diff --git a/README.rst b/README.rst index cc21e2b..0f2d1cd 100644 --- a/README.rst +++ b/README.rst @@ -34,8 +34,13 @@ by that. .. code-block:: bash - python flatten_sctp.py input.pcap output.pcap +for a floder a pcap files : + python flatten_sctp.py -folder folderpath +for a single pcap file : + python flatten_sctp.py -file folderpath + +this scripte will create a new folder "_processed" and put output pcap files inside. License ======= diff --git a/flatten_sctp.py b/flatten_sctp.py index f997d5b..7ad996f 100644 --- a/flatten_sctp.py +++ b/flatten_sctp.py @@ -1,35 +1,140 @@ -#!/usr/bin/python - -""" -(C) Copyright 2016-2017 Holger Hans Peter Freyther - -GNU AGPLv3+ -""" - -from scapy.all import rdpcap, Ether, IP, SCTP, SCTPChunkData, wrpcap -import sys - -inp_fn = sys.argv[1] if len(sys.argv) > 1 else "input.pcap" -out_fn = sys.argv[2] if len(sys.argv) > 2 else "output.pcap" - -pcap = rdpcap(inp_fn) -pkts = [] - -i = 0 -seq = 0 -for pkt in pcap: - ip = pkt['IP'] - layer = ip.payload - while layer.name != 'NoPayload': - if layer.name == 'SCTP': - sport = layer.sport - dport = layer.dport - tag = layer.tag - if layer.name == 'SCTPChunkData': - # re-create the chunkdata as I don't find the routine to just have this data... - pkts.append(Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data)) - seq = seq + 1 - layer = layer.payload - i = i + 1 - -wrpcap(out_fn, pkts) +## developped by Youssef ELOUAM +## date = 12.11.2020 +## version 1.2 + +from scapy.all import rdpcap, Ether, IP, SCTP, SCTPChunkData, wrpcap +import sys +import os.path +import glob +from time import time +from datetime import datetime +from argparse import ArgumentParser + +def flatten_sctp_file(path): + path = os.path.abspath(path) + pcap = rdpcap(path) + seq = 0 + print(str(datetime.now()) + " : reading : " + path + " --> .... ") + packets = [] + for pkt in pcap: + if IP in pkt : + ip = pkt['IP'] + ip_src=ip.src + ip_dst=ip.dst + layer = ip.payload + time = pkt.time + while layer.name != 'NoPayload': + if layer.name == 'SCTP': + sport = layer.sport + dport = layer.dport + tag = layer.tag + if layer.name == 'SCTPChunkData': + # re-create the chunkdata as I don't find the routine to just have this data... + newPkt = Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data) + newPkt.time = time + newPkt['IP'].src = ip_src + newPkt['IP'].dst = ip_dst + packets.append(newPkt) + seq = seq + 1 + layer = layer.payload + else: + continue + + folderName = os.path.dirname(os.path.abspath(path)) + fileName = os.path.basename(os.path.abspath(path)) + + try: + os.makedirs(folderName + "\\_processed") + print("new folder was created : " + folderName + "\\_processed") + except FileExistsError: + print(path + "\\_processed : this folder exist already") + pass + + wrpcap(folderName + "\\_processed\\" + fileName, packets) + print(str(datetime.now()) + " : file name : " + fileName + " --> DONE") + print("all result file was generated under the path : " + folderName + "\\_processed\\") + +def flatten_sctp_folder(path): + + folderName = os.path.abspath(path) + + try: + os.makedirs(folderName + "\\_processed") + print("new folder was created : " + folderName + "\\_processed") + except FileExistsError: + print(folderName + "\\_processed : this folder exist already") + pass + + allFiles = glob.glob(folderName + '/*.pcap') + packets = [] + file_count = 0 + for file in allFiles : + file_name = os.path.basename(file) + file_count += 1 + print(str(datetime.now()) + " : reading : " + file_name + " --> .... " + str(file_count)) + pcap = rdpcap(file) + seq = 0 + for pkt in pcap: + if IP in pkt : + ip = pkt['IP'] + layer = ip.payload + time = pkt.time + while layer.name != 'NoPayload': + if layer.name == 'SCTP': + sport = layer.sport + dport = layer.dport + tag = layer.tag + if layer.name == 'SCTPChunkData': + # re-create the chunkdata as I don't find the routine to just have this data... + newPkt = Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data) + newPkt.time = time + packets.append(newPkt) + seq = seq + 1 + layer = layer.payload + + else : + continue + wrpcap(folderName + "\\_processed\\" + file_name, packets) + print(str(datetime.now()) + " : file name : " + file_name + " --> DONE") + packets = [] + print("count of processed file : " + str(file_count)) + print("all result file was generated under the path : " + folderName + "\\_processed\\") + + #extension = os.path.splitext(file_name)[1] + #path = os.path.splitext(file_name)[-1] + #wrpcap(str(int(time())) + '_merged_file.pcap', packets) + #print("\n") + #print(str(datetime.now()) + " : your files was processed successfuly, new file generated : {}".format(str(int(time())) + '_merged_file.pcap')) + +if __name__ == '__main__': + + #inp_path = sys.argv[1] + #flatten_sctp(inp_path) + #sys.exit(0) + + parser = ArgumentParser() + parser.add_argument("-file", dest="filePath", + default="", action="store", + help="\t Specify file Path") + + parser.add_argument("-folder", dest="folderPath", + default="", action="store", + help="\t Specify folder Path") + + args = parser.parse_args() + + filePath = os.path.abspath(args.filePath) + folderPath = os.path.abspath(args.folderPath) + + if folderPath[-1] == "\"": + folderPath = folderPath[:-1] + + if os.path.isfile(filePath) : + flatten_sctp_file(filePath) + sys.exit(0) + elif os.path.isdir(folderPath) : + flatten_sctp_folder(folderPath) + sys.exit(0) + else : + print("not valid folder path or file path") + sys.exit(0) \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index 23367ed..30564ab 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1 @@ -scapy==2.3.3 +scapy