Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /usr/bin/env python
- import argparse
- from scapy.all import *
- from scapy.contrib.gtp_v2 import *
- def isValidIPv4(ipv4):
- try:
- socket.inet_aton(ipv4)
- except socket.error:
- return False
- return True
- def get_args():
- """ Get User Arguements. """
- desc = """
- Used to receive and parse Packet.
- """
- parser = argparse.ArgumentParser(description = desc)
- parser.add_argument('--filter', action = 'store', type = str, dest = 'filter', default = None, help = "Filter string used for sniff")
- usr_args = parser.parse_args()
- return usr_args
- def pkt_handler(pkt):
- try:
- msg = None
- if pkt[Ether].type == 0x800 and pkt[IP].proto == 17 and pkt[UDP].dport == 2152:
- """ Try to parse the packet as GTP packet. """
- pkt[UDP].decode_payload_as(GTPHeader)
- pkt[GTPHeader].decode_payload_as(IP)
- if isValidIPv4(pkt[GTPHeader][IP].src) and isValidIPv4(pkt[GTPHeader][IP].dst):
- msg = pkt.sprintf(''
- 'Outer IP:: %IP.src% -> %IP.dst% \n'
- '\t Outer UDP: %UDP.sport% : %UDP.dport% \n'
- '\t GTP:: version: %GTPHeader.version%, teid: %GTPHeader.teid%, seq: %GTPHeader.seq%, type: %GTPHeader.gtp_type% \n'
- '')
- msg += pkt[GTPHeader].sprintf(''
- '\t Inner IP:: %IP.src% -> %IP.dst% \n'
- '{ICMP: \t Inner ICMP:: type: %ICMP.type%, code: %ICMP.code%, seq: %ICMP.seq% \n}'
- '{TCP: \t Inner TCP:: %TCP.sport% : %TCP.dport% \n'
- '{Raw: \t %Raw.load% \n}}'
- '{UDP: \t Innere UDP:: %UDP.sport% : %UDP.dport% \n'
- '{Raw: \t %Raw.load% \n}}'
- '\n')
- if msg is None:
- """ For all other packets. """
- msg = pkt.sprintf(''
- 'IP:: %IP.src% -> %IP.dst% \n'
- '{ICMP: \t ICMP:: type: %ICMP.type%, code: %ICMP.code%, seq: %ICMP.seq% \n}'
- '{UDP: \t UDP:: %UDP.sport% : %UDP.dport% \n'
- '{Raw: \t %Raw.load% \n}}'
- '{TCP: \t TCP:: %TCP.sport% : %TCP.dport% \n'
- '{Raw: \t %Raw.load% \n}}'
- '\n')
- except:
- print "[Warn] Unhandled packet.\n"
- pkt.summary()
- else:
- return msg
- if __name__ == '__main__':
- usr_args = get_args()
- sniff(prn = pkt_handler, filter = usr_args.filter)
Add Comment
Please, Sign In to add comment