chg: [launcher] Added launcher
parent
559af4ed10
commit
a0934b116f
35
README.md
35
README.md
|
@ -27,4 +27,37 @@ You can finally clone this repo on your machine and simply setup the virtual env
|
|||
git clone https://github.com/D4-project/analyzer-d4-ipa.git
|
||||
cd analyzer-d4-ipa
|
||||
pipenv install
|
||||
```
|
||||
```
|
||||
|
||||
## Usage
|
||||
#### Start the redis server
|
||||
Don't forget to set the DB directory in the redis.conf configuration. By default, the redis for Passive DNS is running on TCP port 6400
|
||||
```shell script
|
||||
../redis/src/redis-server ./etc/redis.conf
|
||||
```
|
||||
|
||||
#### Configure and start the D4 analyzer
|
||||
```shell script
|
||||
cd ./etc
|
||||
cp analyzer.conf.sample analyzer.conf
|
||||
```
|
||||
|
||||
Edit the analyzer.conf to match the UUID of the analyzer queue from your D4 server.
|
||||
```shell script
|
||||
[global]
|
||||
my-uuid = 6072e072-bfaa-4395-9bb1-cdb3b470d715
|
||||
d4-server = 127.0.0.1:6380
|
||||
# INFO|DEBUG
|
||||
logging-level = INFO
|
||||
```
|
||||
|
||||
Then you can start the analyzer.
|
||||
```shell script
|
||||
cd ../bin
|
||||
python3 run_ipa.py
|
||||
```
|
||||
|
||||
If you have local pcaps stored in a dataset that you want to analyze, use -p argument and specify the absolute path of the dataset root folder.
|
||||
```shell script
|
||||
python3 run_ipa.py -p /absolute/path/to/dataset/root
|
||||
```
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# IPA Launcher
|
||||
#
|
||||
# Copyright (C) 2019 Romain Kieffer
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
from lib.analyzer import Analyzer
|
||||
|
||||
import argparse
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
||||
parser = argparse.ArgumentParser(description='D4-IPA')
|
||||
parser.add_argument('-p', '--path', type=int, nargs=1, help='Path of local dataset.')
|
||||
|
||||
dataset = None
|
||||
|
||||
args = parser.parse_args()
|
||||
if args.path:
|
||||
dataset = args.path[0]
|
||||
|
||||
ipa = Analyzer(dataset_path=dataset)
|
|
@ -126,7 +126,7 @@ class Analyzer:
|
|||
icmp_layer = packet.icmp
|
||||
|
||||
icmp_type = str(icmp_layer.type)
|
||||
icmp_code = str(icmp_layer.code)
|
||||
# icmp_code = str(icmp_layer.code)
|
||||
protocol = get_protocol(packet)
|
||||
checksum_status = check_icmp_checksum(packet.icmp_raw.value)
|
||||
|
||||
|
@ -150,7 +150,7 @@ class Analyzer:
|
|||
pipeline.hincrby('checksum', 'total')
|
||||
pipeline.hincrby('checksum', checksum_status)
|
||||
|
||||
entry = str(get_src_port(packet)) + ':' + protocol + ':' + icmp_type + ':' + icmp_code
|
||||
# entry = str(get_src_port(packet)) + ':' + protocol + ':' + icmp_type + ':' + icmp_code
|
||||
# pipeline.zadd(source_ip, {entry: 1}, incr=True)
|
||||
|
||||
pipeline.zadd('protocols', {protocol: 1}, incr=True)
|
||||
|
@ -166,7 +166,6 @@ class Analyzer:
|
|||
return 0
|
||||
|
||||
def pop_cap(self):
|
||||
absolute_path = None
|
||||
if not self.dataset:
|
||||
absolute_path = self.r_d4.rpop(self.queue)
|
||||
else:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# ICMP Passive Analyzer for D4
|
||||
# Inspection library for the analyzer
|
||||
#
|
||||
# Copyright (C) 2019 Romain Kieffer
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue