chg: [launcher] Added launcher

README.md

@@ -27,4 +27,37 @@ You can finally clone this repo on your machine and simply setup the virtual env
 git clone https://github.com/D4-project/analyzer-d4-ipa.git
 cd analyzer-d4-ipa
 pipenv install
-```
+```
+
+## Usage
+#### Start the redis server
+Don't forget to set the DB directory in the redis.conf configuration. By default, the redis for Passive DNS is running on TCP port 6400
+```shell script
+../redis/src/redis-server ./etc/redis.conf
+```
+
+#### Configure and start the D4 analyzer
+```shell script
+cd ./etc
+cp analyzer.conf.sample analyzer.conf
+```
+
+Edit the analyzer.conf to match the UUID of the analyzer queue from your D4 server.
+```shell script
+[global]
+my-uuid = 6072e072-bfaa-4395-9bb1-cdb3b470d715
+d4-server = 127.0.0.1:6380
+# INFO|DEBUG
+logging-level = INFO
+```
+
+Then you can start the analyzer.
+```shell script
+cd ../bin
+python3 run_ipa.py
+```
+
+If you have local pcaps stored in a dataset that you want to analyze, use -p argument and specify the absolute path of the dataset root folder.
+```shell script
+python3 run_ipa.py -p /absolute/path/to/dataset/root
+```

bin/run_ipa.py

@@ -0,0 +1,37 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# IPA Launcher
+#
+# Copyright (C) 2019  Romain Kieffer
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+from lib.analyzer import Analyzer
+
+import argparse
+
+
+if __name__ == "__main__":
+
+    parser = argparse.ArgumentParser(description='D4-IPA')
+    parser.add_argument('-p', '--path', type=int, nargs=1, help='Path of local dataset.')
+
+    dataset = None
+
+    args = parser.parse_args()
+    if args.path:
+        dataset = args.path[0]
+
+    ipa = Analyzer(dataset_path=dataset)

lib/analyzer.py

@@ -126,7 +126,7 @@ class Analyzer:
             icmp_layer = packet.icmp
 
             icmp_type = str(icmp_layer.type)
-            icmp_code = str(icmp_layer.code)
+            # icmp_code = str(icmp_layer.code)
             protocol = get_protocol(packet)
             checksum_status = check_icmp_checksum(packet.icmp_raw.value)
 
@@ -150,7 +150,7 @@ class Analyzer:
             pipeline.hincrby('checksum', 'total')
             pipeline.hincrby('checksum', checksum_status)
 
-            entry = str(get_src_port(packet)) + ':' + protocol + ':' + icmp_type + ':' + icmp_code
+            # entry = str(get_src_port(packet)) + ':' + protocol + ':' + icmp_type + ':' + icmp_code
             # pipeline.zadd(source_ip, {entry: 1}, incr=True)
 
             pipeline.zadd('protocols', {protocol: 1}, incr=True)
@@ -166,7 +166,6 @@ class Analyzer:
         return 0
 
     def pop_cap(self):
-        absolute_path = None
         if not self.dataset:
             absolute_path = self.r_d4.rpop(self.queue)
         else:

lib/inspection.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 #
-# ICMP Passive Analyzer for D4
+# Inspection library for the analyzer
 #
 # Copyright (C) 2019  Romain Kieffer
 #