Public Member Functions | |
| def | __init__ |
| def | getNetProtocolString |
| Returns the protocol Name (as a string) given the protocol number as extracted from the Ethernet Frame. | |
| def | getXportProtocolString |
| Returns the protocol Name (as a string) given the IP Assigned Protocol Name. | |
| def | setReader |
| Set the reader object (defined in captureInterface.openDevice implementation class), and perform some additional initialization. | |
| def | setDefaultReader |
| Does not set the reader object, but performs the same additional initialization that setReader does. | |
| def | decodePacket |
| Performs the actual decoding of the raw packet data. | |
| def | handle_ethernet_IPPacket |
| Helper function used to decode an Ethernet Frame. | |
| def | handle_ethernet_ARPPacket |
| Helper function used to decode an ARP Packet. | |
| def | createPacketDic |
| Creates the actual Dictionary given the supplied set of parameters. | |
| def | isPing |
| Given the transport header, which must be ICMP, this method will determine if this is ping request or reply. | |
Public Attributes | |
| readerObject | |
| datalink | |
| EthDecoder | |
| IPDecoder | |
| PROTOCOL_IP | |
| PROTOCOL_ARP | |
| PROTOCOL_ICMP | |
| PROTOCOL_IGMP | |
| PROTOCOL_TCP | |
| PROTOCOL_UDP | |
Definition at line 27 of file packetDecoder.py.
| def objects.logic.network.packetDecoder.packetDecoder.__init__ | ( | self | ) |
Definition at line 28 of file packetDecoder.py.
00028 : 00029 self.readerObject = None 00030 self.datalink = None 00031 self.EthDecoder = None 00032 self.IPDecoder = None 00033 00034 # protocols contained in Ethernet Frame 00035 # if protocol is not here, then it's not supported yet 00036 self.PROTOCOL_IP = 2048 00037 self.PROTOCOL_ARP = 2054 00038 00039 # protocols contained in IP Frame 00040 self.PROTOCOL_ICMP = 1 00041 self.PROTOCOL_IGMP = 2 00042 00043 self.PROTOCOL_TCP = 6 00044 self.PROTOCOL_UDP = 17 00045 00046 ## Returns the protocol Name (as a string) given the protocol number as extracted from the Ethernet Frame.
| def objects.logic.network.packetDecoder.packetDecoder.createPacketDic | ( | self, | ||
| lanProtocol, | ||||
| netProtocol, | ||||
| transportProtocol, | ||||
| payloadSize, | ||||
| sourceIP, | ||||
| sourcePort, | ||||
| destIP, | ||||
| destPort, | ||||
| netHeader, | ||||
| xportHeader, | ||||
| payload | ||||
| ) |
Creates the actual Dictionary given the supplied set of parameters.
| lanProtocol | String representing DataLink protocol | |
| netProtocol | String representing network protocol | |
| transportProtocol | String representing Transport protocol | |
| payloadSize | Integer representing the payload size | |
| sourceIP | Source IP String | |
| sourcePort | Source Port Integer | |
| destIP | Destination IP String | |
| destPort | Destination Port Integer | |
| netHeader | Network Protocol Header | |
| xportHeader | Transport Protocol Header | |
| payload | Actual Payload as Stream of Bytes |
Definition at line 269 of file packetDecoder.py.
00280 : 00281 00282 decodedPacket = dict() 00283 00284 decodedPacket['lanProtocol'] = lanProtocol 00285 decodedPacket['netProtocol'] = netProtocol 00286 decodedPacket['transportProtocol'] = transportProtocol 00287 decodedPacket['sourceIP'] = sourceIP 00288 decodedPacket['sourcePort'] = sourcePort 00289 decodedPacket['destIP'] = destIP 00290 decodedPacket['destPort'] = destPort 00291 decodedPacket['payloadSize'] = payloadSize 00292 00293 decodedPacket['networkHeader'] = netHeader 00294 decodedPacket['transportHeader'] = xportHeader 00295 decodedPacket['payload'] = payload 00296 00297 00298 return decodedPacket 00299 00300 00301 ## Given the transport header, which must be ICMP, this method will determine if this is ping request or reply
| def objects.logic.network.packetDecoder.packetDecoder.decodePacket | ( | self, | ||
| header, | ||||
| data | ||||
| ) |
Performs the actual decoding of the raw packet data.
| header | Raw DataLink header | |
| data | Raw DataLink frame |
Definition at line 114 of file packetDecoder.py.
