aptdetector.network package

aptdetector.network.sniffer module

sniffer contains base network sniffer implemntation

but if you want to use it, Currently there are two implementation to choose from: * URLSniffer - Sniff urls that are moving around in network * FileSniffer - Sniff files that are in the network Both classes are BaseSniffer subtypes

class aptdetector.network.sniffer.BaseSniffer[source]

Bases: object

The BaseSniffer is an implementation of a bare minimum network sniffer.

Raises:
FileNotFoundError: pcap_file was not found on the system or you do not have permission
>>> from aptdetector.network.sniffer import BaseSniffer
>>> base_sniffer = BaseSniffer()
>>> base_sniffer.pcap_file='/tmp/notexist.pcap'
[Errno 2] No such file or directory: '/tmp/notexist.pcap'
>>> base_sniffer.pcap_file
>>> base_sniffer.pcap_file='examples/test.pcap'
>>> base_sniffer.pcap_file
'examples/test.pcap'
>>> for pkt in base_sniffer.connections():
...    print(pkt)
...
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: 'NoneType' object is not iterable
>>> base_sniffer.parse()
>>> for pkt in base_sniffer.connections():
...    print(pkt)
...
182.160.157.199:80 ---> 192.168.204.136:49174
http://www.magmedia.com.au/
182.160.157.199:80 ---> 192.168.204.136:49178
http://www.magmedia.com.au/wp-includes/js/jquery/jquery.js?ver=1.7.2
182.160.157.199:80 ---> 192.168.204.136:49178
http://www.magmedia.com.au/wp-content/uploads/2014/01/MetroWest_COVER_Issue2_Feb2014.jpg
108.61.196.84:80 ---> 192.168.204.136:49184
http://pixeltouchstudios.tk/seedadmin17.html
173.244.195.17:80 ---> 192.168.204.136:49185
http://grannityrektonaver.co.vu/15c0b14drr9f_1_08282d03fb0251bbd75ff6dc6e317bd9.html
182.160.157.199:80 ---> 192.168.204.136:49178
http://www.magmedia.com.au/images/footer/3000melbourne.png
182.160.157.199:80 ---> 192.168.204.136:49178
http://www.magmedia.com.au/images/footer/3207portmelbourne.png
182.160.157.199:80 ---> 192.168.204.136:49178
http://www.magmedia.com.au/wp-content/uploads/2012/09/background1.jpg
173.244.195.17:80 ---> 192.168.204.136:49185
http://grannityrektonaver.co.vu/00015d76d9b2rr9f/1415286120
173.244.195.17:80 ---> 192.168.204.136:49187
http://grannityrektonaver.co.vu/00015d766423rr9f/1415286120
173.244.195.17:80 ---> 192.168.204.136:49185
http://grannityrektonaver.co.vu/00015d76rr9f/1415286120/5/x00809070554515d565b010b03510053535c0505;1;6
173.244.195.17:80 ---> 192.168.204.136:49185
http://grannityrektonaver.co.vu/00015d76rr9f/1415286120/5/x00809070554515d565b010b03510053535c0505;1;6;1
173.244.195.17:80 ---> 192.168.204.136:49185
http://grannityrektonaver.co.vu/00015d76rr9f/1415286120/7
173.244.195.17:80 ---> 192.168.204.136:49185
http://grannityrektonaver.co.vu/00015d761709rr9f/1415286120
173.244.195.17:80 ---> 192.168.204.136:49187
http://grannityrektonaver.co.vu/00015d76rr9f/1415286120/8
connections(source=None, destination=None, simplify=False, show_port=False)[source]

parsed connections.

The connections function is a list that contains all connections from source to any or from any to destination

Args:
source (str): Source Address in Network Connections destination (str): Destination Address in Network Connections simplify (bool): should we simplify the results show_port (bool): should we hide port numbers
Returns:
a List of TcpPacket or an OrderedDict containing all the comminucations from src or to the dst
Raises:
None
>>> from aptdetector.network.sniffer import BaseSniffer
>>> sni = BaseSniffer()
>>> sni.pcap_file='examples/test.pcap'
>>> sni.parse()
>>> sni.connections(destination='173.123.12.1')
>>> sni.connections(source='182.160.157.199',show_port=True)
OrderedDict([('182.160.157.199:80', ['192.168.204.136:49174', '192.168.204.136:49178', '192.168.204.136:49178', '192.168.204.136:49178', '192.168.204.136:49178', '192.168.204.136:49178'])])
>>>
>>> sni.connections(source='173.244.195.17',show_port=True,simplify=True)
OrderedDict([('173.244.195.17:80', ['192.168.204.136:49185', '192.168.204.136:49187'])])
>>>
>>> sni.connections(destination='192.168.204.136',show_port=True,simplify=True)
OrderedDict([('192.168.204.136:49174', ['182.160.157.199:80']), ('192.168.204.136:49178', ['182.160.157.199:80']), ('192.168.204.136:49184', ['108.61.196.84:80']), ('192.168.204.136:49185', ['173.244.195.17:80']), ('192.168.204.136:49187', ['173.244.195.17:80'])])
parse()[source]

parse the pcap file using :class:parse_pcap_file

pcap_file

returns address of Pcap file

aptdetector.network.packet module

sample

class aptdetector.network.packet.TcpPacket[source]

Bases: object

mimic a TcpPacket as we need it

create_packet(*args, **kwargs)[source]

create an address based on target_id

destinationHost

get destination host’s ip

destinationPort

get destination host’s port

request

get requested url address

sourceHost

get source host’s ip

sourcePort

get source host’s port

classmethod valid_ip(*args, **kwargs)[source]

check for valid ip

Args:
addr (str): an string that need to be checked
Returns:
True if addr is a valid ip address , False otherwise

Module contents