MCPcopy Index your code
hub / github.com/secdev/scapy / packet2p0f

Function packet2p0f

scapy/modules/p0fv2.py:121–259  ·  view source on GitHub ↗
(pkt)

Source from the content-addressed store, hash-verified

119
120
121def packet2p0f(pkt):
122 pkt = pkt.copy()
123 pkt = pkt.__class__(raw(pkt))
124 while pkt.haslayer(IP) and pkt.haslayer(TCP):
125 pkt = pkt.getlayer(IP)
126 if isinstance(pkt.payload, TCP):
127 break
128 pkt = pkt.payload
129
130 if not isinstance(pkt, IP) or not isinstance(pkt.payload, TCP):
131 raise TypeError("Not a TCP/IP packet")
132 # if pkt.payload.flags & 0x7 != 0x02: #S,!F,!R
133 # raise TypeError("Not a SYN or SYN/ACK packet")
134
135 db = p0f_selectdb(pkt.payload.flags)
136
137 # t = p0f_kdb.ttl_range[:]
138 # t += [pkt.ttl]
139 # t.sort()
140 # ttl=t[t.index(pkt.ttl)+1]
141 ttl = pkt.ttl
142
143 ss = len(pkt)
144 # from p0f/config.h : PACKET_BIG = 100
145 if ss > 100:
146 if db == p0fr_kdb:
147 # p0fr.fp: "Packet size may be wildcarded. The meaning of
148 # wildcard is, however, hardcoded as 'size >
149 # PACKET_BIG'"
150 ss = '*'
151 else:
152 ss = 0
153 if db == p0fo_kdb:
154 # p0fo.fp: "Packet size MUST be wildcarded."
155 ss = '*'
156
157 ooo = ""
158 mss = -1
159 qqT = False
160 qqP = False
161 # qqBroken = False
162 ilen = (pkt.payload.dataofs << 2) - 20 # from p0f.c
163 for option in pkt.payload.options:
164 ilen -= 1
165 if option[0] == "MSS":
166 ooo += "M" + str(option[1]) + ","
167 mss = option[1]
168 # FIXME: qqBroken
169 ilen -= 3
170 elif option[0] == "WScale":
171 ooo += "W" + str(option[1]) + ","
172 # FIXME: qqBroken
173 ilen -= 2
174 elif option[0] == "Timestamp":
175 if option[1][0] == 0:
176 ooo += "T0,"
177 else:
178 ooo += "T,"

Callers 3

p0fFunction · 0.70
prnp0fFunction · 0.70
p0f_getlocalsigsFunction · 0.70

Calls 5

rawFunction · 0.90
p0f_selectdbFunction · 0.85
copyMethod · 0.45
haslayerMethod · 0.45
getlayerMethod · 0.45

Tested by

no test coverage detected