mirror of
https://github.com/adulau/netbeacon.git
synced 2024-12-22 08:46:01 +00:00
netbeacon - network capture monitoring
netbeacon is a small free software to send beacon over the network to test the following properties of your network capture (e.g. for your honeypot network data capture, your data interception device, your NIDS, ...): - Checking how long it takes for a packet to reach your monitoring. - Checking time inconsistencies between devices. - Checking missing packets or its ordering. The netbeacon format is a simple ASCII format encapsulated in an UDP packet. The format is the following: header;epoch;sequence;hmac The current header is nb The epoch value (in UTC format) The sequence an unsigned integer and the HMAC-SHA1 signature. A private shared key (PSK) is agreed between the netbeacon sender and netbeacon recipient to ensure packet integrity using HMAC (SHA1). As a test, you can directly send the debug output from nb_send.py to nb_verify.py to verify your netbeacons. python nb_send.py | python nb_verify.py 4aa846f627ae7f92991622e9a0199fbbdb71e48d valid signature for nb;1354690456;1; Time delay 0.0 8b7ec2d5bb5e0644f2ba7f9842797296171e20e1 valid signature for nb;1354690456;2;
This commit is contained in:
commit
66a5b4866a
2 changed files with 93 additions and 0 deletions
40
nb_send.py
Normal file
40
nb_send.py
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
import socket
|
||||||
|
import datetime
|
||||||
|
import time
|
||||||
|
try:
|
||||||
|
from hashlib import sha1
|
||||||
|
except ImportError:
|
||||||
|
from sha import sha as sha1
|
||||||
|
import hmac
|
||||||
|
|
||||||
|
## nb;epochvalue;sq;hmac
|
||||||
|
## hmacfunc("nb;epochvalue;sq;", psk)
|
||||||
|
def nbsign(message=None, psk="netbeacon"):
|
||||||
|
auth = hmac.new(psk, message, sha1)
|
||||||
|
return auth.hexdigest()
|
||||||
|
|
||||||
|
# format: nb;1354687980;1;500f5e18df881bb1dd22ee3c468209669a13e4ef
|
||||||
|
def nbmessage(seq=1):
|
||||||
|
m = ""
|
||||||
|
m = m + "nb"
|
||||||
|
m = m + ";"
|
||||||
|
t = datetime.datetime.now()
|
||||||
|
now = time.mktime(t.timetuple())
|
||||||
|
m = m + (str(int(now)))
|
||||||
|
m = m + ";"
|
||||||
|
m = m + str(seq)
|
||||||
|
m = m + ";"
|
||||||
|
m = m + nbsign(message=m)
|
||||||
|
return m
|
||||||
|
|
||||||
|
def nbsend(destination=None,payload=None, logging=False):
|
||||||
|
if destination is None:
|
||||||
|
return False
|
||||||
|
if logging:
|
||||||
|
print (payload)
|
||||||
|
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
|
||||||
|
sock.sendto(payload, (destination, 12345))
|
||||||
|
return True
|
||||||
|
|
||||||
|
for x in range(1,10):
|
||||||
|
nbsend(destination="127.0.0.1", payload=nbmessage(x), logging=True)
|
53
nb_verify.py
Normal file
53
nb_verify.py
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
import socket
|
||||||
|
import datetime
|
||||||
|
import time
|
||||||
|
import sys
|
||||||
|
|
||||||
|
try:
|
||||||
|
from hashlib import sha1
|
||||||
|
except ImportError:
|
||||||
|
from sha import sha as sha1
|
||||||
|
import hmac
|
||||||
|
|
||||||
|
## nb;epochvalue;sq;hmac
|
||||||
|
## hmacfunc("nb;epochvalue;sq;", psk)
|
||||||
|
def nbsign(message=None, psk="netbeacon"):
|
||||||
|
auth = hmac.new(psk, message, sha1)
|
||||||
|
return auth.hexdigest()
|
||||||
|
|
||||||
|
message_keys = ['header','epoch','sequence','hmac']
|
||||||
|
|
||||||
|
def nbparse(message=None):
|
||||||
|
if message is None:
|
||||||
|
return False
|
||||||
|
i = 0
|
||||||
|
m = {}
|
||||||
|
for v in line.rsplit(';'):
|
||||||
|
if message_keys[i] == "epoch":
|
||||||
|
m[message_keys[i]] = int(v)
|
||||||
|
else:
|
||||||
|
m[message_keys[i]] = v
|
||||||
|
i = i +1
|
||||||
|
return m
|
||||||
|
|
||||||
|
def deltafromnow(epoch=None):
|
||||||
|
if epoch is None:
|
||||||
|
return False
|
||||||
|
t = datetime.datetime.now()
|
||||||
|
now = time.mktime(t.timetuple())
|
||||||
|
return now-epoch
|
||||||
|
|
||||||
|
for line in sys.stdin:
|
||||||
|
line = line.rstrip()
|
||||||
|
m = {}
|
||||||
|
m = nbparse(message=line)
|
||||||
|
print m['hmac']
|
||||||
|
message = m['header']+";"+str(m['epoch'])+";"+m['sequence']+";"
|
||||||
|
if m['hmac'] == nbsign(message=message):
|
||||||
|
print "valid signature for "+message
|
||||||
|
timedelta = deltafromnow(epoch=m['epoch'])
|
||||||
|
print "Time delay "+str(timedelta)
|
||||||
|
else:
|
||||||
|
print "(!) invalid signature for "+message
|
||||||
|
|
||||||
|
#signature = line.rsplit(';')[-1:]
|
Loading…
Reference in a new issue