MCPcopy Index your code
hub / github.com/secdev/scapy / p0f_getlocalsigs

Function p0f_getlocalsigs

scapy/modules/p0fv2.py:567–619  ·  view source on GitHub ↗

This function returns a dictionary of signatures indexed by p0f db (e.g., p0f_kdb, p0fa_kdb, ...) for the local TCP/IP stack. You need to have your firewall at least accepting the TCP packets from/to a high port (30000 <= x <= 40000) on your loopback interface. Please note that the generated signa

()

Source from the content-addressed store, hash-verified

565
566
567def p0f_getlocalsigs():
568 """This function returns a dictionary of signatures indexed by p0f
569db (e.g., p0f_kdb, p0fa_kdb, ...) for the local TCP/IP stack.
570
571You need to have your firewall at least accepting the TCP packets
572from/to a high port (30000 <= x <= 40000) on your loopback interface.
573
574Please note that the generated signatures come from the loopback
575interface and may (are likely to) be different than those generated on
576"normal" interfaces."""
577 pid = os.fork()
578 port = random.randint(30000, 40000)
579 if pid > 0:
580 # parent: sniff
581 result = {}
582
583 def addresult(res):
584 # TODO: wildcard window size in some cases? and maybe some
585 # other values?
586 if res[0] not in result:
587 result[res[0]] = [res[1]]
588 else:
589 if res[1] not in result[res[0]]:
590 result[res[0]].append(res[1])
591 # XXX could we try with a "normal" interface using other hosts
592 iface = conf.route.route('127.0.0.1')[0]
593 # each packet is seen twice: S + RA, S + SA + A + FA + A
594 # XXX are the packets also seen twice on non Linux systems ?
595 count = 14
596 pl = sniff(iface=iface, filter='tcp and port ' + str(port), count=count, timeout=3) # noqa: E501
597 for pkt in pl:
598 for elt in packet2p0f(pkt):
599 addresult(elt)
600 os.waitpid(pid, 0)
601 elif pid < 0:
602 log_runtime.error("fork error")
603 else:
604 # child: send
605 # XXX erk
606 time.sleep(1)
607 s1 = socket.socket(socket.AF_INET, type=socket.SOCK_STREAM)
608 # S & RA
609 try:
610 s1.connect(('127.0.0.1', port))
611 except socket.error:
612 pass
613 # S, SA, A, FA, A
614 s1.bind(('127.0.0.1', port))
615 s1.connect(('127.0.0.1', port))
616 # howto: get an RST w/o ACK packet
617 s1.close()
618 os._exit(0)
619 return result

Callers 1

p0f_impersonateFunction · 0.85

Calls 7

sniffFunction · 0.90
addresultFunction · 0.85
packet2p0fFunction · 0.70
routeMethod · 0.45
connectMethod · 0.45
bindMethod · 0.45
closeMethod · 0.45

Tested by

no test coverage detected