diff --git a/networking.py b/networking.py new file mode 100644 index 0000000..4fd7ede --- /dev/null +++ b/networking.py @@ -0,0 +1,137 @@ +from struct import * +import socket + +class ipv4: + def __init__(self, packet): + iph = packet[:20] + iph = unpack('!BBHHHBBH4s4s' , iph) + + self.version = iph[0] >> 4 + self.length = (iph[0] & 0xF) * 4 + self.ttl = iph[5] + self.next_header = iph[6] + self.src = socket.inet_ntoa(iph[8]) + self.target = socket.inet_ntoa(iph[9]) + self.data = packet[20:] + +class ipv6: + def __init__(self, packet): + iph = packet[:40] + iph = unpack('!IHBB16H', iph) + + self.version = iph[0] >> 28 + self.trafic = (iph[0] >> 20) & 0x00FF + self.flow_label = iph[0] & 0xFFFF + self.payload = iph[1] + self.next_header = iph[2] + self.hop_limit = iph[3] + self.src = 'Source: ' + ipv6_to_string(iph, 4, 12) + self.target = 'Target: ' + ipv6_to_string(iph, 12, 20) + self.data = packet[40:] +def ipv6_to_string(iph, start, end): + ipv6_string = '' + for x in range(start, end): + if iph[x] != 0: + ipv6_string += str(hex(iph[x]))[2:] + if x != end-1: + ipv6_string += ':' + + return ipv6_string + +class udp: + def __init__(self, packet): + header = unpack("!4H",packet[:8]) + self.src_port = header[0] + self.dest_port = header[1] + self.lenght = header[2] + self.check_sum = header[3] + self.data = packet[8:] + +class tcp: + def __init__(self, packet): + tcph = packet[:20] + tcph = unpack('!2H2I4H', tcph) + + self.src_port = tcph[0] + self.dest_port = tcph[1] + self.sequence = tcph[2] + self.acknowledgment = tcph[3] + self.length = tcph[4] >> 12 + self.reserved = (tcph[4] >> 6) & 0x003F + self.flag_urg = (tcph[4] & 0x0020) >> 5 + self.flag_ack = (tcph[4] & 0x0010) >> 4 + self.flag_psh = (tcph[4] & 0x0008) >> 3 + self.flag_rst = (tcph[4] & 0x0004) >> 2 + self.flag_syn = (tcph[4] & 0x0002) >> 1 + self.flag_fin = (tcph[4] & 0x0001) + self.window = packet[5] + self.checkSum = packet[6] + self.urgPntr = packet[7] + + h_size = self.length * 4 + data_size = len(packet) - h_size + self.data = packet[h_size:] + +class routing: + def __init__(self, packet): + header = unpack("!4B", packet[:4]) + self.next_header = header[0] + self.hdr_ext_len = int(header[1] * 8 + 8) + self.routing_type = header[2] + self.seg_left = header[3] + self.data = packet[self.hdr_ext_len:] + +class icmpv6: + def __init__(self, packet): + header = unpack("!BBH",packet[:4]) + self.type = header[0] + self.code = header[1] + self.checksum = header[2] + self.data = packet[4:] + +class icmp: + def __init__(self, packet): + header = unpack("!BBH", packet[:4]) + self.type = header[0] + self.code = header[1] + self.checksum = header[2] + self.data = packet[4:] + +class hopbyhop: + def __init__(self, packet): + header = unpack("!2B", packet[:2]) + self.next_header = header[0] + self.hdr_ext_len = int(header[1] * 8 + 8) + self.data = packet[self.hdr_ext_len:] + +class fragment: + def __init__(self, packet): + header = unpack("!2BHI", packet[:8]) + self.next_header = header[0] + self.reserved = header[1] + self.frag_offset = packet[2] >> 3 + self.m_flag = packet[2] & 1 + self.identification = packet[3] + self.data = packet[8:] + +class destination: + def __init__(self, packet): + header = unpack("!2B", packet[:2]) + self.next_header = header[0] + self.hdr_ext_len = int(header[1] * 8 + 8) + self.data = packet[self.hdr_ext_len:] + +class authentication: + def __init__(self, packet): + header = unpack("!2BH2I", packet[:12]) + self.next_header = header[0] + self.payload_len = int(header[1] * 4 + 8) + self.reserved = header[2] + self.spi = header[3] + self.sequence = header[4] + self.data = packet[self.payload_len:] + + + + + diff --git a/sniffer.py b/sniffer.py index 116cc6c..61c9ce6 100644 --- a/sniffer.py +++ b/sniffer.py @@ -1,12 +1,29 @@ import socket + +from struct import * from general import * -from networking.ethernet import Ethernet -from networking.ipv4 import IPv4 -from networking.icmp import ICMP -from networking.tcp import TCP -from networking.udp import UDP -from networking.pcap import Pcap -from networking.http import HTTP +from networking import * + +ETH_HEADER_LEN = 14 +IPv4 = '0x800' +IPv6 = '0x86dd' +ARP = '0x806' + +HOP_BY_HOP = 0 +DESTINATION_OPTIONS = 60 +ROUTING = 43 +FRAGMENT = 44 +AH = 51 +ESP = 50 +MOBILITIY = 135 +HOST_IDENTITY = 139 +SHIM6 = 140 + +ICMP_IPv6 = 58 +UDP = 17 +TCP = 6 +ICMP_IPv4 = 1 +IGMP = 2 TAB_1 = '\t - ' TAB_2 = '\t\t - ' @@ -18,76 +35,166 @@ DATA_TAB_3 = '\t\t\t ' DATA_TAB_4 = '\t\t\t\t ' +def mac_format (mac) : + formatted_mac = "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x" % (ord(mac[0]) , ord(mac[1]) , ord(mac[2]), ord(mac[3]), ord(mac[4]) , ord(mac[5])) + return formatted_mac + def main(): - pcap = Pcap('capture.pcap') - conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3)) + conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3)) while True: - raw_data, addr = conn.recvfrom(65535) - pcap.write(raw_data) - eth = Ethernet(raw_data) + packet = conn.recvfrom(65535) + packet = packet[0] + + eth_header = packet[:ETH_HEADER_LEN] + eth_data = packet[ETH_HEADER_LEN:] + eth = unpack('!6s6sH' , eth_header) + eth_protocol = hex(eth[2]) + print '\nEthernet Frame:' + print TAB_1 + 'Destination: ' + mac_format(eth[0]) + ' Source: ' + mac_format(eth[1]) + ' Protocol: ' + eth_protocol + + if eth_protocol == IPv6: + ipv6_packet = ipv6(eth_data) + + print(TAB_1 + 'IPv6 Packet:') + print(TAB_2 + 'Version: {}, Trafic Class: {}, Hop Limit: {},'.format(ipv6_packet.version, ipv6_packet.trafic, ipv6_packet.hop_limit)) + print(TAB_2 + 'Next Header: {}, Flow Label: {}, Payload: {}'.format(ipv6_packet.next_header, ipv6_packet.flow_label, ipv6_packet.payload)) + print(TAB_2 + 'Source: {}, Target: {}'.format(ipv6_packet.src, ipv6_packet.target)) + flag = True + next = ipv6_packet.next_header + next_packet = ipv6_packet.data + + while flag: + if next == TCP: + tcp_packet = tcp(next_packet) + print(TAB_2 + 'TCP Segment:') + print(TAB_3 + 'Source Port: {}, Destination Port: {}'.format(tcp_packet.src_port, tcp_packet.dest_port)) + print(TAB_3 + 'Sequence: {}, Acknowledgment: {}'.format(tcp_packet.sequence, tcp_packet.acknowledgment)) + print(TAB_3 + 'Flags:') + print(TAB_4 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp_packet.flag_urg, tcp_packet.flag_ack, tcp_packet.flag_psh)) + print(TAB_4 + 'RST: {}, SYN: {}, FIN: {}'.format(tcp_packet.flag_rst, tcp_packet.flag_syn, tcp_packet.flag_fin)) + + if len(tcp_packet.data) > 0: + if tcp_packet.src_port == 80 or