How to use dpkt - 10 common examples
To help you get started, we’ve selected a few dpkt examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
mike01 / pypacker / tests / perftest_pypacker_dpkt_scapy.py View on Github 
# dpkt does not parse TCP content but pypacker does
# -> access layer ip to get comparable result
pkt2 = pkt1.upper_layer
bts = pkt2.body_bytes
t_end = time.time()
print("nr = %d p/s" % (LOOP_CNT / (t_end - t_start)))
print("orC = 12527 p/s")
print("orP = p/s")
except Exception as ex:
print("Could not execute pypacker tests: %r" % ex)
try:
import dpkt
print(">>> testing dpkt parsing speed")
EthernetDpkt = dpkt.ethernet.Ethernet
t_start = time.time()
for cnt in range(LOOP_CNT):
pkt1 = EthernetDpkt(pkt_eth_ip_tcp_bts)
pkt2 = pkt1.ip
bts = pkt2.data
t_end = time.time()
print("nr = %d p/s" % (LOOP_CNT / (t_end - t_start)))
print("orC = 12028 p/s")
print("orP = p/s")
except Exception as ex:
print("Could not execute dpkt tests: %r" % ex)
try:def get_flowid(pkt):
try:
eth = dpkt.ethernet.Ethernet(pkt)
if eth.type != dpkt.ethernet.ETH_TYPE_IP:
return None
ip = eth.data
if ip.p != dpkt.ip.IP_PROTO_TCP and ip.p != dpkt.ip.IP_PROTO_UDP:
return None
tcp = ip.data
flowid = {'sip': socket.inet_ntoa(ip.src), 'sport': tcp.sport,
'dip': socket.inet_ntoa(ip.dst), 'dport': tcp.dport}
return flowid
except:
return Nonedef friendly_tcp_flags(flags):
'''
returns a string containing a user-friendly representation of the tcp flags
'''
# create mapping of flags to string repr's
d = {dpkt.tcp.TH_FIN:'FIN', dpkt.tcp.TH_SYN:'SYN', dpkt.tcp.TH_RST:'RST', dpkt.tcp.TH_PUSH:'PUSH', dpkt.tcp.TH_ACK:'ACK', dpkt.tcp.TH_URG:'URG', dpkt.tcp.TH_ECE:'ECE', dpkt.tcp.TH_CWR:'CWR'}
#make a list of the flags that are activated
active_flags = filter(lambda t: t[0] & flags, d.iteritems())
#join all their string representations with '|'
return '|'.join(t[1] for t in active_flags)def unpack(self, buf):
dpkt.Packet.unpack(self, buf)
buf = self.data
l = []
while buf:
flow = self.NetflowRecord(buf)
l.append(flow)
buf = buf[len(flow):]
self.data = lf.writelines("%s %s %s %s %s %s\n" % captures)
transp_proto, ip1, port1, ip2, port2, app_proto = captures
ip1 = ip_from_string(ip1)
ip2 = ip_from_string(ip2)
port1 = int(port1)
port2 = int(port2)
key = (transp_proto.lower(),frozenset(((ip1, port1), (ip2, port2))))
flows[key] = []
apps[key] = app_proto.split(".")
