hdZddlmZmZmZmZmZmZmZm Z m Z ddl m Z m Z ddlmZddlmZGdde ZGdd e ZGd d e ZGd d eZGdde ZGddeZe eede eede eedde eede eedde eede eedde eeddS)z8 Sebek: kernel module for data collection on honeypots. ) FieldLenFieldIPFieldIntFieldShortEnumField ShortFieldStrFixedLenField StrLenField XIntField ByteEnumField)Packet bind_layers)UDP) IP_PROTOSc eZdZdZeddeddedddddd d ed ded ded dgZdZ dS) SebekHeadz Sebek headermagiciversiontyper)readwritesocketopencountertime_sec time_usecc,|dS)Nz2Sebek Header v%SebekHead.version% %SebekHead.type%)sprintfselfs W/mounts/lovelace/software/anaconda3/lib/python3.11/site-packages/scapy/contrib/sebek.py mysummaryzSebekHead.mysummary!s||PQQQN) __name__ __module__ __qualname__namer rrr fields_descr$r%r#rrs D9Wh//:i++!>&!a!891.F.FGG8Iq))8J**8K++ -KRRRRRr%rc eZdZdZeddeddeddeddded d d d ed ddgZdZ d S)SebekV1zSebek v1pidruidfdcmd data_lengthNdataIfmtc|jSNr4xs r#zSebekV1./ r% length_fromct|jtr|jdS|dS)Nz)Sebek v1 %SebekHead.type% (%SebekV1.cmd%)zSebek v1 (%SebekV1.cmd%) isinstance underlayerrr r!s r#r$zSebekV1.mysummary1s@ doy 1 1 <?**+VWW W<< :;; ;r% r&r'r(r)rrrr r*r$r+r%r#r-r-(s D8E1%%8E1%%8D!$$##E2r22 =f#FFF;vr7M7MNNN PK<<<<zSebekV3.Ar?r%r@ct|jtr|jdS|dS)Nz;Sebek v%SebekHead.version% %SebekHead.type% (%SebekV3.cmd%)zSebek v3 (%SebekV3.cmd%)rCr!s r#r$zSebekV3.mysummaryC@ doy 1 1 <?**+hii i<< :;; ;r%rFr+r%r#rHrH8s D8L!,,8E1%%8E1%%8D!$$8GQ''##E2r22 =f#FFF;vr7M7MNNNPK<<<<&!a9:a89b9;r:< .>.>?? !=!Y77!9K$GGGGGr%rSceZdZdZdS) SebekV2Sockct|jtr|jdS|dS)Nz?Sebek v%SebekHead.version% %SebekHead.type% (%SebekV2Sock.cmd%)z#Sebek v2 socket (%SebekV2Sock.cmd%)rCr!s r#r$zSebekV2Sock.mysummarynrir%NrQr+r%r#rkrkms(GGGGGr%rkiM)rX)rV)rVrXr)rr)rrrN)__doc__ scapy.fieldsrrrrrrr r r scapy.packetr r scapy.layers.inetr scapy.datarrr-rHrOrSrkr+r%r#rrs HHHHHHHHHHHHHHHHHHHHHH,,,,,,,,!!!!!! R R R R R R R R" < < < <