-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsniffer.py
More file actions
124 lines (115 loc) · 4.23 KB
/
sniffer.py
File metadata and controls
124 lines (115 loc) · 4.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/usr/bin/python3.6
from struct import *
from pypacker.layer567.rtp import RTP
import os
import socket
import datetime
import time
import argparse
import pcapy
import sys
import struct
import multiprocessing
import random
import platform
from pprint import pprint
monitor_enable = 'tcpdump -i {} -Ic1 -py IEEE802_11'
monitor_disable = 'tcpdump -i {} -Ic1'
file_types = {
32768: 'g771'
}
def main(args):
try:
os.remove("out.au")
except OSError:
pass
try:
if args.interface:
dev = args.interface
else:
#ask user to enter device name to sniff
print ("Available devices are :")
for d in pcapy.findalldevs() :
print (d)
dev = input("Enter device name to sniff : ")
try:
os.system(monitor_enable.format(dev))
except OSError as error:
print("OS error: {}".format(error))
capture = pcapy.open_live(dev , 65536 , True , 0)
if args.time:
timeout = args.time
else:
timeout = 30
timeout_start = time.time()
while time.time() < timeout_start + timeout:
(header, packet) = capture.next()
print ('%s: captured %d bytes, truncated to %d bytes' %(datetime.datetime.now(), header.getlen(), header.getcaplen()))
parse_packet(packet)
convert_au()
except (KeyboardInterrupt): sys.exit()
finally:
os.system(monitor_disable.format(dev))
def convert_au():
try:
header = [ 0x2e736e64, 24, 0xffffffff, 1, 8000, 1 ]
raw = open('outfile_g771.raw','rb').read()
print(" Found G.771 raw file, converting to .au format")
au=open('out.au','wb')
au.write ( struct.pack ( ">IIIIII", *header ) )
au.write(raw)
au.close()
os.remove('outfile_g771.raw')
print("G.771 Conversion finished, check local file system for out.au")
except OSError:
pass
def parse_packet(packet) :
eth_length = 14
eth_header = packet[:eth_length]
eth = unpack('!6s6sH' , eth_header)
eth_protocol = socket.ntohs(eth[2])
#Parse IP packets, IP Protocol number = 8
if eth_protocol == 8 :
ip_header = packet[eth_length:20+eth_length]
iph = unpack('!BBHHHBBH4s4s' , ip_header)
version_ihl = iph[0]
version = version_ihl >> 4
ihl = version_ihl & 0xF
iph_length = ihl * 4
ttl = iph[5]
protocol = iph[6]
s_addr = socket.inet_ntoa(iph[8])
d_addr = socket.inet_ntoa(iph[9])
print ('Version : ' + str(version) + ', IP Header Length : ' + str(ihl) + ', TTL : ' + str(ttl) + ', Protocol : ' + str(protocol) + ', Source Address : ' + str(s_addr) + ', Destination Address : ' + str(d_addr))
# #UDP packets
if protocol == 17 :
u = iph_length + eth_length
udph_length = 8
udp_header = packet[u:u+8]
udph = unpack('!HHHH' , udp_header)
source_port = udph[0]
dest_port = udph[1]
length = udph[2]
checksum = udph[3]
print ('Source Port : ' + str(source_port) + ' Dest Port : ' + str(dest_port) + ' Length : ' + str(length) + ' Checksum : ' + str(checksum))
h_size = eth_length + iph_length + udph_length
data_size = len(packet) - h_size
data = packet[h_size:]
rtp = RTP(data)
try:
# only convert packets with a type we understand
fileName = 'outfile_' + file_types[rtp.type] +'.raw'
file = open(fileName,'ab+')
file.write(rtp._body_bytes)
file.close()
except KeyError:
# Key is not present
print('Error, RTP type {} is not known how to decode'.format(rtp.type))
pass
print('\n')
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument("-t", "--time", help="The length of time to capture packets for", action="store",type=int, dest="time")
parser.add_argument("-i", "--interface", help="The network interface to capture traffic on", action="store", type=str, dest="interface")
args = parser.parse_args()
main(args)