python解析pcap转储为sqlite
2016-04-22 12:36
591 查看
最近有需求对pcap包进行处理,要求提取数据包中的字段,并存储到sqlite数据库中,于是乎利用scapy写了一个简单的脚本,其中包括了对IP、TCP、UDP、ICMP包的解析,其实代码重复了许多,但是为了追求工作的效率,暂且留下这段代码吧,后续慢慢优化~大神莫见怪。
#! -- coding:utf-8 --
from scapy.all import *
import sqlite3
import getopt
global output_database
def ip_insert_db(packet_dict):
db = sqlite3.connect(output_database)
cur = db.cursor()
#cur.execute('DROP TABLE IF EXISTS APACHE_LOG')
cur.execute('''CREATE TABLE IF NOT EXISTS IP_PACKET(
eventno INTEGER,
eventtype TEXT,
timestamp INTEGER,
timestampusec INTEGER,
sipaddr TEXT,
dipaddr TEXT,
totalpacketlen INTEGER,
protocol INTEGER,
tos INTEGER,
ipid INTEGER,
ipcksum INTEGER,
ipttl INTEGER
)''')
query = '''insert into IP_PACKET (eventno,eventtype,timestamp,timestampusec,sipaddr,dipaddr,totalpacketlen,
protocol,tos,ipid,ipcksum,ipttl) values ('%d','%s','%d','%d','%s','%s','%d','%d','%d','%d','%d','%d');''' \
% (packet_dict['evento'],packet_dict['eventtype'],packet_dict['timestamp'],packet_dict['timestampusec'],packet_dict['sipaddr'],packet_dict['dipaddr'],
packet_dict['totalpacketlen'],packet_dict['protocol'],packet_dict['tos'],packet_dict['ipid'],packet_dict['ipcksum'],packet_dict['ipttl'])
cur.execute(query)
db.commit()
cur.close()
db.close()
return
def tcp_insert_db(packet_dict):
db = sqlite3.connect(output_database)
cur = db.cursor()
#cur.execute('DROP TABLE IF EXISTS APACHE_LOG')
cur.execute('''CREATE TABLE IF NOT EXISTS TCP_PACKET(
eventno INTEGER,
eventtype TEXT,
timestamp INTEGER,
timestampusec INTEGER,
sipaddr TEXT,
dipaddr TEXT,
sport INTEGER,
dport INTEGER,
totalpacketlen INTEGER,
protocol INTEGER,
tos INTEGER,
ipid INTEGER,
ipcksum INTEGER,
ipttl INTEGER,
tcpseq TEXT,
tcpack TEXT,
tcpflags TEXT
)''')
query = '''insert into TCP_PACKET (eventno,eventtype,timestamp,timestampusec,sipaddr,dipaddr,sport,dport,totalpacketlen,
protocol,tos,ipid,ipcksum,ipttl,tcpseq,tcpack,tcpflags) values (%d,'%s','%d','%d','%s','%s','%d','%d','%d','%d','%d','%d','%d','%d',
'%s','%s','%s');''' \
% (packet_dict['evento'],packet_dict['eventtype'],packet_dict['timestamp'],packet_dict['timestampusec'],packet_dict['sipaddr'],packet_dict['dipaddr'],
packet_dict['sport'], packet_dict['dport'],packet_dict['totalpacketlen'],packet_dict['protocol'],packet_dict['tos'],packet_dict['ipid'],
packet_dict['ipcksum'],packet_dict['ipttl'],packet_dict['tcpseq'],packet_dict['tcpack'],packet_dict['tcpflags'])
cur.execute(query)
db.commit()
cur.close()
db.close()
return
def udp_insert_db(packet_dict):
db = sqlite3.connect(output_database)
cur = db.cursor()
#cur.execute('DROP TABLE IF EXISTS APACHE_LOG')
cur.execute('''CREATE TABLE IF NOT EXISTS UDP_PACKET(
eventno INTEGER,
eventtype TEXT,
timestamp INTEGER,
timestampusec INTEGER,
sipaddr TEXT,
dipaddr TEXT,
sport INTEGER,
dport INTEGER,
totalpacketlen INTEGER,
protocol INTEGER,
tos INTEGER,
ipid INTEGER,
ipcksum INTEGER,
ipttl INTEGER,
udplen INTEGER,
udpcksum INTEGER
