def main(): global GLOBAL_SCONF global START signal.signal(signal.SIGINT, handlerKeyboardInterupt) sconf = SnifflesConfig(sys.argv[1:]) GLOBAL_SCONF = sconf start = datetime.datetime.now() START = start print("") print("!^!Sniffles v" + getVersion() + " -- Traffic Generation for NIDS evaluation.") print("Started at: ", start) print(str(sconf)) mystats = start_generation(sconf) print("Generated Streams: ", mystats[0]) print("Generated Packets: ", mystats[1]) tduration = mystats[2] - sconf.getFirstTimestamp() if tduration < 0: tduration = 0 print("Traffic Duration in seconds (rounded down): ", tduration) end = datetime.datetime.now() print("Generation finished at: ", end) duration = end - start print("Generation Time: ", duration) sys.exit(0)
def test_traffic_stream_split(self): myrpkt = RulePkt("to server", "/abcdefghij/", 0, 1, -1, False, False, 2) mytsrule = TrafficStreamRule('tcp', '1.1.1', '2.2.2', '[100:200]', '[10,20,30,40,50]', -1, 4, False) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setFullMatch(True) myts = rtgen.TrafficStream(mytsrule, myConfig) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.ACK) self.assertEqual(mypkt.get_content().get_size(), 5) self.assertEqual(mypkt.get_content().get_data(), b'abcde') mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.ACK) self.assertNotEqual(mypkt.get_content().get_data(), b'abcde') self.assertEqual(mypkt.get_content().get_data(), b'fghij') self.assertEqual(mypkt.get_content().get_size(), 5) mypkt = myts.getNextPacket() self.assertEqual(mypkt, None)
def test_tcp_stream(self): myrpkt = RulePkt("to server", "/my tcp1/", 0, 3) mytsrule = TrafficStreamRule('tcp', '1.2.3.4', '9.8.7.5', '9000', '101', -1, 4, False, True, True) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(100) myConfig.setIPV6Percent(0) myConfig.setFullMatch(True) myts = TrafficStream(mytsrule, myConfig) mypkt = myts.getNextPacket() myseq = mypkt.transport_hdr.get_seq_num() self.assertEqual(mypkt.transport_hdr.get_flags(), SYN) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), SYN + ACK) for i in range(0, 3): mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_seq_num(), myseq + (i * 100) + 1) self.assertEqual(mypkt.get_src_ip(), '1.2.3.4') self.assertEqual(mypkt.get_dst_ip(), '9.8.7.5') mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), FIN + ACK) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), ACK) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), FIN + ACK) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), ACK)
def test_traffic_stream_ooo(self): myrpkt = RulePkt("to server", "/abcdef/i", 0, 5, 100, True, True) mytsrule = TrafficStreamRule('tcp', '1.1.1', '2.2.2', '[100:200]', '[10,20,30,40,50]', -1, 4, False, True, False, True) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(100) myConfig.setTCPACK(True) myConfig.setTCPHandshake(True) myts = rtgen.TrafficStream(mytsrule, myConfig) mypkt = myts.getNextPacket() myseq = mypkt.transport_hdr.get_seq_num() self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.SYN) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), (rtgen.SYN + rtgen.ACK)) while myts.hasPackets(): mypkt = myts.getNextPacket() if mypkt.get_content() is None or \ mypkt.get_content().get_size() == 0: self.assertIn(mypkt.transport_hdr.get_ack_num(), [ myseq + 1, myseq + 101, myseq + 201, myseq + 301, myseq + 401, myseq + 501 ]) else: self.assertEqual(mypkt.get_content().get_size(), 100)
