#!/usr/bin/env python
# Dan Siemon <dan@coverfire.com>
# Quick hack to print some information about IPv6 traffic.

import socket

import dpkt
import pcap
import IPy
import dns.resolver
import dns.name
import dns.reversename

pc = pcap.pcap("ip6-port80.pcap")

TEREDO=IPy.IP("2001:0000::/32")
SIXTOFOUR=IPy.IP("2002::/16")

addrs = {}

for ts, pkt in pc:
	ip6 = dpkt.ip6.IP6(pkt)

	src = socket.inet_ntop(socket.AF_INET6, ip6.src)

	if src not in addrs:
		addrs[src] = 1
	else:
		addrs[src] += 1

for addr in addrs:
	# Get an object for the address.
	ip6 = IPy.IP(addr)
	ip6bin = socket.inet_pton(socket.AF_INET6, addr)

	# Try to do a reverse lookup.
	try:
		a = dns.resolver.query(dns.reversename.from_address(addr), 'PTR')
	except:
		ret = "NX"
	else:
		ret = a.rrset

	# Print the name and reverse info.
	print "%(ip6)s (%(rev)s)" %{'ip6': ip6, 'rev': ret}

	# Print info based on the address class.
	if ip6 in TEREDO:
		print "\tTeredo"
	elif ip6 in SIXTOFOUR:
		print "\t6to4"
		src4 = socket.inet_ntop(socket.AF_INET, ip6bin[2:6])
		print "\t" + src4
		try:
			a = dns.resolver.query(dns.reversename.from_address(src4), 'PTR')
		except:
			ret = "NX"
		else:
			ret = str(a.rrset)

		print "\t" + ret
	else:
		print "\tOther"