Parse Packets with Dpkt
At this point, you understand how important it is to analyze packets – you will not only want to
analyze the packets that are coming from another computer to understand another user’s activities,
but also understand what other people are going to do with the packets that they are observing
from your computer. In this hack, you will learn how to analyze a network capture, and examine
the protocol layer of each packet using the tool called Dpkt.
When you run this script, you will be able to find both the source and destination IP addresses:
The next thing that you will want to do is to match these IP addresses with a physical location.
You can improve the script that you have just created by creating an additional function
retGeoStr(), which will give you a physical location for the IP address that your code is able to
locate.
For this example, you will be able to find the three-digit country code and the city for each
IP address and then have the code display this information. Just in any case the function prompts
you with an exception, handle it by providing a message that indicates that the address is not
registered. This will allow you to handle all addresses that are not included in the GeoLiteCity database that you downloaded earlier or instances of private addresses.
Once you are able to add the function retGeostr to the script that you were able to produce earlier,
you will be able to create a good packet analysis toolkit that will allow you to view the physical
destinations of packets that you want to study. This is how your final code should look like:
This is how your script will look like in action:
Based on these results, you know that the traffic that you are analyzing is routed to different parts
of the world. Now that you are aware that your data is possibly being routed to too many different
computers, you get the idea that you need to improve your security by securing your ports.
){kind=link}
0 Comments