00114 : 00115 00116 dict = None 00117 try: 00118 ethernetPacket = self.EthDecoder.decode(data) 00119 except Exception, e: 00120 logger.log(__name__ + "There was an error decoding raw packet") 00121 logger.log(str(e)) 00122 return 00123 00124 except ImpactPacketException, ime: 00125 logger.log(__name__ + "There was an error decoding raw packet") 00126 logger.log(str(ime)) 00127 return 00128 00129 00130 ether_protocol_typ = ethernetPacket.get_ether_type() 00131 00132 if (ether_protocol_typ == self.PROTOCOL_IP): 00133 dict = self.handle_ethernet_IPPacket(ethernetPacket) 00134 elif (ether_protocol_typ == self.PROTOCOL_ARP): 00135 dict = self.handle_ethernet_ARPPacket(ethernetPacket) 00136 else: 00137 logger.log(__name__ + ": Received an unsupported Ehternet protocol type -- ") 00138 00139 00140 return dict 00141 00142 00143
| def objects.logic.network.packetDecoder.packetDecoder.getNetProtocolString | ( | self, | ||
| protNum | ||||
| ) |
Returns the protocol Name (as a string) given the protocol number as extracted from the Ethernet Frame.
Currently IP and ARP are supported
| protNum | Integer |
Definition at line 51 of file packetDecoder.py.
00051 : 00052 if protNum == self.PROTOCOL_IP: 00053 return "IP" 00054 if protNum == self.PROTOCOL_ARP: 00055 return "ARP" 00056 00057 return "UNK" 00058 ## Returns the protocol Name (as a string) given the IP Assigned Protocol Name.
| def objects.logic.network.packetDecoder.packetDecoder.getXportProtocolString | ( | self, | ||
| protNum | ||||
| ) |
Returns the protocol Name (as a string) given the IP Assigned Protocol Name.
Currently Supported: ICMP, IGMP, TCP, UDP
| protNum | Integer |
Definition at line 63 of file packetDecoder.py.
00063 : 00064 if protNum == self.PROTOCOL_ICMP: 00065 return "ICMP" 00066 if protNum == self.PROTOCOL_IGMP: 00067 return "IGMP" 00068 if protNum == self.PROTOCOL_TCP: 00069 return "TCP" 00070 if protNum == self.PROTOCOL_UDP: 00071 return "UDP" 00072 00073 return "UNK" 00074 00075 00076 00077 ## Set the reader object (defined in captureInterface::openDevice implementation class),
| def objects.logic.network.packetDecoder.packetDecoder.handle_ethernet_ARPPacket | ( | self, | ||
| ARPPacket | ||||
| ) |
Helper function used to decode an ARP Packet.
| ARPPacket | Impacket structure representing an ARP Packet |
Definition at line 251 of file packetDecoder.py.
00251 : 00252 logger.log(__name__ + ":Received ARP packet. No handler for that yet") 00253 00254 00255 ## Creates the actual Dictionary given the supplied set of parameters
| def objects.logic.network.packetDecoder.packetDecoder.handle_ethernet_IPPacket | ( | self, | ||
| ethernetFrame | ||||
| ) |
Helper function used to decode an Ethernet Frame.
| ethernetFrame | impacket structure representing an Ethernet Frame |
Definition at line 146 of file packetDecoder.py.
