API tools faq
paste
Advertisement
FlyFar

Ethernet Sniffer

FlyFar
Jul 7th, 2023
766
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.05 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. import socket
  2. import textwrap
  3. import struct
  4.  
  5. TAB_1 = '\t - '
  6. TAB_2 = '\t\t - '
  7. TAB_3 = '\t\t\t - '
  8. TAB_4 = '\t\t\t\t - '
  9.  
  10. DATA_TAB_1 = '\t   '
  11. DATA_TAB_2 = '\t\t   '
  12. DATA_TAB_3 = '\t\t\t   '
  13. DATA_TAB_4 = '\t\t\t\t   '
  14.  
  15. def ether_frame(data):
  16.     #unpack etherbet frame
  17.     dest_mac,src_mac,protocol=struct.unpack('! 6s 6s 6s H',data[:14])
  18.     return get_mac_address(dest_mac), get_mac_address(src_mac), socket.htons(protocol), data[14:]
  19.  
  20. def get_mac_address(bytes_addr):
  21.     #Formats mac address in a proper format(AA:BB:CC:DD:EE:FF)
  22.     bytes_strmap=map('{:02x}'.format, bytes_addr)
  23.     mac_addr=':'.join(bytes_str).upper()
  24.     return mac_addr
  25.  
  26. def main():
  27.     connection=socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
  28.     while True:
  29.         raw_data,addr=connection.recvfrom(65536)
  30.         dest_mac, src_mac, eth_proto, data = ethernet_frame(raw_data)
  31.         print('\nEthernet Frame:')
  32.         print(TAB_1+'Destination: {}, Source: {}, Protocol: {}'.format(dest_mac,src_mac,eth_proto))
  33.  
  34.         if eth_proto==8:
  35.             (version,header_length,ttl,proto,src,target,data)=ipv4_packet(data)
  36.             print(TAB_1+'IPv4 Packet:')
  37.             print(TAB_2 + 'Version: {}, Header Length: {}, TTL: {},'.format(version,header_length,ttl))
  38.             print(TAB_2 + 'Protocol: {}, Source: {}, Target: {}'.format(proto, src, target))
  39.  
  40.         elif eth_proto==1:
  41.              icmp = ICMP(ipv4.data)
  42.             print(TAB_1 + 'ICMP Packet:')
  43.             print(TAB_2 + 'Type: {}, Code: {}, Checksum: {},'.format(icmp_type,code, checksum))
  44.             print(TAB_2 + 'ICMP Data:')
  45.             print(format_multi_line(DATA_TAB_3, data))
  46.  
  47.         elif eth_proto == 17:
  48.             src_port,dest_port,length,data = udp_packet(data)
  49.             print(TAB_1 + 'UDP Segment:')
  50.             print(TAB_2 + 'Source Port: {}, Destination Port: {}, Length: {}'.format(src_port,dest_port, size))
  51.  
  52.         elif eth_proto==6:
  53.             (src_port, dest_port,sequebce, acknowledgement, flag_urg, flag_ack, flag_psh, flag_rst, flag_syn, flag_fin, data)=tcp_packet(data)
  54.             print(TAB_1 + 'TCP Segment:')
  55.             print(TAB_2 + 'Source Port: {}, Destination Port: {}'.format(src_port, dest_port))
  56.             print(TAB_2 + 'Sequence: {}, Acknowledgment: {}'.format(sequence, acknowledgment))
  57.             print(TAB_2 + 'Flags:')
  58.             print(TAB_3 + 'URG: {}, ACK: {}, PSH: {}'.format(flag_urg, flag_ack, flag_psh))
  59.             print(TAB_3 + 'RST: {}, SYN: {}, FIN:{}'.format(flag_rst, flag_syn, flag_fin))
  60.             print(format_multi_line(DATA_TAB_3,data))
  61.  
  62.         else:
  63.             print(TAB_1 + 'Other IPv4 Data:')
  64.             print(format_multi_line(DATA_TAB_2, data))
  65.  
  66. def ipv4_packet(data):
  67.     #unpack IP Packet
  68.     version_header_length=data[0]
  69.     version=version_header_length >> 4
  70.     header_length = (version_header_length & 15) * 4
  71.     ttl,protocol,src,dest=struct.unpack('! 8x B B 2x 4s 4s',data[:20])
  72.     return version,header_length, ttl, protocol,ipv4(src),ipv4(dest),data[data_header:]
  73.  
  74. #Returns Formatted IPv4 Address
  75. def ipv4(addr):
  76.     return '.'.join(map(str,addr))
  77.  
  78. def icmp_packet(data):
  79.     icmp_type,code,checksum=struct.unpack('! B B H', data[:4])
  80.     return icmp_type,code,checksum,data[4:]
  81.  
  82. def tcp_packet(data):
  83.     (src_port,dest_port,sequence,acknowledgement,offest_reserved_flags)=struct.unpack('! H H L L H',data[:14])
  84.     offset=(offset_reserved_flags >> 12) * 4
  85.     flag_urg=(offset_reserved_flags & 32)>> 5
  86.     flag_ack=(offset_reserved_flags & 16)>> 4
  87.     flag_psh=(offset_reserved_flags & 8)>>  3
  88.     flag_rst=(offset_reserved_flags & 4)>>2
  89.     flag_syn=(offset_reserved_flags & 2)>>1
  90.     flag_fin=(offset_reserved_flags & 1)
  91.     return src_port, dest_port,sequebce, acknowledgement, flag_urg, flag_ack, flag_psh, flag_rst, flag_syn, flag_fin, data[offset:]
  92.  
  93.  
  94. def udp_packet(data):
  95.     src_port, dest_port,size=struct.unpack('! H H 2x H',data[:8])
  96.     return src_port,dest_port,size
  97.  
  98. def format_multi_line(prefix, string, size=80):
  99.     size -= len(prefix)
  100.     if isinstance(string, bytes):
  101.         string = ''.join(r'\x{:02x}'.format(byte) for byte in string)
  102.         if size % 2:
  103.             size -= 1
  104.     return '\n'.join([prefix + line for line in textwrap.wrap(string, size)])
  105.  
  106.  
  107. main()
Tags: malware python ethernet sniffer
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!