Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- #Pcapy: http://www.coresecurity.com/corelabs-research/open-source-tools/pcapy
- #Impacket: http://www.coresecurity.com/corelabs-research/open-source-tools/impacket
- #Python GeoIP api: https://pypi.python.org/pypi/GeoIP/
- #GeoIP: http://dev.maxmind.com/geoip/legacy/geolite/
- from __future__ import print_function
- import pcapy
- import GeoIP
- from impacket.ImpactDecoder import *
- gi = GeoIP.open("/usr/local/share/GeoIP/GeoLiteCity.dat", GeoIP.GEOIP_STANDARD)
- ips=[]
- dev="";
- ips.append("192.168.1.100")
- ips.append("192.168.1.1")
- def track(ip):
- for sr in ips:
- if ip==sr:
- return
- gir=gi.record_by_addr(ip)
- ips.append(ip)
- if gir is not None:
- print(str(gir))
- print(ip)
- print("Devices:")
- devices = pcapy.findalldevs()
- for d in devices :
- print("\t- "+d)
- dev = raw_input('Enter device name: ')
- cap = pcapy.open_live(dev , 1024 , 1 , 0)
- cap.setfilter('udp')
- def recv_pkts(hdr, data):
- p= EthDecoder().decode(data)
- packet=str(p)
- count=0
- for item in packet.split("\n"):
- count+=1
- #print(count)
- #print(packet)
- if count==67:
- #print packet.splitlines()[1];
- if (packet.splitlines()[1])[0:5] == "IP DF":
- track((packet.splitlines()[1])[6:(packet.splitlines()[1]).index('>')-2])
- else:
- track((packet.splitlines()[1])[3:(packet.splitlines()[1]).index('>')-2])
- track("1.1.1.1")
- packet_limit = -1
- cap.loop(packet_limit,recv_pkts)
Advertisement
Add Comment
Please, Sign In to add comment
