers(PAS5211MsgHeader, PAS5211MsgSetOpticsIoControlResponse, opcode=0x2800 | 108)
def re_bind_nvgre_to_gre(self): split_layers(IP, NVGRE, frag=0, proto=IPPROTO_NVGRE) bind_layers(IP, GRE, frag=0, proto=IPPROTO_NVGRE)