This function returns a dictionary of signatures indexed by p0f db (e.g., p0f_kdb, p0fa_kdb, ...) for the local TCP/IP stack. You need to have your firewall at least accepting the TCP packets from/to a high port (30000 <= x <= 40000) on your loopback interface. Please note that the generated signa
()
| 565 | |
| 566 | |
| 567 | def p0f_getlocalsigs(): |
| 568 | """This function returns a dictionary of signatures indexed by p0f |
| 569 | db (e.g., p0f_kdb, p0fa_kdb, ...) for the local TCP/IP stack. |
| 570 | |
| 571 | You need to have your firewall at least accepting the TCP packets |
| 572 | from/to a high port (30000 <= x <= 40000) on your loopback interface. |
| 573 | |
| 574 | Please note that the generated signatures come from the loopback |
| 575 | interface and may (are likely to) be different than those generated on |
| 576 | "normal" interfaces.""" |
| 577 | pid = os.fork() |
| 578 | port = random.randint(30000, 40000) |
| 579 | if pid > 0: |
| 580 | # parent: sniff |
| 581 | result = {} |
| 582 | |
| 583 | def addresult(res): |
| 584 | # TODO: wildcard window size in some cases? and maybe some |
| 585 | # other values? |
| 586 | if res[0] not in result: |
| 587 | result[res[0]] = [res[1]] |
| 588 | else: |
| 589 | if res[1] not in result[res[0]]: |
| 590 | result[res[0]].append(res[1]) |
| 591 | # XXX could we try with a "normal" interface using other hosts |
| 592 | iface = conf.route.route('127.0.0.1')[0] |
| 593 | # each packet is seen twice: S + RA, S + SA + A + FA + A |
| 594 | # XXX are the packets also seen twice on non Linux systems ? |
| 595 | count = 14 |
| 596 | pl = sniff(iface=iface, filter='tcp and port ' + str(port), count=count, timeout=3) # noqa: E501 |
| 597 | for pkt in pl: |
| 598 | for elt in packet2p0f(pkt): |
| 599 | addresult(elt) |
| 600 | os.waitpid(pid, 0) |
| 601 | elif pid < 0: |
| 602 | log_runtime.error("fork error") |
| 603 | else: |
| 604 | # child: send |
| 605 | # XXX erk |
| 606 | time.sleep(1) |
| 607 | s1 = socket.socket(socket.AF_INET, type=socket.SOCK_STREAM) |
| 608 | # S & RA |
| 609 | try: |
| 610 | s1.connect(('127.0.0.1', port)) |
| 611 | except socket.error: |
| 612 | pass |
| 613 | # S, SA, A, FA, A |
| 614 | s1.bind(('127.0.0.1', port)) |
| 615 | s1.connect(('127.0.0.1', port)) |
| 616 | # howto: get an RST w/o ACK packet |
| 617 | s1.close() |
| 618 | os._exit(0) |
| 619 | return result |
no test coverage detected