def test_udp_stream_frags_and_ooo(self): myrpkt = RulePkt("to server", "/my udp3/", 3, 5, 250) mytsrule = TrafficStreamRule('udp', '1.2.3.6', '9.8.7.6', '9005', '105', -1, 4, False, False, False, True, 75) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(250) myConfig.setIPV6Percent(0) myConfig.setFullMatch(True) myts = TrafficStream(mytsrule, myConfig) mycount = 0 myfragid = 0 mylastoff = -1 ooo = False while myts.hasPackets(): mypkt = myts.getNextPacket() if mypkt.network_hdr.get_frag_id() != myfragid: myfragid = mypkt.network_hdr.get_frag_id() if mylastoff > -1: if abs((mypkt.network_hdr.get_frag_offset() & 0xFF) - mylastoff) > 11: ooo = True mylastoff = (mypkt.network_hdr.get_frag_offset() & 0xFF) self.assertIn(mypkt.get_size(), [116, 122]) self.assertEqual(mypkt.get_src_ip(), '1.2.3.6') self.assertEqual(mypkt.get_dst_ip(), '9.8.7.6') self.assertIn(mypkt.network_hdr.get_frag_offset(), [8192, 8203, 22]) mycount += 1 self.assertEqual(mycount, 15) self.assertEqual(ooo, True)
def test_ttl_expiry_scenario5(self): """ 5)ttl_expiry = 9 and fragment is 3 create three good packet with random ttl value malicious packet with ttl value is 9 the totall is 5 packet """ myrpkt = RulePkt("to server", "/abcdefghik/", 3, 1, ttl_expiry=9) mytsrule = TrafficStreamRule('tcp', '1.2.3.4', '9.8.7.5', '9000', '101', -1, 4, False, False, False) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(140) myConfig.setIPV6Percent(0) myConfig.setFullMatch(True) myts = TrafficStream(mytsrule, myConfig) mycount = 0 while myts.hasPackets(): mypkt = myts.getNextPacket() if mycount % 2 != 0: self.assertEqual(mypkt.get_ttl(), 9) mycount += 1 self.assertEqual(mycount, 5)
def test_ttl_expiry_scenario3(self): """ ttl = 110 and ttl_expiry = 6 and fragment is 2 create two good packet with ttl value is 110 and malicious packet with ttl value is 6 the totall is 3 packet """ myrpkt = RulePkt("to server", "/my tcp2/", 2, 1, ttl=110, ttl_expiry=6) mytsrule = TrafficStreamRule('tcp', '1.2.3.4', '9.8.7.5', '9000', '101', -1, 4, False, False, False) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(140) myConfig.setIPV6Percent(0) myConfig.setFullMatch(True) myts = TrafficStream(mytsrule, myConfig) mycount = 0 while myts.hasPackets(): mypkt = myts.getNextPacket() if mycount % 2 == 0: self.assertEqual(mypkt.get_ttl(), 110) else: self.assertEqual(mypkt.get_ttl(), 6) mycount += 1 self.assertEqual(mycount, 3)
def test_tcp_stream_frag(self): myrpkt = RulePkt("to server", "/my tcp2/", 4, 3) mytsrule = TrafficStreamRule('tcp', '1.2.3.4', '9.8.7.5', '9000', '101', -1, 4, False, True, True) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(140) myConfig.setIPV6Percent(0) myts = TrafficStream(mytsrule, myConfig) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), SYN) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), SYN + ACK) for _ in range(0, 12): mypkt = myts.getNextPacket() self.assertNotEqual(mypkt.network_hdr.get_frag_id(), 0) self.assertIn(mypkt.network_hdr.get_frag_offset(), [8192, 8197, 8202, 8207, 15]) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), FIN + ACK) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), ACK) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), FIN + ACK) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), ACK)
