~stick/challenges

ref: 94ef2a61ca6d6f0d5c28ba30169e28f01a2c8597 challenges/security-blue-team-vip-ctf/icmp_extract.py -rw-r--r-- 605 bytes View raw
94ef2a61Stick [sbtvip] started the ctf 4 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
import dpkt

with open("sneaky_transmission.pcap", "rb") as pcapfile, open(
    "pcap_extraction", "w+"
) as outfile:
    pcap = dpkt.pcap.Reader(pcapfile)

    for timestamp, buf in pcap:
        eth_frame = dpkt.pcap.Reader(buf)
        if not isinstance(eth_frame.data, dpkt.ip.IP):
            continue
        ip_packet = eth_frame.data
        if not isinstance(ip_packet.data, dpkt.icmp.ICMP):
            continue
        icmp = ip_packet.data
        try:
            outfile.write(icmp.data.data)
        except Exception:
            print("Error extracting ICMP payload")
            continue