Added IPv6 sniffing and tag protocol to stream_dict data structure

SebastienBtr · Nov 28, 2019 · bcbc12d · bcbc12d
1 parent 512728c
commit bcbc12d
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 4 deletions.
diff --git a/.env b/.env
@@ -3,5 +3,7 @@ MONGO_DB_NAME=
 MONGO_DB_USER=
 MONGO_DB_PASSWORD=
 LISTENED_IP=
+LISTENED_IPV6=
 LOCAL_IP=
+LOCAL_IPV6=
 INTERFACE=
diff --git a/README.md b/README.md
@@ -15,6 +15,27 @@
 * Python 3 installed
 * Run `pip3 install -r requirements.txt`
 
+## Environment variables
+
+### Sniffer
+
+
+
+* INTERFACE
+* LISTENED_IP
+* LOCAL_IP
+* LISTENED_IPV6
+* LOCAL_IPV6
+
+### MongoDB
+
+
+
+* MONGO_CLUSTER_ADDRESS
+* MONGO_DB_NAME
+* MONGO_DB_USER
+* MONGO_DB_PASSWORD
+
 ## Usage
 
 To sniff data: 
@@ -23,7 +44,7 @@ To sniff data:
  * By default the program will generate a `capture.pcap` file in the root folder
 
 To analyse sniffed data:
-  * Run `python3 analyse_tcp_packets.py`, you can also provide different options, run `python3 analyse_tcp_packets.py -h` to see them.
+  * Run `python3 analyse_packets.py`, you can also provide different options, run `python3 analyse_packets.py -h` to see them
   * If you choose the "mongo" export mode, you need complete the variables about mongoDB in the .env file
   * By default the program will generate a `results.csv` file in the root folder
 

diff --git a/analyse_tcp_packets.py → analyse_packets.py b/analyse_tcp_packets.py → analyse_packets.py
@@ -17,7 +17,7 @@ def analyse_packets(pkt):
         if (pkt.tcp.stream not in packet_dict):
             # Get the remote ip of the stream
             ip = pkt.ip.src
-            save_new_stream(pkt.tcp.stream, timestamp, ip, pkt)
+            save_new_stream(pkt.tcp.stream, timestamp, ip, pkt, 'udp')
         else:
             time_delta = float(pkt.tcp.time_delta)
             average_delta = packet_dict[pkt.tcp.stream]['averageDelta']
@@ -47,7 +47,7 @@ def get_packet_size(pkt):
 
 
 # Save a new stream and its first packet in the dict
-def save_new_stream(stream_id, timestamp, ip, pkt):
+def save_new_stream(stream_id, timestamp, ip, pkt, protocol):
     domain = reverse_dns(ip)
     packet_dict[stream_id] = {
         'sumDelta': 0,
@@ -58,6 +58,7 @@ def save_new_stream(stream_id, timestamp, ip, pkt):
         'totalMbSize': get_packet_size(pkt),
         'startTime': timestamp,
         'endTime': timestamp,
+        'protocol': protocol
     }
 
 
@@ -105,6 +106,7 @@ def reverse_dns(ip):
     'totalMbSize': size in MB,
     'startTime': timestamp,
     'endTime': timestamp,
+    'protocol': string
   }
 } """
 packet_dict = {}

diff --git a/sniffer.py b/sniffer.py
@@ -17,9 +17,11 @@
 args = parser.parse_args()
 
 # env var
-LISTENED_IP = os.getenv('LISTENED_IP')
 INTERFACE = os.getenv('INTERFACE')
+LISTENED_IP = os.getenv('LISTENED_IP')
 LOCAL_IP = os.getenv('LOCAL_IP')
+LISTENED_IPV6 = os.getenv('LISTENED_IPV6')
+LOCAL_IPV6 = os.getenv('LOCAL_IPV6')
 
 # Sets output file name
 output_file = args.outputFile + ".pcap"
@@ -32,8 +34,15 @@
     protocols = "tcp&&udp&&"
 else:
     protocols = args.protocols
+
+# Creates filter for sniffing
 filter = protocols + "(ip.src!=" + LOCAL_IP + "&&ip.src!=" + LISTENED_IP + ")"
 
+# Modifies filter to add IPv6 if necessary
+if (LISTENED_IPV6 is not None) and (LOCAL_IPV6 is not None):
+    filter = filter + "&&(ipv6.src!=" + LOCAL_IPV6 + \
+        "&&ipv6.src!=" + LISTENED_IPV6 + ")"
+
 capture = pyshark.LiveCapture(
     interface=INTERFACE, output_file=output_file, display_filter=filter)