63 lines
1.6 KiB
Markdown
63 lines
1.6 KiB
Markdown
# ICMP Passive Analyzer - D4 IPA
|
|
|
|
Reads a pcap file and analyze icmp packets to detect potential DDoS attacks
|
|
(guaranteed gluten free)
|
|
|
|
## Installation
|
|
**REQUIREMENTS**:
|
|
- This analyzer requires [pipenv](https://pipenv.readthedocs.io/en/latest/) and [redis 5.0](https://redis.io) or above.
|
|
- You need at least python3.6 or later to run this.
|
|
|
|
**SETUP**:\
|
|
First, you need to install pipenv:
|
|
```shell script
|
|
pip install pipenv
|
|
```
|
|
Then clone redis where you want it installed:
|
|
```shell script
|
|
git clone https://github.com/antirez/redis.git
|
|
cd redis
|
|
git checkout 5.0
|
|
make
|
|
cd ..
|
|
```
|
|
|
|
You can finally clone this repo on your machine and simply setup the virtual environment with pipenv like so:
|
|
```shell script
|
|
git clone https://github.com/D4-project/analyzer-d4-ipa.git
|
|
cd analyzer-d4-ipa
|
|
pipenv install
|
|
```
|
|
|
|
## Usage
|
|
#### Start the redis server
|
|
Don't forget to set the DB directory in the redis.conf configuration. By default, the redis for IPA is running on TCP port 6405.
|
|
```shell script
|
|
../redis/src/redis-server ./etc/redis.conf
|
|
```
|
|
|
|
#### Configure and start the D4 analyzer
|
|
```shell script
|
|
cd ./etc
|
|
cp analyzer.conf.sample analyzer.conf
|
|
```
|
|
Edit analyzer.conf to match the UUID of the analyzer queue from your D4 server.
|
|
```shell script
|
|
[global]
|
|
my-uuid = 6072e072-bfaa-4395-9bb1-cdb3b470d715
|
|
d4-server = 127.0.0.1:6380
|
|
# INFO|DEBUG
|
|
logging-level = INFO
|
|
```
|
|
|
|
#### Start the analyzer
|
|
```shell script
|
|
cd ../bin
|
|
python3 run_ipa.py
|
|
```
|
|
|
|
If you have local pcaps stored in a dataset that you want to analyze, use -p argument and specify the absolute path of the dataset root folder.
|
|
```shell script
|
|
python3 run_ipa.py -p /absolute/path/to/dataset/root
|
|
```
|