def main(): args = parse_args() all_packet_dic = [] pkts = rdpcap(args.pcap) for pkt in pkts: if 'DNS' in pkt: raw = str(pkt['DNS']) d = read_dns_packet(raw, pkt, args.domain) if d: all_packet_dic.append(d) if args.action == 'display': for p in all_packet_dic: pretty_print(p) else: n = args.pcap ind = n.rfind('.') new_pcap = n[:ind] + '.' + args.domain + '.' + n[ind + 1:] pktdump = PcapWriter(new_pcap, append=True, sync=True) addresses = [] for p in all_packet_dic: pktdump.write(p['packet']) if p['Answers']: for a in p['Answers']: if a[1] == 1: addresses.append(a[4]) for pkt in pkts: try: if 'IP' in pkt and pkt[IP].src in addresses or pkt[ IP].dst in addresses: pktdump.write(pkt) except: IndexError
class WrpcapSink(Sink): """Packets received on low input are written to PCAP file .. code:: +----------+ >>-| |->> | | >-|--[pcap] |-> +----------+ """ def __init__(self, fname, name=None, linktype=None): Sink.__init__(self, name=name) self.fname = fname self.f = None self.linktype = linktype def start(self): self.f = PcapWriter(self.fname, linktype=self.linktype) def stop(self): if self.f: self.f.flush() self.f.close() def push(self, msg): if msg: self.f.write(msg)
def analyze(self,pcapFilename): hl7Output =BASE_DIR+"/hl7/networkFiles/hl7PacketDump.pcap" hl7Dump = PcapWriter((hl7Output),append=True,sync=True) G = nx.DiGraph(directed=True) print(unquote(pcapFilename)) pcapFilename = unquote(pcapFilename) packets = rdpcap(pcapFilename) networkSession = packets.sessions() for session in networkSession: for packet in networkSession[session]: try: if (str(packet[TCP].payload).startswith("b\'")) and str(packet[TCP].payload).endswith("r\'"): hl7Dump.write(packet) G.add_edge( (str(packet[IP].dst)+":"+str(packet[IP].dport)),(str(packet[IP].src)+":"+str(packet[TCP].sport))) except: continue nx.draw(G, with_labels=True) plt.show() hl7Dump.close() return hl7Output
class pcap_write(gr.sync_block): def __init__(self,f,append=True): gr.sync_block.__init__(self,"pcap_write",[],[]) self.message_port_register_in(pmt.intern("pdus")); self.set_msg_handler(pmt.intern("pdus"), self.handler); self.f = f self.append = append def start(self): self.pcap = PcapWriter(self.f, append=self.append, sync=True) def stop(self): pass def handler(self, pdu): meta = pmt.to_python(pmt.car(pdu)) x = pmt.to_python(pmt.cdr(pdu)) z = l2.Raw(x.tostring()) if(meta.has_key("timestamp")): t = meta['timestamp'] if( type(t) == tuple ): t = t[0]+t[1] else : t = t z.time = t self.pcap.write(z); def work(self, input_items, output_items): pass
def clsMessagesByIp(fileFrom, fileTo): packages = scapy.rdpcap(fileFrom) t_results = {} for p in packages: srcIp = MessageConvert.getClsSrcIp(p) desIp = MessageConvert.getClsDesIp(p) if srcIp == 'null' or desIp == 'null': continue mesKeyFirst = srcIp + desIp mesKeySecond = desIp + srcIp if mesKeyFirst in t_results: t_results[mesKeyFirst].append(p) elif (mesKeySecond in t_results): t_results[mesKeySecond].append(p) else: t_results[mesKeyFirst] = [] t_results[mesKeyFirst].append(p) for key in t_results: t_temp = t_results[key] t_writer = PcapWriter('%s%s.pcap' %(fileTo, key), append=True) #t_writer = PcapWriter('/home/wxw/data/cip_datanew/' + key + '.pcap', append=True) for p in t_results[key]: t_writer.write(p) t_writer.flush() t_writer.close()
