def __init__(self, pcapObj, hp): hs = HoneysnapSingleton.getInstance() options = hs.getOptions() self.p = pcapObj self.outdir = "" self.hp = hp self.dataFound = False self.tf = options['time_convert_fn'] self.cdList = [90, 91, 92, 93] self.commandCode = { 90: 'Request granted', 91: 'Request rejected or failed', 92: 'Request rejected: SOCKS server cannot connect to identd on the client', 93: 'Request rejected: Client program and identd report different user-ids' } self.replyCode = { 0: 'Succeeded', 1: 'General socks server failure', 2: 'Connection not allowed by ruleset', 3: 'Network unreachable', 4: 'Host unreachable', 5: 'Connection refused', 6: 'TTL expired', 7: 'Command not supported', 8: 'Address type not supported' } self.requestCommand = [1, 2, 3]
def __init__(self, pcapObj, hp): hs = HoneysnapSingleton.getInstance() options = hs.getOptions() self.p = pcapObj self.outdir = "" self.hp = hp self.dataFound = False self.tf = options['time_convert_fn'] self.cdList = [90,91,92,93] self.commandCode = { 90:'Request granted', 91:'Request rejected or failed', 92:'Request rejected: SOCKS server cannot connect to identd on the client', 93:'Request rejected: Client program and identd report different user-ids' } self.replyCode = { 0:'Succeeded', 1:'General socks server failure', 2:'Connection not allowed by ruleset', 3:'Network unreachable', 4:'Host unreachable', 5:'Connection refused', 6:'TTL expired', 7:'Command not supported', 8:'Address type not supported' } self.requestCommand = [1,2,3]
def __init__(self, hp): hs = HoneysnapSingleton.getInstance() options = hs.getOptions() self.p = pcap.pcap(options["tmpf"], promisc=False) self.p.setfilter("host %s and tcp port 23" % (hp)) self.log = {} self.fp = sys.stdout self.outdir = None
def __init__(self): super(flowDecode, self).__init__() hs = HoneysnapSingleton.getInstance() self.options = hs.getOptions() self.requested_files = {} self.served_files = {} for hp in self.options['honeypots']: self.served_files[hp] = [] self.requested_files[hp] = []
def __init__(self, ts, pkt, eventtype, source, target, arguments=None): irclib.Event.__init__(self, eventtype, source, target, arguments) hs = HoneysnapSingleton.getInstance() options = hs.getOptions() self.tf = options['time_convert_fn'] self.time = ts self.src = inet_ntoa(pkt.src) self.dst = inet_ntoa(pkt.dst) self.dport = pkt.data.dport self.sport = pkt.data.sport
def __init__(self, pcapObj): Base.__init__(self) hs = HoneysnapSingleton.getInstance() options = hs.getOptions() self.tcpports = {} self.udpports = {} self.icmp = {} self.p = pcapObj self.outdir = "" self.tf = options['time_convert_fn']
def __init__(self, pcapObj): """Initialise the flow. Assume ethernet for now""" Base.__init__(self) self.p = pcapObj self.states = flow_state_manager() self.outdir = "" self.fname = [] self.plugins = [] self.hs = HoneysnapSingleton.getInstance() self.honeypots = self.hs.getOptions()["honeypots"] self.fp = None
def __init__(self, hp, direction="queried"): hs = HoneysnapSingleton.getInstance() options = hs.getOptions() self.p = pcap.pcap(options["tmpf"], promisc=False) self.direction = direction if direction == "queried": self.p.setfilter("(src host %s and udp and dst port 53) or (dst host %s and udp and src port 53)" % (hp, hp)) else: self.p.setfilter("(dst host %s and udp and dst port 53) or (src host %s and udp and src port 53)" % (hp, hp)) self.log = {} self.fp = sys.stdout self.tf = options['time_convert_fn']
def __init__(self, hp, direction="queried"): hs = HoneysnapSingleton.getInstance() options = hs.getOptions() self.p = pcap.pcap(options["tmpf"], promisc=False) self.direction = direction if direction == "queried": self.p.setfilter( "(src host %s and udp and dst port 53) or (dst host %s and udp and src port 53)" % (hp, hp)) else: self.p.setfilter( "(dst host %s and udp and dst port 53) or (src host %s and udp and src port 53)" % (hp, hp)) self.log = {} self.fp = sys.stdout self.tf = options['time_convert_fn']
def __init__(self, hp): hs = HoneysnapSingleton.getInstance() options = hs.getOptions() self.excludes = options['sebek_excludes'] self.data_excludes = options['sebek_data_excludes'] self.p = pcap.pcap(options["tmpf"], promisc=False) self.p.setfilter("src host %s and udp dst port %s" % (hp, options["sebek_port"])) self.log = {} self.output = {} self.output['keystrokes'] = [] self.output['sbk_write'] = [] self.output['sbk_sock'] = [] self.output['sbk_open'] = [] self.verbose = options['sebek_all_data'] self.fp = sys.stdout self.tf = options['time_convert_fn']
def main(): """Set everything off and handle files/stdin etc""" print_help, options, args = parseOptions() if len(sys.argv)>1: if options['honeypots'] is None: print "No honeypots specified. Please use either -H or config file to specify honeypots.\n" sys.exit(2) hsingleton = HoneysnapSingleton.getInstance(options) if not os.path.exists(options['output_data_directory']): make_dir(options['output_data_directory']) if os.path.exists(options['output_data_directory']): for i in options["honeypots"]: make_dir(options["output_data_directory"]+"/"+i) # by default treat args as files to be processed # handle multiple files being passed as args if len(args): for f in args: if os.path.exists(f) and os.path.isfile(f): processFile(f) else: print "File not found: %s" % f sys.exit(2) # no args indicating files, read from stdin else: # can't really do true stdin input, since we repeatedly parse # the file, so create a tempfile that is read from stdin # pass it to processFile fh = sys.stdin tmph, tmpf = tempfile.mkstemp() tmph = open(tmpf, 'wb') for l in fh: tmph.write(l) tmph.close() processFile(tmpf) # all done, delete the tmp file os.unlink(tmpf) cleanup(options) else: print_help()
def main(): """Set everything off and handle files/stdin etc""" print_help, options, args = parseOptions() if len(sys.argv) > 1: if options['honeypots'] is None: print "No honeypots specified. Please use either -H or config file to specify honeypots.\n" sys.exit(2) hsingleton = HoneysnapSingleton.getInstance(options) if not os.path.exists(options['output_data_directory']): make_dir(options['output_data_directory']) if os.path.exists(options['output_data_directory']): for i in options["honeypots"]: make_dir(options["output_data_directory"] + "/" + i) # by default treat args as files to be processed # handle multiple files being passed as args if len(args): for f in args: if os.path.exists(f) and os.path.isfile(f): processFile(f) else: print "File not found: %s" % f sys.exit(2) # no args indicating files, read from stdin else: # can't really do true stdin input, since we repeatedly parse # the file, so create a tempfile that is read from stdin # pass it to processFile fh = sys.stdin tmph, tmpf = tempfile.mkstemp() tmph = open(tmpf, 'wb') for l in fh: tmph.write(l) tmph.close() processFile(tmpf) # all done, delete the tmp file os.unlink(tmpf) cleanup(options) else: print_help()
def __init__(self, hp): hs = HoneysnapSingleton.getInstance() options = hs.getOptions() Base.__init__(self) self.cmds = {} self.sources = {} self.targets = {} self.ips = {} self.users = {} self.channels = {} self.repeats = {} self.lines = {} self.botwords = botwords self.words = words self.wordlines = [] self.botlines = [] self.currenttopicsBotCmd = [] self.currenttopicsKeyword = [] self.serversvisited = [] self.channelsvisited = [] self.possbotnet = False self.honeypot = hp self.privcount = 0 self.dir = "" self.fp = sys.stdout self.limit=options['irc_limit'] self.tf = options['time_convert_fn'] self.wordfile=options['wordfile'] if self.wordfile: if os.path.exists(self.wordfile) and os.path.isfile(self.wordfile): wfp = open(self.wordfile, 'rb') filewords = wfp.readlines() filewords = [w.strip() for w in filewords] self.words = self.words + filewords else: print "Can't open specified wordlist %s. Stopping" % self.wordfile print "Please check the existence of the wordfile, or delete the WORDFILE option from the config if it's not wanted" sys.exit(1)
