github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-08-23 06:36:15 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge cd210d8bd8 into 9f64372273

Browse source
This commit is contained in:
eenblam 2018-09-10 20:22:28 +00:00 committed by GitHub
commit 3f3773ea64
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 48 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

49
modules/net_sniff_parsers.go
View file

@ -12,7 +12,11 @@ import (
) )
func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) { func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
tcp := pkt.Layer(layers.LayerTypeTCP).(*layers.TCP) tcp, tcpOk := pkt.Layer(layers.LayerTypeTCP).(*layers.TCP)
if !tcpOk {
log.Debug("Could not parse TCP layer, skipping packet")
return
}
if sniParser(ip, pkt, tcp) { if sniParser(ip, pkt, tcp) {
return return
@ -41,7 +45,11 @@ func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
} }
func udpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) { func udpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
udp := pkt.Layer(layers.LayerTypeUDP).(*layers.UDP) udp, udpOk := pkt.Layer(layers.LayerTypeUDP).(*layers.UDP)
if !udpOk {
log.Debug("Could not parse UDP layer, skipping packet")
return
}
if dnsParser(ip, pkt, udp) { if dnsParser(ip, pkt, udp) {
return return
@ -69,6 +77,31 @@ func udpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
} }
} }
// icmpParser logs ICMPv4 events when verbose, and does nothing otherwise.
//
// A useful improvement would be to log the ICMP code
// and add meaningful interpretation of the payload based on code.
func icmpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
if verbose {
icmp := pkt.Layer(layers.LayerTypeICMPv4)
layerType := icmp.LayerType().String()
NewSnifferEvent(
pkt.Metadata().Timestamp,
layerType,
vIP(ip.SrcIP),
vIP(ip.DstIP),
SniffData{
"Size": len(ip.Payload),
},
"%s %s > %s %s",
core.W(core.BG_DGRAY+core.FG_WHITE, layerType),
vIP(ip.SrcIP),
vIP(ip.DstIP),
core.Dim(fmt.Sprintf("%d bytes", len(ip.Payload))),
).Push()
}
}
func unkParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) { func unkParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
if verbose { if verbose {
NewSnifferEvent( NewSnifferEvent(
@ -97,13 +130,23 @@ func mainParser(pkt gopacket.Packet, verbose bool) bool {
return false return false
} }
ip := nlayer.(*layers.IPv4) ip, ipOk := nlayer.(*layers.IPv4)
if !ipOk {
log.Debug("Could not extract network layer, skipping packet")
return false
}
tlayer := pkt.TransportLayer() tlayer := pkt.TransportLayer()
if tlayer == nil { if tlayer == nil {
_, icmpOk := pkt.Layer(layers.LayerTypeICMPv4).(*layers.ICMPv4)
if icmpOk {
icmpParser(ip, pkt, verbose)
return true
} else {
log.Debug("Missing transport layer skipping packet.") log.Debug("Missing transport layer skipping packet.")
return false return false
} }
}
if tlayer.LayerType() == layers.LayerTypeTCP { if tlayer.LayerType() == layers.LayerTypeTCP {
tcpParser(ip, pkt, verbose) tcpParser(ip, pkt, verbose)