Beispiel #1
0
    def __init__(self, acl=None) -> None:
        if acl:
            assert isinstance(acl, ACL)
            self.acl = acl
        else:
            self.acl = None
            log().info('ARP ACL not loaded')

        self.db = ARPDatabase()

        super().__init__()
Beispiel #2
0
 def from_file(cls, acl_config: Path):
     with acl_config.open() as f:
         acl = defaultdict(list)
         for idx, l in enumerate(f):
             try:
                 l = l.rstrip()
                 ip = l.split(' ')[0]
                 mac = l.split(' ')[1]
                 acl[ip].append(mac)
             except KeyError:
                 log().error('ARP config failed to parse line {:d}'.format(idx))
     return cls(acl)
Beispiel #3
0
def radiotap_loop(sniffer):
    ieee80211_module = IEEE80211Module()

    pkt_c = 0
    for ts, pkt in sniffer:
        try:
            pkt_c += 1
            log().debug('Received IEEE80211 packet ({:d})'.format(pkt_c))
            ieee80211_module.receive_packet(pkt, pkt_c)
        except Exception as e:
            print(e)
            log().error(
                'Could not parse IEEE80211 packet ({:d})'.format(pkt_c))
Beispiel #4
0
def ether_loop(sniffer):
    if args.arp_config:
        arp_module = ARPModule(ACL.from_file(Path(args.arp_config)))
    else:
        arp_module = ARPModule()

    for ts, pkt in sniffer:
        e = Ether(pkt)
        try:
            if e.type == ETHER_TYPE_ARP:
                log().info('Received ARP packet')
                arp_module.receive_packet(e, ts)
            else:
                log().info('Received packet not supported by IPS')
        except AttributeError:
            log().info('Received packet does not have a type')
            continue
Beispiel #5
0
    parser = argparse.ArgumentParser(description='IPS')
    parser.add_argument(
        'pcap_in',
        type=str,
        help='pcap file input or name of suitable network device')
    parser.add_argument('log_out', type=str, help='output file for a json log')
    parser.add_argument('--arp-acl-config',
                        dest='arp_config',
                        type=str,
                        help='configuration file with IP to MAC bindings')
    args = parser.parse_args()

    if args.pcap_in and args.log_out:
        init_logger(args.log_out)

        log().info('IPS STARTED')

        if args.arp_config:
            arp_module = ARPModule(ACL.from_file(Path(args.arp_config)))
        else:
            arp_module = ARPModule()

        sniffer = pcap.pcap(name=args.pcap_in,
                            promisc=True,
                            immediate=True,
                            timeout_ms=50)
        for ts, pkt in sniffer:
            e = Ether(pkt)
            try:
                if e.type == ETHER_TYPE_ARP:
                    log().info('Received ARP packet')
Beispiel #6
0
 def _save(self):
     print('called')
     log().info('{} | NOTICE | Response: {} | [{}]'.format(
         self.module, self.message, self.pkt_summary['pkt']))
Beispiel #7
0
 def _save(self):
     log().info('{} | ERROR | Response: {} | [{}]'.format(
         self.module, self.message, self.pkt_summary['pkt']))
Beispiel #8
0
    parser = argparse.ArgumentParser(description='IPS')
    parser.add_argument(
        'pcap_in',
        type=str,
        help='pcap file input or name of suitable network device')
    parser.add_argument('log_out', type=str, help='output file for a json log')
    parser.add_argument('--arp-acl-config',
                        dest='arp_config',
                        type=str,
                        help='configuration file with IP to MAC bindings')
    args = parser.parse_args()

    if args.pcap_in and args.log_out:
        init_logger(args.log_out)

        log().info('IPS STARTED')

        sniffer = pcap.pcap(name=args.pcap_in,
                            promisc=True,
                            immediate=True,
                            timeout_ms=50)
        datalink = sniffer.datalink()

        if LINKTYPE_ETHERNET == datalink:
            ether_loop(sniffer)
        elif LINKTYPE_IEEE802_11_RADIOTAP == datalink:
            radiotap_loop(sniffer)
        else:
            log().error(
                'PCAP LINK LAYER TYPE NOT SUPPORTED: {:d}'.format(datalink))