-
Notifications
You must be signed in to change notification settings - Fork 1
/
ddos-inspect.py
49 lines (44 loc) · 1.27 KB
/
ddos-inspect.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# beloved/DHS
"""
========================================
Name:DDos-inspect Author: Lalevin Martin
Mailbox: [email protected]
Github: http://github.com/nacglalevin
Written in 2024-5-1
==================NACG==================
"""
import dpkt
import sys
from socket import *
def findDDos(pcap):
pktcount = {}
for (ts, buf) in pcap:
try:
eth = dpkt.ethernet.Ethernet()
ip = eth.data
src = socket.inet_ntoa(ip.src)
dst = socket.inet_ntoa(ip.dst)
tcp = ip.data
dport = tcp.dport
if dport == 80:
stream = src + ":" + dst
if pktCount.has_key(stream):
pktCount[stream] = pktCount[stream] + 1
else:
pktCount[stream] = 1
except:
pass
for stream in pktCount:
pktsSent = pktCount[stream]
if pktsSent > 10000:
src = stream.split(":")[0]
dst = stream.split(":")[1]
print "[+] "+src+" attacked "+dst+" with "+str(pktsSent)+" pkts. "
try:
pcapfile = sys.argv[1]
f = open(pcapfile)
pcap = dpkt.pcap.Reader(f)
findDDos(pcap)
except:
print "[!] usage : [pcapfile]"
sys.exit(0)