def __init__(self, hp): hs = HoneysnapSingleton.getInstance() options = hs.getOptions() Base.__init__(self) self.cmds = {} self.sources = {} self.targets = {} self.ips = {} self.users = {} self.channels = {} self.repeats = {} self.lines = {} self.botwords = botwords self.words = words self.wordlines = [] self.botlines = [] self.currenttopicsBotCmd = [] self.currenttopicsKeyword = [] self.serversvisited = [] self.channelsvisited = [] self.possbotnet = False self.honeypot = hp self.privcount = 0 self.dir = "" self.fp = sys.stdout self.limit = options['irc_limit'] self.tf = options['time_convert_fn'] self.wordfile = options['wordfile'] if self.wordfile: if os.path.exists(self.wordfile) and os.path.isfile(self.wordfile): wfp = open(self.wordfile, 'rb') filewords = wfp.readlines() filewords = [w.strip() for w in filewords] self.words = self.words + filewords else: print "Can't open specified wordlist %s. Stopping" % self.wordfile print "Please check the existence of the wordfile, or delete the WORDFILE option from the config if it's not wanted" sys.exit(1)
o = self.outdir % i make_dir(o) def setOutput(self, file): self.outfile = file def dump_extract(self): for s in self.states.getFlowStates(): s.close() for func in self.plugins: func(s, self.states) def writeResults(self): """TODO: I would like to implement some sort of summarization of the data files that were written during the run... """ pass if __name__ == "__main__": # for testing. Edit suitably import sys options = { 'honeypots':['192.168.0.1', '192.168.0.2'] } hsingleton = HoneysnapSingleton.getInstance(options) f = sys.argv[1] pcapObj = pcap.pcap(f) tflow = tcpFlow(pcapObj) make_dir ('output') tflow.setOutdir("output/%s/") tflow.setFilter("not port 445") tflow.start()
def processFile(file): """ Process a pcap file. file is the pcap file to parse This function will run any enabled options for each pcap file """ hs = HoneysnapSingleton.getInstance() options = hs.getOptions() tmpf, deletetmp = check_pcap_file(file) options["tmpf"] = tmpf try: if options["filename"] is not None: out = rawPathOutput(options["filename"], mode="a+") else: out = outputSTDOUT() except IOError: # we have some error opening the file # there is something at that path. Is it a directory? if not os.path.isdir(options["output_data_directory"]): print "Error: output_data_directory exists, but is not a directory." else: print "Unknown Error creating output file" sys.exit(1) out("\n\nAnalysing file: %s\n\n" % file) if options["do_pcap"] == "YES": out("Pcap file information:\n") pi = pcapInfo(tmpf) pi.setOutput(out) pi.getStats() myout = rawPathOutput(options["output_data_directory"] + "/pcapinfo.txt") pi.setOutput(myout) pi.getStats() out("\n") if options["do_packets"] == "YES": out("\nIP packet summary for common ports:\n\n") out("%-40s %10s\n" % ("Filter", "Packets")) filters = setFilters(options) for i in filters: key, filt = i out(key + "\n") for hp in options['honeypots']: p = pcap.pcap(tmpf) c = Counter(p) c.setOutput(out) f = filt % hp c.setFilter(f) c.count() del p out("\n") if options["do_incoming"] == "YES": for hp in options["honeypots"]: out("Counting incoming connections for %s\n" % hp) outdir = options["output_data_directory"] + "/%s/conns" % hp make_dir(outdir) p = pcap.pcap(tmpf) s = Summarize(p) filt = 'dst host %s' % hp s.setFilter(filt) s.start() fileout = rawPathOutput(outdir + "/incoming.txt", mode="a") if options["print_verbose"] == "YES": outputs = (fileout, out) else: outputs = (fileout, ) for output in outputs: s.setOutput(output) s.doOutput("\nIncoming connections for %s\n" % hp) s.writeResults(limit=options["flow_count_limit"]) del p if options["do_outgoing"] == "YES": for hp in options["honeypots"]: out("\nCounting outgoing connections