Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from scapy.all import *
- from scapy.layers.inet import IP, TCP, UDP
- import requests
- import socket
- from ipaddress import IPv4Address
- from subprocess import check_output
- import json
- import threading
- def filter(packet):
- # Filter for sniffed packets
- return IP in packet and (TCP in packet or UDP in packet)
- def is_outgoing(packet):
- # Returns if packet is outgoing by comparing own mac address with src of packet
- return packet[Ether].src == MY_MAC
- def get_IP(packet):
- # Returns IP address of computer on the other hand
- if is_outgoing(packet):
- return packet[IP].dst
- else:
- return packet[IP].src
- def get_country(IP):
- # Returns country of computer on the other hand
- if IP in found_addresses.keys():
- return found_addresses[IP]
- # Checking if given IP argument is a global address, which is required to find source country.
- if IPv4Address(IP).is_global:
- r = requests.get('http://freegeoip.net/json/%s' % IP)
- else:
- # Finding global IP address using outer source.
- global_ip = requests.get('http://ip.42.pl/raw').text
- r = requests.get('http://freegeoip.net/json/%s' % global_ip)
- found_addresses[IP] = json.loads(r.text)['country_name']
- return found_addresses[IP]
- def get_port(packet):
- # Returns port of computer on the other hand
- if is_outgoing(packet):
- return packet[TCP if TCP in packet else UDP].dport
- else:
- return packet[TCP if TCP in packet else UDP].sport
- def get_self_port(packet):
- # Returns local port
- if is_outgoing(packet):
- return packet[TCP if TCP in packet else UDP].sport
- else:
- return packet[TCP if TCP in packet else UDP].dport
- def parse_netstat(packet):
- # Function calls netstat and parses it every time called.
- # The Function will parse to build dictionary of port to program.
- # The Function will update global dictionary 'programs' every time.
- netstat = check_output('netstat -nb', shell=True).split(b'\r\n')[4:-1]
- i = 0
- while i < len(netstat):
- try:
- ports = [int(netstat[i][9:24].split(b':')[1])]
- while i < len(netstat) and b'[' not in netstat[i]:
- ports.append(int(netstat[i][9:24].split(b':')[1]))
- i += 1
- if i < len(netstat) and b'[' in netstat[i]:
- program = netstat[i][netstat[i].index(b'[')+1:netstat[i].index(b']')]
- for port in ports:
- programs[port] = program
- except (ValueError, IndexError):
- continue
- finally:
- i += 1
- def process(packet):
- # Function receives packet and builds dictionary of data.
- # The dictionary will be appended to global list 'packets'.
- parse_netstat(packet)
- packets.append(json.dumps(
- {'IP': get_IP(packet),
- 'country': get_country(packet[IP].src),
- 'outgoing': is_outgoing(packet),
- 'PORT': get_port(packet),
- 'SIZE': len(packet),
- 'Process': programs.get(get_self_port(packet), b'Unknown').decode()}))
- def start_thread(packet):
- # Starts a thread for processing packet
- process_thread = threading.Thread(target=process, args=packet)
- process_thread.start()
- def main():
- SERVER_ADDR = '10.0.0.14'
- SERVER_PORT = 42134
- # Defining dict globally for get_country function, which will update it (or use it) every time called
- global found_addresses
- found_addresses = {}
- # Finding mac address using a blank packet to check if packets are incoming or outgoing.
- global MY_MAC
- MY_MAC = (Ether() / IP(dst='localhost'))[Ether].src
- global programs
- programs = {}
- # Holds data of all packets in current sniff round.
- global packets
- manager = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
- while True:
- packets = []
- print('Sniffing Started')
- sniff(lfilter=filter, prn=start_thread, count=100)
- print('Done Sniffing')
- print(packets)
- # Separating every dictionary with an unlikely separator to split
- # later in manager. (Converting to binary for socket)
- data = '|||'.join(packets).encode()
- manager.sendto(data, (SERVER_ADDR, SERVER_PORT))
- print('Sent data')
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
