-
Notifications
You must be signed in to change notification settings - Fork 67
/
pcap-dump.py
executable file
·76 lines (62 loc) · 1.86 KB
/
pcap-dump.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#!/usr/bin/python3
import sys
import getopt
import pcapy
from impacket.ImpactDecoder import EthDecoder
from impacket.ImpactPacket import IP, TCP, UDP
dev = "enp3s0f1"
decoder = EthDecoder()
input_file = None
dump_file = "sniffer.pcap"
def write_packet(hdr, data):
print(decoder.decode(data))
dumper.dump(hdr, data)
def read_packet(hdr, data):
ether = decoder.decode(data)
if ether.get_ether_type() == IP.ethertype:
iphdr = ether.child()
transhdr = iphdr.child()
if iphdr.get_ip_p() == TCP.protocol:
print(iphdr.get_ip_src() + ":" + \
str(transhdr.get_th_sport()) + \
" -> " + iphdr.get_ip_dst() + ":" + \
str(transhdr.get_th_dport()))
elif iphdr.get_ip_p() == UDP.protocol:
print(iphdr.get_ip_src() + ":" + \
str(transhdr.get_uh_sport()) + \
" -> " + iphdr.get_ip_dst() + ":" + \
str(transhdr.get_uh_dport()))
else:
print(iphdr.get_ip_src() + \
" -> " + iphdr.get_ip_dst() + ": " + \
str(transhdr))
def usage():
print(sys.argv[0] + """
-i <dev>
-r <input_file>
-w <output_file>""")
sys.exit(1)
# Parse parameter
try:
cmd_opts = "i:r:w:"
opts, args = getopt.getopt(sys.argv[1:], cmd_opts)
except getopt.GetoptError:
usage()
for opt in opts:
if opt[0] == "-w":
dump_file = opt[1]
elif opt[0] == "-i":
dev = opt[1]
elif opt[0] == "-r":
input_file = opt[1]
else:
usage()
# Start sniffing and write packet to a pcap dump file
if input_file == None:
pcap = pcapy.open_live(dev, 1500, 0, 100)
dumper = pcap.dump_open(dump_file)
pcap.loop(0, write_packet)
# Read a pcap dump file and print it
else:
pcap = pcapy.open_offline(input_file)
pcap.loop(0, read_packet)