for %s\n" % hp) outdir = options["output_data_directory"] + "/%s/conns" % hp make_dir(outdir) p = pcap.pcap(tmpf) s = Summarize(p) filt = 'src host %s' % hp s.setFilter(filt) s.start() fileout = rawPathOutput(outdir + "/outgoing.txt", mode="a") if options["print_verbose"] == "YES": outputs = (fileout, out) else: outputs = (fileout, ) for output in outputs: s.setOutput(output) s.doOutput("\nOutgoing connections for %s\n" % hp) s.writeResults(limit=options["flow_count_limit"]) del p if options["do_dns"] == "YES": out("\nExtracting DNS data to file\n\n") for hp in options["honeypots"]: #out("\nHoneypot %s\n\n" % hp) dns = dnsDecode(hp, direction="queried") dns.setOutdir(options["output_data_directory"] + "/%s/dns" % hp) dns.setOutput(out) dns.run() del dns dns = dnsDecode(hp, direction="served") dns.setOutdir(options["output_data_directory"] + "/%s/dns" % hp) dns.setOutput(out) dns.run() del dns if options["do_telnet"] == "YES": out("\nExtracting telnet data to file\n") for hp in options["honeypots"]: #out("\nHoneypot %s\n\n" % hp) tel = telnetDecode(hp) tel.setOutdir(options["output_data_directory"] + "/%s/telnet" % hp) tel.setOutput(out) tel.run() del tel if options["do_irc"] == "YES": """ Here we will use PcapRE to find packets on irc_port with "PRIVMSG" in the payload. """ for hp in options["honeypots"]: out("\nLooking for packets containing PRIVMSG for %s\n\n" % hp) p = pcap.pcap(tmpf) r = pcapReCounter(p) r.setFilter("host %s and tcp" % hp) r.setRE('PRIVMSG') r.setOutput(out) r.start() r.writeResults() for port in r.server_ports(options['irc_ports'][hp]): if port not in options['irc_ports'][hp]: if port == 80: out("\nSaw PRIVMSG on port 80, but cowardly not adding it to IRC port list - check manually\n" ) else: out("\nAdding port %s to irc list for %s\n" % (port, hp)) options['irc_ports'][hp].add(port) del p del r out("\nAnalysing IRC\n") for hp in options["honeypots"]: outdir = options["output_data_directory"] + "/%s/irc" % hp for port in options["irc_ports"][hp]: out("\nHoneypot %s, port %s\n\n" % (hp, port)) hirc = HoneySnapIRC() hirc.connect(tmpf, "host %s and tcp and port %s" % (hp, port)) hd = ircDecode(hp) hd.setOutput(out) hd.setOutdir(outdir) hd.setOutfile('irclog-%s.txt' % port) hirc.addHandler("all_events", hd.decodeCB, -1) hirc.ircobj.add_global_handler("all_events", hd.printLines, -1) hirc.ircobj.process_once() hd.printSummary() del hd del hirc if options["all_flows"] == "YES": out("\nExtracting all flows\n") p = pcap.pcap(tmpf) de = tcpflow.tcpFlow(p) filt = "host " filt += " or host ".join(options["honeypots"]) de.setFilter(filt) de.setOutdir(options["output_data_directory"] + "/%s/flows") de.setOutput(out) de.start() de.dump_extract() del de del p if options["do_http"] == "YES": out("\nExtracting from HTTP\n\n") p = pcap.pcap(tmpf) de = tcpflow.tcpFlow(p) de.setFilter("port 80") de.setOutdir(options["output_data_directory"] + "/%s/http") de.setOutput(out) decode = httpDecode.httpDecode() decode.setOutput(out) de.registerPlugin(decode.decode) de.start() de.dump_extract() decode.print_summary() del de del p if options["do_ftp"] == "YES": out("\nExtracting from FTP\n\n") p = pcap.pcap(tmpf) de = tcpflow.tcpFlow(p) de.setFilter("port 20 or port 21") de.setOutdir(options["output_data_directory"] + "/%s/ftp") de.setOutput(out) decode = ftpDecode.ftpDecode() decode.setOutput(out) de.registerPlugin(decode.decode) de.start() de.dump_extract() decode.print_summary() del de del p if options["do_smtp"] == "YES": out("\nExtracting from SMTP\n\n") p = pcap.pcap(tmpf) de = tcpflow.tcpFlow(p) de.setFilter("port 25") de.setOutdir(options["output_data_directory"] + "/%s/smtp") de.setOutput(out) decode = smtpDecode.smtpDecode() decode.setOutput(out) de.registerPlugin(decode.decode) de.start() de.dump_extract() decode.print_summary() del de del p if options["do_sebek"] == "YES": out("\nExtracting Sebek data\n") for hp in options["honeypots"]: out("\nHoneypot %s\n\n" % hp) sbd = sebekDecode(hp) sbd.setOutdir(options["output_data_directory"] + "/%s/sebek" % hp) sbd.setOutput(out) sbd.run() sbd.print_summary() del sbd if options["do_socks"] == "YES": out("\nExtracting Socks proxy information:\n") for hp in options["honeypots"]: out("\nHoneypot %s\n\n" % hp) p = pcap.pcap(tmpf) socks = SocksDecode(p, hp) socks.setOutdir(options["output_data_directory"] + "/%s/socks" % hp) socks.setOutput(out) socks.start() # delete the tmp file we used to hold unzipped data if deletetmp: os.unlink(tmpf)