)''')
query = '''insert into UDP_PACKET (eventno,eventtype,timestamp,timestampusec,sipaddr,dipaddr,sport,dport,totalpacketlen,
protocol,tos,ipid,ipcksum,ipttl,udplen,udpcksum) values (%d,'%s','%d','%d','%s','%s','%d','%d','%d','%d','%d','%d','%d','%d',
'%d','%d');''' \
% (packet_dict['evento'],packet_dict['eventtype'],packet_dict['timestamp'],packet_dict['timestampusec'],packet_dict['sipaddr'],packet_dict['dipaddr'],
packet_dict['sport'], packet_dict['dport'],packet_dict['totalpacketlen'],packet_dict['protocol'],packet_dict['tos'],packet_dict['ipid'],
packet_dict['ipcksum'],packet_dict['ipttl'],packet_dict['udplen'],packet_dict['udpcksum'])
cur.execute(query)
db.commit()
cur.close()
db.close()
return
def icmp_insert_db(packet_dict):
db = sqlite3.connect(output_database)
cur = db.cursor()
#cur.execute('DROP TABLE IF EXISTS APACHE_LOG')
cur.execute('''CREATE TABLE IF NOT EXISTS ICMP_PACKET(
eventno INTEGER,
eventtype TEXT,
timestamp INTEGER,
timestampusec INTEGER,
sipaddr TEXT,
dipaddr TEXT,
totalpacketlen INTEGER,
protocol INTEGER,
tos INTEGER,
ipid INTEGER,
ipcksum INTEGER,
ipttl INTEGER,
icmptype INTEGER,
icmpcode INTEGER,
icmpcksum INTEGER
)''')
query = '''insert into ICMP_PACKET (eventno,eventtype,timestamp,timestampusec,sipaddr,dipaddr,totalpacketlen,
protocol,tos,ipid,ipcksum,ipttl,icmptype,icmpcode,icmpcksum) values (%d,'%s','%d','%d','%s','%s','%d','%d','%d','%d','%d','%d',
'%d','%d','%d');''' \
% (packet_dict['evento'],packet_dict['eventtype'],packet_dict['timestamp'],packet_dict['timestampusec'],packet_dict['sipaddr'],packet_dict['dipaddr'],
packet_dict['totalpacketlen'],packet_dict['protocol'],packet_dict['tos'],packet_dict['ipid'],packet_dict['ipcksum'],packet_dict['ipttl'],
packet_dict['icmptype'],packet_dict['icmpcode'],packet_dict['icmpcksum'])
cur.execute(query)
db.commit()
cur.close()
db.close()
return
def tcp_parse(pcaps):
'''
evento i
eventtype
timestamp i
timestampusec i
sipaddr
dipaddr
sport i
dport
totalpacketlen
protocol
tos
ipid
ipcksum
ipttl i
tcpseq
tcpack
tcpflags
:param pcaps:
:return:
'''
tcp_dict = dict()
tcp_object = pcaps[TCP]
count = 0
tcp_dict['eventtype']="TCP_PACKET"
try:
while (tcp_object[count]):
tcp_dict['evento'] = count
tcp_dict['timestamp'] = tcp_object[count][TCP].time
tcp_dict['timestampusec'] = 1
tcp_dict['sipaddr'] = tcp_object[count][IP].src
tcp_dict['dipaddr'] = tcp_object[count][IP].dst
tcp_dict['sport'] = tcp_object[count][TCP].sport
tcp_dict['dport'] = tcp_object[count][TCP].dport
tcp_dict['totalpacketlen'] = tcp_object[count][IP].len
tcp_dict['protocol'] = tcp_object[count][IP].proto
tcp_dict['tos'] = tcp_object[count][IP].tos
tcp_dict['ipid'] = tcp_object[count][IP].id
tcp_dict['ipcksum'] = tcp_object[count][IP].chksum
tcp_dict['ipttl'] = tcp_object[count][IP].ttl
tcp_dict['tcpseq'] = tcp_object[count][TCP].seq
tcp_dict['tcpack'] = tcp_object[count][TCP].ack
tcp_dict['tcpflags'] = tcp_object[count][TCP].flags
