2012-12-08 13:07:32 +00:00
|
|
|
<!DOCTYPE html>
|
|
|
|
<html>
|
|
|
|
<head>
|
2013-10-26 09:07:45 +00:00
|
|
|
<meta charset='utf-8'>
|
|
|
|
<meta http-equiv="X-UA-Compatible" content="chrome=1">
|
|
|
|
<link href='https://fonts.googleapis.com/css?family=Chivo:900' rel='stylesheet' type='text/css'>
|
|
|
|
<link rel="stylesheet" type="text/css" href="stylesheets/stylesheet.css" media="screen" />
|
|
|
|
<link rel="stylesheet" type="text/css" href="stylesheets/pygment_trac.css" media="screen" />
|
|
|
|
<link rel="stylesheet" type="text/css" href="stylesheets/print.css" media="print" />
|
|
|
|
<!--[if lt IE 9]>
|
|
|
|
<script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
|
|
|
|
<![endif]-->
|
|
|
|
<title>Netbeacon by adulau</title>
|
2012-12-08 13:07:32 +00:00
|
|
|
</head>
|
|
|
|
|
|
|
|
<body>
|
2013-10-26 09:07:45 +00:00
|
|
|
<div id="container">
|
|
|
|
<div class="inner">
|
2012-12-08 13:07:32 +00:00
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<header>
|
|
|
|
<h1>Netbeacon</h1>
|
|
|
|
<h2>netbeacon - monitoring your network capture, NIDS or network analysis process</h2>
|
|
|
|
</header>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<section id="downloads" class="clearfix">
|
|
|
|
<a href="https://github.com/adulau/netbeacon/zipball/master" id="download-zip" class="button"><span>Download .zip</span></a>
|
|
|
|
<a href="https://github.com/adulau/netbeacon/tarball/master" id="download-tar-gz" class="button"><span>Download .tar.gz</span></a>
|
|
|
|
<a href="https://github.com/adulau/netbeacon" id="view-on-github" class="button"><span>View on GitHub</span></a>
|
|
|
|
</section>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<hr>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<section id="main_content">
|
|
|
|
<h1>
|
|
|
|
<a name="netbeacon---monitoring-your-network-capture" class="anchor" href="#netbeacon---monitoring-your-network-capture"><span class="octicon octicon-link"></span></a>netbeacon - monitoring your network capture</h1>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
|
|
|
<p>netbeacon is a set of free software tools to send beacons over
|
|
|
|
the network to test the accuracy and the precision of your network
|
|
|
|
capture framework. With netbeacon you can test the following properties
|
|
|
|
of your network capture (e.g. for honeypot packet data capture,
|
|
|
|
data interception devices, NIDS, DPI ...):</p>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
<li>How long it takes for a packet to reach your monitoring.</li>
|
|
|
|
<li>Time inconsistencies between devices.</li>
|
|
|
|
<li>Finding missing packets or its (re)ordering.</li>
|
|
|
|
<li>Watchdog to verify an operational network capture.</li>
|
2013-10-26 09:07:45 +00:00
|
|
|
</ul><h2>
|
|
|
|
<a name="netbeacon---packet-format" class="anchor" href="#netbeacon---packet-format"><span class="octicon octicon-link"></span></a>netbeacon - packet format</h2>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
|
|
|
<p>The netbeacon format is a simple ASCII format encapsulated in an UDP
|
|
|
|
packet. The format is the following:</p>
|
|
|
|
|
|
|
|
<pre><code>header;epoch;sequence;hmac
|
|
|
|
</code></pre>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
<li>The current header is nb</li>
|
|
|
|
<li>The epoch value (in UTC format)</li>
|
|
|
|
<li>The sequence an unsigned integer</li>
|
|
|
|
<li>and the HMAC-SHA1 signature.</li>
|
|
|
|
</ul><p>Each message is encapsulated in UDP and by default using port 12345.</p>
|
|
|
|
|
|
|
|
<p>A pre-shared key (PSK) is agreed between the netbeacon sender
|
|
|
|
and netbeacon recipient to ensure packet integrity using HMAC (SHA1).
