Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

preliminary DNS support, more architecture changes

commit 603b7a316c0d65c1dcb3bcfea5cf74bc2f2aa581 1 parent e751bd0
Andrew Fleenor authored
View
10 dns.py
@@ -0,0 +1,10 @@
+class Processor:
+ '''
+ Processes and interprets DNS packets.
+
+ Call its `add` method with each dpkt.dns.DNS from the pcap.
+ '''
+ def __init__(self):
+ self.packets = []
+ def add(self, ts, pkt):
+ self.packets.append((ts, pkt))
View
BIN  dns_requests.pcap
Binary file not shown
View
12 main.py
@@ -32,20 +32,16 @@
logging.info("Processing %s", inputfile)
-# set up packet dispatcher
-flowbuilder = tcp.FlowBuilder()
-dispatcher = PacketDispatcher(flowbuilder)
-
# parse pcap file
+dispatcher = PacketDispatcher()
pcap.ParsePcap(dispatcher, filename=inputfile)
-flowbuilder.finish()
-
-# flowbuilder.flowdict now contains tcp.Flow's
+dispatcher.finish()
+# dispatcher.tcp.flowdict now contains tcp.Flow's
# generate HTTP Flows
httpflows = []
flow_count = 0
-for f in flowbuilder.flowdict.itervalues():
+for f in dispatcher.tcp.flowdict.itervalues():
try:
httpflows.append(http.Flow(f))
flow_count += 1
View
36 packetdispatcher.py
@@ -1,22 +1,22 @@
-'''
-
-'''
-
import dpkt
-import tcp as tcpmodule
+import tcp
+import udp
class PacketDispatcher:
'''
takes a series of dpkt.Packet's and calls callbacks based on their type
For each packet added, picks it apart into its transport-layer packet type
- and --calls a registered callback, which usually just adds it to a handler
- for that type--.
+ and adds it to an appropriate handler object. Automatically creates handler
+ objects for now.
- Actually, for now it's just going to add it to a tcp.FlowBuilder
+ Members:
+ flowbuilder = tcp.FlowBuilder
+ udp = udp.Processor
'''
- def __init__(self, flowbuilder):
- self.tcpflowbuilder= flowbuilder
+ def __init__(self):
+ self.tcp = tcp.FlowBuilder()
+ self.udp = udp.Processor()
def add(self, ts, buf, eth):
'''
ts = dpkt timestamp
@@ -29,11 +29,11 @@ def add(self, ts, buf, eth):
ip = eth.data
# if it's TCP
if isinstance(ip.data, dpkt.tcp.TCP):
- tcp = ip.data
- tcppkt = tcpmodule.Packet(ts, buf, eth, ip, tcp)
- self.tcpflowbuilder.add(tcppkt)
- # if it's UDP...
- elif isinstance(eth.data, dpkt.udp.UDP):
- #TODO: handle UDP packets
- pass
-
+ tcppkt = tcp.Packet(ts, buf, eth, ip, ip.data)
+ self.tcp.add(tcppkt)
+ # if it's UDP...
