-
Notifications
You must be signed in to change notification settings - Fork 0
/
pcap.py
69 lines (51 loc) · 2.07 KB
/
pcap.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import pdb
#The Header of a libpcap file
pca_hdr_s = 20
pcaprec_hdr_s = 16
lenghtOffSet = 12
#Separator of a MAC ADRESS
separatorMAC = ':'
separatorIP = '.'
#Big Endian stores the most significant at the smallest adress in memory
#Little Endian stores the least significant at the smallest adress
frames = []
#Recursively individualize each packet
def getFrames(data, isLittle=False):
try:
#GET lenght of frame and indivilualize the frame
data.seek(lenghtOffSet,1)#.read(4)
lenght = int.from_bytes(data.read(4), "little" if isLittle else "big" )
#Read frame using the lenght
frame = data.read(lenght)
#Check if frame is empty, in this case break the recursion
if frame == b'':
return frames
#Append to Aray and keep buffer
frames.append({'lenght': lenght, 'data': frame})
#Call recursion
return getFrames(data, isLittle)
except:
return frames
#Except is caught only if EOF arrived
#----------------------------Extract Functions--------------------------------------#
#The below function is used to extract [Destination and Source] Mac Address
#It assumes you call it with the right amount of bytes to compose the Mac Address
def extractMac(data):
#Identity the OUI(Organizationally Unique Identifier)
OUI = [format(x, '02x') for x in bytearray(data[:3])]
#Identity the UAD(Universally Administered Address)
UAD = [format(x, '02x') for x in bytearray(data[3:6])]
_literalOUI = separatorMAC.join(OUI)
_literalUAD = separatorMAC.join(UAD)
return _literalOUI + ':' + _literalUAD
def extractType(data):
hexValue = data.hex()
formatted = "0x{}".format(hexValue)
return formatted
def extractIP(data, isLittle=False):
ip = [x for x in bytearray(data) if x != '\n']
formatted = separatorIP.join(str(x) for x in ip)
return formatted
def extractProtocol(data, isLittle=False):
protocol = int.from_bytes(data, 'little')
return protocol