00146 : 00147 00148 try: 00149 decodedPacket = None 00150 ipPacket = ethernetFrame.child() 00151 00152 #get the IP header 00153 ipHeader = ipPacket.get_bytes()[0:ipPacket.get_header_size()] 00154 ipPacketProtocol = ipPacket.get_ip_p() 00155 except Exception, ex: 00156 logger.log(__name__ + ": Could not process IP packet") 00157 logger.log(ex) 00158 00159 00160 if (ipPacketProtocol == self.PROTOCOL_TCP): 00161 try: 00162 00163 tcpPacket = ipPacket.child() 00164 00165 tcpHeader = tcpPacket.get_bytes() + tcpPacket.get_padded_options() 00166 00167 00168 00169 payload = tcpPacket.get_packet() 00170 payload = payload[tcpPacket.get_header_size():] 00171 00172 #figure out payload size = IPLEN - IP_HEADER_LEN - TCP_HEADER_LEN 00173 payloadLen = ipPacket.get_ip_len() - (ipPacket.get_ip_hl() * 4) - (tcpPacket.get_th_off() * 4) 00174 00175 except Exception, ex: 00176 logger.log(__name__ + ": Could not process TCP packet") 00177 logger.log(ex) 00178 00179 raise ex 00180 else: 00181 00182 decodedPacket = self.createPacketDic('ETHERNET', self.PROTOCOL_IP, self.PROTOCOL_TCP, payloadLen, 00183 ipPacket.get_ip_src(), tcpPacket.get_th_sport(), ipPacket.get_ip_dst(), tcpPacket.get_th_dport(), 00184 ipHeader, tcpHeader, payload) 00185 00186 if (ipPacketProtocol == self.PROTOCOL_UDP): 00187 00188 try: 00189 udpPacket = ipPacket.child() 00190 00191 udpHeader = udpPacket.get_bytes()[0:udpPacket.get_header_size()] 00192 00193 payload = udpPacket.get_packet() 00194 payload = payload[udpPacket.get_header_size():] 00195 00196 #msg = "UDP: %s:%d --> %s:%d" % (ipPacket.get_ip_src(), udpPacket.get_uh_sport(), ipPacket.get_ip_dst(), udpPacket.get_uh_dport()) 00197 #print msg 00198 00199 #figure out payload size = UDP_LEN - 8BYTES 00200 payloadLen = udpPacket.get_uh_ulen() - 8 00201 00202 except Exception, ex: 00203 logger.log(__name__ + ": Could not process UDP packet") 00204 logger.log(ex) 00205 00206 raise ex 00207 else: 00208 decodedPacket = self.createPacketDic('ETHERNET', self.PROTOCOL_IP, self.PROTOCOL_UDP, payloadLen, 00209 ipPacket.get_ip_src(), udpPacket.get_uh_sport(), ipPacket.get_ip_dst(), udpPacket.get_uh_dport(), 00210 ipHeader, udpHeader, payload) 00211 00212 if (ipPacketProtocol == self.PROTOCOL_ICMP): 00213 message = "%s: Got an ICMP packet -- %s -> %s" % (__name__, ipPacket.get_ip_src(), ipPacket.get_ip_dst()) 00214 #logger.log(message) 00215 00216 try: 00217 icmpPacket = ipPacket.child() 00218 00219 icmpHeader = icmpPacket.get_bytes()[0:icmpPacket.get_header_size()] 00220 except Exception, ex: 00221 logger.log(__name__ + ": Could not process ICMP packet") 00222 logger.log(ex) 00223 00224 raise ex 00225 else: 00226 decodedPacket = self.createPacketDic('ETHERNET', self.PROTOCOL_IP, self.PROTOCOL_ICMP, 0, 00227 ipPacket.get_ip_src(), 0, ipPacket.get_ip_dst(), 0, 00228 ipHeader, icmpHeader, None) 00229 00230 if (ipPacketProtocol == self.PROTOCOL_IGMP): 00231 #logger.log(__name__ + ": Got an IGMP packet") 00232 try: 00233 igmpPacket = ipPacket.child() 00234 00235 igmpHeader = igmpPacket.get_bytes() 00236 except Exception, ex: 00237 logger.log(__name__ + ": Could not process IGMP packet") 00238 logger.log(ex) 00239 00240 raise ex 00241 else: 00242 decodedPacket = self.createPacketDic('ETHERNET', self.PROTOCOL_IP, self.PROTOCOL_IGMP, 0, 00243 ipPacket.get_ip_src(), 0, ipPacket.get_ip_dst(), 0, 00244 ipHeader, igmpHeader, None) 00245 00246 return decodedPacket 00247 00248
| def objects.logic.network.packetDecoder.packetDecoder.isPing | ( | self, | ||
| netHeader, | ||||
| xportHeader | ||||
| ) |
Given the transport header, which must be ICMP, this method will determine if this is ping request or reply.
