Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python3
- import configparser as cg
- import logging as log
- import sys
- from multiprocessing import Process, Pipe
- from subprocess import Popen, PIPE, STDOUT
- import MySQLdb as sql
- # Logging Config settings
- log.basicConfig(level=log.DEBUG,
- format='[%(asctime)s] [%(levelname)-8s] [%(message)s]',
- datefmt='%a %d %b %Y] [%H:%M:%S',
- filename='tcpdump2.log',
- filemode='a')
- # DEFINE CONFIG VARIABLES
- config = cg.RawConfigParser()
- config.read('config.cfg')
- config.sections()
- # Configure Database
- host = config.get('DataBase', 'db_host')
- user = config.get('DataBase', 'db_user')
- password = config.get('DataBase', 'db_password')
- db = config.get('DataBase', 'db')
- class ExternalProcess(Process):
- def __init__(self, command, pipe):
- super(ExternalProcess, self).__init__()
- self.command = command
- self.pipe = pipe
- def run(self):
- with Popen(self.command, stdout=PIPE, stderr=STDOUT, shell=True, universal_newlines=True) as process:
- for line in process.stdout:
- self.pipe.send(line)
- def tcpdump():
- conn = sql.connect(host, user, password, db)
- c = conn.cursor()
- c.execute(
- '''CREATE TABLE IF NOT EXISTS BAD_MAC(
- ID INTEGER PRIMARY KEY AUTO_INCREMENT NOT NULL,
- source_mac CHAR(12) NOT NULL,
- destination_mac CHAR(12) NOT NULL,
- timestamp DATETIME NOT NULL
- )''')
- log.debug("DATABASE: Table Created successfully")
- conn.commit()
- tcpdump_cmd = ['tcpdump -tttt -en -i ens192 "src port 67 and net not xxx.xx.xxx.xxx/16"']
- # print(tcpdump_cmd)
- log.info(tcpdump_cmd)
- tcpdump_send_con, tcpdump_recv_con = Pipe()
- tcpdump_process = ExternalProcess(tcpdump_cmd, tcpdump_send_con)
- log.debug(tcpdump_process)
- tcpdump_process.start()
- while True:
- try:
- print("True")
- log.debug("True")
- output = tcpdump_recv_con.recv()
- log.debug(output)
- #print(output)
- print("6")
- output_split = output.split(',')
- log.debug(output_split)
- print(output_split)
- print("6.5")
- if len(output_split) <= 5:
- print("@: ", output_split)
- print("7")
- [data, ether_type, ip_info, reply, length] = output_split
- print("OUTPUT: ", data, ether_type, ip_info, reply, length)
- log.debug("OUTPUT: ", data, ether_type, ip_info, reply, length)
- print("8")
- [date, time, Source_Mac, to, Destination_Mac] = data.rsplit(' ')
- print("9")
- sourceMac = Source_Mac.replace(':', '')
- log.debug(sourceMac)
- print("10")
- destinationMac = Destination_Mac.replace(':', '')
- log.debug(destinationMac)
- print("11")
- print('TCPDUMP DHCP OFFENDERS: ', date, time, Source_Mac, Destination_Mac)
- log.debug('TCPDUMP DHCP OFFENDERS: ', Source_Mac, Destination_Mac)
- print("12")
- insert_q = "INSERT INTO BAD_MAC (source_mac,destination_mac,timestamp) VALUES('%s','%s',NOW())" % (
- Source_Mac, Destination_Mac)
- print("13")
- c.execute(insert_q)
- log.debug('DataBase:%s\t%s', Source_Mac, Destination_Mac)
- print("14")
- conn.commit()
- except KeyboardInterrupt:
- tcpdump_process.terminate()
- log.debug(tcpdump_process)
- conn.close()
- sys.exit(0)
- def tshark():
- tshark_cmd = ['tshark', '-ni', 'eno16777736', '-Y', 'bootp.option.type == 53']
- tshark_send_con, tshark_recv_con = Pipe()
- tshark_process = ExternalProcess(tshark_cmd, tshark_send_con)
- tshark_process.start()
- while True:
- try:
- print('tshark output:', tshark_recv_con.recv())
- except KeyboardInterrupt:
- tshark_process.terminate()
- sys.exit(0)
- tcpdump()
Add Comment
Please, Sign In to add comment