6 from switzerland
.client
.PacketDiff
import PacketDiffer
7 from switzerland
.common
.Dummies
import DummyAlice
9 import switzerland
.lib
.shrunk_scapy
.utils
as scapy_utils
10 import switzerland
.lib
.shrunk_scapy
.layers
.inet
as scapy_inet
14 print_unmatched
= True
15 print_firewalled
= True
19 assert len(sys
.argv
) > 1
20 for arg
in sys
.argv
[1:]:
21 assert "-in.pcap" in arg
24 print sys
.argv
[0], "<-in.pcap file> [-in.pcap file...]"
28 in_re
= re
.compile("-in")
29 def handle_file(file):
31 Look through a -in file (and its paired -out file, if there is one) and
32 try to determine which of the -out packets might have been modified to
35 file2
= in_re
.sub("-out",file)
36 packets1
= scapy_utils
.rdpcap(file)
38 packets2
= scapy_utils
.rdpcap(file2
)
41 print "The -in file is not accompanied by a -out file;",
42 print "the packet is probably injected:"
43 print packets1
[0].summary()
46 results
= compare_pcaps(packets1
,packets2
)
51 print "Sent logs: %d packets; Rec'd logs: %d packets" % \
52 (len(packets1
), len(packets2
))
54 print "Probably a spoofed packet or 3rd party retransmission:\n"
55 print packets1
[0].summary()
57 print "------------Modified packet--------------"
59 seq
= "seq: " + `packets1
[0].seq`
62 print "Received:", packets1
[0].summary(), "id:", packets1
[0].id, seq
63 for n
in xrange(len(results
)):
65 print "** Another packet that might have been the one sent:\n"
66 recd
, sent
= results
[n
]
67 print "latency:", recd
.time
- sent
.time
68 print PacketDiffer(str(sent
), str(recd
), dummy
).diff()
70 def compare_pcaps(packets1
, packets2
):
72 target_ipid
= target
.id
77 assert type(tp
) == type(ep
) == scapy_inet
.IP
79 if tp
.src
!= ep
.src
or tp
.dst
!= ep
.dst
:
80 print "Firewalled", tp
.src
, tp
.dst
, ep
.src
, ep
.dst
81 if not print_firewalled
:
86 if p
.id == target_ipid
:
87 results
.append( (target
, p
) )
92 for file in sys
.argv
[1:]:
95 if __name__
== "__main__":