notebook.community

Edit and run 





In [1]:



    


from scapy.all import *



    


















    






WARNING: No route found for IPv6 destination :: (no default route?)
WARNING:scapy.runtime:No route found for IPv6 destination :: (no default route?)

















In [2]:



    


# pkts = sniff(filter="tcp and host 8.8.8.8", count=100)
sample_http = 'data/http.cap'
pkts = sniff(offline=sample_http)



    











In [3]:



    


pkts



    


















    
Out[3]:








<Sniffed: TCP:41 UDP:2 ICMP:0 Other:0>

















In [4]:



    


pkts[3].show()



    


















    






###[ Ethernet ]###
  dst       = fe:ff:20:00:01:00
  src       = 00:00:01:00:00:00
  type      = 0x800
###[ IP ]###
     version   = 4L
     ihl       = 5L
     tos       = 0x0
     len       = 519
     id        = 3909
     flags     = DF
     frag      = 0L
     ttl       = 128
     proto     = tcp
     chksum    = 0x9010
     src       = 145.254.160.237
     dst       = 65.208.228.223
     \options   \
###[ TCP ]###
        sport     = tip2
        dport     = http
        seq       = 951057940
        ack       = 290218380
        dataofs   = 5L
        reserved  = 0L
        flags     = PA
        window    = 9660
        chksum    = 0xa958
        urgptr    = 0
        options   = []
###[ Raw ]###
           load      = 'GET /download.html HTTP/1.1\r\nHost: www.ethereal.com\r\nUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113\r\nAccept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip,deflate\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\nReferer: http://www.ethereal.com/development.html\r\n\r\n'

















In [5]:



    


raw = pkts[3].getlayer(Raw)



    











In [6]:



    


load = raw.fields.get('load')



    











In [7]:



    


print load



    


















    






GET /download.html HTTP/1.1
Host: www.ethereal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.ethereal.com/development.html



















In [8]:



    


'GET /download' in load  # your search term



    


















    
Out[8]:








True

















In [9]:



    


import select as s

def trace_route(pkts):
    for pkt in pkts:
        try:
            IP_layer = pkt.getlayer(IP)
            proto_layer = pkt.getlayer(TCP)
        except Exception:
            continue
        destination = IP_layer.dst
        src = IP_layer.src
        dport = proto_layer.dport
        sport = proto_layer.sport
        
        while True:
            try:
                res, unans = traceroute(target=destination, dport=dport, sport=sport, maxttl=20)
                traces = res.res
                hops = [src]
                for trace in traces:
                    hops.append(trace[1].src)
                return hops, sport
            except s.error:
                continue



    











In [10]:



    


tr, sport = trace_route(pkts)



    


















    






WARNING: Unable to guess datalink type (interface=utun0 linktype=0). Using Raw
WARNING:scapy.runtime:Unable to guess datalink type (interface=utun0 linktype=0). Using Raw
WARNING: Unable to guess datalink type (interface=utun0 linktype=0). Using Raw
WARNING:scapy.runtime:Unable to guess datalink type (interface=utun0 linktype=0). Using Raw
WARNING: more Unable to guess datalink type (interface=utun0 linktype=0). Using Raw
WARNING:scapy.runtime:more Unable to guess datalink type (interface=utun0 linktype=0). Using Raw










    






Received 7 packets, got 0 answers, remaining 20 packets
 
Begin emission:
Finished to send 20 packets.

















In [11]:



    


tr



    


















    
Out[11]:








['145.254.160.237']

















In [12]:



    


import pygeoip



    











In [13]:



    


def map_ip(hops):
    gip = pygeoip.GeoIP('data/GeoLiteCity.dat')
    coordinates = []
    for hop in hops:
        geo_data = gip.record_by_addr(hop)
        if geo_data:
            lat = geo_data['latitude']
            lon = geo_data['longitude']
            coordinates.append((lon, lat))
    return coordinates



    











In [14]:



    


coordinates = map_ip(tr)



    











In [15]:



    


coordinates



    


















    
Out[15]:








[(9.0, 51.0)]

















In [16]:



    


import geojson
def create_geojson(coordinates):
    geo_list = []
    j = 1
    for route in coordinates:
        data = {}
        data["type"] = "Feature"
        data["id"] = j
        data["properties"] = {"title": "hop %i" % j}
        data["geometry"] = {"type": "LineString", "coordinates": route}
        j += 1
        geo_list.append(data)

    d = {"type": "FeatureCollection"}
    for item in geo_list:
        d.setdefault("features", []).append(item)

    return geojson.dumps(d)



    











In [ ]:



    


print create_geojson(coordinates)



    











In [ ]:

Content source: econchick/spy

Similar notebooks:

notebook.community | gallery | about