3

I'm programming in python and i have a problem, indeed when i throw my script it end some seconds after when he detect an IP6 packet. Apparently i have to filter packets and take only IP4 packet to avoid this problem and i would like to know how can i use it with the library dpkt if possible as i started. I tried something but i'm a beginner and it don't work as you can see in this line:

#Select Ipv4 packets because of problem with the .p in Ipv6
            if ip.p == dpkt.ip6:
                return`

The error encountered say: "AttributeError: 'IP6' object has no attribute 'p'". This is the traceback: traceback

This is my code if you want to have a look :) Thanks for your time :) 

import pcapy
import dpkt
from threading import Thread
import re
import binascii

liste=[]
listip=[]
piece_request_handshake = re.compile('13426974546f7272656e742070726f746f636f6c(?P<reserved>\w{8})(?P<info_hash>\w{20})(?P<peer_id>\w{20})')
piece_request_tcpclose = re.compile('(?P<start>\w{12})5011')


class PieceRequestSniffer(Thread):
    def __init__(self, dev='eth0'):
        Thread.__init__(self)

        self.expr = 'udp or tcp'

        self.maxlen = 65535  # max size of packet to capture
        self.promiscuous = 1  # promiscuous mode?
        self.read_timeout = 100  # in milliseconds
        self.max_pkts = -1  # number of packets to capture; -1 => no limit

        self.active = True
        self.p = pcapy.open_live(dev, self.maxlen, self.promiscuous, self.read_timeout)
        self.p.setfilter(self.expr)

    @staticmethod
    def cb(hdr, data):

        eth = dpkt.ethernet.Ethernet(str(data))
        ip = eth.data

        #Select only TCP protocols
        if ip.p == dpkt.ip.IP_PROTO_TCP:
            tcp = ip.data

            #Select Ipv4 packets because of problem with the .p in Ipv6
            if ip.p == dpkt.ip6:
                return
            else:
                try:
                    #Return hexadecimal representation
                    hex_data = binascii.hexlify(tcp.data)
                except:
                    return                

                handshake = piece_request_handshake.findall(hex_data)
                if handshake:
                    print "-----------handsheck filtered-------------"
                    liste.append(handshake)
                    print "\n"
                    #for element in zip(liste,"123456789abcdefghijklmnopqrstuvwxyz"):
                    #    print(element)



    def stop(self):
        self.active = False

    def run(self):
        while self.active:
            self.p.dispatch(0, PieceRequestSniffer.cb)


sniffer = PieceRequestSniffer()
sniffer.start()
Bouh10
  • 297
  • 2
  • 6
  • 18
  • Also please post the complete call traceback – cmidi Apr 27 '15 at 14:57
  • Wanted to but i was unable before my 10 pts reputation what is pretty stupid ... – Bouh10 Apr 27 '15 at 20:10
  • Seems strange. In case of IP6 Did you try IP6.nxt field instead of IP6.p field just for a test if that works. You can check the ip version from the ethernet header to make the switch – cmidi Apr 27 '15 at 21:42
  • I don't want IP6 that's the pb so i have to keep ip.p The problem come from my formulation " if ip.p == dpkt.ip6: return" I'm trying to use this helpfull doc (http://www.commercialventvac.com/dpkt.html) but i don't know how to write the correct formulation to remove the useless ip6 packets – Bouh10 Apr 28 '15 at 09:30

1 Answers1

2

Finally i found the good way to do it, the line is not:

if ip.p == dpkt.ip6:
                return

But:

if eth.type == dpkt.ethernet.ETH_TYPE_IP6:
                    return
Bouh10
  • 297
  • 2
  • 6
  • 18