| netHeader | IP Header | |
| xportHeader | ICMP Header |
Definition at line 306 of file packetDecoder.py.
00306 : 00307 try: 00308 ipHdr = IP(netHeader) 00309 except ImpactPacketException, ex: 00310 # Not IP? 00311 logger.log(__name__ + "Error parsing IP header when trying to determine if content is PING:" + str(ex)) 00312 return False 00313 00314 ipPacketProtocol = ipHdr.get_ip_p() 00315 00316 # not ICMP 00317 if ipPacketProtocol != self.PROTOCOL_ICMP: 00318 return False 00319 00320 try: 00321 icmpHdr = ICMP(xportHeader) 00322 icmpType = icmpHdr.get_icmp_type() 00323 00324 if icmpType == 0 or icmpType == 8: 00325 return True 00326 except ImpactPacketException, ex: 00327 # Error parsing ICMP? 00328 logger.log(__name__ + "Error parsing ICMP header when trying to determine if content is PING: " + str(ex)) 00329 return False 00330 00331
| def objects.logic.network.packetDecoder.packetDecoder.setDefaultReader | ( | self | ) |
Does not set the reader object, but performs the same additional initialization that setReader does.
This is the method which is usually called when a user wants to decode raw packets without having to open device first.
Definition at line 104 of file packetDecoder.py.
00104 : 00105 self.EthDecoder = EthDecoder() 00106 self.IPDecoder = IPDecoder() 00107 00108 00109 00110 ## Performs the actual decoding of the raw packet data
| def objects.logic.network.packetDecoder.packetDecoder.setReader | ( | self, | ||
| readerObj | ||||
| ) |
Set the reader object (defined in captureInterface.openDevice implementation class), and perform some additional initialization.
| readerObj | Reader object returned by pcapy's open_live(...) method |
Definition at line 81 of file packetDecoder.py.
00081 : 00082 if readerObj == None: 00083 logger.log(__name__ + ": Could not set reader object. Object is null") 00084 raise exception("There was an error configuring the network device. This device cannot be used", True) 00085 00086 logger.log(__name__ + ":initializing reader object") 00087 self.readerObject = readerObj 00088 self.datalink = self.readerObject.datalink() 00089 00090 #### is this event neded? 00091 # for now let's only support Ethernet, others will come 00092 if self.datalink == pcapy.DLT_EN10MB: 00093 self.EthDecoder = EthDecoder() 00094 self.IPDecoder = IPDecoder() 00095 else: 00096 logger.log(__name__ + "Data link is not supported. Only Ethernet is currently supported") 00097 raise exception("Data link is not supported. Only Ethernet is currently supported", 1) 00098 00099 00100
Definition at line 30 of file packetDecoder.py.
Definition at line 31 of file packetDecoder.py.
Definition at line 32 of file packetDecoder.py.
Definition at line 37 of file packetDecoder.py.
Definition at line 40 of file packetDecoder.py.
Definition at line 41 of file packetDecoder.py.
Definition at line 36 of file packetDecoder.py.
Definition at line 43 of file packetDecoder.py.
Definition at line 44 of file packetDecoder.py.
Definition at line 29 of file packetDecoder.py.
1.5.8