def create_flows(num_packets, bytes_per_packet, output_file, zipf_param, n_flows): pktdump = PcapWriter(output_file, append=False) #fs = np.random.zipf(zipf_param, num_packets) fs = genZipf(zipf_param, n_flows, num_packets) flows = {} ip_table = IPTable() for i in xrange(num_packets): f = fs[i] # generate a single sample from zipfian distribution if f not in flows: flows[f] = 1 else: flows[f] += 1 src_ip, dst_ip, prot, sport, dport = ip_table.lookup_flow(f) pkt = IP(src=src_ip, dst=dst_ip) pkt = pkt / UDP(sport=sport, dport=dport) pkt.len = bytes_per_packet pktdump.write(pkt) flows_file = open("result-flws.txt", 'w') flows_file.write("flw_id n_pkts\n") for k, v in flows.iteritems(): flows_file.write('{} {}\n'.format(k, v)) flows_file.close()
class pcap_write(gr.sync_block): def __init__(self, f, append=True): gr.sync_block.__init__(self, "pcap_write", [], []) self.message_port_register_in(pmt.intern("pdus")) self.set_msg_handler(pmt.intern("pdus"), self.handler) self.f = f self.append = append def start(self): self.pcap = PcapWriter(self.f, append=self.append, sync=True) def stop(self): pass def handler(self, pdu): meta = pmt.to_python(pmt.car(pdu)) x = pmt.to_python(pmt.cdr(pdu)) z = l2.Raw(x.tostring()) if (meta.has_key("timestamp")): t = meta['timestamp'] if (type(t) == tuple): t = t[0] + t[1] else: t = t z.time = t self.pcap.write(z) def work(self, input_items, output_items): pass
def showPacket(packet): # method 1 : save pcap and convert csv # method 2 : input data into csv # find csv output module # first all wirte # second time save global packetcont global model # traffic info timestamp = datetime.fromtimestamp(packet[0][1].time) print(packet[0][1]) print('timestamp:', timestamp) print('Now packetcont:', packetcont) print('------------------------------------------------------') # seleuchel edit - save packet in real time filename = "./packet/pcap/packet.pcap" pktdump = PcapWriter(filename, append=True, sync=True) pktdump.write(packet) packetcont += 1 if packetcont >= 1000: # extract pcap -> csv ext_feature() #model test model = AutoEncoder('./packet/csv/exfeature/packet.pcap_Flow.csv') result_csv = model.get_result() print(result_csv) #send to server sendjson.send(result_csv) packetcont = 0
class PcapClass: def __init__(self): self.Filename = "PacketCapture" self.LivePcap = None def CreateLivePacket(self): self.LivePcap = PcapWriter(self.Filename + ".pcap", append=True, sync=True) def AppendPacket(self, pkt): if self.LivePcap is not None: self.LivePcap.write(pkt.GetPacket()) def ChangeName(self, NewName): if self.LivePcap is None: self.FileName = NewName def LoadPcap(self, PcapFileDirectory, PktList): if self.LivePcap is None: self.LivePcap = rdpcap(PcapFileDirectory) frame = 1 for i in self.LivePcap: Packet(i, frame, PktList, True) frame += 1
class PluginsData(object): def __init__(self, ami, pcapout): self.pcap = [] self.args = {} self.current_time = time.time() self.ami = ami if self.ami.GetStartTime() > 0: self.packet_time = self.ami.GetStartTime() else: self.packet_time = self.current_time - self.ami.GetSleepCursor() self.outpcap = PcapWriter(pcapout, append=True, sync=True) def AddPacket(self, action, pkt): pkt.time = self.packet_time + action.GetSleepCursor() self.outpcap.write(pkt) # self.pcap.append(pkt) def _set(self, key, value): self.args[key] = value def _get(self, key): return self.args[key] def __str__(self): return str(self.args)
def wr_pkt(self, mode='node', port=2231): file_name = ''.join([dir_prefix, mode, '_', str(port), '.pcap']) try: pktdump = PcapWriter(file_name, append=True, sync=True) pktdump.write(self.pkt) except: raise Exception
def gen_ipv4_assemble_pcap(): """Generate ipv4 assemble test case input pcap file.""" writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv4_assemble_rx.pcap", append=False) packets = create_packet(1066, False, 1024) for packet in packets: writer.write(packet) writer.close()
def create_pcap_file_from_frames(self, file_name, frames): writer = PcapWriter(file_name, append=False) for frame in frames: writer.write(frame) writer.close()