tcp_insert_db(tcp_dict)
count = count + 1
except Exception as e:
print e
return
def icmp_parse(pcaps):
'''
eventno
eventtype t
timestamp
timestampusec
sipaddr t
dipaddr t
totalpacketlen
protocol
tos
ipid
ipoffset
ipcksum
ipttl
icmptype
icmpcode
icmpcksum
:param pcaps:
:return:
'''
icmp_dict = dict()
icmp_object = pcaps[ICMP]
count = 0
icmp_dict['eventtype']="ICMP_PACKET"
try:
while (icmp_object[count]):
icmp_dict['evento'] = count
icmp_dict['timestamp'] = icmp_object[count][ICMP].time
icmp_dict['timestampusec'] = 1
icmp_dict['sipaddr'] = icmp_object[count][IP].src
icmp_dict['dipaddr'] = icmp_object[count][IP].dst
icmp_dict['totalpacketlen'] = icmp_object[count][IP].len
icmp_dict['protocol'] = icmp_object[count][IP].proto
icmp_dict['tos'] = icmp_object[count][IP].tos
icmp_dict['ipid'] = icmp_object[count][IP].id
icmp_dict['ipcksum'] = icmp_object[count][IP].chksum
icmp_dict['ipttl'] =
cd0b
icmp_object[count][IP].ttl
icmp_dict['icmptype'] = icmp_object[count][ICMP].type
icmp_dict['icmpcode'] = icmp_object[count][ICMP].code
icmp_dict['icmpcksum'] = icmp_object[count][ICMP].chksum
icmp_insert_db(icmp_dict)
count = count + 1
except Exception as e:
print e
return
def udp_parse(pcaps):
'''
udp:
evento
eventtype
timestamp
timestampusec
sipaddr
dipaddr
sport
dport
totalpacketlen
protocol
tos
ipid
ipcksum
ipttl
udplen
udpchksum
:param pcaps:
:return:
'''
udp_dict = dict()
udp_object = pcaps[UDP]
count = 0
udp_dict['eventtype']="UDP_PACKET"
try:
while (udp_object[count]):
udp_dict['evento'] = count
udp_dict['timestamp'] = udp_object[count][UDP].time
udp_dict['timestampusec'] = 1
udp_dict['sipaddr'] = udp_object[count][IP].src
udp_dict['dipaddr'] = udp_object[count][IP].dst
udp_dict['sport'] = udp_object[count][UDP].sport
udp_dict['dport'] = udp_object[count][UDP].dport
udp_dict['totalpacketlen'] = udp_object[count][IP].len
udp_dict['protocol'] = udp_object[count][IP].proto
udp_dict['tos'] = udp_object[count][IP].tos
udp_dict['ipid'] = udp_object[count][IP].id
udp_dict['ipcksum'] = udp_object[count][IP].chksum
udp_dict['ipttl'] = udp_object[count][IP].ttl
udp_dict['udplen'] = udp_object[count][UDP].len
udp_dict['udpcksum'] = udp_object[count][UDP].chksum
udp_insert_db(udp_dict)
count = count + 1
except Exception as e:
print e
return
def ip_parse(pcaps):
'''
evento i
eventtype
timestamp i
timestampusec i
sipaddr
dipaddr
totalpacketlen
protocol
tos
ipid
ipcksum
ipttl i
:param pcaps:
:return:
'''
ip_dict = dict()
ip_object = pcaps[IP]
count = 0
ip_dict['eventtype']="IP_PACKET"
try:
while (ip_object[count]):
ip_dict['evento'] = count
ip_dict['timestamp'] = ip_object[count][IP].time
ip_dict['timestampusec'] = 1
ip_dict['sipaddr'] = ip_object[count][IP].src
ip_dict['dipaddr'] = ip_object[count][IP].dst
ip_dict['totalpacketlen'] = ip_object[count][IP].len
ip_dict['protocol'] = ip_object[count][IP].proto
ip_dict['tos'] = ip_object[count][IP].tos
ip_dict['ipid'] = ip_object[count][IP].id
ip_dict['ipcksum'] = ip_object[count][IP].chksum
ip_dict['ipttl'] = ip_object[count][IP].ttl
ip_insert_db(ip_dict)
count = count + 1
except Exception as e:
print e
return
def usage():
print '''
###########################################################
# #
# Plugin for Datadump #
# #
# Description: #
# Data dump can parse the pcap file and store it in #
# the SQLite database. #
# Currently can handle IP, TCP, UDP, ICMP types of #
# data packets. #
# #
# Author:test #
###########################################################
./packet_parse.py -i <pcapfile> -o <sqlitedatabase>
Parameter
===========
-i/--input : input pcapfile
-o/--output : output sqlite file
example:
python packet_parse.py -i input.pcap -o output.sqlite
or
python packet_parse.py --input=input.pcap --ouput=output.sqlite
'''
sys.exit()
return
def main():
filename=""
global output_database
try:
opts,args = getopt.getopt(sys.argv[1:],'hi:o:',["help","input=","output="])
except getopt.GetoptError:
print 'please input -h or --help'
sys.exit()
for key,value in opts:
if key in ("-h","--help"):
usage()
if key in ("-i","--input"):
filename = value
if key in ("-o","--output"):
output_database = value
pcaps = rdpcap(filename)
tcp_parse(pcaps)
udp_parse(pcaps)
icmp_parse(pcaps)
ip_parse(pcaps)
return
if __name__ == '__main__':
main()
帮助说明:
处理结果:
#! -- coding:utf-8 --
from scapy.all import *
import sqlite3
import getopt
global output_database
def ip_insert_db(packet_dict):
db = sqlite3.connect(output_database)
cur = db.cursor()
#cur.execute('DROP TABLE IF EXISTS APACHE_LOG')
cur.execute('''CREATE TABLE IF NOT EXISTS IP_PACKET(
eventno INTEGER,
eventtype TEXT,
timestamp INTEGER,
timestampusec INTEGER,
sipaddr TEXT,
dipaddr TEXT,
totalpacketlen INTEGER,
protocol INTEGER,
tos INTEGER,
ipid INTEGER,
ipcksum INTEGER,
ipttl INTEGER
)''')
query = '''insert into IP_PACKET (eventno,eventtype,timestamp,timestampusec,sipaddr,dipaddr,totalpacketlen,
protocol,tos,ipid,ipcksum,ipttl) values ('%d','%s','%d','%d','%s','%s','%d','%d','%d','%d','%d','%d');''' \
% (packet_dict['evento'],packet_dict['eventtype'],packet_dict['timestamp'],packet_dict['timestampusec'],packet_dict['sipaddr'],packet_dict['dipaddr'],
packet_dict['totalpacketlen'],packet_dict['protocol'],packet_dict['tos'],packet_dict['ipid'],packet_dict['ipcksum'],packet_dict['ipttl'])
cur.execute(query)
db.commit()
cur.close()
db.close()
return
def tcp_insert_db(packet_dict):
db = sqlite3.connect(output_database)
cur = db.cursor()
#cur.execute('DROP TABLE IF EXISTS APACHE_LOG')
cur.execute('''CREATE TABLE IF NOT EXISTS TCP_PACKET(
eventno INTEGER,
eventtype TEXT,
timestamp INTEGER,
timestampusec INTEGER,
sipaddr TEXT,
dipaddr TEXT,
sport INTEGER,
dport INTEGER,
totalpacketlen INTEGER,
protocol INTEGER,
tos INTEGER,
ipid INTEGER,
ipcksum INTEGER,
ipttl INTEGER,
tcpseq TEXT,
tcpack TEXT,
tcpflags TEXT
)''')