def test_snort_rule_w_pkt_p_stream_set(self): myparser = SnortRuleParser() myparser.parseRule(r'alert tcp $EXTERNAL_NET any -> ' r'$HOME_NET $rtgen.HTTP_PORTS (msg:"test1-1";' r' flow:to_server,established; content:' r'"work.Method.denyExecution"; nocase; ' r'http_uri; content:"u0023"; nocase; http_uri;' r' sid:1;') sconf = SnifflesConfig() sconf.setPktsPerStream(7) self.assertEqual(7, sconf.getPktsPerStream()) myrule = myparser.getRules()[0] myts = myrule.getTS() self.assertEqual(1, len(myts)) self.assertTrue(myts[0].testTypeRule('Standard')) self.assertFalse(myts[0].testTypeRule('Background')) self.assertFalse(myts[0].testTypeRule('ScanAttack')) mycon = rtgen.Conversation(myrule, sconf) self.assertEqual(1, mycon.getNumberOfStreams()) count = 0 while mycon.getNextPacket(): count += 1 self.assertEqual(7, count)
def test_tcp_stream_frag_ooo(self): myrpkt = RulePkt("to server", "/my tcp2/", 4, 3, 140, False, True) mytsrule = TrafficStreamRule('tcp', '1.2.3.4', '9.8.7.5', '9000', '101', -1, 4, False, True, True) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(140) myConfig.setIPV6Percent(0) myConfig.setFullMatch(True) myts = TrafficStream(mytsrule, myConfig) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), SYN) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), SYN + ACK) myfragid = 0 mylastoff = -1 ooo = False for _ in range(0, 12): mypkt = myts.getNextPacket() self.assertNotEqual(mypkt.network_hdr.get_frag_id(), 0) self.assertIn(mypkt.network_hdr.get_frag_offset(), [8192, 8197, 8202, 8207, 15]) if mypkt.network_hdr.get_frag_id() != myfragid: myfragid = mypkt.network_hdr.get_frag_id() if mylastoff > -1: if abs((mypkt.network_hdr.get_frag_offset() & 0xFF) - mylastoff) > 5: ooo = True else: mylastoff = (mypkt.network_hdr.get_frag_offset() & 0xFF) self.assertEqual(ooo, True) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), FIN + ACK) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), ACK) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), FIN + ACK) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), ACK)
def test_split(self): myrpkt = RulePkt("to server", "/my split message/", 0, 1, -1, False, False, 2) mytsrule = TrafficStreamRule('tcp', '1.2.3.6', '9.8.7.6', '9005', '105') mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(-1) myConfig.setIPV6Percent(0) myConfig.setFullMatch(True) myts = TrafficStream(mytsrule, myConfig) mycount = 0 while myts.hasPackets(): mypkt = myts.getNextPacket() self.assertEqual(mypkt.get_size(), 62) mycount += 1 self.assertEqual(mycount, 2)
def test_udp_stream(self): myrpkt = RulePkt("to server", "/my udp1/", 0, 3) mytsrule = TrafficStreamRule('udp', '1.2.3.6', '9.8.7.6', '9005', '105') mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(25) myConfig.setIPV6Percent(0) myConfig.setFullMatch(True) myts = TrafficStream(mytsrule, myConfig) mycount = 0 while myts.hasPackets(): mypkt = myts.getNextPacket() self.assertEqual(mypkt.get_size(), 67) self.assertEqual(mypkt.get_src_ip(), '1.2.3.6') self.assertEqual(mypkt.get_dst_ip(), '9.8.7.6') mycount += 1 self.assertEqual(mycount, 3)
def test_traffic_stream_split_too_large(self): myrpkt = RulePkt("to server", "/12345/", 0, 1, -1, False, False, 200) mytsrule = TrafficStreamRule('tcp', '1.1.1', '2.2.2', '[100:200]', '[10,20,30,40,50]', -1, 4, False) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myts = rtgen.TrafficStream(mytsrule, myConfig) for i in range(0, 5): mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.ACK) self.assertEqual(mypkt.get_content().get_size(), 1) if i < 4: self.assertIn(mypkt.get_content().get_data(), [b'1', b'2', b'3', b'4', b'5']) mypkt = myts.getNextPacket() self.assertEqual(mypkt, None)