+ elif isinstance(ip.data, dpkt.udp.UDP):
+ self.udp.add(ts, ip.data)
+ def finish(self):
+ #This is a hack, until tcp.Flow no longer has to be `finish()`ed
+ self.tcp.finish()
View
32 pcap2har.psproj
@@ -69,50 +69,58 @@ FileName=$[Project-Path]BeautifulSoup.py
[Project\ChildNodes\Node0\ChildNodes\Node3]
ClassName=TProjectFileNode
-FileName=$[Project-Path]dpkt_http_replacement.py
+FileName=$[Project-Path]dns.py
[Project\ChildNodes\Node0\ChildNodes\Node4]
ClassName=TProjectFileNode
-FileName=$[Project-Path]har.py
+FileName=$[Project-Path]dpkt_http_replacement.py
[Project\ChildNodes\Node0\ChildNodes\Node5]
ClassName=TProjectFileNode
-FileName=$[Project-Path]httpsession.py
+FileName=$[Project-Path]har.py
[Project\ChildNodes\Node0\ChildNodes\Node6]
ClassName=TProjectFileNode
-FileName=$[Project-Path]main.py
+FileName=$[Project-Path]httpsession.py
[Project\ChildNodes\Node0\ChildNodes\Node7]
ClassName=TProjectFileNode
-FileName=$[Project-Path]mediatype.py
+FileName=$[Project-Path]main.py
[Project\ChildNodes\Node0\ChildNodes\Node8]
ClassName=TProjectFileNode
-FileName=$[Project-Path]orderedset.py
+FileName=$[Project-Path]mediatype.py
[Project\ChildNodes\Node0\ChildNodes\Node9]
ClassName=TProjectFileNode
-FileName=$[Project-Path]pcap.py
+FileName=$[Project-Path]orderedset.py
[Project\ChildNodes\Node0\ChildNodes\Node10]
ClassName=TProjectFileNode
-FileName=$[Project-Path]pcaputil.py
+FileName=$[Project-Path]packetdispatcher.py
[Project\ChildNodes\Node0\ChildNodes\Node11]
ClassName=TProjectFileNode
-FileName=$[Project-Path]sortedcollection.py
+FileName=$[Project-Path]pcap.py
[Project\ChildNodes\Node0\ChildNodes\Node12]
ClassName=TProjectFileNode
-FileName=$[Project-Path]tcpseq.py
+FileName=$[Project-Path]pcaputil.py
[Project\ChildNodes\Node0\ChildNodes\Node13]
ClassName=TProjectFileNode
+FileName=$[Project-Path]sortedcollection.py
+
+[Project\ChildNodes\Node0\ChildNodes\Node14]
+ClassName=TProjectFileNode
+FileName=$[Project-Path]tcpseq.py
+
+[Project\ChildNodes\Node0\ChildNodes\Node15]
+ClassName=TProjectFileNode
FileName=$[Project-Path]test.py
[Project\ChildNodes\Node0\ChildNodes]
-Count=14
+Count=16
[Project\ChildNodes\Node1]
ClassName=TProjectRunConfiguationsNode
@@ -126,7 +134,7 @@ ScriptName=main.py
Description=Current main test program
EngineType=peRemote
ReinitializeBeforeRun=TRUE
-Parameters=fhs_ncomp.pcap output.har
+Parameters=../pcap2har/dns_requests.pcap output.har
WorkingDir=$[ActiveScript-Dir]
WriteOutputToFile=FALSE
OutputFileName=$[ActiveScript-NoExt].log
View
BIN  pcapr.net.pcap
Binary file not shown
View
29 udp.py
@@ -0,0 +1,29 @@
+import dns
+import dpkt
+import logging as log
+
+class Processor:
+ '''
+ Processes and interprets UDP packets.
+
+ Call its add(pkt) method with each dpkt.udp.UDP packet from the pcap or
+ whatever. It will expose information from the packets, at this point mostly
+ DNS information. It will automatically create a dns processor and expose it
+ as its `dns` member variable.
+
+ This class is basically a nonce, if I may borrow the term, for the sake of
+ architectural elegance. But I think it's begging for trouble to combine it
+ with DNS handling.
+ '''
+ def __init__(self):
+ self.dns = dns.Processor()
+ def add(self, ts, pkt):
+ '''
+ pkt = dpkt.udp.UDP
+ '''
+ #check for DNS
+ if pkt.sport == 53 or pkt.dport == 53:
+ dnspkt = dpkt.dns.DNS()
+ self.dns.add(ts, dnspkt)
+ else:
+ log.warning('unkown UDP ports: %d->%d' % (pkt.sport, pkt.dport))
Please sign in to comment.
Something went wrong with that request. Please try again.