query = '''insert into TCP_PACKET (eventno,eventtype,timestamp,timestampusec,sipaddr,dipaddr,sport,dport,totalpacketlen,
protocol,tos,ipid,ipcksum,ipttl,tcpseq,tcpack,tcpflags) values (%d,'%s','%d','%d','%s','%s','%d','%d','%d','%d','%d','%d','%d','%d',
'%s','%s','%s');''' \
% (packet_dict['evento'],packet_dict['eventtype'],packet_dict['timestamp'],packet_dict['timestampusec'],packet_dict['sipaddr'],packet_dict['dipaddr'],
packet_dict['sport'], packet_dict['dport'],packet_dict['totalpacketlen'],packet_dict['protocol'],packet_dict['tos'],packet_dict['ipid'],
packet_dict['ipcksum'],packet_dict['ipttl'],packet_dict['tcpseq'],packet_dict['tcpack'],packet_dict['tcpflags'])
cur.execute(query)
db.commit()
cur.close()
db.close()
return
def udp_insert_db(packet_dict):
db = sqlite3.connect(output_database)
cur = db.cursor()
#cur.execute('DROP TABLE IF EXISTS APACHE_LOG')
cur.execute('''CREATE TABLE IF NOT EXISTS UDP_PACKET(
eventno INTEGER,
eventtype TEXT,
timestamp INTEGER,
timestampusec INTEGER,
sipaddr TEXT,
dipaddr TEXT,
sport INTEGER,
dport INTEGER,
totalpacketlen INTEGER,
protocol INTEGER,
tos INTEGER,
ipid INTEGER,
ipcksum INTEGER,
ipttl INTEGER,
udplen INTEGER,
udpcksum INTEGER
)''')
query = '''insert into UDP_PACKET (eventno,eventtype,timestamp,timestampusec,sipaddr,dipaddr,sport,dport,totalpacketlen,
protocol,tos,ipid,ipcksum,ipttl,udplen,udpcksum) values (%d,'%s','%d','%d','%s','%s','%d','%d','%d','%d','%d','%d','%d','%d',
'%d','%d');''' \
% (packet_dict['evento'],packet_dict['eventtype'],packet_dict['timestamp'],packet_dict['timestampusec'],packet_dict['sipaddr'],packet_dict['dipaddr'],
packet_dict['sport'], packet_dict['dport'],packet_dict['totalpacketlen'],packet_dict['protocol'],packet_dict['tos'],packet_dict['ipid'],
packet_dict['ipcksum'],packet_dict['ipttl'],packet_dict['udplen'],packet_dict['udpcksum'])
cur.execute(query)
db.commit()
cur.close()
db.close()
return
def icmp_insert_db(packet_dict):
db = sqlite3.connect(output_database)
cur = db.cursor()
#cur.execute('DROP TABLE IF EXISTS APACHE_LOG')
cur.execute('''CREATE TABLE IF NOT EXISTS ICMP_PACKET(
eventno INTEGER,
eventtype TEXT,
timestamp INTEGER,
timestampusec INTEGER,
sipaddr TEXT,
dipaddr TEXT,
totalpacketlen INTEGER,
protocol INTEGER,
tos INTEGER,
ipid INTEGER,
ipcksum INTEGER,
ipttl INTEGER,
icmptype INTEGER,
icmpcode INTEGER,
icmpcksum INTEGER
)''')
query = '''insert into ICMP_PACKET (eventno,eventtype,timestamp,timestampusec,sipaddr,dipaddr,totalpacketlen,
protocol,tos,ipid,ipcksum,ipttl,icmptype,icmpcode,icmpcksum) values (%d,'%s','%d','%d','%s','%s','%d','%d','%d','%d','%d','%d',
'%d','%d','%d');''' \
% (packet_dict['evento'],packet_dict['eventtype'],packet_dict['timestamp'],packet_dict['timestampusec'],packet_dict['sipaddr'],packet_dict['dipaddr'],
packet_dict['totalpacketlen'],packet_dict['protocol'],packet_dict['tos'],packet_dict['ipid'],packet_dict['ipcksum'],packet_dict['ipttl'],
