18. Analyzing Networking Traffic using dpkt library

We will be using the dpkt library to analyse the network traffic. dpkt is a python module for fast, simple packet creation/parsing, with definition for the basic TCP/IP protocols. In order to use dpktyou first need to install it.

Intalling dpkt module

sudo pip install dpkt
Note: You can omit sudo from the above command, if you are logged in as root user.
In this lesson we will extract the source IP and destination IP addressess for the packets on the network using python code, from our .pcap file, in which we saved the Workshire traffic data. After saving your captured pcap file at some location(say Desktop). Run the following code:
#!usr/bin/env python
    # this code prints Source and Destination IP from the given 'pcap' file
    
    import dpkt
    import socket
    
    def printPcap(pcap):
    for (ts,buf) in pcap:
    try:
    eth = dpkt.ethernet.Ethernet(buf)
    ip = eth.data
    # read the source IP in src
    src = socket.inet_ntoa(ip.src)
    # read the destination IP in dst
    dst = socket.inet_ntoa(ip.dst)
    
    # Print the source and destination IP
    print 'Source: ' +src+ ' Destination: '  +dst
    
    except:
    pass
    
    def main():
    # Open pcap file for reading
    f = open('/home/codeplay/Desktop/first.pcap')
    #pass the file argument to the pcap.Reader function
    pcap = dpkt.pcap.Reader(f)
    printPcap(pcap)
    
    if __name__ == '__main__':
    main()
 
In the above code, in the method printPcap()ts and buf are timestamp and buffer respectively. You might have noticed socket methods inet_ntoa and inet_atoninet_aton converts a 32-bit packed IPv4 address(a string of four characters in length) to its standard dotted-quad string representation(for example, 123.45.67.89).
Output:

# Table of Contents:
28. Changing User Agent

# Ebooks for Network Programming with Python



logoblog

No comments:

Post a Comment