diff options
| author | mo khan <mo@mokhan.ca> | 2015-02-05 21:43:26 -0700 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2015-02-05 21:43:26 -0700 |
| commit | 000634705950a849d2c7f6f90054185d9c85f5c5 (patch) | |
| tree | 49ea1a7bed4e43bc4c8cdbdf63545e0b6f4b6a47 | |
| parent | 834bf9261ee0ac209201d7643594361e6308f8e4 (diff) | |
attempt to scan network traffic.
| -rw-r--r-- | Gemfile | 2 | ||||
| -rw-r--r-- | Gemfile.lock | 4 | ||||
| -rw-r--r-- | lib/fake_agent.rb | 29 | ||||
| -rw-r--r-- | lib/tasks/agent.rake | 6 |
4 files changed, 41 insertions, 0 deletions
@@ -39,6 +39,8 @@ gem 'foreman' gem 'foundation-rails' gem 'chartkick' gem 'groupdate' +gem 'pcaprub' +gem 'packetfu' group :development, :test do # Call 'byebug' anywhere in the code to stop execution and get a debugger console diff --git a/Gemfile.lock b/Gemfile.lock index 7ad24ad..a911f50 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -101,6 +101,8 @@ GEM multi_json (1.10.1) nokogiri (1.6.6.2) mini_portile (~> 0.6.0) + packetfu (1.1.10) + pcaprub (0.12.0) pg (0.18.1) rack (1.6.0) rack-test (0.6.3) @@ -198,6 +200,8 @@ DEPENDENCIES jbuilder (~> 2.0) jquery-rails listen + packetfu + pcaprub pg rails (= 4.2.0) sass-rails (~> 5.0) diff --git a/lib/fake_agent.rb b/lib/fake_agent.rb index e0e4f7f..410a22d 100644 --- a/lib/fake_agent.rb +++ b/lib/fake_agent.rb @@ -41,6 +41,35 @@ class FakeAgent end end + def nfm_scan(interface) + capture = PCAPRUB::Pcap.open_live(interface, 65535, true, 0) + #capture.setfilter('icmp') + #capture.setfilter('tcp and dst port 80') + capture.setfilter('port 80') + puts 'running...' + capture.each_packet do |packet| + puts "++++" + puts Time.at(packet.time) + puts "micro => #{packet.microsec}" + puts packet.inspect + #puts packet.data + end + capture.close + end + include PacketFu + + def sniff(interface) + capture = Capture.new(iface: interface, start: true) + capture.stream.each do |p| + packet = Packet.parse(p) + if packet.is_ip? + next if packet.ip_saddr == Utils.ifconfig(interface)[:ip_saddr] + packet_info = [packet.ip_saddr, packet.ip_daddr, packet.size, packet.proto.last] + puts "%-15s -> %-15s %-4d %s" % packet_info + end + end + end + private def publish_event(event, files) diff --git a/lib/tasks/agent.rake b/lib/tasks/agent.rake index d00de1d..98aa2d5 100644 --- a/lib/tasks/agent.rake +++ b/lib/tasks/agent.rake @@ -12,4 +12,10 @@ namespace :agent do agent = FakeAgent.new(Agent.first.id, 'http://localhost:3000') agent.scan(Dir.pwd) end + + desc "scan network traffic" + task nfm: :environment do + agent = FakeAgent.new(Agent.first.id, 'http://localhost:3000') + agent.sniff('en1') + end end |