netbeacon/params.json

1 line
4.1 KiB
JSON
Raw Permalink Normal View History

2013-10-26 09:07:45 +00:00
{"name":"Netbeacon","tagline":"netbeacon - monitoring your network capture, NIDS or network analysis process","body":"\r\nnetbeacon - monitoring your network capture\r\n===========================================\r\n\r\nnetbeacon is a set of free software tools to send beacons over\r\nthe network to test the accuracy and the precision of your network\r\ncapture framework. With netbeacon you can test the following properties\r\nof your network capture (e.g. for honeypot packet data capture,\r\ndata interception devices, NIDS, DPI ...):\r\n\r\n- How long it takes for a packet to reach your monitoring.\r\n- Time inconsistencies between devices.\r\n- Finding missing packets or its (re)ordering.\r\n- Watchdog to verify an operational network capture.\r\n\r\nnetbeacon - packet format\r\n-------------------------\r\n\r\nThe netbeacon format is a simple ASCII format encapsulated in an UDP\r\npacket. The format is the following:\r\n\r\n header;epoch;sequence;hmac\r\n\r\n* The current header is nb\r\n* The epoch value (in UTC format)\r\n* The sequence an unsigned integer\r\n* and the HMAC-SHA1 signature.\r\n\r\nEach message is encapsulated in UDP and by default using port 12345.\r\n\r\nA pre-shared key (PSK) is agreed between the netbeacon sender\r\nand netbeacon recipient to ensure packet integrity using HMAC (SHA1).\r\nThere is a default key \"netbeacon\" but we highly recommend to set your\r\nown for your systems.\r\n\r\n### sample netbeacon messages ###\r\n\r\nHere is a serie of 3 netbeacon messages extracted from 3 UDP packets:\r\n \r\n nb;1354960619;101;335540bf3dae684c3d5cd5795fd09b9097bad656\r\n nb;1354960619;102;56fc82c066644f179b58eb84a47e577bf92adc47\r\n nb;1354960619;103;854207f54c1c4be97bdf4cd4a0d1068731848698\r\n\r\nnetbeacon - usage\r\n-----------------\r\n\r\n### How to use it? ###\r\n\r\nOn a device where you able to send packets on the monitored/tapped network, you\r\ncan send beacons using nb_send.py\r\n\r\n python nb_send.py -s -i 3 -d 1.2.3.4\r\n\r\nWhere you are processing your network capture, you can run the following:\r\n\r\n python nb_collect.py -i dag0 | python nb_verify.py -s -t\r\n\r\n### nb_send.py ###\r\n\r\n Usage: nb_send.py [options]\r\n\r\n Options:\r\n -h, --help show this help message and exit\r\n -p PSK, --psk=PSK pre-shared key used by the HMAC-SHA1 (default:\r\n netbeacon)\r\n -s, --storeseq store sequence and validate sequence\r\n -i ITERATION, --iteration=ITERATION\r\n set the number of interation for sending the netbeacon\r\n -d DESTINATION, --destination=DESTINATION\r\n set the destination(s) IPv4 address (default: 127.0.0.1)\r\n -v, --verbose output netbeacon sent\r\n\r\n\r\n### nb_collect.py ###\r\n\r\n Usage: nb_collect.py [options]\r\n\r\n Options:\r\n -h, --help show this help message and exit\r\n -i INTERFACE, --interface=INTERFACE\r\n live capture on interface (default:lo)\r\n -r FILEDUMP, --read=FILEDUMP\r\n read pcap file\r\n -e EXTENDED, --extended=EXTENDED\r\n enable extended format including pcap timestamp\r\n\r\n### nb_verify.py ###\r\n\r\n Usage: nb_verify.py [options] <netbeacon messages>\r\n\r\n Options:\r\n -h, --help show this help message and exit\r\n -t, --timedelta show timedelta\r\n -s, --storeseq store sequence and validate sequence\r\n -p PSK, --psk=PSK pre-shared key used by the HMAC-SHA1 (default: netbeacon)\r\n\r\n\r\n\r\nLicense\r\n=======\r\n\r\nnetbeacon is free software: you can redistribute it and/or modify\r\nit under the terms of the GNU General Public License as published by\r\nthe Free Software Foundation, either version 3 of the License, or\r\n(at your option) any later version.\r\n\r\nCopyright (c) 2012,2013 Alexandr