Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if (re.search("PROTO=TCP",line)):
- # NULL Scan (flag -> none)
- if (not re.search(" ACK ",line) and not re.search(" SYN ",line) and not re.search(" FIN ",line) and not re.search(" URG ",line) and not re.search(" PSH ",line) and not re.search(" RST ",line)):
- null_pkts.append(line)
- # XMAS Scan (flag -> URG, PSH, FIN)
- elif (not re.search(" ACK ",line) and not re.search(" SYN ",line) and re.search(" FIN ",line) and re.search(" URG ",line) and re.search(" PSH ",line) and not re.search(" RST ",line)):
- xmas_pkts.append(line)
- # FIN Scan (flag -> FIN)
- elif (not re.search(" ACK ",line) and not re.search(" SYN ",line) and re.search(" FIN ",line) and not re.search(" URG ",line) and not re.search(" PSH ",line) and not re.search(" RST ",line)):
- fin_pkts.append(line)
- # ACK Scan (flag -> ACK)
- elif (re.search(" ACK ",line) and not re.search(" SYN ",line) and not re.search(" FIN ",line) and not re.search(" URG ",line) and not re.search(" PSH ",line) and not re.search(" RST ",line)):
- ack_pkts.append(line)
- # SYN flood (flag -> SYN) (molti pacchetti)
- # Connect() Scan (flag -> SYN) (OPT molto lungo)
- # HALF-OPEN Scan (flag -> SYN) (OPT molto corto)
- elif (not re.search(" ACK ",line) and re.search(" SYN ",line) and not re.search(" FIN ",line) and not re.search(" URG ",line) and not re.search(" PSH ",line) and not re.search(" RST ",line)):
- if (re.search(opt_re,line)):
- opt = ((re.search(opt_re,line)).group(2))
- if (len(opt) > 10):
- syn_c_pkts.append(line)
- else:
- syn_ho_pkts.append(line)
- elif (re.search("DPT=0",line)):
- syn_f_pkts.append(line)
- # Ricerca di UDP Scan
- elif (re.search("PROTO=UDP",line) and re.search(" LEN=8 ",line) and not re.search("PROTO=ICMP",line)):
- udp_pkts.append(line)
- # Ricerca di ICMP Ping Scan + attacco Smurf
- elif (re.search("PROTO=ICMP",line)):
- if(re.search("DST=192.168.1.255",line)):
- smurf_pkts.append(line)
- elif (re.search(" LEN=28 ",line)):
- icmp_pkts.append(line)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement