Skip navigation

Tag Archives: computers

I’ll make my own PCAP Parsing API… WITH BEER… AND HOOKERS!

So I’ve spent about 8 hours or so whipping this bad boy up.  It’s actually fairly functional, but it only parses through the PCAP header and PACKET header at this point (as in the PCAP packet header, not the IP packet header)

Link to files (comes with test script and pcap): pcap_parser_0.01b.zip

As I mentioned in my last programming post, I’m really fed up with how inflexible the pure-python pcap libraries are when it comes to deciding exactly what part of a packet gets parsed.  So…

 

#! /usr/local/bin/python3
import pcap
p = pcap.Pcap_file("test.pcap")
pkt = p.next_packet()
while pkt:
    print(pkt)
    pkt = p.next_packet()

 

This bad boy does alot. With the default settings, we get…

 

PACKET( ts_sec=1374367283, ts_usec=, incl_len=66, orig_len=, endian=<,)
PACKET( ts_sec=1374367283, ts_usec=, incl_len=125, orig_len=, endian=<,)
PACKET( ts_sec=1374367283, ts_usec=, incl_len=66, orig_len=, endian=<,)
PACKET( ts_sec=1374367283, ts_usec=, incl_len=491, orig_len=, endian=<,)
PACKET( ts_sec=1374367283, ts_usec=, incl_len=66, orig_len=, endian=<,)
PACKET( ts_sec=1374367283, ts_usec=, incl_len=342, orig_len=, endian=<,)

 

but if we add a few lines…

 

#! /usr/local/bin/python3
import pcap
import packet

pConfig = packet.PARSE_CONFIG(ts_sec=True, 
				ts_usec=True, 
				incl_len=True,
				orig_len=True)
upConfig = packet.UNPACK_CONFIG(ts_sec=True, 
				ts_usec=True, 
				incl_len=True,
				orig_len=True)

p = pcap.Pcap_file("test.pcap")
pkt = p.next_pack(pConfig=pConfig, upConfig=upConfig)
while pkt:
    print(pkt)
    pkt = p.next_pack(pConfig=pConfig, upConfig=upConfig)

 

we get…

PACKET( ts_sec=1374367283, ts_usec=850337, incl_len=125, orig_len=125, endian=<,)
PACKET( ts_sec=1374367283, ts_usec=850478, incl_len=66, orig_len=66, endian=<,)
PACKET( ts_sec=1374367283, ts_usec=850810, incl_len=491, orig_len=491, endian=<,)
PACKET( ts_sec=1374367283, ts_usec=850857, incl_len=66, orig_len=66, endian=<,)
PACKET( ts_sec=1374367283, ts_usec=960149, incl_len=342, orig_len=342, endian=<,)

 

That doesn’t look like a huge difference, but the magic is really going on behind the scenes.  The difference between this and something like Scappy and DPKT is that if you don’t set values to True in the config classes, it doesn’t even read those bytes. It just moves the fuck on.

If you set them to parse but not to unpack, then they’ll stay as binary. You don’t always need to unpack, so it’s a waste of resources.

I’ll probably switch from a config class to some kind of Bitwise operations to handle configurations. So you’ll pass configuration parameters like…

pktCfg = TS_SEC | INCL_LEN | TS_SEC_UPK | INCL_LEN_UPK # 1 | 4 | 32 | 128
pkt = p.next_packet(cfg=pktCfg)

Each parser would need a default parse value, which would likely be a minimalistic approach at reaching the next header (for example, IP header would only unpack header length and next protocol value by default). Furthermore this lets a developer have control of what is parsed with flexibility, as he can simply OR/AND/XOR his default config with a new value on the fly prior to calling the parsing function.

For now…

its-happening-ron-paul-gif

Bend Finger. Open door.

As prosthetic limbs became more advanced, the technology was incorporated into robotic cranes, construction equipment, video games, you name it.  Moving steel girders from point A to point B was a matter of willing a crane to move, as opposed to pulling levers like playing an arcade crane game.  The level of precision that could be gained was a tremendous leap forward for many manual labor industries.

Home automation systems implemented wireless neural interfaces, and homes could be operated as if they were an extension of the body.  Bend your finger.  You probably didn’t think “ok, now activate this muscle, and bend this far, then stop…”.  You simply bent your finger.  Imagine opening a door by just thinking it, as if the door was a finger attached to your hand.

Guides to help users learn to operate neural interfaces are freely available on the internet .  The protocols for home automation systems, cars, and televisions had long been standardized so learning to operate one helped you learn to operate the others.  Children learned in school, and advances happened exponentially as each generation expanded on the last’s accomplishments.

Governments recognized the danger of implementing neural interfaces based on open source standards, so naturally they designed their own set of protocols.  The fundamental problem no one has solved was the ubiquity of the underlying hardware, which meant that ultimately it was a matter of being taught the protocol that kept systems safe.  It’s a bit like learning a language, but controlling the signals your brain sends to the computer to be interpreted into system commands.

Hackers became less of the bearded, nerdy persuasion and quickly began to seem more like body builders – spending countless hours practicing to interface with computers in much the same way we focus on technique while bench pressing.  Thousands of hours were spent developing open source software that allowed for the routing of neural commands over a network.  Thousands more were spent probing closed neural systems, trying to decipher what commands a given set of neural signals mapped to.

0300 April 2, 2366.  Downtown Hong Kong.  An industrial climbing crane descends down a half built skyscraper, demolishing every window it passed, raining glass on the barren sidewalks below.  A 780 lb steel girder was hurdled into a nearby parking structure, destroying 13 cards.  The crane finally collided with a neighboring building, mangling itself and burning out its primary motor.

2 blocks away, the Jumbotron that normally played advertisements for the latest movies decided to play Daft Punk’s “Contact” synced to the end of “2001: A Space Odyssey”.  Surprisingly, it matched up extremely well.

No one was injured.  Seeing 1968 CGI on a screen installed in 2345 was something a marval that only a few dozen citizens will ever have experienced.  The crane had repaired itself and the surrounding buildings before the foreman arrived at 0730.

Life moved on.