def test_udp_stream_frags(self): myrpkt = RulePkt("to server", "/my udp2/", 3, 2) mytsrule = TrafficStreamRule('udp', '1.2.3.6', '9.8.7.6', '9005', '105') mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(250) myConfig.setIPV6Percent(0) myConfig.setFullMatch(True) myts = TrafficStream(mytsrule, myConfig) mycount = 0 while myts.hasPackets(): mypkt = myts.getNextPacket() self.assertIn(mypkt.get_size(), [116, 122]) self.assertEqual(mypkt.get_src_ip(), '1.2.3.6') self.assertEqual(mypkt.get_dst_ip(), '9.8.7.6') self.assertIn(mypkt.network_hdr.get_frag_offset(), [8192, 8203, 22]) mycount += 1 self.assertEqual(mycount, 6)
def test_ttl_expiry_scenario1(self): """ 1)tll = 110, no fragment one packet should have ttl is 110 """ myrpkt = RulePkt("to server", "/my tcp2/", 0, 1, ttl=110) mytsrule = TrafficStreamRule('tcp', '1.2.3.4', '9.8.7.5', '9000', '101', -1, 4, False, False, False) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(140) myConfig.setIPV6Percent(0) myConfig.setFullMatch(True) myts = TrafficStream(mytsrule, myConfig) mycount = 0 while myts.hasPackets(): mypkt = myts.getNextPacket() self.assertEqual(mypkt.get_ttl(), 110) mycount += 1 self.assertEqual(mycount, 1)
def test_ttl_expiry_scenario4(self): """ 4)ttl = 147 and ttl_expiry = 0 and fragment is 2 create two packet with ttl value is 147 since ttl_expiry is 0 """ myrpkt = RulePkt("to server", "/my tcp2/", 2, 1, ttl=147, ttl_expiry=0) mytsrule = TrafficStreamRule('tcp', '1.2.3.4', '9.8.7.5', '9000', '101', -1, 4, False, False, False) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(140) myConfig.setIPV6Percent(0) myConfig.setFullMatch(True) myts = TrafficStream(mytsrule, myConfig) mycount = 0 while myts.hasPackets(): mypkt = myts.getNextPacket() self.assertEqual(mypkt.get_ttl(), 147) mycount += 1 self.assertEqual(mycount, 2)
def test_traffic_stream_frags(self): myrpkt = RulePkt("to client", "/abcdef/i", 3, 2, 500, True, True) mytsrule = TrafficStreamRule('tcp', '1.1.1', '2.2.2', '[100:200]', '[10,20,30,40,50]', -1, 4, False, True, True) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(500) myConfig.setIPV6Percent(0) myConfig.setTCPACK(True) myConfig.setTCPHandshake(True) myConfig.setTCPTeardown(True) myConfig.setFullMatch(True) myts = rtgen.TrafficStream(mytsrule, myConfig) mypkt = myts.getNextPacket() myseq = mypkt.transport_hdr.get_seq_num() self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.SYN) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), (rtgen.SYN + rtgen.ACK)) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.ACK) self.assertEqual(mypkt.transport_hdr.get_seq_num(), myseq + 1) mypkt = myts.getNextPacket() self.assertNotEqual(mypkt.network_hdr.get_frag_id(), 0) self.assertIn(mypkt.network_hdr.get_frag_offset(), [8192, 8213, 42]) self.assertIn(mypkt.get_size(), [202, 218]) mypkt = myts.getNextPacket() self.assertIn(mypkt.get_size(), [202, 218]) self.assertIn(mypkt.network_hdr.get_frag_offset(), [8192, 8213, 42]) mypkt = myts.getNextPacket() self.assertIn(mypkt.network_hdr.get_frag_offset(), [8192, 8213, 42]) self.assertIn(mypkt.get_size(), [202, 218]) mypkt = myts.getNextPacket() self.assertEqual(mypkt.get_size(), 54) self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.ACK) mypkt = myts.getNextPacket() self.assertNotEqual(mypkt.network_hdr.get_frag_id(), 0) self.assertIn(mypkt.network_hdr.get_frag_offset(), [8192, 8213, 42]) self.assertIn(mypkt.get_size(), [202, 218]) mypkt = myts.getNextPacket() self.assertIn(mypkt.get_size(), [202, 218]) self.assertIn(mypkt.network_hdr.get_frag_offset(), [8192, 8213, 42]) mypkt = myts.getNextPacket() self.assertIn(mypkt.network_hdr.get_frag_offset(), [8192, 8213, 42]) self.assertIn(mypkt.get_size(), [202, 218]) mypkt = myts.getNextPacket() self.assertEqual(mypkt.get_size(), 54) self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.ACK)
