Sunday, June 28, 2015

Compressing Large video files

My phone records video in HD nothing new here.  However the file size of each and every video is enormous.  So like any other person I started googling to see how I can compress the video files.  I came up with this following bash script [1].  This script will basically list all MP4 files in our directory.  Then use VLC command line parameters to compress the file. Oh and one more thing it can also rotate the video automatically to Landscape mode if it was taken in Portrait mode.

[1]
http://pastebin.com/5VTBWkG5

I was able to get pretty good compression.  My file size which was 24.7 MB got compressed to ~8 MB.

Wednesday, June 24, 2015

Scapy

Let us start scapy as root.  My reference is [1].

[1]
https://thepacketgeek.com/series/building-network-tools-with-scapy/

# scapy

I list of basic scapy commands can be got from lsc()

>>> lsc()
arpcachepoison      : Poison target's cache with (your MAC,victim's IP) couple
arping              : Send ARP who-has requests to determine which hosts are up
bind_layers         : Bind 2 layers on some specific fields' values


Now let us see about sniff() real quick.

>>> pkt=sniff(count=1)
>>> pkt[0].summary()
'Ether / IP / TCP 192.168.1.2:59845 > 216.58.196.110:https PA / Raw'
>>>


Here we sniffed one packet.  We can type in ls() to see a plethora of all protocols which scapy can support.

>>> ls()
ARP        : ARP
ASN1_Packet : None
BOOTP      : BOOTP
CookedLinux : cooked linux
DHCP       : DHCP options


We can also list individual values inside the protocol by using them inside ls() function.
>>> ls(Ether)
dst        : DestMACField         = (None)
src        : SourceMACField       = (None)
type       : XShortEnumField      = (0)
>>> ls(IP)
version    : BitField             = (4)
ihl        : BitField             = (None)
tos        : XByteField           = (0)
len        : ShortField           = (None)
id         : ShortField           = (1)
flags      : FlagsField           = (0)
frag       : BitField             = (0)
ttl        : ByteField            = (64)
proto      : ByteEnumField        = (0)
chksum     : XShortField          = (None)
src        : Emph                 = (None)
dst        : Emph                 = ('127.0.0.1')
options    : PacketListField      = ([])
>>> ls(UDP)
sport      : ShortEnumField       = (53)
dport      : ShortEnumField       = (53)
len        : ShortField           = (None)
chksum     : XShortField          = (None)
>>>


Now we will see about summary() and show() methods.  show() will detail down in to every fields.
>>> pkt[0].summary()
'Ether / IP / TCP 192.168.1.2:59845 > 216.58.196.110:https PA / Raw'
>>> pkt[0].show()
###[ Ethernet ]###
  dst= c8:d3:a3:c9:72:3c
  src= 00:1e:4f:9e:c0:5f
  type= 0x800
###[ IP ]###
     version= 4L
     ihl= 5L
     tos= 0x0
     len= 86
     id= 48928
     flags= DF
     frag= 0L
     ttl= 64
     proto= tcp
     chksum= 0x1d2e
     src= 192.168.1.2
     dst= 216.58.196.110
     \options\
###[ TCP ]###
        sport= 59845
        dport= https
        seq= 719414178
        ack= 1834884410
        dataofs= 5L
        reserved= 0L
        flags= PA
        window= 23925
        chksum= 0x5e9c
        urgptr= 0
        options= []
###[ Raw ]###
           load= '\x17\x0e\x0e\x0e)\x0e\x00\x00\x00\x00\x00\x00\r\xb8On\x1a\xaf\xddG\x9a\xdc\xd4\x1e\xf2qb\x11\x83\x15\xbe\xdc\xcd\xf9\xb5\xd4s\xb2\xbaOp\xb2\xa9\x17\xb5'
>>>


We can also increase the number of packets which we sniff.