|
|
|
|
There is a default key "netbeacon" but we highly recommend to set your
|
|
|
|
own for your systems.</p>
|
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<h3>
|
|
|
|
<a name="sample-netbeacon-messages" class="anchor" href="#sample-netbeacon-messages"><span class="octicon octicon-link"></span></a>sample netbeacon messages</h3>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
|
|
|
<p>Here is a serie of 3 netbeacon messages extracted from 3 UDP packets:</p>
|
|
|
|
|
|
|
|
<pre><code> nb;1354960619;101;335540bf3dae684c3d5cd5795fd09b9097bad656
|
|
|
|
nb;1354960619;102;56fc82c066644f179b58eb84a47e577bf92adc47
|
|
|
|
nb;1354960619;103;854207f54c1c4be97bdf4cd4a0d1068731848698
|
|
|
|
</code></pre>
|
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<h2>
|
|
|
|
<a name="netbeacon---usage" class="anchor" href="#netbeacon---usage"><span class="octicon octicon-link"></span></a>netbeacon - usage</h2>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<h3>
|
|
|
|
<a name="how-to-use-it" class="anchor" href="#how-to-use-it"><span class="octicon octicon-link"></span></a>How to use it?</h3>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
|
|
|
<p>On a device where you able to send packets on the monitored/tapped network, you
|
|
|
|
can send beacons using nb_send.py</p>
|
|
|
|
|
|
|
|
<pre><code>python nb_send.py -s -i 3 -d 1.2.3.4
|
|
|
|
</code></pre>
|
|
|
|
|
|
|
|
<p>Where you are processing your network capture, you can run the following:</p>
|
|
|
|
|
|
|
|
<pre><code>python nb_collect.py -i dag0 | python nb_verify.py -s -t
|
|
|
|
</code></pre>
|
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<h3>
|
|
|
|
<a name="nb_sendpy" class="anchor" href="#nb_sendpy"><span class="octicon octicon-link"></span></a>nb_send.py</h3>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
|
|
|
<pre><code> Usage: nb_send.py [options]
|
|
|
|
|
|
|
|
Options:
|
|
|
|
-h, --help show this help message and exit
|
|
|
|
-p PSK, --psk=PSK pre-shared key used by the HMAC-SHA1 (default:
|
|
|
|
netbeacon)
|
|
|
|
-s, --storeseq store sequence and validate sequence
|
|
|
|
-i ITERATION, --iteration=ITERATION
|
|
|
|
set the number of interation for sending the netbeacon
|
|
|
|
-d DESTINATION, --destination=DESTINATION
|
2013-10-26 09:07:45 +00:00
|
|
|
set the destination(s) IPv4 address (default: 127.0.0.1)
|
2012-12-08 13:07:32 +00:00
|
|
|
-v, --verbose output netbeacon sent
|
|
|
|
</code></pre>
|
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<h3>
|
|
|
|
<a name="nb_collectpy" class="anchor" href="#nb_collectpy"><span class="octicon octicon-link"></span></a>nb_collect.py</h3>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
|
|
|
<pre><code> Usage: nb_collect.py [options]
|
|
|
|
|
|
|
|
Options:
|
|
|
|
-h, --help show this help message and exit
|
|
|
|
-i INTERFACE, --interface=INTERFACE
|
|
|
|
live capture on interface (default:lo)
|
|
|
|
-r FILEDUMP, --read=FILEDUMP
|
|
|
|
read pcap file
|
|
|
|
-e EXTENDED, --extended=EXTENDED
|
|
|
|
enable extended format including pcap timestamp
|
|
|
|
</code></pre>
|
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<h3>
|
|
|
|
<a name="nb_verifypy" class="anchor" href="#nb_verifypy"><span class="octicon octicon-link"></span></a>nb_verify.py</h3>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
|
|
|
<pre><code> Usage: nb_verify.py [options] <netbeacon messages>
|
|
|
|
|
|
|
|
Options:
|
|
|
|
-h, --help show this help message and exit
|
|
|
|
-t, --timedelta show timedelta
|
|
|
|
-s, --storeseq store sequence and validate sequence
|
|
|
|
-p PSK, --psk=PSK pre-shared key used by the HMAC-SHA1 (default: netbeacon)
|
|
|
|
</code></pre>
|
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<h1>
|
|
|
|
<a name="license" class="anchor" href="#license"><span class="octicon octicon-link"></span></a>License</h1>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
|
|
|
<p>netbeacon is free software: you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
(at your option) any later version.</p>
|
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<p>Copyright (c) 2012,2013 Alexandre Dulaunoy - <a href="https://github.com/adulau/">https://github.com/adulau/</a></p>
|
|
|
|
</section>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
<footer>
|
|
|
|
Netbeacon is maintained by <a href="https://github.com/adulau">adulau</a><br>
|
|
|
|
This page was generated by <a href="http://pages.github.com">GitHub Pages</a>. Tactile theme by <a href="https://twitter.com/jasonlong">Jason Long</a>.
|
|
|
|
</footer>
|
2012-12-08 13:07:32 +00:00
|
|
|
|
2013-10-26 09:07:45 +00:00
|
|
|
|
|
|
|
</div>
|
|
|
|
</div>
|
2012-12-08 13:07:32 +00:00
|
|
|
</body>
|
2013-10-26 09:07:45 +00:00
|
|
|
</html>
|