class WrpcapSink(Sink): """ Writes :py:class:`Packet` on the low entry to a ``pcap`` file. Ignores all messages on the high entry. .. note:: Due to limitations of the ``pcap`` format, all packets **must** be of the same link type. This class will not mutate packets to conform with the expected link type. .. code:: +----------+ >>-| |->> | | >-|--[pcap] |-> +----------+ :param fname: Filename to write packets to. :type fname: str :param linktype: See :py:attr:`linktype`. :type linktype: None or int .. py:attribute:: linktype Set an explicit link-type (``DLT_``) for packets. This must be an ``int`` or ``None``. This is the same as the :py:func:`wrpcap` ``linktype`` parameter. If ``None`` (the default), the linktype will be auto-detected on the first packet. This field will *not* be updated with the result of this auto-detection. This attribute has no effect after calling :py:meth:`PipeEngine.start`. """ def __init__(self, fname, name=None, linktype=None): # type: (str, Optional[str], Optional[int]) -> None Sink.__init__(self, name=name) self.fname = fname self.f = None # type: Optional[PcapWriter] self.linktype = linktype def start(self): # type: () -> None self.f = PcapWriter(self.fname, linktype=self.linktype) def stop(self): # type: () -> None if self.f: self.f.flush() self.f.close() def push(self, msg): # type: (Packet) -> None if msg and self.f: self.f.write(msg)
def sanitize(filepath_in, filepath_out=None, sequential=True, ipv4_mask=0, ipv6_mask=0, mac_mask=0, start_ipv4='10.0.0.1', start_ipv6='2001:aa::1', start_mac='00:aa:00:00:00:00'): if not filepath_out: timestamp = datetime.datetime.now().strftime('%y%m%d-%H%m%S') filepath_out = os.path.splitext(filepath_in)[ 0] + '_sanitized_' + timestamp + os.path.splitext(filepath_in)[1] mac_gen = MACGenerator(sequential=sequential, mask=mac_mask, start_mac=start_mac) ip4_gen = IPv4Generator(sequential=sequential, mask=ipv4_mask, start_ip=start_ipv4) ip6_gen = IPv6Generator(sequential=sequential, mask=ipv6_mask, start_ip=start_ipv6) with open(filepath_in) as capfile: #open cap file with pcapfile cap = savefile.load_savefile(capfile, verbose=False) #use scapy's pcapwriter pktwriter = PcapWriter(filepath_out, append=True) try: for pkt in cap.packets: #create scapy packet from pcapfile packet raw output pkt = Ether(pkt.raw()) #MAC addresses pkt.src = mac_gen.get_mac(pkt.src) pkt.dst = mac_gen.get_mac(pkt.dst) #IP Address try: pkt['IP'].src = ip4_gen.get_ip(pkt['IP'].src) pkt['IP'].dst = ip4_gen.get_ip(pkt['IP'].dst) except IndexError: pkt['IPv6'].src = ip6_gen.get_ip(pkt['IPv6'].src) pkt['IPv6'].dst = ip6_gen.get_ip(pkt['IPv6'].dst) pktwriter.write(pkt) finally: pktwriter.close() return filepath_out.split('/')[-1]
def save(self): global WRITE__ if WRITE__: _wr = PcapWriter(WRITE__, append=False, sync=True) _wr.write(self.THEPOL) pull.use("Handshake >> [%s] Count [%s] %s[Saved]%s" % (pull.DARKCYAN+WRITE__+pull.END, str(len(self.THEPOL)), pull.GREEN, pull.END )) else: pull.error("Handshake not saved. Use -w, --write for saving handshakes. ")
def parameter_problem_pointer(self): self.comment = "\n ICMPv6_PARAMETER_PROBLEM_POINTER" self.packet_error = True for ptr_value in range(0, 40): self.m_finished = False q = Queue() v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address) sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 38)) sniffer.daemon = True sniffer.start() count = 0 while not self.m_finished: ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address) icmp = ICMPv6ParamProblem() icmp.code = 0 icmp.ptr = ptr_value ip1 = IPv6(src=self.ipv6_destination_address, dst=self.ipv6_source_address) udp = UDP(sport=self.ipv6_udp_or_tcp_destination_port, dport=self.ipv6_udp_or_tcp_source_port) payload = "H" * 10 send(ip / icmp / ip1 / udp / payload, iface=self.ipv6_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) while not q.empty(): pkt = q.get() # print(pkt.show()) pktdump.write(pkt) try: pkt except NameError: self.comment += "\n ICMPv4 Packet not received" print "Upstream Parameter Problem Pointer Translation: FAIL" return if pkt[0][1].proto != 1: self.comment += "\n ICMPv4 not received" self.packet_error = True if pkt[0][2].type != 12: self.comment += "\n Incorrect Type Number" self.packet_error = True if pkt[0][2].code != 0: self.comment += "\n Incorrect Code Number" self.packet_error = True ipv4_ptr_values = [x for x in range(17)] if pkt[0][ICMP].ptr not in ipv4_ptr_values: self.comment += "\n Incorrect Pointer values" self.packet_error = True count += 1 if count != 39: self.comment += "\n All packets not received" self.packet_error = True if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "Upstream Parameter Problem Pointer Translation: FAIL" if not self.packet_error: print "Upstream Parameter Problem Pointer Translation: PASS"
def gen_ipv4_checksum_pcap(): """Generate ipv4 checksum test case input pcap file.""" writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv4_checksum_rx.pcap", append=False) for i in range(1, 1474): packets = create_packet(i, False) for packet in packets: writer.write(packet) writer.close()
def save(): global buf global filename #filename = "/home/seleuchel/libcap/packet/"+"packet_" + str(filenum) + ".pcap" pktdump = PcapWriter(filename, append=True, sync=True) pktdump.write(buf) buf = [] filenum += 1
def gen_ipv6_fragment_pcap(): """Generate ipv6 fragment test case input pcap file.""" writer = PcapWriter(con.TLDK_TESTCONFIG + "/test_ipv6_fragment_rx.pcap", append=False) for i in range(1, 1454): packets = create_packet(i, True) for packet in packets: writer.write(packet) writer.close()
def gen_traffic(self, output_filename, dst_ip_addr, dst_mac, src_mac="00:00:00:00:00:01", ip_num=10000, packet_num=500000, payload="Normal Traffic pkts"): print("PAcket Number: %d" % packet_num) if not output_filename.endswith(".pcap"): print("Invalid PCAP filename! Exiting...") return self.pcap_filename = output_filename self.ip_hc_filename = str.join(".", output_filename.split(".")[:-1]) + "_ip_hc.txt" self.ip_fake_ttl_filename = str.join(".", output_filename.split(".")[:-1]) + "_fake_ttl.txt" # show modify request request = "Generating " + output_filename + " with\n" if src_mac is not None: request += " src mac:" + src_mac + "\n" if dst_mac is not None: request += " dst mac:" + dst_mac + "\n" if dst_ip_addr is not None: request += " dst ip addr:" + dst_ip_addr + "\n" print(request + "\n") pcap_writer = PcapWriter(output_filename) src_ips = [] src_hosts_with_ttl = {} for i in range(packet_num): if len(self.src_hosts) < ip_num: # pick a random src ip src_ip = self.__generate_ip() # pick a random hc ttl = self.__generate_rand_ttl() else: src_ip = src_ips[random.randint(0, len(src_ips) - 1)] ttl = src_hosts_with_ttl[src_ip] # calculate ttl according to hc pkt = Ether(src=src_mac, dst=dst_mac)/IP(src=self.__ip_int2str(src_ip), dst=dst_ip_addr, ttl=ttl)/TCP(flags=0x10)/payload pcap_writer.write(pkt) if src_ip not in src_ips: src_ips.append(src_ip) src_hosts_with_ttl[src_ip] = ttl self.src_hosts[src_ip] = self.__ttl2hc(ttl) if i % 10000 == 0: print("%d packets have been produced\n" % i) print(str(len(self.src_hosts)) + " source hosts produced") print("Writing ip,hc dict into " + self.ip_hc_filename + "...") with open(self.ip_hc_filename, "w") as f: json.dump(self.src_hosts, f) f.close() pcap_writer.flush() pcap_writer.close()