tcp_packet.dest_port == 80: + print(TAB_3 + 'HTTP Data') + else: + print(TAB_3 + 'TCP Data') + + flag = False + + elif next == UDP: + udp_packet = udp(next_packet) + print(TAB_2 + 'UDP Segment:') + print(TAB_3 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp_packet.src_port, udp_packet.dest_port, udp_packet.lenght)) + + flag = False + + elif next == ICMP_IPv6: + imcp_packet = icmp(next_packet) + print(TAB_2 + 'ICMP Packet:') + print(TAB_3 + 'Type: {}, Code: {}, Checksum: {},'.format(imcp_packet.type, imcp_packet.code, imcp_packet.checksum)) + + flag = False + + elif next == HOP_BY_HOP: + hbp_packet = hopbyhop(next_packet) + print(TAB_2 + 'Hop-by-Hop Segment:') + print(TAB_3 + 'Next Header: {}, Header Extention Lenght: {}'.format(hbp_packet.next_header, hbp_packet.hdr_ext_len)) + next_packet = hbp_packet.data + next = hbp_packet.next_header + + elif next == DESTINATION_OPTIONS: + destination_packet = destination(next_packet) + print(TAB_2 + 'Destination Segment:') + print(TAB_3 + 'Next Header: {}, Header Extention Lenght: {}'.format(destination_packet.next_header, destination_packet.hdr_ext_len)) + next_packet = destination_packet.data + next = destination_packet.next_header + + elif next == ROUTING: + routing_packet = routing(next_packet) + print(TAB_2 + 'Routing Segment:') + print(TAB_3 + 'Next Header: {}, Header Extention Lenght: {}'.format(routing_packet.next_header, routing_packet.hdr_ext_len)) + print(TAB_3 + 'Routing Type: {}, Segments Left: {}'.format(routing_packet.routing_type, routing_packet.seg_left)) + next_packet = routing_packet.data + next = routing_packet.next_header + + elif next == FRAGMENT: + fragment_packet = routing(next_packet) + print(TAB_2 + 'Fragment Segment:') + print(TAB_3 + 'Next Header: {}, Fragment Offset: {}'.format(fragment_packet.next_header, fragment_packet.frag_offset)) + print(TAB_3 + 'M Flag: {}, Identification: {}'.format(fragment_packet.m_flag, fragment_packet.identification)) + next_packet = fragment_packet.data + next = fragment_packet.next_header + + elif next == AH: + ah_packet = authentication(next_packet) + print(TAB_2 + 'Authentication Segment:') + print(TAB_3 + 'Next Header: {}, Payload Lenght: {}'.format(ah_packet.next_header, ah_packet.payload_len)) + print(TAB_3 + 'Security Parameters Index: {}, Sequence Number: {}'.format(ah_packet.spi, ah_packet.sequence)) + next_packet = ah_packet.data + next = ah_packet.next_header + break + + elif next == ESP: + print(TAB_2 + 'ESP Segment') + flag = False + + elif next == MOBILITIY: + print(TAB_2 + 'Mobility Segment') + flag = False + + elif next == HOST_IDENTITY: + print(TAB_2 + 'Host Identity Segment') + flag = False + + elif next == SHIM6: + print(TAB_2 + 'SHIM6 Segment') + flag = False + + else: + print(TAB_2 + 'Other IPv6 Next Header Type: {}'.format(next)) + flag = False + + elif eth_protocol == ARP: + print(TAB_1 + 'ARP Packet') + + elif eth_protocol == IPv4: + ipv4_packet = ipv4(eth_data) - print('\nEthernet Frame:') - print(TAB_1 + 'Destination: {}, Source: {}, Protocol: {}'.format(eth.dest_mac, eth.src_mac, eth.proto)) - - # IPv4 - if eth.proto == 8: - ipv4 = IPv4(eth.data) print(TAB_1 + 'IPv4 