-
Notifications
You must be signed in to change notification settings - Fork 0
/
test1.lisp
165 lines (159 loc) · 6.21 KB
/
test1.lisp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
;; - This short program opens a pcap file and extracts some informations from each frame.
;; - It ist written in Common LISP.
;; - The program uses the "plokami" module to extract Ethernet frames from the pcap.
;;
;(ql:quickload "plokami")
;(use-package :plokami)
;;(find-all-devs)
(defun int2hex (int_value)
"Convert a decimal value into a hexadecimal value. Currently only for Bytes (0-255)"
;; hexstr ist der hexadezimale Rückgabewert
(let* ((hexstr (write-to-string int_value :base 16) )
;; Hexadezimalzahl ggfs. auf zwei Stellen erweitern
(l (length hexstr) ))
(if (= 1 l)
(setq hexstr (concatenate 'string "0" hexstr)))
hexstr
))
(defun pcap-einlesen ()
"Read Frames from the file test.pcapng an extract L2 and L3 informations. "
(with-pcap-reader (reader "/Users/thomas/Documents/Development/pcapanalyzer/test.pcapng" :snaplen 1500)
;; Loop through all Frames in the pcap file
(capture reader -1
(lambda (sec usec caplen len buffer)
;(princ "Sekunden:")
;(princ (list 'sec usec caplen len))
; (princ "---")
;(concatenate sec usec caplen len)
;; 'Buffer' contains the current frame.
;;
;; Extract time and length informations
;; Declare and assign variables
;; Destination MAC address
(let* ((metadataset nil)
(dst_mac (concatenate 'string
(int2hex (aref buffer 0)) ":"
(int2hex (aref buffer 1)) ":"
(int2hex (aref buffer 2)) ":"
(int2hex (aref buffer 3)) ":"
(int2hex (aref buffer 4)) ":"
(int2hex (aref buffer 5)) ))
;; Source MAC address
(src_mac (concatenate 'string
(int2hex (aref buffer 6)) ":"
(int2hex (aref buffer 7)) ":"
(int2hex (aref buffer 8)) ":"
(int2hex (aref buffer 9)) ":"
(int2hex (aref buffer 10)) ":"
(int2hex (aref buffer 11)) ))
;; Frame type
( frame_type (concatenate 'string
(int2hex (aref buffer 12)) (int2hex (aref buffer 13))))
;; Declare variables for L3/L4
(ip_ver"")
(ihl 0)
(tos "")
(ip_len "")
(ip_id "")
(ip_off "")
(ip_ttl "")
(ip_p "")
(ip_sum "")
(ip_src "")
(ip_dst "")
(tcp_src "")
(tcp_dst "")
(tcp_seq "")
(tcp_ack "")
(tcp_off "")
(tcp_rsv "")
(tcp_flg "")
(tcp_wnd "")
(tcp_chk "")
(tcp_urg "")
)
(setq metadataset (list sec usec caplen len)); (concatenate sec usec caplen len))
;(setq metadataset (append metadataset '25))
; (princ ">")
; (terpri)
; (princ "Time index: ")
; (princ sec)
; (princ ".")
; (princ usec)
; (terpri)
; (princ "Capture Length: ")
; (princ caplen)
; (terpri)
; (princ "Length: ")
; (princ len)
; (terpri)
;; IP Version (4/6)
(setq ip_ver (int2hex (floor (aref buffer 14) 16)))
;; IPv4 Initial header length
(setq ihl (* (mod (aref buffer 14) 16) 32))
;; IPv4 Type of Service
(setq tos (int2hex(aref buffer 15)))
;; IPv4 length
(setq ip_len (concatenate 'string
(int2hex (aref buffer 16)) (int2hex (aref buffer 17))))
;; IPv4 identification
(setq ip_id (concatenate 'string
(int2hex (aref buffer 18)) (int2hex (aref buffer 19))))
;; IPv4 offset
(setq ip_off (concatenate 'string
(int2hex (aref buffer 20)) (int2hex (aref buffer 21))))
;; IPv4 time-to-live
(setq ip_ttl (int2hex (aref buffer 22)))
;; IPv4 L4 protocol (e. g. UDP, TCP)
(setq ip_p (int2hex (aref buffer 23)))
;; IPv4 Header checksum
(setq ip_sum (concatenate 'string
(int2hex (aref buffer 24)) (int2hex (aref buffer 25))))
;; IPv4 source address
(setq ip_src (concatenate 'string
(write-to-string (aref buffer 26)) "." (write-to-string (aref buffer 27)) "." (write-to-string (aref buffer 28)) "." (write-to-string (aref buffer 29))))
;; IPv4 destination address
(setq ip_dst (concatenate 'string
(write-to-string (aref buffer 30)) "." (write-to-string (aref buffer 31)) "." (write-to-string (aref buffer 32)) "." (write-to-string (aref buffer 33))))
;; TCP source port
(setq tcp_src (concatenate 'string
(int2hex (aref buffer 34)) (int2hex (aref buffer 35))))
;; TCP destination port
(setq tcp_dst (concatenate 'string
(int2hex (aref buffer 36)) (int2hex (aref buffer 37))))
;; TCP sequence number
(setq tcp_seq (concatenate 'string
(int2hex (aref buffer 38)) (int2hex (aref buffer 39))
(int2hex (aref buffer 40)) (int2hex (aref buffer 41)) ))
;; TCP acknowledge number
(setq tcp_ack (concatenate 'string
(int2hex (aref buffer 42)) (int2hex (aref buffer 43))
(int2hex (aref buffer 44)) (int2hex (aref buffer 45)) ))
;; TCP offset
(setq tcp_off (int2hex (floor (aref buffer 46) 16)))
;; TCP reserved
(setq tcp_rsv (int2hex (* (mod (aref buffer 46) 16) 32)))
;; TCP flags
(setq tcp_flg (int2hex (aref buffer 47)))
;; TCP window size
(setq tcp_wnd (concatenate 'string
(int2hex (aref buffer 48)) (int2hex (aref buffer 49))))
;; TCP checksum
(setq tcp_chk (concatenate 'string
(int2hex (aref buffer 50)) (int2hex (aref buffer 51))))
;; TCP urgent pointer
(setq tcp_urg (concatenate 'string
(int2hex (aref buffer 52)) (int2hex (aref buffer 53))))
;; next command doesn't work
;(setq hashwert (sxhash (list 'list buffer)))
;(princ hashwert)
;; Print extracted informations
;;(princ (concatenate 'string "*" src_mac " => " dst_mac " FT: " frame_type " IPv: " ip_ver " IHL: " (write-to-string ihl) " TOS: " tos " IPLEN: " ip_len " IPID: " ip_id " IPOFF: " ip_off " IPTTL: " ip_ttl " IPP: " ip_p " IPSUM: " ip_sum " IPSRC: " ip_src ":" tcp_src " IPDST: " ip_dst ":" tcp_dst " tcp_seq: " tcp_seq " tcp_ack: " tcp_ack " TCPOFF: " tcp_off " TCPRSV: " tcp_rsv " TCPFLG: " tcp_flg " TCPWND: " tcp_wnd " TCPCHK: " tcp_chk " TCPURG: " tcp_urg))
; (princ dst_mac)
(setq metadataset (append metadataset dst_mac ))
;(setq metadataset (append metadataset src_mac ))
(princ metadataset)
(terpri)
)
)))
)