packet_dict['icmptype'],packet_dict['icmpcode'],packet_dict['icmpcksum'])
cur.execute(query)
db.commit()
cur.close()
db.close()
return
def tcp_parse(pcaps):
'''
evento i
eventtype
timestamp i
timestampusec i
sipaddr
dipaddr
sport i
dport
totalpacketlen
protocol
tos
ipid
ipcksum
ipttl i
tcpseq
tcpack
tcpflags
:param pcaps:
:return:
'''
tcp_dict = dict()
tcp_object = pcaps[TCP]
count = 0
tcp_dict['eventtype']="TCP_PACKET"
try:
while (tcp_object[count]):
tcp_dict['evento'] = count
tcp_dict['timestamp'] = tcp_object[count][TCP].time
tcp_dict['timestampusec'] = 1
tcp_dict['sipaddr'] = tcp_object[count][IP].src
tcp_dict['dipaddr'] = tcp_object[count][IP].dst
tcp_dict['sport'] = tcp_object[count][TCP].sport
tcp_dict['dport'] = tcp_object[count][TCP].dport
tcp_dict['totalpacketlen'] = tcp_object[count][IP].len
tcp_dict['protocol'] = tcp_object[count][IP].proto
tcp_dict['tos'] = tcp_object[count][IP].tos
tcp_dict['ipid'] = tcp_object[count][IP].id
tcp_dict['ipcksum'] = tcp_object[count][IP].chksum
tcp_dict['ipttl'] = tcp_object[count][IP].ttl
tcp_dict['tcpseq'] = tcp_object[count][TCP].seq
tcp_dict['tcpack'] = tcp_object[count][TCP].ack
tcp_dict['tcpflags'] = tcp_object[count][TCP].flags
tcp_insert_db(tcp_dict)
count = count + 1
except Exception as e:
print e
return
def icmp_parse(pcaps):
'''
eventno
eventtype t
timestamp
timestampusec
sipaddr t
dipaddr t
totalpacketlen
protocol
tos
ipid
ipoffset
ipcksum
ipttl
icmptype
icmpcode
icmpcksum
:param pcaps:
:return:
'''
icmp_dict = dict()
icmp_object = pcaps[ICMP]
count = 0
icmp_dict['eventtype']="ICMP_PACKET"
try:
while (icmp_object[count]):
icmp_dict['evento'] = count
icmp_dict['timestamp'] = icmp_object[count][ICMP].time
icmp_dict['timestampusec'] = 1
icmp_dict['sipaddr'] = icmp_object[count][IP].src
icmp_dict['dipaddr'] = icmp_object[count][IP].dst
icmp_dict['totalpacketlen'] = icmp_object[count][IP].len
icmp_dict['protocol'] = icmp_object[count][IP].proto
icmp_dict['tos'] = icmp_object[count][IP].tos
icmp_dict['ipid'] = icmp_object[count][IP].id
icmp_dict['ipcksum'] = icmp_object[count][IP].chksum
icmp_dict['ipttl'] =
cd0b
icmp_object[count][IP].ttl
icmp_dict['icmptype'] = icmp_object[count][ICMP].type
icmp_dict['icmpcode'] = icmp_object[count][ICMP].code
icmp_dict['icmpcksum'] = icmp_object[count][ICMP].chksum
icmp_insert_db(icmp_dict)
count = count + 1
except Exception as e:
print e
return
def udp_parse(pcaps):
'''
udp:
evento
eventtype
timestamp
timestampusec
sipaddr
dipaddr
sport
dport
totalpacketlen
protocol
tos
ipid
ipcksum
ipttl
udplen
udpchksum
:param pcaps:
:return:
'''
udp_dict = dict()
udp_object = pcaps[UDP]
count = 0
udp_dict['eventtype']="UDP_PACKET"
try:
while (udp_object[count]):
udp_dict['evento'] = count
udp_dict['timestamp'] = udp_object[count][UDP].time
udp_dict['timestampusec'] = 1
udp_dict['sipaddr'] = udp_object[count][IP].src
udp_dict['dipaddr'] = udp_object[count][IP].dst
udp_dict['sport'] = udp_object[count][UDP].sport
