Search code examples
pythonnetworkingpacket-sniffersdpkt

How can I extract packets from txt file?

I have a file as trace.txt which consists of packets and I want to extract each packet from it. The file as follows:

IP (tos 0x0, ttl 64, id 42387, offset 0, flags [none], proto UDP (17), length 364)
    10.30.23.135.17500 > 255.255.255.255.17500: UDP, length 336
IP (tos 0x0, ttl 64, id 35677, offset 0, flags [none], proto UDP (17), length 364)
    10.30.23.135.17500 > 10.30.31.255.17500: UDP, length 336
IP (tos 0x0, ttl 128, id 28996, offset 0, flags [none], proto UDP (17), length 78)
    10.30.12.151.137 > 10.30.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
IP (tos 0x0, ttl 128, id 10723, offset 0, flags [none], proto UDP (17), length 78)
    10.30.11.184.137 > 10.30.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
IP (tos 0x0, ttl 1, id 16034, offset 0, flags [none], proto UDP (17), length 50)
    10.30.17.171.53709 > 224.0.0.252.5355: UDP, length 22
IP (tos 0x0, ttl 64, id 60954, offset 0, flags [none], proto UDP (17), length 44)
    10.30.12.163.50558 > 10.30.15.255.8612: UDP, length 16
IP (tos 0x0, ttl 1, id 17167, offset 0, flags [none], proto UDP (17), length 44)
    10.30.12.163.50183 > 224.0.0.1.8612: UDP, length 16
.
.
.

How can I classify them where it is a SYN or ACK packet? And How can I determine whether a packet belongs to IP addresses of websites?

Solution

  • In short, you need to

    1. Open the file
    2. Split the text into packets
    3. Check whether the desired string is in the packet with python's in.

    In this example, we'll search for the strings SYN, ACK, and a google IP.

    import re

def get_packets(filename):
    with open(filename) as f:
        text = f.read()

    # Based on the sample file, packet continuations are over multiple lines
    # So split packets based on starting with a newline and then non-space char
    text_packets = re.findall(r'\n\S[\s\S]*(?=\n\S)', text)
    print("Packets found are", text_packets)

def find_info(text_packets):
    # Keep track of the ith packet to print that number
    ith = 1
    # Let's use one of google's IP for the example
    google_ip = "172.217.1.142" 

    for tp in text_packets:
        if "SYN" in tp:
            print(ith, "packet contains SYN")
        if "ACK" in tp:
            print(ith, "packet contains ACK")
        if google_ip in tp:
            print("Traffic to google found")
        ith += 1

def main():
    text_packets = get_packets("temp")
    find_info(text_packets)