diff --git a/Source/Module/magic_numbers.txt b/Source/Module/magic_numbers.txt new file mode 100644 index 0000000..1bc47ad --- /dev/null +++ b/Source/Module/magic_numbers.txt @@ -0,0 +1,964 @@ +{ + "123": { + "signs": [ + "0,00001A00051004" + ], + "mime": "application/vnd.lotus-1-2-3" + }, + "cpl": { + "signs": [ + "0,4D5A", + "0,DCDC" + ], + "mime": "application/cpl+xml" + }, + "epub": { + "signs": [ + "0,504B03040A000200" + ], + "mime": "application/epub+zip" + }, + "gz": { + "signs": [ + "0,1F8B08" + ], + "mime": "application/gzip" + }, + "tgz": { + "signs": [ + "0,1F8B08" + ], + "mime": "application/gzip" + }, + "hqx": { + "signs": [ + "0,28546869732066696C65206D75737420626520636F6E76657274656420776974682042696E48657820" + ], + "mime": "application/mac-binhex40" + }, + "doc": { + "signs": [ + "0,0D444F43", + "0,CF11E0A1B11AE100", + "0,D0CF11E0A1B11AE1", + "0,DBA52D00", + "512,ECA5C100" + ], + "mime": "application/msword" + }, + "mxf": { + "signs": [ + "0,060E2B34020501010D0102010102", + "0,3C435472616E7354696D656C696E653E" + ], + "mime": "application/mxf" + }, + "lha": { + "signs": [ + "2,2D6C68" + ], + "mime": "application/octet-stream" + }, + "lzh": { + "signs": [ + "2,2D6C68" + ], + "mime": "application/octet-stream" + }, + "exe": { + "signs": [ + "0,4D5A" + ], + "mime": "application/octet-stream" + }, + "class": { + "signs": [ + "0,CAFEBABE" + ], + "mime": "application/octet-stream" + }, + "dll": { + "signs": [ + "0,4D5A" + ], + "mime": "application/octet-stream" + }, + "img": { + "signs": [ + "0,000100005374616E64617264204A6574204442", + "0,504943540008", + "0,514649FB", + "0,53434D49", + "0,7E742C015070024D52010000000800000001000031000000310000004301FF0001000800010000007e742c01", + "0,EB3C902A" + ], + "mime": "application/octet-stream" + }, + "iso": { + "signs": [ + "0,4344303031" + ], + "mime": "application/octet-stream" + }, + "ogx": { + "signs": [ + "0,4F67675300020000000000000000" + ], + "mime": "application/ogg" + }, + "oxps": { + "signs": [ + "0,504B0304" + ], + "mime": "application/oxps" + }, + "pdf": { + "signs": [ + "0,25504446" + ], + "mime": "application/pdf" + }, + "p10": { + "signs": [ + "0,64000000" + ], + "mime": "application/pkcs10" + }, + "pls": { + "signs": [ + "0,5B706C61796C6973745D" + ], + "mime": "application/pls+xml" + }, + "eps": { + "signs": [ + "0,252150532D41646F62652D332E3020455053462D332030", + "0,C5D0D3C6" + ], + "mime": "application/postscript" + }, + "ai": { + "signs": [ + "0,25504446" + ], + "mime": "application/postscript" + }, + "rtf": { + "signs": [ + "0,7B5C72746631" + ], + "mime": "application/rtf" + }, + "msf": { + "signs": [ + "0,2F2F203C212D2D203C6D64623A6D6F726B3A7A" + ], + "mime": "application/vnd.epson.msf" + }, + "fdf": { + "signs": [ + "0,25504446" + ], + "mime": "application/vnd.fdf" + }, + "fm": { + "signs": [ + "0,3C4D616B657246696C6520" + ], + "mime": "application/vnd.framemaker" + }, + "kmz": { + "signs": [ + "0,504B0304" + ], + "mime": "application/vnd.google-earth.kmz" + }, + "tpl": { + "signs": [ + "0,0020AF30", + "0,6D7346696C7465724C697374" + ], + "mime": "application/vnd.groove-tool-template" + }, + "kwd": { + "signs": [ + "0,504B0304" + ], + "mime": "application/vnd.kde.kword" + }, + "wk4": { + "signs": [ + "0,00001A000210040000000000" + ], + "mime": "application/vnd.lotus-1-2-3" + }, + "wk3": { + "signs": [ + "0,00001A000010040000000000" + ], + "mime": "application/vnd.lotus-1-2-3" + }, + "wk1": { + "signs": [ + "0,0000020006040600080000000000" + ], + "mime": "application/vnd.lotus-1-2-3" + }, + "apr": { + "signs": [ + "0,D0CF11E0A1B11AE1" + ], + "mime": "application/vnd.lotus-approach" + }, + "nsf": { + "signs": [ + "0,1A0000040000", + "0,4E45534D1A01" + ], + "mime": "application/vnd.lotus-notes" + }, + "ntf": { + "signs": [ + "0,1A0000", + "0,30314F52444E414E43452053555256455920202020202020", + "0,4E49544630" + ], + "mime": "application/vnd.lotus-notes" + }, + "org": { + "signs": [ + "0,414F4C564D313030" + ], + "mime": "application/vnd.lotus-organizer" + }, + "lwp": { + "signs": [ + "0,576F726450726F" + ], + "mime": "application/vnd.lotus-wordpro" + }, + "sam": { + "signs": [ + "0,5B50686F6E655D" + ], + "mime": "application/vnd.lotus-wordpro" + }, + "mif": { + "signs": [ + "0,3C4D616B657246696C6520", + "0,56657273696F6E20" + ], + "mime": "application/vnd.mif" + }, + "xul": { + "signs": [ + "0,3C3F786D6C2076657273696F6E3D22312E30223F3E" + ], + "mime": "application/vnd.mozilla.xul+xml" + }, + "asf": { + "signs": [ + "0,3026B2758E66CF11A6D900AA0062CE6C" + ], + "mime": "application/vnd.ms-asf" + }, + "cab": { + "signs": [ + "0,49536328", + "0,4D534346" + ], + "mime": "application/vnd.ms-cab-compressed" + }, + "xls": { + "signs": [ + "512,0908100000060500", + "0,D0CF11E0A1B11AE1", + "512,FDFFFFFF04", + "512,FDFFFFFF20000000" + ], + "mime": "application/vnd.ms-excel" + }, + "xla": { + "signs": [ + "0,D0CF11E0A1B11AE1" + ], + "mime": "application/vnd.ms-excel" + }, + "chm": { + "signs": [ + "0,49545346" + ], + "mime": "application/vnd.ms-htmlhelp" + }, + "ppt": { + "signs": [ + "512,006E1EF0", + "512,0F00E803", + "512,A0461DF0", + "0,D0CF11E0A1B11AE1", + "512,FDFFFFFF04" + ], + "mime": "application/vnd.ms-powerpoint" + }, + "pps": { + "signs": [ + "0,D0CF11E0A1B11AE1" + ], + "mime": "application/vnd.ms-powerpoint" + }, + "wks": { + "signs": [ + "0,0E574B53", + "0,FF000200040405540200" + ], + "mime": "application/vnd.ms-works" + }, + "wpl": { + "signs": [ + "84,4D6963726F736F66742057696E646F7773204D6564696120506C61796572202D2D20" + ], + "mime": "application/vnd.ms-wpl" + }, + "xps": { + "signs": [ + "0,504B0304" + ], + "mime": "application/vnd.ms-xpsdocument" + }, + "cif": { + "signs": [ + "2,5B56657273696F6E" + ], + "mime": "application/vnd.multiad.creator.cif" + }, + "odp": { + "signs": [ + "0,504B0304" + ], + "mime": "application/vnd.oasis.opendocument.presentation" + }, + "odt": { + "signs": [ + "0,504B0304" + ], + "mime": "application/vnd.oasis.opendocument.text" + }, + "ott": { + "signs": [ + "0,504B0304" + ], + "mime": "application/vnd.oasis.opendocument.text-template" + }, + "pptx": { + "signs": [ + "0,504B030414000600" + ], + "mime": "application/vnd.openxmlformats-officedocument.presentationml.presentation" + }, + "xlsx": { + "signs": [ + "0,504B030414000600" + ], + "mime": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" + }, + "docx": { + "signs": [ + "0,504B030414000600" + ], + "mime": "application/vnd.openxmlformats-officedocument.wordprocessingml.document" + }, + "prc": { + "signs": [ + "0,424F4F4B4D4F4249", + "60,74424D504B6E5772" + ], + "mime": "application/vnd.palm" + }, + "qxd": { + "signs": [ + "0,00004D4D585052" + ], + "mime": "application/vnd.Quark.QuarkXPress" + }, + "rar": { + "signs": [ + "0,526172211A0700", + "0,526172211A070100" + ], + "mime": "application/vnd.rar" + }, + "mmf": { + "signs": [ + "0,4D4D4D440000" + ], + "mime": "application/vnd.smaf" + }, + "cap": { + "signs": [ + "0,52545353", + "0,58435000" + ], + "mime": "application/vnd.tcpdump.pcap" + }, + "dmp": { + "signs": [ + "0,4D444D5093A7", + "0,5041474544553634", + "0,5041474544554D50" + ], + "mime": "application/vnd.tcpdump.pcap" + }, + "wpd": { + "signs": [ + "0,FF575043" + ], + "mime": "application/vnd.wordperfect" + }, + "xar": { + "signs": [ + "0,78617221" + ], + "mime": "application/vnd.xara" + }, + "spf": { + "signs": [ + "0,5350464900" + ], + "mime": "application/vnd.yamaha.smaf-phrase" + }, + "dtd": { + "signs": [ + "0,0764743264647464" + ], + "mime": "application/xml-dtd" + }, + "zip": { + "signs": [ + "0,504B0304", + "0,504B0304", + "0,504B030414000100630000000000", + "0,504B0708", + "30,504B4C495445", + "526,504B537058", + "29,152,57696E5A6970" + ], + "mime": "application/zip" + }, + "amr": { + "signs": [ + "0,2321414D52" + ], + "mime": "audio/AMR" + }, + "au": { + "signs": [ + "0,2E736E64", + "0,646E732E" + ], + "mime": "audio/basic" + }, + "m4a": { + "signs": [ + "0,00000020667479704D344120", + "4,667479704D344120" + ], + "mime": "audio/mp4" + }, + "mp3": { + "signs": [ + "0,494433", + "0,FFD8" + ], + "mime": "audio/mpeg" + }, + "oga": { + "signs": [ + "0,4F67675300020000000000000000" + ], + "mime": "audio/ogg" + }, + "ogg": { + "signs": [ + "0,4F67675300020000000000000000" + ], + "mime": "audio/ogg" + }, + "qcp": { + "signs": [ + "0,52494646" + ], + "mime": "audio/qcelp" + }, + "koz": { + "signs": [ + "0,49443303000000" + ], + "mime": "audio/vnd.audikoz" + }, + "bmp": { + "signs": [ + "0,424D" + ], + "mime": "image/bmp" + }, + "dib": { + "signs": [ + "0,424D" + ], + "mime": "image/bmp" + }, + "emf": { + "signs": [ + "0,01000000" + ], + "mime": "image/emf" + }, + "fits": { + "signs": [ + "0,53494D504C4520203D202020202020202020202020202020202020202054" + ], + "mime": "image/fits" + }, + "gif": { + "signs": [ + "0,474946383961" + ], + "mime": "image/gif" + }, + "jp2": { + "signs": [ + "0,0000000C6A5020200D0A" + ], + "mime": "image/jp2" + }, + "jpg": { + "signs": [ + "0,FFD8", + "0,FFD8", + "0,FFD8", + "0,FFD8" + ], + "mime": "image/jpeg" + }, + "jpeg": { + "signs": [ + "0,FFD8", + "0,FFD8" + ], + "mime": "image/jpeg" + }, + "jpe": { + "signs": [ + "0,FFD8", + "0,FFD8" + ], + "mime": "image/jpeg" + }, + "jfif": { + "signs": [ + "0,FFD8" + ], + "mime": "image/jpeg" + }, + "png": { + "signs": [ + "0,89504E470D0A1A0A" + ], + "mime": "image/png" + }, + "tiff": { + "signs": [ + "0,492049", + "0,49492A00", + "0,4D4D002A", + "0,4D4D002B" + ], + "mime": "image/tiff" + }, + "tif": { + "signs": [ + "0,492049", + "0,49492A00", + "0,4D4D002A", + "0,4D4D002B" + ], + "mime": "image/tiff" + }, + "psd": { + "signs": [ + "0,38425053" + ], + "mime": "image/vnd.adobe.photoshop" + }, + "dwg": { + "signs": [ + "0,41433130" + ], + "mime": "image/vnd.dwg" + }, + "ico": { + "signs": [ + "0,00000100" + ], + "mime": "image/vnd.microsoft.icon" + }, + "mdi": { + "signs": [ + "0,4550" + ], + "mime": "image/vnd.ms-modi" + }, + "hdr": { + "signs": [ + "0,233F52414449414E43450A", + "0,49536328" + ], + "mime": "image/vnd.radiance" + }, + "pcx": { + "signs": [ + "512,0908100000060500" + ], + "mime": "image/vnd.zbrush.pcx" + }, + "wmf": { + "signs": [ + "0,010009000003", + "0,D7CDC69A" + ], + "mime": "image/wmf" + }, + "eml": { + "signs": [ + "0,46726F6D3A20", + "0,52657475726E2D506174683A20", + "0,582D" + ], + "mime": "message/rfc822" + }, + "art": { + "signs": [ + "0,4A47040E" + ], + "mime": "message/rfc822" + }, + "manifest": { + "signs": [ + "0,3C3F786D6C2076657273696F6E3D" + ], + "mime": "text/cache-manifest" + }, + "log": { + "signs": [ + "0,2A2A2A2020496E7374616C6C6174696F6E205374617274656420" + ], + "mime": "text/plain" + }, + "tsv": { + "signs": [ + "0,47" + ], + "mime": "text/tab-separated-values" + }, + "vcf": { + "signs": [ + "0,424547494E3A56434152440D0A" + ], + "mime": "text/vcard" + }, + "dms": { + "signs": [ + "0,444D5321" + ], + "mime": "text/vnd.DMClientScript" + }, + "dot": { + "signs": [ + "0,D0CF11E0A1B11AE1" + ], + "mime": "text/vnd.graphviz" + }, + "ts": { + "signs": [ + "0,47" + ], + "mime": "text/vnd.trolltech.linguist" + }, + "3gp": { + "signs": [ + "0,0000001466747970336770", + "0,0000002066747970336770" + ], + "mime": "video/3gpp" + }, + "3g2": { + "signs": [ + "0,0000001466747970336770", + "0,0000002066747970336770" + ], + "mime": "video/3gpp2" + }, + "mp4": { + "signs": [ + "0,000000146674797069736F6D", + "0,000000186674797033677035", + "0,0000001C667479704D534E56012900464D534E566D703432", + "4,6674797033677035", + "4,667479704D534E56", + "4,6674797069736F6D" + ], + "mime": "video/mp4" + }, + "m4v": { + "signs": [ + "0,00000018667479706D703432", + "0,00000020667479704D345620", + "4,667479706D703432" + ], + "mime": "video/mp4" + }, + "mpeg": { + "signs": [ + "0,00000100", + "0,FFD8" + ], + "mime": "video/mpeg" + }, + "mpg": { + "signs": [ + "0,00000100", + "0,000001BA", + "0,FFD8" + ], + "mime": "video/mpeg" + }, + "ogv": { + "signs": [ + "0,4F67675300020000000000000000" + ], + "mime": "video/ogg" + }, + "mov": { + "signs": [ + "0,00", + "0,000000146674797071742020", + "4,6674797071742020", + "4,6D6F6F76" + ], + "mime": "video/quicktime" + }, + "cpt": { + "signs": [ + "0,4350543746494C45", + "0,43505446494C45" + ], + "mime": "application/mac-compactpro" + }, + "sxc": { + "signs": [ + "0,504B0304", + "0,504B0304" + ], + "mime": "application/vnd.sun.xml.calc" + }, + "sxd": { + "signs": [ + "0,504B0304" + ], + "mime": "application/vnd.sun.xml.draw" + }, + "sxi": { + "signs": [ + "0,504B0304" + ], + "mime": "application/vnd.sun.xml.impress" + }, + "sxw": { + "signs": [ + "0,504B0304" + ], + "mime": "application/vnd.sun.xml.writer" + }, + "bz2": { + "signs": [ + "0,425A68" + ], + "mime": "application/x-bzip2" + }, + "vcd": { + "signs": [ + "0,454E5452595643440200000102001858" + ], + "mime": "application/x-cdlink" + }, + "csh": { + "signs": [ + "0,6375736800000002000000" + ], + "mime": "application/x-csh" + }, + "spl": { + "signs": [ + "0,00000100" + ], + "mime": "application/x-futuresplash" + }, + "jar": { + "signs": [ + "0,4A4152435300", + "0,504B0304", + "0,504B0304140008000800", + "0,5F27A889" + ], + "mime": "application/x-java-archive" + }, + "rpm": { + "signs": [ + "0,EDABEEDB" + ], + "mime": "application/x-rpm" + }, + "swf": { + "signs": [ + "0,435753", + "0,465753", + "0,5A5753" + ], + "mime": "application/x-shockwave-flash" + }, + "sit": { + "signs": [ + "0,5349542100", + "0,5374756666497420286329313939372D" + ], + "mime": "application/x-stuffit" + }, + "tar": { + "signs": [ + "257,7573746172" + ], + "mime": "application/x-tar" + }, + "xpi": { + "signs": [ + "0,504B0304" + ], + "mime": "application/x-xpinstall" + }, + "xz": { + "signs": [ + "0,FD377A585A00" + ], + "mime": "application/x-xz" + }, + "mid": { + "signs": [ + "0,4D546864" + ], + "mime": "audio/midi" + }, + "midi": { + "signs": [ + "0,4D546864" + ], + "mime": "audio/midi" + }, + "aiff": { + "signs": [ + "0,464F524D00" + ], + "mime": "audio/x-aiff" + }, + "flac": { + "signs": [ + "0,664C614300000022" + ], + "mime": "audio/x-flac" + }, + "wma": { + "signs": [ + "0,3026B2758E66CF11A6D900AA0062CE6C" + ], + "mime": "audio/x-ms-wma" + }, + "ram": { + "signs": [ + "0,727473703A2F2F" + ], + "mime": "audio/x-pn-realaudio" + }, + "rm": { + "signs": [ + "0,2E524D46" + ], + "mime": "audio/x-pn-realaudio" + }, + "ra": { + "signs": [ + "0,2E524D460000001200", + "0,2E7261FD00" + ], + "mime": "audio/x-realaudio" + }, + "wav": { + "signs": [ + "0,52494646" + ], + "mime": "audio/x-wav" + }, + "webp": { + "signs": [ + "0,52494646" + ], + "mime": "image/webp" + }, + "pgm": { + "signs": [ + "0,50350A" + ], + "mime": "image/x-portable-graymap" + }, + "rgb": { + "signs": [ + "0,01DA01010003" + ], + "mime": "image/x-rgb" + }, + "webm": { + "signs": [ + "0,1A45DFA3" + ], + "mime": "video/webm" + }, + "flv": { + "signs": [ + "0,00000020667479704D345620", + "0,464C5601" + ], + "mime": "video/x-flv" + }, + "mkv": { + "signs": [ + "0,1A45DFA3" + ], + "mime": "video/x-matroska" + }, + "asx": { + "signs": [ + "0,3C" + ], + "mime": "video/x-ms-asf" + }, + "wmv": { + "signs": [ + "0,3026B2758E66CF11A6D900AA0062CE6C" + ], + "mime": "video/x-ms-wmv" + }, + "avi": { + "signs": [ + "0,52494646" + ], + "mime": "video/x-msvideo" + } +} \ No newline at end of file diff --git a/Source/Module/malicious_traffic_identifier.py b/Source/Module/malicious_traffic_identifier.py index 562c77e..c29f814 100644 --- a/Source/Module/malicious_traffic_identifier.py +++ b/Source/Module/malicious_traffic_identifier.py @@ -5,6 +5,7 @@ import communication_details_fetch # Library Import +import os, json, sys # Module to Identify Possible Malicious Traffic @@ -31,7 +32,7 @@ def malicious_traffic_detection(self, src, dst, port): # Covert Detection Algorithm @staticmethod def covert_traffic_detection(packet): - # covert ICMP - icmp tunneling + # covert ICMP - icmp tunneling ( Add TCP ) tunnelled_protocols = ["DNS", "HTTP"] # TODO: this does not handle ipv6 --> so check before calling this function @@ -62,10 +63,42 @@ def covert_traffic_detection(packet): # Covert payload prediction algorithm @staticmethod def covert_payload_prediction(payload): - print(payload.encode("hex")) - print(payload) - print("\n") - + + ### Magic Number OR File Signature Intelligence + # Fetch the File Signature OR Magic Numbers Intelligence from the Internet + # Obtained from the Internet + # @ https://gist.github.com/Qti3e/6341245314bf3513abb080677cd1c93b + # @ /etc/nginx/mime.types + # @ http://www.garykessler.net/library/file_sigs.html + # @ https://en.wikipedia.org/wiki/List_of_file_signatures + # + try: + if memory.signatures == {}: + memory.signatures = json.load(open(sys.path[0]+"/magic_numbers.txt")) + matches = [] + # Fetch payload from Packet in hex format + string_payload = str(payload) + try: + payload = bytes(payload).hex() + except: + payload = str(payload) + # Check dictionary for possible matches + try: + for file_type in memory.signatures.keys(): + for sign in memory.signatures[file_type]["signs"]: + offset, magic = sign.split(",") + magic = magic.strip() + #print(magic, file_type) + #print(magic, string_payload, file_type) + if magic.lower() in payload or magic in string_payload: + matches.append(file_type) + except: + pass + #print(matches, string_payload) + return matches + except: + print("File signature analysis failed!") + return [] def main(): import pcap_reader diff --git a/Source/Module/memory.py b/Source/Module/memory.py index e7ed4bf..30c7042 100644 --- a/Source/Module/memory.py +++ b/Source/Module/memory.py @@ -21,3 +21,5 @@ possible_tor_traffic = [] global malicious_traffic possible_mal_traffic = [] +global signatures +signatures = {} diff --git a/Source/Module/pcap_reader.py b/Source/Module/pcap_reader.py index 0270642..2289aef 100644 --- a/Source/Module/pcap_reader.py +++ b/Source/Module/pcap_reader.py @@ -252,14 +252,17 @@ def analyse_packet_data(self): # File Signature Identifier if "file_signatures" not in memory.packet_db[source_private_ip]: - memory.packet_db[source_private_ip]["file_signatures"] = False - - + memory.packet_db[source_private_ip]["file_signatures"] = [] + + # Covert detection and store src, dst, port = source_private_ip.split("/") if memory.packet_db[source_private_ip]["covert"] == False: if not communication_details_fetch.trafficDetailsFetch.is_multicast(src) and not communication_details_fetch.trafficDetailsFetch.is_multicast(dst): if malicious_traffic_identifier.maliciousTrafficIdentifier.covert_traffic_detection(packet) == 1: memory.packet_db[source_private_ip]["covert"] = True + + # Variable to hold payload and detect covert + payload_string = "" # Temperory Stub # TODO: remove these pcap engine checks (confusing?), this is a temp block to develop/add support @@ -283,6 +286,7 @@ def analyse_packet_data(self): # Refer https://github.com/KimiNewt/pyshark/issues/264 try: memory.packet_db[source_private_ip]["Payload"][payload].append(str(packet.get_raw_packet())) + payload_string = packet.get_raw_packet() except: memory.packet_db[source_private_ip]["Payload"][payload].append("") @@ -303,10 +307,21 @@ def analyse_packet_data(self): # Payload if "TCP" in packet: memory.packet_db[source_private_ip]["Payload"][payload].append(str(packet["TCP"].payload)) + payload_string = packet["TCP"].payload elif "UDP" in packet: memory.packet_db[source_private_ip]["Payload"][payload].append(str(packet["UDP"].payload)) + payload_string = packet["UDP"].payload elif "ICMP" in packet: memory.packet_db[source_private_ip]["Payload"][payload].append(str(packet["ICMP"].payload)) + payload_string = packet["ICMP"].payload + + # Covert file signatures + if payload_string and memory.packet_db[source_private_ip]["covert"] == True: + file_signs = malicious_traffic_identifier.maliciousTrafficIdentifier.covert_payload_prediction(payload_string) + #print(file_signs) + if file_signs: + memory.packet_db[source_private_ip]["file_signatures"].extend(file_signs) + memory.packet_db[source_private_ip]["file_signatures"] = list(set(memory.packet_db[source_private_ip]["file_signatures"])) # TODO: Add function memory to store all the memory data in files (DB) # def memory_handle(): @@ -319,7 +334,7 @@ def main(): """ Module Driver """ - pcapfile = PcapEngine(sys.path[0]+'/examples/torExample.pcap', "pyshark") + pcapfile = PcapEngine(sys.path[0]+'/examples/biz.pcap', "scapy") print(memory.packet_db.keys()) ports = []