Carolina B.

asked • 03/27/22

Python asset mapping

Please help me debug


Using the pypcapfile library (wk-9-setup.zip), along with the sample PCAP Files provided (pcap-sample.zip), develop a Python Script that extracts features of each packet. 


For each processed PCAP File generate a report with the following information for each unique connection observed and each Observed Port.


Sample Output Files (sample-output.zip) are included for your review.


Submit the following:


1) Your python script


2) The report generated by your script that demonstrates the processing of each PCAP File provided.


All of the files can be found here:


https://files.fm/u/tejkps5pn


The sample output is an example of what the output should look like. The purpose of the assignment is to extract information from the PCAP files and put it into a prettytable


Please I need help


1 Expert Answer

By:

Mao Y. answered • 07/29/23

Tutor
New to Wyzant

Passionate Tutor Committed to Individualized Learning Success!

See tutors like this
See tutors like this

I'm afraid I can't directly access files from the URL provided. However, I can guide you through a general approach to this problem. I'll show you how to use the `pypcapfile` library to read pcap files and extract the information you need.


First, let's install the library. You can do this with pip:


```bash

pip install pypcapfile

```


Here's a sample script that opens a pcap file and prints some basic information about each packet:


```python

from pcapfile import savefile


testcap = open('test.pcap', 'rb')

capfile = savefile.load_savefile(testcap, layers=2)


for pkt in capfile.packets:

timestamp = pkt.timestamp

# eth_layer = pkt.packet.payload

ip_layer = pkt.packet.payload.payload

print(f'Timestamp: {timestamp}, Source IP: {ip_layer.src_ip}, Destination IP: {ip_layer.dst_ip}')

```


In this example, `test.pcap` is the name of your pcap file. You'll need to replace this with the path to the actual pcap file you want to read. The `layers=2` argument to `load_savefile` tells it to decode the first two layers of each packet. Usually, these will be the Ethernet frame and the IP packet.


The for loop iterates over each packet in the pcap file. For each packet, it extracts and prints the timestamp, source IP, and destination IP.


To generate a report, you could modify the script to keep track of each unique connection and port observed. You might store this information in a Python dictionary or a pandas DataFrame, for example, and then write it to a CSV file.


To use prettytable, you can create a new prettytable object and add rows to it inside your loop. Here's an example:


```python

from prettytable import PrettyTable


# create table

table = PrettyTable(['Timestamp', 'Source IP', 'Destination IP'])


for pkt in capfile.packets:

timestamp = pkt.timestamp

ip_layer = pkt.packet.payload.payload

table.add_row([timestamp, ip_layer.src_ip, ip_layer.dst_ip])


print(table)

```


This will print a table with the timestamp, source IP, and destination IP of each packet.


To extract more information from each packet, you can look at the other attributes of the `ip_layer` and `eth_layer` objects. The available attributes will depend on the type of packet. For example, if it's a TCP or UDP packet, you can cast the `ip_layer` to the appropriate class and access more attributes:


```python

from pcapfile.protocols.network.ip import IP

from pcapfile.protocols.transport.tcp import TCP


ip_layer = IP(pkt.packet.payload.payload)

if ip_layer.p == 6: # TCP

tcp_layer = TCP(ip_layer.payload)

print(f'Source Port: {tcp_layer.src_port}, Destination Port: {tcp_layer.dst_port}')

```


Hope this helps you get started! If you have specific errors or issues, feel free to ask!

Upvote 0 Downvote
More
Report

Still looking for help? Get the right answer, fast.

Ask a question for free

Get a free answer to a quick problem.
Most questions answered within 4 hours.

OR

Find an Online Tutor Now

Choose an expert and meet online. No packages or subscriptions, pay only for the time you need.