adulau/netbeacon
1
0
Fork 0
mirror of https://github.com/adulau/netbeacon.git synced 2024-11-22 10:07:10 +00:00
Code Issues Projects Releases Packages Wiki Activity
netbeacon/index.html

155 lines
5.3 KiB
HTML
Raw Normal View History

Create gh-pages branch via GitHub
2012-12-08 13:07:32 +00:00
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8' />
<meta http-equiv="X-UA-Compatible" content="chrome=1" />
<meta name="description" content="Netbeacon : netbeacon - monitoring your network capture, NIDS or network analysis process" />
<link rel="stylesheet" type="text/css" media="screen" href="stylesheets/stylesheet.css">
<title>Netbeacon</title>
</head>
<body>
<!-- HEADER -->
<div id="header_wrap" class="outer">
<header class="inner">
<a id="forkme_banner" href="https://github.com/adulau/netbeacon">View on GitHub</a>
<h1 id="project_title">Netbeacon</h1>
<h2 id="project_tagline">netbeacon - monitoring your network capture, NIDS or network analysis process</h2>
<section id="downloads">
<a class="zip_download_link" href="https://github.com/adulau/netbeacon/zipball/master">Download this project as a .zip file</a>
<a class="tar_download_link" href="https://github.com/adulau/netbeacon/tarball/master">Download this project as a tar.gz file</a>
</section>
</header>
</div>
<!-- MAIN CONTENT -->
<div id="main_content_wrap" class="outer">
<section id="main_content" class="inner">
<h1>netbeacon - monitoring your network capture</h1>
<p>netbeacon is a set of free software tools to send beacons over
the network to test the accuracy and the precision of your network
capture framework. With netbeacon you can test the following properties
of your network capture (e.g. for honeypot packet data capture,
data interception devices, NIDS, DPI ...):</p>
<ul>
<li>How long it takes for a packet to reach your monitoring.</li>
<li>Time inconsistencies between devices.</li>
<li>Finding missing packets or its (re)ordering.</li>
<li>Watchdog to verify an operational network capture.</li>
</ul><h2>netbeacon - packet format</h2>
<p>The netbeacon format is a simple ASCII format encapsulated in an UDP
packet. The format is the following:</p>
<pre><code>header;epoch;sequence;hmac
</code></pre>
<ul>
<li>The current header is nb</li>
<li>The epoch value (in UTC format)</li>
<li>The sequence an unsigned integer</li>
<li>and the HMAC-SHA1 signature.</li>
</ul><p>Each message is encapsulated in UDP and by default using port 12345.</p>
<p>A pre-shared key (PSK) is agreed between the netbeacon sender
and netbeacon recipient to ensure packet integrity using HMAC (SHA1).
There is a default key "netbeacon" but we highly recommend to set your
own for your systems.</p>
<h3>sample netbeacon messages</h3>
<p>Here is a serie of 3 netbeacon messages extracted from 3 UDP packets:</p>
<pre><code> nb;1354960619;101;335540bf3dae684c3d5cd5795fd09b9097bad656
nb;1354960619;102;56fc82c066644f179b58eb84a47e577bf92adc47
nb;1354960619;103;854207f54c1c4be97bdf4cd4a0d1068731848698
</code></pre>
<h2>netbeacon - usage</h2>
<h3>How to use it?</h3>
<p>On a device where you able to send packets on the monitored/tapped network, you
can send beacons using nb_send.py</p>
<pre><code>python nb_send.py -s -i 3 -d 1.2.3.4
</code></pre>
<p>Where you are processing your network capture, you can run the following:</p>
<pre><code>python nb_collect.py -i dag0 | python nb_verify.py -s -t
</code></pre>
<h3>nb_send.py</h3>
<pre><code> Usage: nb_send.py [options]
Options:
-h, --help show this help message and exit
-p PSK, --psk=PSK pre-shared key used by the HMAC-SHA1 (default:
netbeacon)
-s, --storeseq store sequence and validate sequence
-i ITERATION, --iteration=ITERATION
set the number of interation for sending the netbeacon
-d DESTINATION, --destination=DESTINATION
set the destination IPv4 address (default: 127.0.0.1)
-v, --verbose output netbeacon sent
</code></pre>
<h3>nb_collect.py</h3>
<pre><code> Usage: nb_collect.py [options]
Options:
-h, --help show this help message and exit
-i INTERFACE, --interface=INTERFACE
live capture on interface (default:lo)
-r FILEDUMP, --read=FILEDUMP
read pcap file
-e EXTENDED, --extended=EXTENDED
enable extended format including pcap timestamp
</code></pre>
<h3>nb_verify.py</h3>
<pre><code> Usage: nb_verify.py [options] &lt;netbeacon messages&gt;
Options:
-h, --help show this help message and exit
-t, --timedelta show timedelta
-s, --storeseq store sequence and validate sequence
-p PSK, --psk=PSK pre-shared key used by the HMAC-SHA1 (default: netbeacon)
</code></pre>
<h1>License</h1>
<p>netbeacon is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.</p>
<p>Copyright (c) 2012 Alexandre Dulaunoy - <a href="https://github.com/adulau/">https://github.com/adulau/</a></p>
</section>
</div>
<!-- FOOTER -->
<div id="footer_wrap" class="outer">
<footer class="inner">
<p class="copyright">Netbeacon maintained by <a href="https://github.com/adulau">adulau</a></p>
<p>Published with <a href="http://pages.github.com">GitHub Pages</a></p>
</footer>
</div>
</body>
</html>
Reference in a new issue Copy permalink