def processFile(file): """ Process a pcap file. file is the pcap file to parse This function will run any enabled options for each pcap file """ hs = HoneysnapSingleton.getInstance() options = hs.getOptions() tmpf, deletetmp = check_pcap_file(file) options["tmpf"] = tmpf try: if options["filename"] is not None: out = rawPathOutput(options["filename"], mode="a+") else: out = outputSTDOUT() except IOError: # we have some error opening the file # there is something at that path. Is it a directory? if not os.path.isdir(options["output_data_directory"]): print "Error: output_data_directory exists, but is not a directory." else: print "Unknown Error creating output file" sys.exit(1) out("\n\nAnalysing file: %s\n\n" % file) if options["do_pcap"] == "YES": out("Pcap file information:\n") pi = pcapInfo(tmpf) pi.setOutput(out) pi.getStats() myout = rawPathOutput(options["output_data_directory"] +"/pcapinfo.txt") pi.setOutput(myout) pi.getStats() out("\n") if options["do_packets"] == "YES": out("\nIP packet summary for common ports:\n\n") out("%-40s %10s\n" % ("Filter", "Packets")) filters = setFilters(options) for i in filters: key, filt = i out(key+"\n") for hp in options['honeypots']: p = pcap.pcap(tmpf) c = Counter(p) c.setOutput(out) f = filt % hp c.setFilter(f) c.count() del p out("\n") if options["do_incoming"] == "YES": for hp in options["honeypots"]: out("Counting incoming connections for %s\n" % hp) outdir = options["output_data_directory"] + "/%s/conns" % hp make_dir(outdir) p = pcap.pcap(tmpf) s = Summarize(p) filt = 'dst host %s' % hp s.setFilter(filt) s.start() fileout = rawPathOutput(outdir+"/incoming.txt", mode="a") if options["print_verbose"] == "YES": outputs = (fileout, out) else: outputs = (fileout,) for output in outputs: s.setOutput(output) s.doOutput("\nIncoming connections for %s\n" % hp) s.writeResults(limit=options["flow_count_limit"]) del p if options["do_outgoing"] == "YES": for hp in options["honeypots"]: out("\nCounting outgoing connections for %s\n" % hp) outdir = options["output_data_directory"] + "/%s/conns" % hp make_dir(outdir) p = pcap.pcap(tmpf) s = Summarize(p) filt = 'src host %s' % hp s.setFilter(filt) s.start() fileout = rawPathOutput(outdir+"/outgoing.txt", mode="a") if options["print_verbose"] == "YES": outputs = (fileout, out) else: outputs = (fileout,) for output in outputs: s.setOutput(output) s.doOutput("\nOutgoing connections for %s\n" % hp) s.writeResults(limit=options["flow_count_limit"]) del p if options["do_dns"] == "YES": out("\nExtracting DNS data to file\n\n") for hp in options["honeypots"]: #out("\nHoneypot %s\n\n" % hp) dns = dnsDecode(hp, direction="queried") dns.setOutdir(options["output_data_directory"] + "/%s/dns" % hp) dns.setOutput(out) dns.run() del dns dns = dnsDecode(hp, direction="served") dns.setOutdir(options["output_data_directory"] + "/%s/dns" % hp) dns.setOutput(out) dns.run() del dns if options["do_telnet"] == "YES": out("\nExtracting telnet data to file\n") for hp in options["honeypots"]: #out("\nHoneypot %s\n\n" % hp) tel = telnetDecode(hp) tel.setOutdir(options["output_data_directory"] + "/%s/telnet" % hp) tel.setOutput(out) tel.run() del tel if options["do_irc"] == "YES": """ Here we will use PcapRE to find packets on irc_port with "PRIVMSG" in the payload. """ for hp in options["honeypots"]: out("\nLooking for packets