#!/usr/bin/env python# encoding: utf-8from __future__ import division, with_

1. #!/usr/bin/env python
2. # encoding: utf-8
3. from __future__ import division, with_statement
4. import sys, os
5. import subprocess
6.  
7. # This is a horrible little script written by someone who doesn't understand
8. # how to use tcpdumbp or subprocess well. It intends to display an allert
9. # whenever specified keywords (such as a password) are seen in network
10. # traffic. Along with the warning it sends 3 \x07 beeps to stdout, in case
11. # you aren't paying attention.
12. #
13. # If I don't run this as root it eats a processor core and achives nothing.
14. # Beware.
15.  
16. def main():
17. # It may not be en1 for you.
18. monitorApp = "tcpdump -s 0 -A -i en1".split(" ")
19.  
20. process = subprocess.Popen(monitorApp, stdout = subprocess.PIPE, stderr = subprocess.STDOUT)
21.  
22. keywords = []
23.  
24. while True:
25. next = raw_input("Triggering Keyword: ")
26. if next:
27. keywords.append(next)
28. else:
29. break
30.  
31.  
32. if not keywords:
33. raise ValueError("Must provide triggering keywords.")
34.  
35. keywords = ["password", "wordpass"]
36.  
37. data = ""
38. lastLen = 0
39.  
40. while process.returncode is None:
41. new = process.stdout.read(1024)
42. data = data[-lastLen:] + new
43. lastLen = len(new)
44. # This is to ensure nothing is cut between two chunks that are read.
45. # As a side effect, twice as many alets as neccessary are displayed.
46.  
47. if any(word in data for word in keywords):
48. sys.stderr.write("Keyword found in traffic!\x07\x07\x07\n")
49. else:
50. pass
51. # sys.stdout.write(".")
52.  
53.  
54.  
55. if __name__ == "__main__": sys.exit(main())