if len(apps[key]) == 1:
apps[key].append(None)
f.close()
for ts, raw in dpkt.pcap.Reader(open(pcapfile, "rb")):
eth = dpkt.ethernet.Ethernet(raw)
ip = eth.data
#check if the packet is IP, TCP, UDP
if not isinstance(ip, dpkt.ip.IP):
continue
seg = ip.data
if isinstance(seg, dpkt.tcp.TCP):
transp_proto = "tcp"
elif isinstance(seg, dpkt.udp.UDP):
transp_proto = "udp"
else:
continue
key = (transp_proto, frozenset(((ip.src, seg.sport),(ip.dst, seg.dport))))
try:
assert key in flows
except AssertionError:if not 'target' in kwargs:
kwargs['target'] = kwargs['localip']
subnet = kwargs['target'].split('.')[:-1]
subnet = '.'.join(subnet)
target = subnet
counter = 0
print('')
self.print_output('Waiting for responses, enter \'q\' to stop')
self.print_output('Alive hosts:')
print(' ====================\n')
for _ in xrange(attempts):
for idx in xrange(1, 255):
arp = dpkt.arp.ARP()
packet = dpkt.ethernet.Ethernet()
arp.sha = utils.string_to_binary(utils.parse_mac(kwargs['mac_addr']))
arp.spa = inet_aton(kwargs['localip'])
arp.tha = '\x00'
arp.tpa = inet_aton(target + '.%s' % idx)
arp.op = dpkt.arp.ARP_OP_REQUEST
packet.src = utils.string_to_binary(utils.parse_mac(kwargs['mac_addr']))
packet.dst = '\xff' * 6 # broadcast address
packet.data = arp
packet.type = dpkt.ethernet.ETH_TYPE_ARP
sock.send(str(packet))
def wait_responses(packets):
hosts = []
for _, pkt in packets:
eth = dpkt.ethernet.Ethernet(pkt)
ip_packet = eth.dataif options.IPfile is not None:
parseIPlistLocation(options.IPfile)
sys.exit(0)
if options.pcapfile is not None:
if (options.srcIP or options.dstIP) == False:
print "choose -s or -d"
sys.exit(0)
f = open(options.pcapfile)
try:
pcap = dpkt.pcapng.Reader(f)
except:
print "it is not pcapng format..."
f.close()
f = open(options.pcapfile)
pcap = dpkt.pcap.Reader(f)
printPcap(pcap, options.srcIP, options.dstIP)
parseIPlistLocation("./out_IP.txt")
f.close()
sys.exit(0)from datetime import datetime
from collections import OrderedDict
import dpkt, socket, struct, sys, S7Packet
from time import sleep
"""
main functionality
"""
if(len(sys.argv)>1):
f = open(sys.argv[1], 'r')
else:
print("Please enter the .pcap file to parse!")
sys.exit(0)
pcap = dpkt.pcap.Reader(f)
"""
pcap = pcap.pcap()
capture_interface = 'eth0'
pcap = pcap.pcap(name=capture_interface)
"""
PLC_ADDRESS = '192.168.2.101'
f_out = open('config_file_information.txt', 'w')
f_out.write('TITLE: config_file_information\n\n')
f_out.write("ATTRIBUTE: functionCode\n")
f_out.write("ATTRIBUTE: packetsPerThirtySecsOfThisType\n")
f_out.write("ATTRIBUTE: 5MinuteTimeInterval\n")def collect_records(from_file):
records = []
buffer = StringIO()
for ts, buf in dpkt.pcap.Reader(open(from_file)):
eth = dpkt.ethernet.Ethernet(buf)
data = eth.data.tcp.data.split("\r\n")[-1]
if data.startswith("TNBU") and buffer.tell() != 0:
records.append(buffer.getvalue())
buffer.seek(0)
buffer.write(data)
else:
buffer.write(data)
return recordsif url in _blacklists[BLACKLIST.URL]:
src, dst, type_, trail, info, reference = src_ip, dst_ip, BLACKLIST.URL, url, _blacklists[BLACKLIST.URL][url][0], _blacklists[BLACKLIST.URL][url][1]
store_db(sec, usec, src, dst, type_, trail, info, reference)
elif protocol == socket.IPPROTO_UDP:
_check_ips()
i = iph_length + ETH_LENGTH
src_port, dst_port = struct.unpack("!HH", packet[i:i + 4])
if dst_port == 53:
h_size = ETH_LENGTH + iph_length + 8
data = packet[h_size:]
try:
dns = dpkt.dns.DNS(data)
except:
pass
else:
if dns.opcode == dpkt.dns.DNS_QUERY:
for query in dns.qd:
domain = query.name
parts = domain.split('.')
for i in xrange(0, len(parts) - 1):
_ = '.'.join(parts[i:])
if _ in _blacklists[BLACKLIST.DNS]:
src, dst, type_, trail, info, reference = src_ip, dst_ip, BLACKLIST.DNS, domain, _blacklists[BLACKLIST.DNS][_][0], _blacklists[BLACKLIST.DNS][_][1]
store_db(sec, usec, src, dst, type_, trail, info, reference)
break
except struct.error:
passdpkt
fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols
