-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathLibNidsReaderThread.py
117 lines (98 loc) · 3.79 KB
/
LibNidsReaderThread.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
from collections import deque
from TcpMessage import TcpMessage
from inspect import getmembers
from pprint import pprint
import binascii
import nids
import threading
end_states = (nids.NIDS_CLOSE, nids.NIDS_TIMEOUT, nids.NIDS_RESET)
class LibNidsReaderThread(threading.Thread):
def __init__(self, filename, protocol, port=None):
threading.Thread.__init__(self)
self.port = port
self.protocol = protocol
self.done = False
self.connection_list = deque()
self.lock = threading.Lock()
self.delete_read_connections = False
self.last_read_index = -1
nids.param("filename", filename)
nids.chksum_ctl([('0.0.0.0/0', False)])
if port is None:
nids.param("pcap_filter", "{}".format(self.protocol))
else:
nids.param("pcap_filter", "{} port {}".format(self.protocol, self.port))
def run(self):
nids.init()
nids.register_tcp(self.handle_tcp)
try:
nids.run()
print("DONE")
self.done = True
except nids.error, e:
print "[-] Error: %s" % (e)
except Exception, e:
print "[-] Exception: %s" % (e)
def handle_tcp(self, tcp):
if tcp.nids_state == nids.NIDS_JUST_EST:
((src, sport), (dst, dport)) = tcp.addr
tcp.client.collect = 1
tcp.server.collect = 1
tcp.start_ts = nids.get_pkt_ts()
elif tcp.nids_state == nids.NIDS_DATA:
tcp.discard(0)
elif tcp.nids_state in end_states:
((src, sport), (dst, dport)) = tcp.addr
tcp.stop_ts = nids.get_pkt_ts()
print "[+](%s-%s) %s:%s - %s:%s (CTS: %dB | STC: %dB)" % (tcp.start_ts, tcp.stop_ts, src, sport, dst, dport,
len(tcp.server.data[:tcp.server.count]),
len(tcp.client.data[:tcp.client.count]))
# pprint(getmembers(tcp.client))
print(binascii.hexlify(tcp.server.data))
print(len(tcp.server.data))
raw_input("Enter to continue")
msg = TcpMessage(tcp.client.data, tcp.server.data, (src, sport, dst, dport), tcp.start_ts, tcp.stop_ts)
self.lock.acquire()
self.connection_list.append(msg)
self.lock.release()
def pop_connection(self):
self.lock.acquire()
if self.delete_read_connections and len(self.connection_list) > 0:
msg = self.connection_list.pop()
self.lock.release()
return msg
elif len(self.connection_list) > 0:
if self.last_read_index == len(self.connection_list) - 1:
self.lock.release()
return None
else:
self.last_read_index += 1
msg = self.connection_list[self.last_read_index]
msg.read = True
self.lock.release()
return msg
else:
self.lock.release()
return None
def has_ready_message(self):
self.lock.acquire()
if self.delete_read_connections and len(self.connection_list) > 0:
self.lock.release()
return True
elif len(self.connection_list) > 0:
if self.last_read_index >= len(self.connection_list) - 1:
self.lock.release()
return False
else:
self.lock.release()
return True
else:
self.lock.release()
return False
def reset_read_status(self):
self.lock.acquire()
# print "Resetting read status"
for msg in self.connection_list:
msg.read = False
self.last_read_index = -1
self.lock.release()