commit 66a5b4866a08f6b5744714fb05972bb5b287bfbe Author: Alexandre Dulaunoy Date: Wed Dec 5 07:54:56 2012 +0100 netbeacon - network capture monitoring netbeacon is a small free software to send beacon over the network to test the following properties of your network capture (e.g. for your honeypot network data capture, your data interception device, your NIDS, ...): - Checking how long it takes for a packet to reach your monitoring. - Checking time inconsistencies between devices. - Checking missing packets or its ordering. The netbeacon format is a simple ASCII format encapsulated in an UDP packet. The format is the following: header;epoch;sequence;hmac The current header is nb The epoch value (in UTC format) The sequence an unsigned integer and the HMAC-SHA1 signature. A private shared key (PSK) is agreed between the netbeacon sender and netbeacon recipient to ensure packet integrity using HMAC (SHA1). As a test, you can directly send the debug output from nb_send.py to nb_verify.py to verify your netbeacons. python nb_send.py | python nb_verify.py 4aa846f627ae7f92991622e9a0199fbbdb71e48d valid signature for nb;1354690456;1; Time delay 0.0 8b7ec2d5bb5e0644f2ba7f9842797296171e20e1 valid signature for nb;1354690456;2; diff --git a/nb_send.py b/nb_send.py new file mode 100644 index 0000000..64e1432 --- /dev/null +++ b/nb_send.py @@ -0,0 +1,40 @@ +import socket +import datetime +import time +try: + from hashlib import sha1 +except ImportError: + from sha import sha as sha1 +import hmac + +## nb;epochvalue;sq;hmac +## hmacfunc("nb;epochvalue;sq;", psk) +def nbsign(message=None, psk="netbeacon"): + auth = hmac.new(psk, message, sha1) + return auth.hexdigest() + +# format: nb;1354687980;1;500f5e18df881bb1dd22ee3c468209669a13e4ef +def nbmessage(seq=1): + m = "" + m = m + "nb" + m = m + ";" + t = datetime.datetime.now() + now = time.mktime(t.timetuple()) + m = m + (str(int(now))) + m = m + ";" + m = m + str(seq) + m = m + ";" + m = m + nbsign(message=m) + return m + +def nbsend(destination=None,payload=None, logging=False): + if destination is None: + return False + if logging: + print (payload) + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) + sock.sendto(payload, (destination, 12345)) + return True + +for x in range(1,10): + nbsend(destination="127.0.0.1", payload=nbmessage(x), logging=True) diff --git a/nb_verify.py b/nb_verify.py new file mode 100644 index 0000000..a6ad68f --- /dev/null +++ b/nb_verify.py @@ -0,0 +1,53 @@ +import socket +import datetime +import time +import sys + +try: + from hashlib import sha1 +except ImportError: + from sha import sha as sha1 +import hmac + +## nb;epochvalue;sq;hmac +## hmacfunc("nb;epochvalue;sq;", psk) +def nbsign(message=None, psk="netbeacon"): + auth = hmac.new(psk, message, sha1) + return auth.hexdigest() + +message_keys = ['header','epoch','sequence','hmac'] + +def nbparse(message=None): + if message is None: + return False + i = 0 + m = {} + for v in line.rsplit(';'): + if message_keys[i] == "epoch": + m[message_keys[i]] = int(v) + else: + m[message_keys[i]] = v + i = i +1 + return m + +def deltafromnow(epoch=None): + if epoch is None: + return False + t = datetime.datetime.now() + now = time.mktime(t.timetuple()) + return now-epoch + +for line in sys.stdin: + line = line.rstrip() + m = {} + m = nbparse(message=line) + print m['hmac'] + message = m['header']+";"+str(m['epoch'])+";"+m['sequence']+";" + if m['hmac'] == nbsign(message=message): + print "valid signature for "+message + timedelta = deltafromnow(epoch=m['epoch']) + print "Time delay "+str(timedelta) + else: + print "(!) invalid signature for "+message + + #signature = line.rsplit(';')[-1:]