Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import socket, sys
- from scapy.all import *
- from struct import *
- import subprocess as sub
- import time
- import re
- import sqlite3 as sql
- import os
- #Defines refresh rate of the IP addresses to be monitored
- refresh_rate = 10
- interface_name = 'br-lan'
- #establishes connection to a database creating it if it doesn't exist
- conn = sql.connect('/tmp/tempHistory.db')
- cur = conn.cursor()
- tableName = 'connectionHistory'
- global macList
- def getTime():
- #Function that gets the system time in seconds
- return int(round(time.time()))
- def setTime():
- global clock
- clock = getTime()
- def getMACs ():
- #Function that gets the IP addresses from the configuration file
- #First accesses config file for monitored IPsf
- ipConfigFile = open('/etc/config/cbi_file', 'r')
- #Scans through file looking for DeviceIP objects and trims the string accordinglu to get the IP address
- List = []
- for line in ipConfigFile:
- if "option mac" in line:
- value = line[13:(len(line)-2)]
- List.append(value)
- #print List
- return List
- def checkTables ():
- #Function to check if table exists to hold data
- cur.execute("CREATE TABLE IF NOT EXISTS connectionHistory (monitorMAC text, toIP text, connection text, port integer, length integer, PRIMARY KEY (monitorMAC, toIP, connection, port))")
- #print 'Created master table'
- cur.execute("CREATE TABLE IF NOT EXISTS dnsLookups (toIP text PRIMARY KEY, hostname text)")
- def enterDNS (ipAddr):
- #if ip address does not already exist in table do following
- nslookupProc = sub.Popen(('nslookup', ipAddr), stdout=sub.PIPE)
- results = nslookupProc.communicate()[0]
- #regular expression to pull hostname
- dnsRecord = re.findall( r'([^\s]+\.[a-z]+)', results)
- if dnsRecord != []:
- entry = dnsRecord[0]
- #print entry
- cur.execute("INSERT OR IGNORE INTO dnsLookups VALUES (?,?)", (ipAddr, entry))
- else:
- cur.execute("INSERT OR IGNORE INTO dnsLookups VALUES (?,?)", (ipAddr, ""))
- def tablePush (items):
- #Tries to update values in table
- cur.execute("UPDATE connectionHistory SET length = length + ? WHERE monitorMAC = ? AND toIP = ? AND port = ? AND connection = ?", (items[3], items[0], items[1], items[2], items[4]))
- cur.execute("INSERT OR IGNORE INTO connectionHistory VALUES (?,?,?,?,?)", (items[0], items[1], items[4], items[2], items[3]))
- #print 'added value'
- enterDNS(items[1])
- #first generate macs from config file using method
- macList = getMACs()
- #generate our IPs to monitor and call checkTables to ensure our SQL table exists
- checkTables()
- #begin running the tcpdump subprocess piping output to stdout
- #capture start time of the process and save to clock variable
- setTime()
- def printer(packet):
- src = packet[0][0].src
- dst = packet[0][0].dst
- global clock
- global macList
- if src in macList:
- listVals = [packet[0][0].src, packet[0][1].dst, packet[0][1].dport, packet[0][1].len, 'out']
- tablePush(listVals)
- elif dst in macList:
- listVals = [packet[0][0].dst ,packet[0][1].src, packet[0][1].sport, packet[0][1].len, 'in']
- tablePush(listVals)
- if getTime() - refresh_rate > clock:
- #update monitored IPs and update clock
- macList = getMACs()
- clock = getTime()
- #print 'updatedIPs'
- #commit changes to database
- conn.commit()
- #create an INET, STREAMing socket
- sniff(filter="tcp or udp", prn=printer, store=0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement