def __init__(self, acl=None) -> None: if acl: assert isinstance(acl, ACL) self.acl = acl else: self.acl = None log().info('ARP ACL not loaded') self.db = ARPDatabase() super().__init__()
def from_file(cls, acl_config: Path): with acl_config.open() as f: acl = defaultdict(list) for idx, l in enumerate(f): try: l = l.rstrip() ip = l.split(' ')[0] mac = l.split(' ')[1] acl[ip].append(mac) except KeyError: log().error('ARP config failed to parse line {:d}'.format(idx)) return cls(acl)
def radiotap_loop(sniffer): ieee80211_module = IEEE80211Module() pkt_c = 0 for ts, pkt in sniffer: try: pkt_c += 1 log().debug('Received IEEE80211 packet ({:d})'.format(pkt_c)) ieee80211_module.receive_packet(pkt, pkt_c) except Exception as e: print(e) log().error( 'Could not parse IEEE80211 packet ({:d})'.format(pkt_c))
def ether_loop(sniffer): if args.arp_config: arp_module = ARPModule(ACL.from_file(Path(args.arp_config))) else: arp_module = ARPModule() for ts, pkt in sniffer: e = Ether(pkt) try: if e.type == ETHER_TYPE_ARP: log().info('Received ARP packet') arp_module.receive_packet(e, ts) else: log().info('Received packet not supported by IPS') except AttributeError: log().info('Received packet does not have a type') continue
parser = argparse.ArgumentParser(description='IPS') parser.add_argument( 'pcap_in', type=str, help='pcap file input or name of suitable network device') parser.add_argument('log_out', type=str, help='output file for a json log') parser.add_argument('--arp-acl-config', dest='arp_config', type=str, help='configuration file with IP to MAC bindings') args = parser.parse_args() if args.pcap_in and args.log_out: init_logger(args.log_out) log().info('IPS STARTED') if args.arp_config: arp_module = ARPModule(ACL.from_file(Path(args.arp_config))) else: arp_module = ARPModule() sniffer = pcap.pcap(name=args.pcap_in, promisc=True, immediate=True, timeout_ms=50) for ts, pkt in sniffer: e = Ether(pkt) try: if e.type == ETHER_TYPE_ARP: log().info('Received ARP packet')
def _save(self): print('called') log().info('{} | NOTICE | Response: {} | [{}]'.format( self.module, self.message, self.pkt_summary['pkt']))
def _save(self): log().info('{} | ERROR | Response: {} | [{}]'.format( self.module, self.message, self.pkt_summary['pkt']))
parser = argparse.ArgumentParser(description='IPS') parser.add_argument( 'pcap_in', type=str, help='pcap file input or name of suitable network device') parser.add_argument('log_out', type=str, help='output file for a json log') parser.add_argument('--arp-acl-config', dest='arp_config', type=str, help='configuration file with IP to MAC bindings') args = parser.parse_args() if args.pcap_in and args.log_out: init_logger(args.log_out) log().info('IPS STARTED') sniffer = pcap.pcap(name=args.pcap_in, promisc=True, immediate=True, timeout_ms=50) datalink = sniffer.datalink() if LINKTYPE_ETHERNET == datalink: ether_loop(sniffer) elif LINKTYPE_IEEE802_11_RADIOTAP == datalink: radiotap_loop(sniffer) else: log().error( 'PCAP LINK LAYER TYPE NOT SUPPORTED: {:d}'.format(datalink))