def packethandler(pkt): pktdump = PcapWriter(pcap_file, append=True, sync=True) if pkt.haslayer(Dot11): if pkt.haslayer(EAPOL) or (pkt.type == 0 and pkt.addr3 == ap.lower()): pktdump.write(pkt) if pkt.haslayer(EAPOL): print( f"{Bcolors.OKGREEN}Captured EAPOL Packet from SRC:{pkt.addr2} and DST:{pkt.addr1}{Bcolors.ENDC}" ) PACKET_LIST.append(pkt)
def parameter_problem(self): self.m_finished = False self.packet_error = False self.comment = "\n ICMPv6_PARAMETER_PROBLEM" q = Queue() v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address) sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 2)) sniffer.daemon = True sniffer.start() while not self.m_finished: code_values = [1, 2] for code_value in code_values: ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address) icmp = ICMPv6ParamProblem() icmp.code = code_value ip1 = IPv6(src=self.ipv6_destination_address, dst=self.ipv6_source_address) udp = UDP(sport=self.ipv6_udp_or_tcp_destination_port, dport=self.ipv6_udp_or_tcp_source_port) payload = "H" * 10 send(ip / icmp / ip1 / udp / payload, iface=self.ipv6_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) count = 0 while not q.empty(): pkt = q.get() # print(pkt.show()) pktdump.write(pkt) try: pkt except NameError: self.comment += "\n ICMPv4 Packet not received" print "Upstream Parameter Problem Translation: FAIL" return self.v4_address_check(pkt) if pkt[0][1].proto != 1: self.comment += "\n ICMPv6 not received" self.packet_error = True if pkt[0][2].type != 3: self.comment += "\n Incorrect Type Number" self.packet_error = True if pkt[0][2].code != 0: self.comment += "\n Incorrect Code Number" self.packet_error = True count += 1 if count == 2: self.comment += "\n Received two packets. Code 2 should be dropped" self.packet_error = True if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "Upstream Parameter Problem Translation: FAIL" if not self.packet_error: print "Upstream Parameter Problem Translation: PASS"
def packet_too_big(self): mtu_values = [512, 513, 1024, 1025, 1278, 1279, 1280, 1281, 1282, 1472, 1480, 1498, 1499, 1500, 1518, 1550, 1600] for mtu_value in mtu_values: self.m_finished = False self.packet_error = False self.comment = "\n ICMPv6_PACKET_TOO_BIG" q = Queue() v4_cap_filter = 'icmp and dst {}'.format(self.ipv4_source_address) sniffer = Thread(target=self.v6sniffer, args=(q, v4_cap_filter, 17)) sniffer.daemon = True sniffer.start() rx_mtu = mtu_value - 20 while not self.m_finished: ip = IPv6(src=self.ipv6_source_address, dst=self.ipv6_destination_address) icmp = ICMPv6PacketTooBig() icmp.mtu = mtu_value ip1 = IPv6(src=self.ipv6_destination_address, dst=self.ipv6_source_address) udp = UDP(sport=self.ipv6_udp_or_tcp_destination_port, dport=self.ipv6_udp_or_tcp_source_port) payload = "H" * 10 send(ip / icmp / ip1 / udp / payload, iface=self.ipv6_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) while not q.empty(): pkt = q.get() #print(pkt.show()) pktdump.write(pkt) q.task_done() try: pkt except NameError: self.comment += "\n ICMPv4 Packet not received" print "Upstream Packet too Big Translation: FAIL" return self.v4_address_check(pkt) if pkt[0][1].proto != 1: self.comment += "\n ICMPv6 not received" self.packet_error = True if pkt[0][2].type != 3: self.comment += "\n Incorrect Type Number" self.packet_error = True if pkt[0][2].code != 4: self.comment += "\n Incorrect Code Number" self.packet_error = True if pkt[0][ICMP].nexthopmtu != rx_mtu: self.comment += "\n Incorrect MTU values - should be " + str(rx_mtu) + " but was " + str(pkt[0][ICMP].nexthopmtu) self.packet_error = True if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "Upstream Packet Too Big Translation (IPv6: " + str(mtu_value) + ", IPv4: " + str(rx_mtu) + "): FAIL" if not self.packet_error: print "Upstream Packet Too Big Translation (IPv6: " + str(mtu_value) + ", IPv4: " + str(rx_mtu) + "): PASS"
