not my code dude. i just offered it, for anyone who was interested... again, people bashing the user, who does nothing but inform :s ghood one.
On 11 November 2011 19:17, Tillmann Werner <[email protected]> wrote: >> def callback(self, hdr, data): >> # Parse the Ethernet packet >> decoder = ImpactDecoder.EthDecoder() >> ether = decoder.decode(data) >> # Parse the IP packet inside the Ethernet packet, typep >> iphdr = ether.child() >> udphdr = iphdr.child() >> >> # First check that the packets are not comming from the local host >> # Then check that it is a UDP packet (incase you changed the BPF) >> also >> # Check that the destination port for the packet is a closed >> port on the host >> if (iphdr.get_ip_src() != self.ip): >> self.refresh_portlist() >> if (iphdr.get_ip_p() == ImpactPacket.UDP.protocol and >> udphdr.get_uh_dport() not in self.portlist): >> if self.called == 0: >> self.callonce() >> print "Incoming UDP packet from %s"%iphdr.get_ip_src() >> self.dumper.dump(hdr, data) >> >> def refresh_portlist(self): >> # bash script to get all the open and listening UDP ports >> # used in the callback function as criteria for logging traffic >> output = os.popen("./getports.sh") >> pl = output.readlines() >> self.portlist = [] >> for p in pl: >> self.portlist.append(int(p)) > > Seriously? popen()ing a bash script that calls netstat and awk twice for > every packet? > > Tillmann > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
