def action_sniff(db, args): "Run sniffing thread" from sniffer import Sniffer sniffer = Sniffer(db, args.interface, args.related_interface, sniffer_name=args.sniffer_name, enable_hopping=args.enable_hopping, use_24=args.use_24, use_pop5=args.use_pop5) sniffer.run()
def test_capture(self): print "" print "TEST CAPTURE" print "" config_client = { "sync_server_ip": "stacksync.urv.cat", "sync_server_port": 8080, "packet_limit": -1, "max_bytes": 65535, "promiscuous": False, "read_timeout": 100 } print config_client sniff = Sniffer(self.personal_cloud, config_client) result = sniff.run() print result result = sniff.rage_quit() # pdb.set_trace() self.assertEqual(0, 0)
class SnifferSession: DELAY = 1 sniffer = None def __init__(self, args, loop=None, packet_callback=None, **kwargs): self.sniffer = Sniffer(argv=args, packet_callback=packet_callback, loop=loop, **kwargs) self.packets_count = 0 self.packets = [] self.packets_by_time = defaultdict(list) self.start_time = None self.last_time = None self.ips = set() self.ports_by_addr = defaultdict(set) self.filters = defaultdict(lambda: ANY) self.online = None def set_callback(self, callback): self.sniffer.packet_callback = callback def start_sniffer(self): self.online = True self.sniffer.run() def stop_sniffer(self): self.sniffer.running = False def setup_sniffer(self): self.sniffer.setup() def open_pcap(self): self.online = False self.sniffer.open_pcap() def set_pcap_filename(self, filename): self.sniffer.pcap_filename = filename def get_stream_stat(self): return self.sniffer.analyze_stream() @staticmethod def _round_time(dt, round_to=60): seconds = (dt.replace(tzinfo=None) - dt.min).seconds rounding = (seconds + round_to / 2) // round_to * round_to return dt + timedelta(0, rounding - seconds, -dt.microsecond) def get_interval_position(self, start, end): return ((end - start) / self.DELAY).seconds def get_last_interval(self): return self.get_interval_position(self.start_time, self.last_time) def add_packet(self, packet): # packet.packet.frame_info # .time_relative - no need to be converted # .time_epoch - need to be converted t = datetime.fromtimestamp( int(packet.packet.frame_info.time_epoch.split('.')[0])) t = self._round_time(t, self.DELAY) if self.start_time is None: self.start_time = t self.ips.add(packet.src_addr) self.ports_by_addr[packet.src_addr].add(packet.src_port) self.ports_by_addr['ANY'].add(packet.src_port) self.sniffer.update_stream(packet) item = { 'packet': packet, 'time': t, 'packet_capacity': int(packet.packet.length) } self.packets.append(item) self.packets_count += 1 self.last_time = t self.packets_by_time[self.get_last_interval()].append(item) def get_packets_by_number(self, first=None, second=None, enable_filtration=False): first = first or 0 second = second or self.packets_count result = {} for idx in range(first, min(len(self.packets), second + 1)): packet = self.packets[idx] if not enable_filtration or self.apply_filter(packet): result[idx] = [packet] return result def apply_filter(self, packet): def any_any(): return faddr1 == faddr2 == fport1 == fport2 == 'ANY' def equal(var1, var2): return var1 == var2 or var2 == 'ANY' def equals(addr1, addr2, port1, port2): return equal(addr1, addr2) and equal(port1, port2) src_addr = packet['packet'].src_addr dst_addr = packet['packet'].dst_addr src_port = str(int(packet['packet'].src_port)) dst_port = str(int(packet['packet'].dst_port)) faddr1 = self.filters['addr1'] faddr2 = self.filters['addr2'] fport1 = self.filters['port1'] fport2 = self.filters['port2'] if any_any(): return True if faddr1 != 'ANY': if src_addr == faddr1 and equal(src_port, fport1): if equals(dst_addr, faddr2, dst_port, fport2): return True if dst_addr == faddr1 and equal(dst_port, fport1): if equals(src_addr, faddr2, src_port, fport2): return True if faddr2 != 'ANY': if src_addr == faddr2 and equal(src_port, fport2): if equals(dst_addr, faddr1, dst_port, fport1): return True if dst_addr == faddr2 and equal(dst_port, fport2): if equals(src_addr, faddr1, src_port, fport1): return True if fport1 != 'ANY': if src_port == fport1 and equal(src_addr, faddr1): if equals(dst_port, fport2, dst_addr, faddr2): return True if dst_port == fport1 and equal(dst_addr, faddr1): if equals(src_port, fport2, src_addr, faddr2): return True if fport2 != 'ANY': if src_port == fport2 and equal(src_addr, faddr2): if equals(dst_port, fport1, dst_addr, faddr1): return True if dst_port == fport2 and equal(dst_addr, faddr2): if equals(src_port, fport1, src_addr, faddr1): return True return False def get_packets_by_descret_times(self, start, end, callback=lambda x: x, enable_filtration=False): result = defaultdict(list) for t in range(self.get_last_interval()): if t in self.packets_by_time: packets = self.packets_by_time[t] else: packets = [] if t < start: continue if end < t: break if not enable_filtration: result[t] = callback(packets) continue filtered_packets = [] for pkt in packets: if self.apply_filter(pkt): filtered_packets.append(pkt) result[t] = callback(filtered_packets) return result def get_ips(self): return self.ips def get_ports(self, addr='ANY'): return self.ports_by_addr[addr] def save(self): pass def clear_session(self): pass
def main(): proxyips = Crawler.run() logger.info('Crawler finish, total ip: %s', len(proxyips)) sniffer = Sniffer() sniffer.run(proxyips)
ip = packet[IP] tcp = packet[TCP] flags = tcp.flags logging_packet(packet) if flags == "S": i = IP(src=ip.dst, dst=ip.src) t = TCP(sport=tcp.dport, dport=tcp.sport, flags='SA', seq=random.randint(1, 45536), ack=(tcp.seq + 1)) frame = i / t send(frame, verbose=False) elif 'P' in list(str(flags)): i = IP(src=ip.dst, dst=ip.src) t = TCP(sport=tcp.dport, dport=tcp.sport, flags='A', seq=tcp.ack, ack=(tcp.seq + len(packet))) frame = i / t send(frame, verbose=False) if __name__ == "__main__": # sniff filter print(f"Filter: TCP and IpAddress: {TARGET_IP_ADDRESS}") # フィルタ作成 packet_filter = lambda p: is_tcp_packet(p) and has_ip_address(p, TARGET_IP_ADDRESS) # sniffing用Thread作成・実施 sniffer = Sniffer(prn=find_tcp_packet, packet_filter=packet_filter) sniffer.run()