def save(p): global filepath global filename if _is_need_change(filepath,filename): filename = _change_filename(filepath,filename) print "modifying filename: {}".format(filename) writer = PcapWriter(filepath+filename,append=True) writer.write(p) writer.flush() writer.close() if _is_need_change(filepath,filename): shutil.move(filepath+filename,toUploadPath+filename)
def remove_a_packet_from_pcap(file='test.pcap'): # acquire all packets from pcap pkts = rdpcap(file) # ignore the first packet pkts = pkts[1:] # recreate pcap os.remove(file) pktdump = PcapWriter(file, append=True, sync=True) # write other packets to pcap for pkt in pkts: pktdump.write(pkt) pktdump.close()
def pcap_truncate(path_in, path_out): print(f"'{path_in.name}' ({os.path.getsize(str(path_in))/(1024 * 1024)})...") cap = rdpcap(str(path_in)) out = PcapWriter(str(path_out)) for packet in tqdm(cap, desc="Truncating PCAP", leave=False): if packet.haslayer("IP"): if packet.haslayer("TCP"): packet["IP"]["TCP"].remove_payload() elif packet.haslayer("UDP"): packet["IP"]["UDP"].remove_payload() out.write(packet) out.close()
def sanitize( filepath_in, filepath_out=None, sequential=True, ipv4_mask=0, ipv6_mask=0, mac_mask=0, start_ipv4="10.0.0.1", start_ipv6="2001:aa::1", start_mac="00:aa:00:00:00:00", ): if not filepath_out: timestamp = datetime.datetime.now().strftime("%y%m%d-%H%m%S") filepath_out = os.path.splitext(filepath_in)[0] + "_sanitized_" + timestamp + os.path.splitext(filepath_in)[1] mac_gen = MACGenerator(sequential=sequential, mask=mac_mask, start_mac=start_mac) ip4_gen = IPv4Generator(sequential=sequential, mask=ipv4_mask, start_ip=start_ipv4) ip6_gen = IPv6Generator(sequential=sequential, mask=ipv6_mask, start_ip=start_ipv6) with open(filepath_in) as capfile: # open cap file with pcapfile cap = savefile.load_savefile(capfile, verbose=False) # use scapy's pcapwriter pktwriter = PcapWriter(filepath_out, append=True) try: for pkt in cap.packets: # create scapy packet from pcapfile packet raw output pkt = Ether(pkt.raw()) # MAC addresses pkt.src = mac_gen.get_mac(pkt.src) pkt.dst = mac_gen.get_mac(pkt.dst) # IP Address try: pkt["IP"].src = ip4_gen.get_ip(pkt["IP"].src) pkt["IP"].dst = ip4_gen.get_ip(pkt["IP"].dst) except IndexError: pkt["IPv6"].src = ip6_gen.get_ip(pkt["IPv6"].src) pkt["IPv6"].dst = ip6_gen.get_ip(pkt["IPv6"].dst) pktwriter.write(pkt) finally: pktwriter.close() return filepath_out.split("/")[-1]
def save_handshake(self, pkts, bss): f_name = 'handshakes' fi_name = '%s.cap' % (bss.replace(':', '').lower()) self.c_v_path(os.path.join(os.getcwd(), f_name)) file__ = PcapWriter(os.path.join(os.getcwd(), f_name, fi_name), append=True, sync=True) for pkt in pkts: file__.write(pkt) file__.close() return os.path.join(os.getcwd(), f_name, fi_name)
def modify_traffic(self, output_filename, fake_ttl=False, src_mac=None, dst_mac=None, src_ip_addr=None, dst_ip_addr=None): if fake_ttl is True and len(self.src_hosts_with_fake_ttl) == 0: print("Please extract ip2hc table before modify traffic with fake ttl.") # show modify request request = "Generating " + output_filename + " with\n" if fake_ttl: request += " fake ttl\n" if src_mac is not None: request += " src mac:" + src_mac + "\n" if dst_mac is not None: request += " dst mac:" + dst_mac + "\n" if src_ip_addr is not None: request += " src ip addr:" + src_ip_addr + "\n" if dst_ip_addr is not None: request += " dst ip addr:" + dst_ip_addr + "\n" print(request + "\n") pcap_reader = PcapReader(self.pcap_filename) pcap_writer = PcapWriter(output_filename) counter = 0 while True: pkt = pcap_reader.read_packet() if pkt is None: break if not pkt.haslayer('Ether') or not pkt.haslayer('IP'): continue # ipv4 packets counter += 1 ip_int = self.