>>> pkts=sniff(count=10)
>>> pkts

>>> pkts.summary()
Ether / IP / TCP 192.168.1.2:57123 > 216.58.220.40:http A
Ether / IP / TCP 216.58.220.40:http > 192.168.1.2:57123 A / Padding
Ether / IP / TCP 74.125.68.189:https > 192.168.1.2:38372 PA / Raw
Ether / IP / TCP 192.168.1.2:38372 > 74.125.68.189:https A
Ether / IP / TCP 216.58.220.37:https > 192.168.1.2:43278 PA / Raw
Ether / IP / TCP 192.168.1.2:43278 > 216.58.220.37:https A
Ether / IP / TCP 216.58.220.37:https > 192.168.1.2:43278 PA / Raw
Ether / IP / TCP 192.168.1.2:43278 > 216.58.220.37:https A
Ether / IP / TCP 216.58.220.37:https > 192.168.1.2:43278 PA / Raw
Ether / IP / TCP 192.168.1.2:43278 > 216.58.220.37:https A
>>> pkts[3]
>>
>>> pkts[3].show()
###[ Ethernet ]###
  dst= c8:d3:a3:c9:72:3c
  src= 00:1e:4f:9e:c0:5f
  type= 0x800
###[ IP ]###
     version= 4L
     ihl= 5L
     tos= 0x0
     len= 40
     id= 54634
     flags= DF
     frag= 0L
     ttl= 64
     proto= tcp
     chksum= 0x1481
     src= 192.168.1.2
     dst= 74.125.68.189
     \options\
###[ TCP ]###
        sport= 38372
        dport= https
        seq= 759983015
        ack= 3718818381
        dataofs= 5L
        reserved= 0L
        flags= A
        window= 60060
        chksum= 0x50ff
        urgptr= 0
        options= {}
>>>


We can also dig into an individual protocol as shown below.

>>> pkts[0]
>>
>>> pkts[0][TCP].summary()
'TCP 192.168.1.2:57123 > 216.58.220.40:http A'
>>>


We can use command() method to see how we can recreate that very same packet.

>>> pkts[0].command()
"Ether(src='00:1e:4f:9e:c0:5f', dst='c8:d3:a3:c9:72:3c', type=2048)/IP(frag=0L, src='192.168.1.2', proto=6, tos=0, dst='216.58.220.40', chksum=36062, len=40, options=[], version=4L, flags=2L, ihl=5L, ttl=64, id=14308)/TCP(reserved=0L, seq=3914251183, ack=433779807, dataofs=5L, urgptr=0, window=15544, flags=16L, chksum=30248, dport=80, sport=57123)"
>>> 


We can assign an individual packet to a new packet using the eval() command or by just assigning the array value.

>>> newpkt = eval(pkt[0].command())
>>> newpkt
>>>
>>> newpkt = pkt[0]
>>> newpkt
>>>
>>>


Now let us work on creating ARP packets

>>> pkts=sniff(count=5,filter="arp")
>>> pkts

>>> pkts.summary()
Ether / ARP who has 192.168.1.100 says 192.168.1.2
Ether / ARP who has 192.168.1.100 says 192.168.1.2
Ether / ARP who has 192.168.1.100 says 192.168.1.2
Ether / ARP who has 192.168.1.100 says 192.168.1.2
Ether / ARP who has 192.168.1.100 says 192.168.1.2
>>> pkts[0].show()
###[ Ethernet ]###
  dst= ff:ff:ff:ff:ff:ff
  src= 00:1e:4f:9e:c0:5f
  type= 0x806
###[ ARP ]###
     hwtype= 0x1
     ptype= 0x800
     hwlen= 6
     plen= 4
     op= who-has
     hwsrc= 00:1e:4f:9e:c0:5f
     psrc= 192.168.1.2
     hwdst= 00:00:00:00:00:00
     pdst= 192.168.1.100

>>> pkts[0].command()
"Ether(src='00:1e:4f:9e:c0:5f', dst='ff:ff:ff:ff:ff:ff', type=2054)/ARP(hwdst='00:00:00:00:00:00', ptype=2048, hwtype=1, psrc='192.168.1.2', hwlen=6, plen=4, pdst='192.168.1.100', hwsrc='00:1e:4f:9e:c0:5f', op=1)"
>>> ls(Ether)
dst        : DestMACField         = (None)
src        : SourceMACField       = (None)
type       : XShortEnumField      = (0)

>>> ls(ARP)
hwtype     : XShortField          = (1)
ptype      : XShortEnumField      = (2048)
hwlen      : ByteField            = (6)
plen       : ByteField            = (4)
op         : ShortEnumField       = (1)
hwsrc      : ARPSourceMACField    = (None)
psrc       : SourceIPField        = (None)
hwdst      : MACField             = ('00:00:00:00:00:00')
pdst       : IPField              = ('0.0.0.0')
>>>


Now let us create our own packet with the help of eval() function.