API tools faq
paste
drmaq

Untitled

drmaq
Apr 9th, 2016
173
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.09 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python3
  2.  
  3. import configparser as cg
  4. import logging as log
  5. import sys
  6. from multiprocessing import Process, Pipe
  7. from subprocess import Popen, PIPE, STDOUT
  8.  
  9. import MySQLdb as sql
  10.  
  11. # Logging Config settings
  12. log.basicConfig(level=log.DEBUG,
  13.                 format='[%(asctime)s] [%(levelname)-8s] [%(message)s]',
  14.                 datefmt='%a %d %b %Y] [%H:%M:%S',
  15.                 filename='tcpdump2.log',
  16.                 filemode='a')
  17.  
  18. # DEFINE CONFIG VARIABLES
  19. config = cg.RawConfigParser()
  20. config.read('config.cfg')
  21. config.sections()
  22.  
  23. # Configure Database
  24. host = config.get('DataBase', 'db_host')
  25. user = config.get('DataBase', 'db_user')
  26. password = config.get('DataBase', 'db_password')
  27. db = config.get('DataBase', 'db')
  28.  
  29.  
  30. class ExternalProcess(Process):
  31.     def __init__(self, command, pipe):
  32.         super(ExternalProcess, self).__init__()
  33.         self.command = command
  34.         self.pipe = pipe
  35.  
  36.     def run(self):
  37.         with Popen(self.command, stdout=PIPE, stderr=STDOUT, shell=True, universal_newlines=True) as process:
  38.             for line in process.stdout:
  39.                 self.pipe.send(line)
  40.  
  41.  
  42. def tcpdump():
  43.     conn = sql.connect(host, user, password, db)
  44.     c = conn.cursor()
  45.     c.execute(
  46.         '''CREATE TABLE IF NOT EXISTS BAD_MAC(
  47.    ID  INTEGER PRIMARY KEY AUTO_INCREMENT NOT NULL,
  48.    source_mac  CHAR(12) NOT NULL,
  49.    destination_mac CHAR(12) NOT NULL,
  50.    timestamp DATETIME NOT NULL
  51.    )''')
  52.     log.debug("DATABASE: Table Created successfully")
  53.     conn.commit()
  54.  
  55.     tcpdump_cmd = ['tcpdump -tttt -en -i ens192 "src port 67 and net not xxx.xx.xxx.xxx/16"']
  56.     # print(tcpdump_cmd)
  57.     log.info(tcpdump_cmd)
  58.     tcpdump_send_con, tcpdump_recv_con = Pipe()
  59.     tcpdump_process = ExternalProcess(tcpdump_cmd, tcpdump_send_con)
  60.     log.debug(tcpdump_process)
  61.     tcpdump_process.start()
  62.  
  63.     while True:
  64.         try:
  65.             print("True")
  66.             log.debug("True")
  67.             output = tcpdump_recv_con.recv()
  68.             log.debug(output)
  69.             #print(output)
  70.             print("6")
  71.             output_split = output.split(',')
  72.             log.debug(output_split)
  73.             print(output_split)
  74.             print("6.5")
  75.             if len(output_split) <= 5:
  76.                 print("@: ", output_split)
  77.                 print("7")
  78.                 [data, ether_type, ip_info, reply, length] = output_split
  79.                 print("OUTPUT: ", data, ether_type, ip_info, reply, length)
  80.                 log.debug("OUTPUT: ", data, ether_type, ip_info, reply, length)
  81.                 print("8")
  82.                 [date, time, Source_Mac, to, Destination_Mac] = data.rsplit(' ')
  83.                 print("9")
  84.                 sourceMac = Source_Mac.replace(':', '')
  85.                 log.debug(sourceMac)
  86.                 print("10")
  87.                 destinationMac = Destination_Mac.replace(':', '')
  88.                 log.debug(destinationMac)
  89.                 print("11")
  90.                 print('TCPDUMP DHCP OFFENDERS: ', date, time, Source_Mac, Destination_Mac)
  91.                 log.debug('TCPDUMP DHCP OFFENDERS: ', Source_Mac, Destination_Mac)
  92.                 print("12")
  93.                 insert_q = "INSERT INTO BAD_MAC (source_mac,destination_mac,timestamp) VALUES('%s','%s',NOW())" % (
  94.                 Source_Mac, Destination_Mac)
  95.                 print("13")
  96.                 c.execute(insert_q)
  97.                 log.debug('DataBase:%s\t%s', Source_Mac, Destination_Mac)
  98.                 print("14")
  99.                 conn.commit()
  100.         except KeyboardInterrupt:
  101.             tcpdump_process.terminate()
  102.             log.debug(tcpdump_process)
  103.             conn.close()
  104.             sys.exit(0)
  105.  
  106.  
  107. def tshark():
  108.     tshark_cmd = ['tshark', '-ni', 'eno16777736', '-Y', 'bootp.option.type == 53']
  109.     tshark_send_con, tshark_recv_con = Pipe()
  110.     tshark_process = ExternalProcess(tshark_cmd, tshark_send_con)
  111.     tshark_process.start()
  112.     while True:
  113.         try:
  114.             print('tshark output:', tshark_recv_con.recv())
  115.         except KeyboardInterrupt:
  116.             tshark_process.terminate()
  117.             sys.exit(0)
  118.  
  119.  
  120. tcpdump()
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!