__ip_str2int(pkt['IP'].src) if fake_ttl: pkt['IP'].ttl = self.src_hosts_with_fake_ttl[ip_int] if src_mac is not None: pkt['Ethernet'].src = src_mac if dst_mac is not None: pkt['Ethernet'].dst = dst_mac if src_ip_addr is not None: pkt['IP'].src = src_ip_addr if dst_ip_addr is not None: pkt['IP'].dst = dst_ip_addr pcap_writer.write(pkt) if counter % 10000 == 0: print("%d packets have been processed\n" % counter) pcap_writer.flush() pcap_writer.close() pcap_reader.close()
def downstream_fragments(self): ip = IP(src=self.ipv4_source_address, dst=self.ipv4_destination_address, id=30000) udp = UDP(sport=self.ipv4_udp_or_tcp_source_port, dport=self.ipv4_udp_or_tcp_destination_port) payload = "a" * 1500 packet = ip / udp / payload frags = scapy.all.fragment(packet, fragsize=1000) for fragment in frags: send(fragment, iface=ipv4_interface, verbose=False) self.m_finished = False self.packet_error = False self.comment = "\n IPv4_PACKET_FRAGMENTS" q = Queue() v6_cap_filter = 'dst {}'.format(self.ipv6_source_address) sniffer = Thread(target=self.v6sniffer, args=(q, v6_cap_filter, 2)) sniffer.daemon = True sniffer.start() while not self.m_finished: send(fragment, iface=ipv4_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) count = 0 while not q.empty(): pkt = q.get() # print(pkt.show()) # file_name = self.comment.lower()+".pcap" # wrpcap(file_name, pkt) pktdump.write(pkt) try: pkt except NameError: self.comment += "\n Fragments forwarded by BR not received" print "IPv4 Fragments forwarded by BR: FAIL" return if count == 0: self.v6_address_check(pkt) self.v6_port_check(pkt) if count == 1: # Second Fragment self.v6_address_check(pkt) if pkt[0][1].nh != 44: self.comment += "\n No Fragment Header found" count += 1 if count != 2: self.comment += "\n Both fragments not received" if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "IPv4 Fragments forwarded by BR: FAIL" if not self.packet_error: print "IPv4 Fragments forwarded by BR: PASS"
def downstream_outside_port(self): self.m_finished = False self.packet_error = False self.comment = "\n IPv4_OUTSIDE_PORT_NO" q = Queue() v4_cap_filter = 'dst {}'.format(self.ipv4_source_address) sniffer = Thread(target=self.v4sniffer, args=(q, v4_cap_filter, 1)) sniffer.daemon = True sniffer.start() while not self.m_finished: ip = IP(src=self.ipv4_source_address, dst=self.ipv4_destination_address) udp = UDP(sport=self.ipv4_udp_or_tcp_source_port, dport=1001) payload = "a" * 82 send(ip / udp / payload, iface=self.ipv4_interface, verbose=False) if not q.empty(): file_name = self.comment.lower() + ".pcap" pktdump = PcapWriter(file_name, append=True, sync=True) while not q.empty(): pkt = q.get() # print(pkt.show()) # file_name = self.comment.lower()+".pcap" # wrpcap(file_name, pkt) pktdump.write(pkt) try: pkt except NameError: self.comment += "\n ICMPv4 not received - the packet might have been dropped silently" fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "Packet to Reserved Port Dropped: CONDITIONAL PASS" return if pkt[0][1].proto != 1: self.comment += "\n ICMPv4 Packet Not Received" self.packet_error = True if pkt[0][1].proto == 17: self.comment += "\n Packet Translated Normally" self.packet_error = True self.comment += "\n ICMPv4 Packet Received\n " self.comment += pkt[0][2].type self.comment += "\n " self.comment += pkt[0][2].code self.comment += "\n" self.packet_error = True if self.packet_error: fh = open("test_results.txt", "a") fh.write(self.comment) fh.close() print "IPv4 Packet to Dest Reserved Port Dropped: FAIL" if not self.packet_error: print "IPv4 Packet to Dest Reserved Port Dropped: PASS"
