From 66a5b4866a08f6b5744714fb05972bb5b287bfbe Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 5 Dec 2012 07:54:56 +0100 Subject: [PATCH] netbeacon - network capture monitoring netbeacon is a small free software to send beacon over the network to test the following properties of your network capture (e.g. for your honeypot network data capture, your data interception device, your NIDS, ...): - Checking how long it takes for a packet to reach your monitoring. - Checking time inconsistencies between devices. - Checking missing packets or its ordering. The netbeacon format is a simple ASCII format encapsulated in an UDP packet. The format is the following: header;epoch;sequence;hmac The current header is nb The epoch value (in UTC format) The sequence an unsigned integer and the HMAC-SHA1 signature. A private shared key (PSK) is agreed between the netbeacon sender and netbeacon recipient to ensure packet integrity using HMAC (SHA1). As a test, you can directly send the debug output from nb_send.py to nb_verify.py to verify your netbeacons. python nb_send.py | python nb_verify.py 4aa846f627ae7f92991622e9a0199fbbdb71e48d valid signature for nb;1354690456;1; Time delay 0.0 8b7ec2d5bb5e0644f2ba7f9842797296171e20e1 valid signature for nb;1354690456;2; --- nb_send.py | 40 +++++++++++++++++++++++++++++++++++++++ nb_verify.py | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+) create mode 100644 nb_send.py create mode 100644 nb_verify.py diff --git a/nb_send.py b/nb_send.py new file mode 100644 index 0000000..64e1432 --- /dev/null +++ b/nb_send.py @@ -0,0 +1,40 @@ +import socket +import datetime +import time +try: + from hashlib import sha1 +except ImportError: + from sha import sha as sha1 +import hmac + +## nb;epochvalue;sq;hmac +## hmacfunc("nb;epochvalue;sq;", psk) +def nbsign(message=None, psk="netbeacon"): + auth = hmac.new(psk, message, sha1) + return auth.hexdigest() + +# format: nb;1354687980;1;500f5e18df881bb1dd22ee3c468209669a13e4ef +def nbmessage(seq=1): + m = "" + m = m + "nb" + m = m + ";" + t = datetime.datetime.now() + now = time.mktime(t.timetuple()) + m = m + (str(int(now))) + m = m + ";" + m = m + str(seq) + m = m + ";" + m = m + nbsign(message=m) + return m + +def nbsend(destination=None,payload=None, logging=False): + if destination is None: + return False + if logging: + print (payload) + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) + sock.sendto(payload, (destination, 12345)) + return True + +for x in range(1,10): + nbsend(destination="127.0.0.1", payload=nbmessage(x), logging=True) diff --git a/nb_verify.py b/nb_verify.py new file mode 100644 index 0000000..a6ad68f --- /dev/null +++ b/nb_verify.py @@ -0,0 +1,53 @@ +import socket +import datetime +import time +import sys + +try: + from hashlib import sha1 +except ImportError: + from sha import sha as sha1 +import hmac + +## nb;epochvalue;sq;hmac +## hmacfunc("nb;epochvalue;sq;", psk) +def nbsign(message=None, psk="netbeacon"): + auth = hmac.new(psk, message, sha1) + return auth.hexdigest() + +message_keys = ['header','epoch','sequence','hmac'] + +def nbparse(message=None): + if message is None: + return False + i = 0 + m = {} + for v in line.rsplit(';'): + if message_keys[i] == "epoch": + m[message_keys[i]] = int(v) + else: + m[message_keys[i]] = v + i = i +1 + return m + +def deltafromnow(epoch=None): + if epoch is None: + return False + t = datetime.datetime.now() + now = time.mktime(t.timetuple()) + return now-epoch + +for line in sys.stdin: + line = line.rstrip() + m = {} + m = nbparse(message=line) + print m['hmac'] + message = m['header']+";"+str(m['epoch'])+";"+m['sequence']+";" + if m['hmac'] == nbsign(message=message): + print "valid signature for "+message + timedelta = deltafromnow(epoch=m['epoch']) + print "Time delay "+str(timedelta) + else: + print "(!) invalid signature for "+message + + #signature = line.rsplit(';')[-1:]