containing PRIVMSG for %s\n\n" % hp) p = pcap.pcap(tmpf) r = pcapReCounter(p) r.setFilter("host %s and tcp" % hp) r.setRE('PRIVMSG') r.setOutput(out) r.start() r.writeResults() for port in r.server_ports(options['irc_ports'][hp]): if port not in options['irc_ports'][hp]: if port==80: out("\nSaw PRIVMSG on port 80, but cowardly not adding it to IRC port list - check manually\n") else: out("\nAdding port %s to irc list for %s\n" % (port, hp)) options['irc_ports'][hp].add(port) del p del r out("\nAnalysing IRC\n") for hp in options["honeypots"]: outdir = options["output_data_directory"] + "/%s/irc" % hp for port in options["irc_ports"][hp]: out("\nHoneypot %s, port %s\n\n" % (hp, port)) hirc = HoneySnapIRC() hirc.connect(tmpf, "host %s and tcp and port %s" % (hp, port)) hd = ircDecode(hp) hd.setOutput(out) hd.setOutdir(outdir) hd.setOutfile('irclog-%s.txt' % port) hirc.addHandler("all_events", hd.decodeCB, -1) hirc.ircobj.add_global_handler("all_events", hd.printLines, -1) hirc.ircobj.process_once() hd.printSummary() del hd del hirc if options["all_flows"] == "YES": out("\nExtracting all flows\n") p = pcap.pcap(tmpf) de = tcpflow.tcpFlow(p) filt = "host " filt += " or host ".join(options["honeypots"]) de.setFilter(filt) de.setOutdir(options["output_data_directory"]+ "/%s/flows") de.setOutput(out) de.start() de.dump_extract() del de del p if options["do_http"] == "YES": out("\nExtracting from HTTP\n\n") p = pcap.pcap(tmpf) de = tcpflow.tcpFlow(p) de.setFilter("port 80") de.setOutdir(options["output_data_directory"]+ "/%s/http") de.setOutput(out) decode = httpDecode.httpDecode() decode.setOutput(out) de.registerPlugin(decode.decode) de.start() de.dump_extract() decode.print_summary() del de del p if options["do_ftp"] == "YES": out("\nExtracting from FTP\n\n") p = pcap.pcap(tmpf) de = tcpflow.tcpFlow(p) de.setFilter("port 20 or port 21") de.setOutdir(options["output_data_directory"] + "/%s/ftp") de.setOutput(out) decode = ftpDecode.ftpDecode() decode.setOutput(out) de.registerPlugin(decode.decode) de.start() de.dump_extract() decode.print_summary() del de del p if options["do_smtp"] == "YES": out("\nExtracting from SMTP\n\n") p = pcap.pcap(tmpf) de = tcpflow.tcpFlow(p) de.setFilter("port 25") de.setOutdir(options["output_data_directory"] + "/%s/smtp") de.setOutput(out) decode = smtpDecode.smtpDecode() decode.setOutput(out) de.registerPlugin(decode.decode) de.start() de.dump_extract() decode.print_summary() del de del p if options["do_sebek"] == "YES": out("\nExtracting Sebek data\n") for hp in options["honeypots"]: out("\nHoneypot %s\n\n" % hp) sbd = sebekDecode(hp) sbd.setOutdir(options["output_data_directory"] + "/%s/sebek" % hp) sbd.setOutput(out) sbd.run() sbd.print_summary() del sbd if options["do_socks"] == "YES": out("\nExtracting Socks proxy information:\n") for hp in options["honeypots"]: out("\nHoneypot %s\n\n" % hp) p = pcap.pcap(tmpf) socks = SocksDecode(p,hp) socks.setOutdir(options["output_data_directory"] + "/%s/socks" % hp) socks.setOutput(out) socks.start() # delete the tmp file we used to hold unzipped data if deletetmp: os.unlink(tmpf)
make_dir(o) def setOutput(self, file): self.outfile = file def dump_extract(self): for s in self.states.getFlowStates(): s.close() for func in self.plugins: func(s, self.states) def writeResults(self): """TODO: I would like to implement some sort of summarization of the data files that were written during the run... """ pass if __name__ == "__main__": # for testing. Edit suitably import sys options = {'honeypots': ['192.168.0.1', '192.168.0.2']} hsingleton = HoneysnapSingleton.getInstance(options) f = sys.argv[1] pcapObj = pcap.pcap(f) tflow = tcpFlow(pcapObj) make_dir('output') tflow.setOutdir("output/%s/") tflow.setFilter("not port 445") tflow.start()
def __init__(self): self.current_time = 0 self.flow_hash = {} self.curent_time = 0 self.outdir = None self.hs = HoneysnapSingleton.getInstance()