Extracting source and destination IP to check if the server has become inoperative after attack

Question

Extracting source and destination IP to check if the server has become inoperative after attack

Asked 7 years, 8 months ago

Viewed 108 times

0

from scapy.all import *
from collections import deque

def print_attack_measure(pcap_file):
    plist = rdpcap(pcap_file)
    server_ip = "192.168.1.5"
    n = 300
    d = deque(maxlen=n)

    # If you want source/destination IP addresses
    getsrcdst = lambda x:(x.src,x.dst)
    # If you want MAC addresses
    getmacs   = lambda x:(x.addr1, x.addr2, x.addr3)

    def filterpackets(ip):
        for p in plist:
            try:
                c = getsrcdst(p)
                if(ip in c[0]):
                    # server IP is source IP of packet
                    yield -1
                if(ip in c[1]):
                    # server IP is destination IP of packet
                    yield 1
            except AttributeError:
                pass

print("This prints a measure of packets received to packets sent, using a moving average of %d packets."%(n))
print("0 indicates a perfect balance of sent-received.")
print("+1 indicates all packets are sent to the server.")
print("-1 indicates all packets are sent by the server.")
print("A larger positive number indicates an unresponsive server.")

count = 0
for pack in filterpackets(server_ip):
    d.append(pack)
    count += 1
    if(count>n):
        print("%0.4f"%(sum(d)/(1.0*n)))


print_attack_measure("1.pcap") # sem ataques
print_attack_measure("2.pcap") # com ataques

Lambda function extracts the source and destination Ips from the package.

package sent to server : +1 package sent by server : -1

The code is in http://pastebin.com/DFEnZzqn

Error: http://imgur.com/a/KC87V

Any suggestions?

You are trying to access n outside the function but this is only visible inside the function try to declare n outside the function before it is called, or put that print inside the function

– Miguel

2017/03/15 at 07:37
@Miguel: Modified a little -> new code: http://pastebin.com/MRPwe8H6 Error: http://imgur.com/a/0xiNt The package calculation is always 0.000!

– Ed S

2017/03/15 at 10:45
@Miguel, what do you think?

– Ed S

2017/03/15 at 10:45
Ed the same mistake continues? Try n=30 even before the print

– Miguel

2017/03/15 at 10:57
@Miguel:Changed the problem: new code: http://pastebin.com/MRPwe8H6 Error: http://imgur.com/a/0xiNt The package calculation is always 0.000!

– Ed S

2017/03/15 at 10:58
Isn’t it because you’re just filtering Ipv6? The print there says something to do with it

– Miguel

2017/03/15 at 11:05
@Miguel, no! msg is from scapy! It appears in every program ->http://imgur.com/a/naBuW

– Ed S

2017/03/15 at 11:11
Let’s go continue this discussion in chat.

– Miguel

2017/03/15 at 11:21

Show 3 more comments

No answers

Browser other questions tagged python python-3.x

You are not signed in. Login or sign up in order to post.