|
|
@@ -14,7 +14,7 @@ import struct
|
|
|
import commands
|
|
|
import argparse
|
|
|
|
|
|
-VERSION = "0.76"
|
|
|
+VERSION = "0.80"
|
|
|
|
|
|
PROC_TCP4 = "/proc/net/tcp"
|
|
|
PROC_UDP4 = "/proc/net/udp"
|
|
|
@@ -37,6 +37,7 @@ nostate = set(['04','05','06''07','08','09','0C','0D'])
|
|
|
tcp_payload_hdrs = ['GET|POST|HTTP|HEAD|PUT|PATCH|DELETE|TRACE|OPTIONS|CONNECT']
|
|
|
numeric = False
|
|
|
payloadH = False
|
|
|
+payloadHl = False
|
|
|
fillter = ""
|
|
|
|
|
|
def get_conn_info(proto,hosts,ports):
|
|
|
@@ -267,6 +268,9 @@ def doPackets(packet):
|
|
|
renew = conn_cache.pop(indx)
|
|
|
conn_cache.append(renew)
|
|
|
|
|
|
+ if program != filter_prog:
|
|
|
+ return
|
|
|
+
|
|
|
|
|
|
o_payload = ""
|
|
|
if packet.haslayer(UDP):
|
|
|
@@ -294,10 +298,14 @@ def doPackets(packet):
|
|
|
flags = packet[0].sprintf('%3s,TCP.flags%')
|
|
|
if payloadH == True:
|
|
|
if packet.haslayer(Raw):
|
|
|
- tpld = packet[0].sprintf('%TCP.payload%')
|
|
|
+ #tpld = packet[0].sprintf('%TCP.payload%')
|
|
|
+ tpld = packet[0][TCP].load
|
|
|
if re.match("^GET|POST|HTTP|HEAD|PUT|PATCH|DELETE|TRACE|OPTIONS|CONNECT.*", tpld[0:8]):
|
|
|
- request_line, gaga = tpld.split('\r\n', 1)
|
|
|
- o_payload = str(request_line)
|
|
|
+ if payloadHl == True:
|
|
|
+ o_payload = str(tpld)
|
|
|
+ else:
|
|
|
+ request_line, gaga = tpld.split('\r\n', 1)
|
|
|
+ o_payload = str(request_line)
|
|
|
#o_payload = tpld[0:20]
|
|
|
elif packet.haslayer(ICMP):
|
|
|
o_proto = "ICMP"
|
|
|
@@ -325,7 +333,8 @@ def doPackets(packet):
|
|
|
rem_name = _resolve_ip(packet[0][1].dst)
|
|
|
else:
|
|
|
rem_name = packet[0][1].dst
|
|
|
-
|
|
|
+
|
|
|
+ #return "\033[1m "+str(packet[0].time)+" "+str(program)+"\033[0m" +"/"+ str(pid) + " - " + o_proto + ": " + packet[0][1].src + ":" + o_sport + "\033[1m\033[31m ->>> \033[0m" + rem_name + ":" + o_dport + " " + flags + " Len:" + str(packet[0][1].len) + " : " + o_payload
|
|
|
return "\033[1m"+str(program)+"\033[0m" +"/"+ str(pid) + " - " + o_proto + ": " + packet[0][1].src + ":" + o_sport + "\033[1m\033[31m ->>> \033[0m" + rem_name + ":" + o_dport + " " + flags + " Len:" + str(packet[0][1].len) + " : " + o_payload
|
|
|
else:
|
|
|
if numeric == False:
|
|
|
@@ -357,9 +366,11 @@ iface_list = ifaces.split('\n')
|
|
|
print
|
|
|
# commandline params
|
|
|
parser = argparse.ArgumentParser(description='sisniff V'+VERSION)
|
|
|
-parser.add_argument('-i', help="Interface (mandatory)", choices=iface_list, required=True)
|
|
|
+parser.add_argument('-i', help="Interface (required)", choices=iface_list, required=True)
|
|
|
parser.add_argument('-n', help="Do not resolve IP-Addresses", action="store_true")
|
|
|
+parser.add_argument('-p', help="Filter by program name", type=str, metavar='program')
|
|
|
parser.add_argument('-pH', help="Show HTTP Payload", action="store_true")
|
|
|
+parser.add_argument('-pHl', help="Show HTTP Payload, long output", action="store_true")
|
|
|
parser.add_argument('filter', nargs='?', help="Filter (BPF syntax) on top of IP (in dbl-quotes \"...\")", type=str)
|
|
|
args = parser.parse_args()
|
|
|
iface = args.i
|
|
|
@@ -367,9 +378,15 @@ if args.n:
|
|
|
numeric = True
|
|
|
if args.pH:
|
|
|
payloadH = True
|
|
|
+if args.pHl:
|
|
|
+ payloadH = True
|
|
|
+ payloadHl = True
|
|
|
if args.filter:
|
|
|
fillter = " and (" + args.filter + ")"
|
|
|
print "> Applying Filter: \"ip" + fillter + "\""
|
|
|
+if args.p:
|
|
|
+ filter_prog = args.p
|
|
|
+
|
|
|
|
|
|
# local addresses
|
|
|
MYADDRS = _remove_empty([os.popen('ip addr show '+iface).read().split("inet ")[1].split("/")[0]])
|
Peter Siegrist