Packet:') - print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4.version, ipv4.header_length, ipv4.ttl)) - print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(ipv4.proto, ipv4.src, ipv4.target)) + print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(ipv4_packet.version, ipv4_packet.length, ipv4_packet.ttl)) + print(TAB_2 + 'Next Header: {}, Source: {}, Target: {}'.format(ipv4_packet.next_header, ipv4_packet.src, ipv4_packet.target)) - # ICMP - if ipv4.proto == 1: - icmp = ICMP(ipv4.data) + if ipv4_packet.next_header == ICMP_IPv4: + icmp_header = icmp(ipv4_packet.data) print(TAB_1 + 'ICMP Packet:') - print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp.type, icmp.code, icmp.checksum)) - print(TAB_2 + 'ICMP Data:') - print(format_multi_line(DATA_TAB_3, icmp.data)) - - # TCP - elif ipv4.proto == 6: - tcp = TCP(ipv4.data) - print(TAB_1 + 'TCP Segment:') - print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(tcp.src_port, tcp.dest_port)) - print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(tcp.sequence, tcp.acknowledgment)) - print(TAB_2 + 'Flags:') - print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp.flag_urg, tcp.flag_ack, tcp.flag_psh)) - print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(tcp.flag_rst, tcp.flag_syn, tcp.flag_fin)) - - if len(tcp.data) > 0: - - # HTTP - if tcp.src_port == 80 or tcp.dest_port == 80: - print(TAB_2 + 'HTTP Data:') - try: - http = HTTP(tcp.data) - http_info = str(http.data).split('\n') - for line in http_info: - print(DATA_TAB_3 + str(line)) - except: - print(format_multi_line(DATA_TAB_3, tcp.data)) + print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp_header.type, icmp_header.code, icmp_header.checksum)) + + elif ipv4_packet.next_header == IGMP: + print(TAB_2 + 'IGMP Segment') + + elif ipv4_packet.next_header == TCP: + tcp_header = tcp(ipv4_packet.data) + print(TAB_2 + 'TCP Segment:') + print(TAB_3 + 'Source Port: {}, Destination Port: {}'.format(tcp_header.src_port, tcp_header.dest_port)) + print(TAB_3 + 'Sequence: {}, Acknowledgment: {}'.format(tcp_header.sequence, tcp_header.acknowledgment)) + print(TAB_3 + 'Flags:') + print(TAB_4 + 'URG: {}, ACK: {}, PSH: {}'.format(tcp_header.flag_urg, tcp_header.flag_ack, tcp_header.flag_psh)) + print(TAB_4 + 'RST: {}, SYN: {}, FIN: {}'.format(tcp_header.flag_rst, tcp_header.flag_syn, tcp_header.flag_fin)) + + if len(tcp_header.data) > 0: + if tcp_header.src_port == 80 or tcp_header.dest_port == 80: + print(TAB_3 + 'HTTP Data') else: - print(TAB_2 + 'TCP Data:') - print(format_multi_line(DATA_TAB_3, tcp.data)) + print(TAB_3 + 'TCP Data') - # UDP - elif ipv4.proto == 17: - udp = UDP(ipv4.data) - print(TAB_1 + 'UDP Segment:') - print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp.src_port, udp.dest_port, udp.size)) + elif ipv4_packet.next_header == UDP: + udp_header = udp(ipv4_packet.data) + print(TAB_2 + 'UDP Segment:') + print(TAB_3 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(udp_header.src_port, udp_header.dest_port, udp_header.lenght)) - # Other IPv4 else: - print(TAB_1 + 'Other IPv4 Data:') - print(format_multi_line(DATA_TAB_2, ipv4.data)) - - else: - print('Ethernet Data:') - print(format_multi_line(DATA_TAB_1, eth.data)) - - pcap.close() - - + print('Other IPv4 protocol {}'.format(ipv4_packet.next_header)) + main()