udp_dict['dport'] = udp_object[count][UDP].dport
udp_dict['totalpacketlen'] = udp_object[count][IP].len
udp_dict['protocol'] = udp_object[count][IP].proto
udp_dict['tos'] = udp_object[count][IP].tos
udp_dict['ipid'] = udp_object[count][IP].id
udp_dict['ipcksum'] = udp_object[count][IP].chksum
udp_dict['ipttl'] = udp_object[count][IP].ttl
udp_dict['udplen'] = udp_object[count][UDP].len
udp_dict['udpcksum'] = udp_object[count][UDP].chksum
udp_insert_db(udp_dict)
count = count + 1
except Exception as e:
print e
return
def ip_parse(pcaps):
'''
evento i
eventtype
timestamp i
timestampusec i
sipaddr
dipaddr
totalpacketlen
protocol
tos
ipid
ipcksum
ipttl i
:param pcaps:
:return:
'''
ip_dict = dict()
ip_object = pcaps[IP]
count = 0
ip_dict['eventtype']="IP_PACKET"
try:
while (ip_object[count]):
ip_dict['evento'] = count
ip_dict['timestamp'] = ip_object[count][IP].time
ip_dict['timestampusec'] = 1
ip_dict['sipaddr'] = ip_object[count][IP].src
ip_dict['dipaddr'] = ip_object[count][IP].dst
ip_dict['totalpacketlen'] = ip_object[count][IP].len
ip_dict['protocol'] = ip_object[count][IP].proto
ip_dict['tos'] = ip_object[count][IP].tos
ip_dict['ipid'] = ip_object[count][IP].id
ip_dict['ipcksum'] = ip_object[count][IP].chksum
ip_dict['ipttl'] = ip_object[count][IP].ttl
ip_insert_db(ip_dict)
count = count + 1
except Exception as e:
print e
return
def usage():
print '''
###########################################################
# #
# Plugin for Datadump #
# #
# Description: #
# Data dump can parse the pcap file and store it in #
# the SQLite database. #
# Currently can handle IP, TCP, UDP, ICMP types of #
# data packets. #
# #
# Author:test #
###########################################################
./packet_parse.py -i <pcapfile> -o <sqlitedatabase>
Parameter
===========
-i/--input : input pcapfile
-o/--output : output sqlite file
example:
python packet_parse.py -i input.pcap -o output.sqlite
or
python packet_parse.py --input=input.pcap --ouput=output.sqlite
'''
sys.exit()
return
def main():
filename=""
global output_database
try:
opts,args = getopt.getopt(sys.argv[1:],'hi:o:',["help","input=","output="])
except getopt.GetoptError:
print 'please input -h or --help'
sys.exit()
for key,value in opts:
if key in ("-h","--help"):
usage()
if key in ("-i","--input"):
filename = value
if key in ("-o","--output"):
output_database = value
pcaps = rdpcap(filename)
tcp_parse(pcaps)
udp_parse(pcaps)
icmp_parse(pcaps)
ip_parse(pcaps)
return
if __name__ == '__main__':
main()
帮助说明:
处理结果:
相关文章推荐
- Python动态类型的学习---引用的理解
- Python3写爬虫(四)多线程实现数据爬取
- 垃圾邮件过滤器 python简单实现
- 下载并遍历 names.txt 文件,输出长度最长的回文人名。
- install and upgrade scrapy
- Scrapy的架构介绍
- Centos6 编译安装Python
- 使用Python生成Excel格式的图片
- 让Python文件也可以当bat文件运行
- [Python]推算数独
- Python中zip()函数用法举例
- Python中map()函数浅析
- Python将excel导入到mysql中
- Python在CAM软件Genesis2000中的应用
- 使用Shiboken为C++和Qt库创建Python绑定
- FREEBASIC 编译可被python调用的dll函数示例
- Python 七步捉虫法