I have been tald that i need to send the progrem that sent or got the packet (packet in scapy) and that I need to use netstat –nb so i guess netstat –nb does that' but i can't find anywhere how to use it on packet, most of the code i fount was this:
import os
output_command = os.popen("netstat -nb").readlines()
but i can't understen, it not chacking one packet.
can someone help me to find how i use "netstat -nb " one a packet for finding the progrem that sent or got the packet? (in python)
I found something on Github hope it helps you. netstat.py written here
this is how netstat works.
Related
The information I'd like to automate retrieval of via Bash or Python is what's contained in the Packet Details pane for the last layer, when viewing DIS protocol captured packets.
So far I've gotten to the point where I can read the Packet Bytes pane information with the Scapy library in Python, but this is much harder for me to interpret/work with.
from scapy.all import sniff
capture = sniff(filter="dst 10.6.255.255 and port 3000", count=5)
packet = capture[0]
print(packet.show())
raw = packet.lastlayer()
from scapy.utils import hexdump
hexdump(raw)
Is there any way that I can get the Packet Details pane information instead with Python or Bash?
Have you tried things like:
tshark -r file.pcap -O dis
or even
tshark -r file.pcap -Y dis -T pdml > file.pdml
Refer to the tshark man page for more information on these options and to the Wireshark PDML wiki page for more information about the "Packet Description Markup Language".
Hope I don’t get the question wrong :/
You have a pretty cool packet.show() function which looks somewhat similar to wireshark
You can also try pdf-dumping packet.pdfdump() (or svg-dumping with github version)
Happy New Year all!
So, I've been having some trouble matching the host IP of an attacker when using Fail2Ban to read my FreeSwitch log file. Please pardon me if this is the wrong forum for this, but I couldn't think of anywhere else to post this.
Here's the log line:
2017-01-01 10:44:08.717205 [DEBUG] sofia.c:9746 sofia/external/1001#105.121.25.131 receiving invite from 217.79.182.240:5080 version: 1.6.13 -21-e755b43 64bit
This was my first attempt:
\[DEBUG\] sofia.c:\d+ ...................#\d+.\d+.\d+.\d+ receiving invite from <HOST>$:\d+
This was my second attempt (simplifying the first):
\[.*#\d+.\d+.\d+.\d+ receiving invite from <HOST>$
My problem is, I'm having a hard time stripping out the IP address from the Port# in this string: 217.79.182.240:5080 so that it is passed to the <HOST> variable. My understanding of REGEX composition has hit a roadblock and could use the combined expertise of others on this forum, thanks.
This is what worked for me (in case someone else runs into this problem):
.*#\d+.\d+.\d+.\d+ receiving invite from <HOST>.*$
Thanks to DigiDaz from the FusionPBX IRC Channel for assisting me with this.
I'd like to know what would be the best way to populate a Chef attribute in a cookbook with the last octet of the IP address.
Here is how I do it now. It seems to work; however,I'd like to know how I can improve it.
default['application']['host_ip'] = node['network']['interfaces']['eth0']['addresses'].keys[1]
default['application']['app_id'] = node['application']['host_ip'].split('.')[-1]
Thanks!
That looks fine. You might want some error handling since this will crash if there isn't an eth0, but that's up to you. You could also use node['ipaddress'] which is the IP on the default interface.
I'm looking at using a X3270 terminal emulator. I have http://x3270.bgp.nu/ looked over this source material and still don't see how to start using the tool or configure it.
I'm wonder how I can open a terminal and connect. Another question is how could I integrate this into a python program?
edit:
here is a snippet:
em = Emulator()
em.connect(ip)
em.send_string('*user name*')
em.exec_command('Tab')
em.send_string('*user password*')
em.send_enter()
em.send_enter()
em.wait_for_field()
em.save_screen("{0}screenshot".format(*path*))
looking at the save screen i see that the cursor hasn't moved? I can move the cursor using
em.move_to(7,53)
but after that i don't get any text sent through. Any Ideas?
Here's what I do; it works 100% of the time:
from py3270 import *
import sys, os
host = "%s" % sys.argv[1].upper()
try:
e = Emulator()
e.connect(host)
e.wait_for_field()
except WaitError:
print "py3270.connect(%s) failed" % (host)
sys.exit(1)
print "--- connection made to %s ---" % (host)`
If you haven't got a network connection to your host, that wait_for_field() call is going to wait for a full 120 seconds. No matter what I do, I don't seem to be able to affect the length of that timeout.
But your user doesn't have to wait that long, just have him kill your script with a KeyboardInterrupt. Hopefully, your user will grow accustomed to success equaling the display of that "--- connection made ..." message so he'll know he's in trouble when/if the host doesn't respond.
And that's a point I need to make: you don't connect to a terminal (as you described), rather you connect to a host. That host can be either a VTAM connection or some kind of LPAR, usually TSO or z/VM, sometimes CICS or IMS, that VTAM will take you to. Each kind of host has differing prompts & screen content you might need to test for, and sometimes those contents are different depending on whose system you're trying to connect to. Your script becomes the "terminal", depending on what you want to show your user.
What you need to do next depends on what kind of system you're trying to talk to. Through VTAM? (Need to select a VTAM application first?) To z/VM? TSO? Are you logging on or DIALing? What's the next keystroke/field you have to use when you're working with a graphic x3270/c3270 terminal? You need to know that in order to choose your next command.
Good luck!
Please read my comment above first - it would be helpful to have more detail as to what you need to do.
After considering that…have you looked at the py3270 package at https://pypi.python.org/pypi/py3270/0.1.5 ? The summary says it talks to x3270.
How do I get the MAC address of the interface I am sending packets with?
I am trying to create a custom ARP packet, and I need to include my own MAC in it. I can not seem to find a way to get it.
Take a look at the get_if_hwaddr() function.
Doc: https://scapy.readthedocs.io/en/latest/routing.html
This code may help you :
my_macs = [get_if_hwaddr(i) for i in get_if_list()]
Cheers,
K.
You can easily by:
from scapy.all import Ether
print(Ether().src)
This prints the MAC address of the default interface you're using.
The Netifaces Python Package provides a great amount of information about the interfaces you are working with.
>>> netifaces.ifaddresses('en0')
{18: [{'addr': '00:12:34:56:78:9a'}], 2: [{'broadcast':
'10.255.255.255', 'netmask': '255.0.0.0', 'addr': '10.16.1.4'}],
30: [{'netmask': 'ffff:ffff:ffff:ffff::', 'addr':
'fe80::123:4567:89ab:cdef%en0'}]}
http://alastairs-place.net/projects/netifaces/