Module pcap_to_serializedList
[hide private]
[frames] | no frames]

Source Code for Module pcap_to_serializedList

 1  #! /usr/local/bin/python 
 2  #-*- coding: utf-8 -*- 
 3   
 4   
 5  """pcap_to_serializedList.py 
 6   
 7  Generate a serialized list object from the pcap file. 
 8   
 9  This script uses Pylibpcap which is faster than pcapy. 
10   
11  The object list generated contains the same information as the basis sqlite. 
12  """ 
13   
14  __author__ = "Jerome Hussenet, Cedric Bonhomme" 
15  __version__ = "$Revision: 0.2 $" 
16  __date__ = "$Date: 2009/02/20 $" 
17  __copyright__ = "Copyright (c) 2009 Jerome Hussenet, Copyright (c) 2009 Cedric Bonhomme" 
18  __license__ = "Python" 
19   
20  import pcap 
21   
22  import socket 
23  import struct 
24   
25  import pickle 
26   
27   
28 -def decode_ip_packet(s):
29 """Decode IP packets""" 30 d = {} 31 #d['version'] =(ord(s[0]) & 0xf0) >> 4 32 #d['header_len'] = ord(s[0]) & 0x0f 33 #d['tos'] = ord(s[1]) 34 #d['total_len'] = socket.ntohs(struct.unpack('H', s[2:4])[0]) 35 #d['id'] = socket.ntohs(struct.unpack('H', s[4:6])[0]) 36 #d['flags'] = (ord(s[6]) & 0xe0) >> 5 37 #d['fragment_offset'] = socket.ntohs(struct.unpack('H', s[6:8])[0] & 0x1f) 38 #d['ttl'] = ord(s[8]) 39 #d['protocol'] = ord(s[9]) 40 #d['checksum'] = socket.ntohs(struct.unpack('H', s[10:12])[0]) 41 d['source_address'] = pcap.ntoa(struct.unpack('i', s[12:16])[0]) 42 d['destination_address'] = pcap.ntoa(struct.unpack('i', s[16:20])[0]) 43 #if d['header_len'] > 5: 44 #d['options'] = s[20:4*(d['header_len']-5)] 45 #else: 46 #d['options'] = None 47 #d['data'] = s[4 * d['header_len']:] 48 return d
49
50 -def pcap_to_serializedList(pcap_file, obj_file):
51 reader = pcap.pcapObject() 52 reader.open_offline(pcap_file) 53 54 liste_ip = [] 55 56 if options.verbose: 57 print "Reading pcap file..." 58 while True: 59 try: 60 (_, payload, tts) = reader.next() 61 except: 62 break 63 if payload[12:14] == '\x08\x00': 64 decoded_ip_packet = decode_ip_packet(payload[14:]) 65 liste_ip.append((tts, decoded_ip_packet['source_address'], \ 66 decoded_ip_packet['destination_address'])) 67 68 if options.verbose: 69 print "Serialization..." 70 liste_obj = open(obj_file, "w") 71 pickle.dump(liste_ip, liste_obj) 72 liste_obj.close()
73 74 75 if __name__ == "__main__": 76 # Point of entry in execution mode. 77 from optparse import OptionParser 78 parser = OptionParser() 79 parser.add_option("-i", "--input", dest="pcap_file", 80 help="pcap file") 81 parser.add_option("-o", "--output", dest="objlist_file", 82 help="Python serialized object") 83 parser.add_option("-q", "--quiet", 84 action="store_false", dest="verbose", 85 help="be vewwy quiet (I'm hunting wabbits)") 86 parser.set_defaults(pcap_file = './captures/jubrowska-capture_1.cap', 87 objlist_file = './data/list.pyobj', 88 verbose = True) 89 90 (options, args) = parser.parse_args() 91 92 pcap_to_serializedList(options.pcap_file, options.objlist_file) 93