Skip to content

Instantly share code, notes, and snippets.

@aurorapar

aurorapar/createcsv.py

Created April 25, 2019 02:00
Show Gist options
  • Save aurorapar/08ae5b6a7bc9130d74c1c1733ae241d3 to your computer and use it in GitHub Desktop.
Save aurorapar/08ae5b6a7bc9130d74c1c1733ae241d3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
createcsv.py
import dpkt
from socket import inet_ntoa
import traceback
import datetime
import sys
import csv
myAddress = '10.0.0.3'
badFrames = 0
fieldNames = ['packet', 'source', 'destination', 'sport', 'dport', 'len', 'id', 'off', 'ttl', 'p', 'sum', 'options', 'type', 'ulen', 'sequence',\
'acknowledgement', 'flags', 'window', 'group', 'code', 'payload']
def storeData(timestamp, buf):
global badFrames, fieldNames
packetData = {}
try:
eth = dpkt.ethernet.Ethernet(buf)
if not isinstance(eth.data, dpkt.ip.IP):
return
ip = eth.data
info = {}
try:
info = {'source':inet_ntoa(ip.src),
'destination':inet_ntoa(ip.dst),
'len':ip.len,
'id':ip.id,
'off':ip.off,
'ttl':ip.ttl,
'p':ip.p,
'sum':ip.sum,
'payload':repr(ip.data),
'options':ip.opts,
'type':eth.type}
if isinstance(ip.data, dpkt.udp.UDP):
info['packet'] = 'UDP'
info['sport'] = ip.data.sport
info['dport'] = ip.data.dport
info['ulen'] = ip.data.ulen
info['sum'] = ip.data.sum
info['payload'] = ip.data.data
elif isinstance(ip.data, dpkt.tcp.TCP):
info['packet'] = 'TCP'
info['sport'] = ip.data.sport
info['dport'] = ip.data.dport
info['sequence'] = ip.data.seq
info['acknowledgement'] = ip.data.ack
info['flags'] = ip.data.flags
info['window'] = ip.data.win
info['sum'] = ip.data.sum
info['payload'] = ip.data.data
elif isinstance(ip.data, dpkt.igmp.IGMP):
info['packet'] = 'IGMP'
info['group'] = ip.data.group
info['type'] = ip.data.type
info['sum'] = ip.data.sum
info['payload'] = ip.data.data
elif isinstance(ip.data, dpkt.icmp.ICMP):
info['packet'] = 'ICMP'
info['code'] = ip.data.code
info['payload'] = repr(ip.data.data.data)
info['sport'] = ip.data.data.data.data.sport
info['dport'] = ip.data.data.data.data.dport
info['sum'] = ip.data.data.data.data.sum
try:
info['packet'] = 'ICMP+TCP'
info['sequence'] = ip.data.data.data.data.seq
info['acknowledgement'] = ip.data.data.data.data.ack
info['flags'] = ip.data.data.data.data.flags
info['window'] = ip.data.data.data.data.win
info['sum'] = ip.data.data.data.data.sum
info['options'] = ip.data.data.data.data.opts
except:
try:
info['packet'] = 'ICMP+UDP'
info['ulen'] = ip.data.data.data.data.ulen
info['payload'] = ip.data.data.data.data.data
except:
print "-------------------- ping tunnel issue"
print {ip}
print "--------------------"
pass
elif isinstance(ip.data, dpkt.sctp.SCTP):
info['packet']= 'SCTP'
info['sport'] = ip.data.sport
info['dport'] = ip.data.dport
for i in xrange(len(ip.data.data)):
fieldNames.append('chunk %s len'%i)
fieldNames.append('chunk %s payload'%i)
fieldNames.remove('payload')
fieldNames.append('payload')
fieldNames = list(dict.fromkeys(fieldNames))
info['chunk %s len'%i] = ip.data.data[i].len
info['chunk %s payload'%i] = ip.data.data[i].data
else:
info['packet'] = 'UNKNOWN'
except:
traceback.print_exc()
print {ip}
if myAddress != info['source'] and myAddress != info['destination']:
return
except:
traceback.print_exc()
print "\n\n"
badFrames += 1
return
info['payload'] = len(info['payload'])
str(datetime.datetime.utcfromtimestamp(timestamp))
dataFileName = '%s.csv'%info['packet']
with open(dataFileName, 'a+') as dataFile:
try:
writer = csv.DictWriter(dataFile, fieldnames=fieldNames)
writer.writerow(info)
'''
data = ''
for k,v in info.iteritems():
data = data + ("%s,"%v)
dataFile.write(data[0:-1])
'''
except:
print "ERROR: COULDN'T WRITE TO FILE"
print "%s"%dataFileName
traceback.print_exc()
print "\n\n"
if __name__ == '__main__':
with open("alldata2.pcap", 'rb') as data:
pcap = dpkt.pcap.Reader(data)
for timestamp, buf in pcap:
storeData(timestamp, buf)
print "%s bad frames"%badFrames
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment