Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from scapy.all import *
- import re
- import ipaddress
- from threading import Thread
- from Queue import Queue, Empty
- ovhSupernet = [
- "10.0.0.0/8",
- "172.16.0.0/12",
- "192.168.0.0/16",
- "5.39.0.0/17",
- "5.135.0.0/16",
- "5.196.0.0/16",
- "37.59.0.0/16",
- "37.187.0.0/16",
- "46.105.0.0/16",
- "51.38.0.0/16",
- "51.68.0.0/16",
- "51.75.0.0/16",
- "51.77.0.0/16",
- "51.254.0.0/15",
- "54.36.0.0/16",
- "54.37.0.0/16",
- "54.38.0.0/16",
- "79.137.0.0/17",
- "87.98.128.0/17",
- "91.121.0.0/16",
- "91.134.0.0/16",
- "92.222.0.0/16",
- "94.23.0.0/16",
- "109.190.0.0/16",
- "137.74.0.0/16",
- "145.239.0.0/16",
- "147.135.128.0/17",
- "149.202.0.0/16",
- "151.80.0.0/16",
- "151.127.0.0/16",
- "164.132.0.0/16",
- "167.114.224.0/19",
- "176.31.0.0/16",
- "178.32.0.0/15",
- "185.15.68.0/22",
- "188.165.0.0/16",
- "193.70.0.0/17",
- "213.32.0.0/17",
- "213.186.32.0/19",
- "213.251.128.0/18",
- "217.182.0.0/16",
- "8.7.244.0/24",
- "8.18.128.0/24",
- "8.18.172.0/24",
- "8.20.110.0/24",
- "8.21.41.0/24",
- "8.24.8.0/21",
- "8.26.94.0/24",
- "8.29.224.0/24",
- "8.30.208.0/21",
- "8.33.96.0/21",
- "8.33.128.0/21",
- "8.33.136.0/24",
- "8.33.137.0/24",
- "54.39.0.0/16",
- "66.70.128.0/17",
- "103.5.12.0/22",
- "139.99.0.0/17",
- "139.99.128.0/17",
- "142.4.192.0/19",
- "142.44.128.0/17",
- "144.217.0.0/16",
- "147.135.0.0/24",
- "149.56.0.0/16",
- "158.69.0.0/16",
- "167.114.0.0/17",
- "167.114.128.0/18",
- "167.114.192.0/19",
- "192.95.0.0/18",
- "192.99.0.0/16",
- "198.27.64.0/18",
- "198.50.128.0/17",
- "198.100.144.0/20",
- "198.245.48.0/20",
- "147.135.0.0/17",
- "23.92.224.0/19",
- "107.189.64.0/18",
- "144.2.32.0/19",
- "192.240.152.0/21",
- "46.244.32.0/20",
- "92.246.224.0/19",
- "185.45.160.0/22",
- "8.43.192.0/24",
- "205.217.189.0/24",
- "205.217.190.0/24",
- "205.217.191.0/24",
- "205.218.49.0/24",
- "208.50.139.0/24",
- "208.50.140.0/24",
- "208.50.141.0/24",
- "216.32.192.0/24",
- "216.32.194.0/24",
- "216.32.213.0/24",
- "216.32.216.0/24",
- "216.32.218.0/24",
- "216.32.220.0/24",
- "216.136.198.0/24",
- "51.83.0.0/16",
- "51.89.0.0/16",
- "51.79.0.0/17",
- "51.79.128.0/17",
- "51.81.0.0/17",
- "51.81.128.0/17",
- "51.91.0.0/16"
- ]
- threads = 7
- thread = 0
- thread_finished = 0
- iface = 'eth0'
- def dump(obj):
- for attr in dir(obj):
- if hasattr( obj, attr ):
- print( "obj.%s = %s" % (attr, getattr(obj, attr)))
- def sniffData(pkt):
- if pkt.haslayer(ARP):
- if pkt['ARP'].op == 1:
- arpDst = ipaddress.ip_network(unicode(pkt['ARP'].pdst))
- isAnOVHIP = None
- for supernet in ovhSupernet:
- ovhSupernet2 = ipaddress.ip_network(unicode(supernet))
- if (arpDst.overlaps(ovhSupernet2) is True):
- isAnOVHIP = 1
- break
- if isAnOVHIP is None:
- print 'Router: {} IP: {} ({}) on VLAN {} is misconfigured. An ARP request has been seen on an non-OVH IP: {}'.format(pkt[IP].src, pkt['ARP'].psrc, pkt['ARP'].hwsrc, pkt[ERSPAN].vlan, pkt['ARP'].pdst)
- # if pkt.haslayer(IP) and not pkt.haslayer(ARP):
- # if pkt[ERSPAN][Ether][0].dst == 'ff:ff:ff:ff:ff:ff':
- # print 'Router: {} MAC:{} on VLAN {} is sending broadcast: {}'.format(pkt[IP].src, pkt[ERSPAN][Ether][0].src, pkt[ERSPAN].vlan, pkt[ERSPAN].summary)
- #
- def print_summary(pkt):
- print pkt.summary()
- def threaded_sniff_target(q):
- global thread, thread_finished
- thread += 1
- print "Launch thread #{}".format(thread)
- sniff(iface = iface, filter = "proto 47", prn = lambda x : q.put(x))
- thread_finished += 1
- print "Thread #{} finished".format(thread_finished)
- def threaded_sniff():
- q = Queue()
- while thread <= threads:
- sniffer = Thread(target = threaded_sniff_target, args = (q,))
- sniffer.daemon = True
- sniffer.start()
- while thread_finished <= threads:
- try:
- pkt = q.get()
- # sniffData(pkt)
- print_summary(pkt)
- except Empty:
- pass
- threaded_sniff()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement