Exemple #1
0
 def __init__(self, *args, **kwargs):
     super().__init__(
         name="Netflow",
         description="Collects and displays statistics about connections",
         author="dev195",
         bpf="ip or ip6",
         output=NetflowOutput(label=__name__),
     )
Exemple #2
0
 def __init__(self):
     super().__init__(
         name="large-flows",
         description="Display netflows that have at least 1MB transferred",
         author="bg",
         output=NetflowOutput(label=__name__),
         optiondict={
             'size': {
                 'type': float,
                 'default': 1,
                 'metavar': 'SIZE',
                 'help': 'number of megabytes transferred (default: 1)'
             }
         })
Exemple #3
0
 def __init__(self):
     super().__init__(
         name="long-flows",
         description="Display netflows that have a duration of at least 5 minutes",
         author="bg",
         output=NetflowOutput(label=__name__),
         optiondict={
             "len": {
                 "type": float,
                 "default": 5,
                 "help": "set minimum connection time to MIN minutes (default: 5)",
                 "metavar": "MIN",
             }
         }
     )
Exemple #4
0
    def __init__(self, *args, **kwargs):
        super().__init__(
            name="Country Filter",
            bpf='ip or ip6',
            description="filter connections by IP address country code",
            longdescription="""
country: filter connections on geolocation (country code)

Mandatory option:

  --country_code: specify (2 character) country code to filter on

Default behavior:

  If either the client or server IP address matches the specified country,
  the stream will be included.

Modifier options:

  --country_neither: Include only streams where neither the client nor the
                     server IP address matches the specified country.

  --country_both:    Include only streams where both the client AND the server
                     IP addresses match the specified country.

  --country_notboth: Include streams where the specified country is NOT BOTH
                     the client and server IP.  Streams where it is one or
                     the other may be included.

  --country_alerts:  Show alerts for this plugin (default: false)


Example:

  decode -d country+pcapwriter traffic.pcap --pcapwriter_outfile=USonly.pcap --country_code US
  decode -d country+followstream traffic.pcap --country_code US --country_notboth
""",
            author="tp",
            output=NetflowOutput(label=__name__),
            optiondict={
                'code': {'type': str, 'help': 'two-char country code', 'metavar':'CC'},
                'neither': {'action': 'store_true', 'help': 'neither (client/server) is in specified country'},
                'both': {'action': 'store_true', 'help': 'both (client/server) ARE in specified country'},
                'notboth': {'action': 'store_true', 'help': 'specified country is not both client and server'},
                'alerts': {'action': 'store_true', 'default':False, 'help':'have this filter show alerts for matches'}
            },
        )