c26341c225 | ||
---|---|---|
bin | ||
etc | ||
lib | ||
.gitignore | ||
LICENSE.md | ||
Pipfile | ||
Pipfile.lock | ||
README.md | ||
analyzer_launch.sh | ||
install.sh | ||
setup.py |
README.md
ICMP Passive Analyzer - D4 IPA
Reads a pcap file and analyze icmp packets to detect potential DDoS attacks (guaranteed gluten free)
Installation
REQUIREMENTS:
- This analyzer requires pipenv and redis 5.0 or above.
- You need at least python3.6 or later to run this.
SETUP:
First, you need to install pipenv:
pip install pipenv
Then clone redis where you want it installed:
git clone https://github.com/antirez/redis.git
cd redis
git checkout 5.0
make
cd ..
You can finally clone this repo on your machine and simply setup the virtual environment with pipenv like so:
git clone https://github.com/D4-project/analyzer-d4-ipa.git
cd analyzer-d4-ipa
pipenv install
Usage
Start the redis server
Don't forget to set the DB directory in the redis.conf configuration. By default, the redis for IPA is running on TCP port 6405.
../redis/src/redis-server ./etc/redis.conf
Configure and start the D4 analyzer
cd ./etc
cp analyzer.conf.sample analyzer.conf
Edit analyzer.conf to match the UUID of the analyzer queue from your D4 server.
[global]
my-uuid = 6072e072-bfaa-4395-9bb1-cdb3b470d715
d4-server = 127.0.0.1:6380
# INFO|DEBUG
logging-level = INFO
Start the analyzer
cd ../bin
python3 run_ipa.py
If you have local pcaps stored in a dataset that you want to analyze, use -p argument and specify the absolute path of the dataset root folder.
python3 run_ipa.py -p /absolute/path/to/dataset/root