class WrpcapSink(Sink): """Packets received on low input are written to PCA file +----------+ >>-| |->> | | >-|--[pcap] |-> +----------+ """ def __init__(self, fname): self.f = PcapWriter(fname) def stop(self): self.f.flush() def push(self, msg): self.f.write(msg)
def create_pcap_file(self, file_name, frame_size, number_of_frames, incremental_ip_address, src_ip="0.0.0.0", dst_ip="0.0.0.0"): current_frame = 0 writer = PcapWriter(file_name, append=False) while current_frame < number_of_frames: ip_id = 0 # current_frame % 0x10000 frame = self.create_tcp_ipv4_frame(ip_id, src_ip, dst_ip, frame_size) writer.write(frame) if incremental_ip_address: dst_ip = self.increment_ip_addr(dst_ip, 1) current_frame += 1 writer.close()
class pcap_write(gr.sync_block): def __init__(self, f): gr.sync_block.__init__(self, "pcap_write", [], []) self.message_port_register_in(pmt.intern("pdus")) self.set_msg_handler(pmt.intern("pdus"), self.handler) self.f = f def start(self): self.pcap = PcapWriter(self.f, append=True, sync=True) def stop(self): pass def handler(self, pdu): ba = bitarray.bitarray() meta = pmt.car(pdu) x = pmt.to_python(pmt.cdr(pdu)) z = l2.Raw(x.tostring()) self.pcap.write(z) def work(self, input_items, output_items): pass
def write(file_name, packets): writer = PcapWriter(file_name, append = True) for p in packets: writer.write(p) writer.flush() writer.close()
class PacketLogger(AirScannerPlugin): def __init__(self, config): super(PacketLogger, self).__init__(config, "packetlogger") self.destination_folder = self.config["destination_folder"] self._nlogs = self._get_log_count() self.packet_filters = [] filter_list = self.config["filters"] self.filter_types = { "bssid" : BSSIDPacketFilter, "ssid" : SSIDPacketFilter, "channel" : ChannelPacketFilter } for filter in filter_list: try: type, value = map(str.strip, filter.split("=")) self.add_filter(type, value) except Exception as e: print e pass self.or_filter = self.config["filter_mode"].lower() == "or" self.current_log_file = "packet_log{n}.cap".format(n = self._nlogs) self.packet_logger = None def pre_scanning(self): self.packet_logger = PcapWriter(self.destination_folder + self.current_log_file, append=True, sync=True) SessionManager().log_event(NeutralEvent("Packet Logger initiated.")) def _get_log_count(self): # Get the number of existing log files if os.path.exists(self.destination_folder): return len(filter(lambda x: x.startswith("packet_log"), os.listdir(self.destination_folder))) else: os.mkdir(self.destination_folder) return 0 def add_filter(self, filter_type, value): filter = None try: filter = self.filter_types[filter_type](value) except KeyError: print "There is no filter definition for '{}'.".format(filter_type) except: pass if filter: self.packet_filters.append(filter) def refresh(self): self._nlogs = self._get_log_count() self.packet_logger = PcapWriter(self.destination_folder + "packet_log{n}.cap".format(n = self._nlogs), append=True, sync=True) def log(self, packet, OR = False): if(OR): # Only needs to pass through 1 filter for filter in self.packet_filters: if filter.passes(packet): self.packet_logger.write(packet) return else: # Needs to pass through all filter for filter in self.packet_filters: if not filter.passes(packet): return self.packet_logger.write(packet) def handle_packet(self, packet): self.log(packet, self.or_filter)