From f159581604a6d749c93320a3a0e98969994ce7c2 Mon Sep 17 00:00:00 2001 From: yousef Date: Mon, 24 Aug 2020 18:04:54 +0200 Subject: [PATCH 1/6] Add files via upload --- flatten_sctp.py | 73 +++++++++++++++++++++++++------------------------ 1 file changed, 38 insertions(+), 35 deletions(-) diff --git a/flatten_sctp.py b/flatten_sctp.py index f997d5b..48d2b8b 100644 --- a/flatten_sctp.py +++ b/flatten_sctp.py @@ -1,35 +1,38 @@ -#!/usr/bin/python - -""" -(C) Copyright 2016-2017 Holger Hans Peter Freyther - -GNU AGPLv3+ -""" - -from scapy.all import rdpcap, Ether, IP, SCTP, SCTPChunkData, wrpcap -import sys - -inp_fn = sys.argv[1] if len(sys.argv) > 1 else "input.pcap" -out_fn = sys.argv[2] if len(sys.argv) > 2 else "output.pcap" - -pcap = rdpcap(inp_fn) -pkts = [] - -i = 0 -seq = 0 -for pkt in pcap: - ip = pkt['IP'] - layer = ip.payload - while layer.name != 'NoPayload': - if layer.name == 'SCTP': - sport = layer.sport - dport = layer.dport - tag = layer.tag - if layer.name == 'SCTPChunkData': - # re-create the chunkdata as I don't find the routine to just have this data... - pkts.append(Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data)) - seq = seq + 1 - layer = layer.payload - i = i + 1 - -wrpcap(out_fn, pkts) +from scapy.all import rdpcap, Ether, IP, SCTP, SCTPChunkData, wrpcap +import sys +import os.path + +def flatten_sctp(file_name): + pcap = rdpcap(file_name) + packets = [] + + i = 0 + seq = 0 + + for pkt in pcap: + ip = pkt['IP'] + layer = ip.payload + while layer.name != 'NoPayload': + if layer.name == 'SCTP': + sport = layer.sport + dport = layer.dport + tag = layer.tag + if layer.name == 'SCTPChunkData': + # re-create the chunkdata as I don't find the routine to just have this data... + packets.append(Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data)) + seq = seq + 1 + layer = layer.payload + i = i + 1 + + extension = os.path.splitext(file_name)[1] + file_name = os.path.splitext(file_name)[0] + + wrpcap(file_name + '_out'+ extension, packets) + print("your file was processed successfuly, new file generated under {}_out{}".format(file_name, extension)) + +if __name__ == '__main__': + inp_fn = sys.argv[1] + flatten_sctp(inp_fn) + sys.exit(0) + + From 3c814242fd834e25fb07fb994cd3268866b52d98 Mon Sep 17 00:00:00 2001 From: yousef Date: Thu, 27 Aug 2020 15:57:37 +0200 Subject: [PATCH 2/6] Update flatten_sctp.py --- flatten_sctp.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flatten_sctp.py b/flatten_sctp.py index 48d2b8b..375495a 100644 --- a/flatten_sctp.py +++ b/flatten_sctp.py @@ -12,6 +12,7 @@ def flatten_sctp(file_name): for pkt in pcap: ip = pkt['IP'] layer = ip.payload + time = pkt.time while layer.name != 'NoPayload': if layer.name == 'SCTP': sport = layer.sport @@ -19,7 +20,9 @@ def flatten_sctp(file_name): tag = layer.tag if layer.name == 'SCTPChunkData': # re-create the chunkdata as I don't find the routine to just have this data... - packets.append(Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data)) + newPkt = Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data) + newPkt.time = time + packets.append(newPkt) seq = seq + 1 layer = layer.payload i = i + 1 From 93a7d97f03be0082f585d3669f0b976c414ce373 Mon Sep 17 00:00:00 2001 From: yousef Date: Tue, 17 Nov 2020 12:20:38 +0100 Subject: [PATCH 3/6] Add files via upload --- flatten_sctp.py | 120 ++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 106 insertions(+), 14 deletions(-) diff --git a/flatten_sctp.py b/flatten_sctp.py index 375495a..dfac2d1 100644 --- a/flatten_sctp.py +++ b/flatten_sctp.py @@ -1,16 +1,25 @@ +## developped by Youssef ELOUAM +## date = 12.11.2020 +## version 1.2 + from scapy.all import rdpcap, Ether, IP, SCTP, SCTPChunkData, wrpcap import sys import os.path +import glob +from time import time +from datetime import datetime +from argparse import ArgumentParser -def flatten_sctp(file_name): - pcap = rdpcap(file_name) - packets = [] - - i = 0 +def flatten_sctp_file(path): + path = os.path.abspath(path) + pcap = rdpcap(path) seq = 0 - + print(str(datetime.now()) + " : reading : " + path + " --> .... ") + packets = [] for pkt in pcap: ip = pkt['IP'] + ip_src=ip.src + ip_dst=ip.dst layer = ip.payload time = pkt.time while layer.name != 'NoPayload': @@ -22,20 +31,103 @@ def flatten_sctp(file_name): # re-create the chunkdata as I don't find the routine to just have this data... newPkt = Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data) newPkt.time = time + newPkt['IP'].src = ip_src + newPkt['IP'].dst = ip_dst packets.append(newPkt) seq = seq + 1 layer = layer.payload - i = i + 1 - extension = os.path.splitext(file_name)[1] - file_name = os.path.splitext(file_name)[0] + folderName = os.path.dirname(os.path.abspath(path)) + fileName = os.path.basename(os.path.abspath(path)) + + try: + os.makedirs(folderName + "\\_processed") + print("new folder was created : " + folderName + "\\_processed") + except FileExistsError: + print(path + "\\_processed : this folder exist already") + pass + + wrpcap(folderName + "\\_processed\\" + fileName, packets) + print(str(datetime.now()) + " : file name : " + fileName + " --> DONE") + print("all result file was generated under the path : " + folderName + "\\_processed\\") + +def flatten_sctp_folder(path): + + folderName = os.path.abspath(path) - wrpcap(file_name + '_out'+ extension, packets) - print("your file was processed successfuly, new file generated under {}_out{}".format(file_name, extension)) + try: + os.makedirs(folderName + "\\_processed") + print("new folder was created : " + folderName + "\\_processed") + except FileExistsError: + print(folderName + "\\_processed : this folder exist already") + pass + + allFiles = glob.glob(folderName + '/*.pcap') + packets = [] + file_count = 0 + for file in allFiles : + file_name = os.path.basename(file) + file_count += 1 + print(str(datetime.now()) + " : reading : " + file_name + " --> .... " + str(file_count)) + pcap = rdpcap(file) + seq = 0 + for pkt in pcap: + ip = pkt['IP'] + layer = ip.payload + time = pkt.time + while layer.name != 'NoPayload': + if layer.name == 'SCTP': + sport = layer.sport + dport = layer.dport + tag = layer.tag + if layer.name == 'SCTPChunkData': + # re-create the chunkdata as I don't find the routine to just have this data... + newPkt = Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data) + newPkt.time = time + packets.append(newPkt) + seq = seq + 1 + layer = layer.payload + wrpcap(folderName + "\\_processed\\" + file_name, packets) + print(str(datetime.now()) + " : file name : " + file_name + " --> DONE") + packets = [] + print("count of processed file : " + str(file_count)) + print("all result file was generated under the path : " + folderName + "\\_processed\\") + + #extension = os.path.splitext(file_name)[1] + #path = os.path.splitext(file_name)[-1] + #wrpcap(str(int(time())) + '_merged_file.pcap', packets) + #print("\n") + #print(str(datetime.now()) + " : your files was processed successfuly, new file generated : {}".format(str(int(time())) + '_merged_file.pcap')) if __name__ == '__main__': - inp_fn = sys.argv[1] - flatten_sctp(inp_fn) - sys.exit(0) + + #inp_path = sys.argv[1] + #flatten_sctp(inp_path) + #sys.exit(0) + + parser = ArgumentParser() + parser.add_argument("-file", dest="filePath", + default="", action="store", + help="\t Specify file Path") + + parser.add_argument("-folder", dest="folderPath", + default="", action="store", + help="\t Specify folder Path") + + args = parser.parse_args() + + filePath = os.path.abspath(args.filePath) + folderPath = os.path.abspath(args.folderPath) + if folderPath[-1] == "\"": + folderPath = folderPath[:-1] + if os.path.isfile(filePath) : + flatten_sctp_file(filePath) + sys.exit(0) + elif os.path.isdir(folderPath) : + flatten_sctp_folder(folderPath) + sys.exit(0) + else : + print("not valid folder path or file path") + sys.exit(0) \ No newline at end of file From 8285fc63a4cfd180a09c00a1f675e5623aba568a Mon Sep 17 00:00:00 2001 From: yousef Date: Tue, 17 Nov 2020 12:24:23 +0100 Subject: [PATCH 4/6] Update README.rst --- README.rst | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.rst b/README.rst index cc21e2b..0f2d1cd 100644 --- a/README.rst +++ b/README.rst @@ -34,8 +34,13 @@ by that. .. code-block:: bash - python flatten_sctp.py input.pcap output.pcap +for a floder a pcap files : + python flatten_sctp.py -folder folderpath +for a single pcap file : + python flatten_sctp.py -file folderpath + +this scripte will create a new folder "_processed" and put output pcap files inside. License ======= From 0207b481d4e7b703233f7a9238913002e050e8ce Mon Sep 17 00:00:00 2001 From: yousef Date: Tue, 24 May 2022 17:47:34 +0300 Subject: [PATCH 5/6] Update requirements.txt --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 23367ed..30564ab 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1 @@ -scapy==2.3.3 +scapy From de7903d3a297c862e38a56a145fac0790bd288f2 Mon Sep 17 00:00:00 2001 From: yousef Date: Wed, 7 Sep 2022 19:25:26 +0300 Subject: [PATCH 6/6] Add files via upload --- flatten_sctp.py | 75 +++++++++++++++++++++++++++---------------------- 1 file changed, 41 insertions(+), 34 deletions(-) diff --git a/flatten_sctp.py b/flatten_sctp.py index dfac2d1..7ad996f 100644 --- a/flatten_sctp.py +++ b/flatten_sctp.py @@ -17,25 +17,28 @@ def flatten_sctp_file(path): print(str(datetime.now()) + " : reading : " + path + " --> .... ") packets = [] for pkt in pcap: - ip = pkt['IP'] - ip_src=ip.src - ip_dst=ip.dst - layer = ip.payload - time = pkt.time - while layer.name != 'NoPayload': - if layer.name == 'SCTP': - sport = layer.sport - dport = layer.dport - tag = layer.tag - if layer.name == 'SCTPChunkData': - # re-create the chunkdata as I don't find the routine to just have this data... - newPkt = Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data) - newPkt.time = time - newPkt['IP'].src = ip_src - newPkt['IP'].dst = ip_dst - packets.append(newPkt) - seq = seq + 1 - layer = layer.payload + if IP in pkt : + ip = pkt['IP'] + ip_src=ip.src + ip_dst=ip.dst + layer = ip.payload + time = pkt.time + while layer.name != 'NoPayload': + if layer.name == 'SCTP': + sport = layer.sport + dport = layer.dport + tag = layer.tag + if layer.name == 'SCTPChunkData': + # re-create the chunkdata as I don't find the routine to just have this data... + newPkt = Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data) + newPkt.time = time + newPkt['IP'].src = ip_src + newPkt['IP'].dst = ip_dst + packets.append(newPkt) + seq = seq + 1 + layer = layer.payload + else: + continue folderName = os.path.dirname(os.path.abspath(path)) fileName = os.path.basename(os.path.abspath(path)) @@ -72,21 +75,25 @@ def flatten_sctp_folder(path): pcap = rdpcap(file) seq = 0 for pkt in pcap: - ip = pkt['IP'] - layer = ip.payload - time = pkt.time - while layer.name != 'NoPayload': - if layer.name == 'SCTP': - sport = layer.sport - dport = layer.dport - tag = layer.tag - if layer.name == 'SCTPChunkData': - # re-create the chunkdata as I don't find the routine to just have this data... - newPkt = Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data) - newPkt.time = time - packets.append(newPkt) - seq = seq + 1 - layer = layer.payload + if IP in pkt : + ip = pkt['IP'] + layer = ip.payload + time = pkt.time + while layer.name != 'NoPayload': + if layer.name == 'SCTP': + sport = layer.sport + dport = layer.dport + tag = layer.tag + if layer.name == 'SCTPChunkData': + # re-create the chunkdata as I don't find the routine to just have this data... + newPkt = Ether()/IP()/SCTP(sport=sport,dport=dport,tag=tag)/SCTPChunkData(reserved=0, delay_sack=0, unordered=0, beginning=1, ending=1, stream_id=layer.stream_id, proto_id=layer.proto_id, stream_seq=layer.stream_seq, tsn=layer.tsn, data=layer.data) + newPkt.time = time + packets.append(newPkt) + seq = seq + 1 + layer = layer.payload + + else : + continue wrpcap(folderName + "\\_processed\\" + file_name, packets) print(str(datetime.now()) + " : file name : " + file_name + " --> DONE") packets = []