def test_traffic_stream_rand(self): myts = rtgen.TrafficStream() self.assertEqual(myts.hasPackets(), True) myp = myts.getNextPacket() self.assertNotEqual(myp.get_size(), 0) myConfig = SnifflesConfig() myConfig.setPktLength(100) myConfig.setPktsPerStream(5) myts = rtgen.TrafficStream(None, myConfig) mycount = 0 while myts.hasPackets(): mypkt = myts.getNextPacket() if mypkt.get_proto() == 'tcp': self.assertEqual(mypkt.get_size(), 154) elif mypkt.get_proto() == 'udp': self.assertEqual(mypkt.get_size(), 142) elif mypkt.get_proto() == 'icmp': self.assertEqual(mypkt.get_size(), 142) mycount += 1 self.assertEqual(mycount, 5) myConfig = SnifflesConfig() myConfig.setPktLength(200) myConfig.setPktsPerStream(1) myConfig.setTCPACK(True) myConfig.setTCPHandshake(True) myConfig.setTCPTeardown(True) myts = rtgen.TrafficStream(None, myConfig) mypkt = myts.getNextPacket() while mypkt.get_proto() != 'tcp': myts = rtgen.TrafficStream(None, myConfig) mypkt = myts.getNextPacket() myseq = mypkt.transport_hdr.get_seq_num() self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.SYN) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), (rtgen.SYN + rtgen.ACK)) myack = mypkt.transport_hdr.get_seq_num() mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.ACK) self.assertEqual(mypkt.transport_hdr.get_seq_num(), myseq + 1) self.assertEqual(mypkt.transport_hdr.get_ack_num(), myack + 1) self.assertEqual(mypkt.get_size(), 254) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_ack_num(), (myseq + 201)) self.assertEqual(mypkt.get_size(), 54) self.assertEqual(mypkt.get_content().get_size(), 0) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.FIN + rtgen.ACK) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.ACK) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.FIN + rtgen.ACK) mypkt = myts.getNextPacket() self.assertEqual(mypkt.transport_hdr.get_flags(), rtgen.ACK)
def test_udp_stream_frags_loss(self): myrpkt = RulePkt("to server", RuleContent("pcre", "/my udp4/"), 3, 2, 250) mytsrule = TrafficStreamRule('udp', '1.2.3.6', '9.8.7.6', '9005', '105', -1, 4, False, False, False, False, 0, 99) mytsrule.addPktRule(myrpkt) myConfig = SnifflesConfig() myConfig.setPktLength(250) myConfig.setIPV6Percent(0) myConfig.setFullMatch(True) myts = TrafficStream(mytsrule, myConfig) mycount = 0 while myts.hasPackets(): mypkt = myts.getNextPacket() if mypkt is None: mycount += 1 self.assertTrue(mycount > 0) # Should be at least one lost fragement. myrpkt2 = RulePkt("to server", RuleContent("pcre", "/my udp4/"), 3, 2, 250) mytsrule2 = TrafficStreamRule('udp', '1.2.3.6', '9.8.7.6', '9005', '105', -1, 4, False, False, False, False, 0, 0) mytsrule2.addPktRule(myrpkt2) myConfig2 = SnifflesConfig() myConfig2.setPktLength(250) myConfig2.setIPV6Percent(0) myConfig2.setFullMatch(True) myts2 = TrafficStream(mytsrule2, myConfig2) mycount = 0 while myts2.hasPackets(): mypkt = myts2.getNextPacket() if mypkt is not None: mycount += 1 self.assertEqual(mycount, 6) # should be no lost fragments.