This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.

Attachment 'pdetipv4.py'

Download

   1 #!/usr/bin/env python3
   2 
   3 #-----------------------------------------------------------------------------#
   4 # Copyright 2019 Packet Detectives, Vadim Zakharine and contributors.         #
   5 # License GPLv2+: GNU GPL version 2 or later                                  #
   6 # <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>                     #
   7 # This is free software; see the source for copying conditions. There is NO   #
   8 # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. #
   9 #-----------------------------------------------------------------------------#
  10 
  11 #-----------------------------------------------------------------------------#
  12 # PDETIPv4 Utility for detecting IPv4 packet headers in dump files            #
  13 #                                                                             #
  14 # r1 : Initial release                                                        #
  15 # r2 : CLI arguement order changed to allow multiple files processing         #
  16 #                                                                             #
  17 #-----------------------------------------------------------------------------#
  18 
  19 from os import path
  20 import sys
  21 
  22 def main() :
  23  """
  24  PDetIPv4 - utility for detecting IPv4 packet headers in a file
  25 
  26  Positional parameters
  27  ---------------------
  28   <#bytes_before> <#bytes_after> <infile> [infiles]
  29 
  30   <#bytes_before> : integer
  31    number of bytes in the file before the header to include in the output
  32 
  33   <#bytes_after> : integer
  34   number of bytes in the file after the header
  35 
  36   <infile> [infiles] : string
  37   file name(s)
  38 
  39  Returns
  40  -------
  41   exit code
  42   stdout
  43 
  44   Exit code
  45    64 in case of syntax error
  46    No error code returned in case of file open error [because more than one file may be processed]
  47 
  48   StdOut
  49    offset in the file, byte values
  50 
  51    Offset       Byte values
  52    0x006d88d9 : 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 32
  53 
  54  Raises
  55  ------
  56  None
  57  """
  58  print("PDetIPv4 - utility for detecting IPv4 packet headers in a file")
  59  if len(sys.argv) < 4 :
  60   print("Syntax:\n {} <#bytes_before> <#bytes_after> <infile> [infiles]".format(path.basename(sys.argv[0])), file = sys.stderr)
  61   sys.exit(64)
  62  else :
  63   j = 3
  64   while j < len(sys.argv):
  65    try:
  66     infile = open(sys.argv[j], "rb")
  67     print("Scanning \"{}\"...".format(sys.argv[j]), file = sys.stderr)
  68     bofset = infile.tell()
  69     bufval = infile.read(1)
  70     while bufval :
  71      bufnum = int.from_bytes(bufval, byteorder="big")
  72      if ((bufnum & 0xf0) == 0x40) and ((bufnum & 0x0f) >= 3) :
  73 #     The header is ver. 4 and at least 12 B to include the checksum
  74       bufnum = (bufnum & 0x0f) * 4 - 1
  75       bufval += infile.read(bufnum)
  76       if len(bufval) <= bufnum :
  77 #      The remainder of the file is smaller than the potential header
  78        if len(bufval) > 12 :
  79         infile.seek(bofset + 1, 0)
  80        else :
  81         break
  82       else :
  83        chksm = 0
  84        i = 0
  85        while i < bufnum :
  86         chksm += int.from_bytes(bufval[i:i+2], byteorder="big")
  87         while chksm > 0xffff :
  88          chksm -= 0xffff
  89         i += 2
  90        if(chksm == 0xffff) :
  91         if int(sys.argv[1]) > 0 :
  92          if int(sys.argv[1]) < bofset :
  93           print("0x{:08x}".format(bofset - int(sys.argv[1])), end = " :")
  94           infile.seek(bofset - int(sys.argv[1]), 0)
  95           i = 0
  96           while i < int(sys.argv[1]) :
  97            print(" {:02x}".format(int.from_bytes(infile.read(1), byteorder="big")), end = "")
  98            i += 1
  99          else :
 100           print("0x{:08x}".format(0), end = ":")
 101           infile.seek(0, 0)
 102           i = bofset
 103           while i < int(sys.argv[1]) :
 104            print(" {:02x}".format(int.from_bytes(infile.read(1), byteorder="big")), end = "")
 105            i += 1
 106         else :
 107          print("0x{:08x}".format(bofset), end = " :")
 108         for i in bufval :
 109          print(" {:02x}".format(i), end = "")
 110         if int(sys.argv[2]) > 0 :
 111          infile.seek(bofset + bufnum + 1, 0)
 112          i = int(sys.argv[2]) if int.from_bytes(bufval[2:4], byteorder="big") > int(sys.argv[2]) else int.from_bytes(bufval[2:4], byteorder="big")
 113          chksm = infile.read(1)
 114          while (i > 0) and chksm :
 115           print(" {:02x}".format(int.from_bytes(chksm, byteorder="big")), end = "")
 116           i -= 1
 117           chksm = infile.read(1)
 118         print("")
 119 #      else :
 120 #       print("\n-")
 121        infile.seek(bofset + 1, 0)
 122      bofset = infile.tell()
 123      bufval = infile.read(1)
 124     infile.close()
 125     print("\"{}\" scanning done".format(path.basename(sys.argv[j])), file = sys.stderr)
 126    except Exception as i:
 127     print("Error opening \"", sys.argv[j], "\": ", i.args[1], file = sys.stderr)
 128    j += 1
 129  sys.exit(0)
 130 
 131 
 132 if __name__ == "__main__" : main()
 133 __main__" : main()

Attached Files

To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.
  • [get | view] (2017-07-14 20:43:09, 102.0 KB) [[attachment:dumpcap.bat]]
  • [get | view] (2015-07-08 02:35:43, 8.2 KB) [[attachment:maxfiles.bat]]
  • [get | view] (2008-11-24 17:02:39, 3.4 KB) [[attachment:menushark.sh]]
  • [get | view] (2011-04-03 21:37:55, 2.8 KB) [[attachment:mpeg_dump.lua]]
  • [get | view] (2020-02-17 23:26:59, 4.7 KB) [[attachment:pdetipv4.py]]
  • [get | view] (2007-02-23 13:40:24, 37.6 KB) [[attachment:raw2pcap.zip]]
  • [get | view] (2015-02-27 14:43:06, 4.2 KB) [[attachment:update-ws-profiles]]
  • [get | view] (2015-02-27 14:43:40, 3.8 KB) [[attachment:update-ws-profiles.bat]]
  • [get | view] (2020-03-25 00:58:41, 8.9 KB) [[attachment:update_geoip.bat]]
 All files | Selected Files: delete move to page

You are not allowed to attach a file to this page.