netbeacon - network capture monitoring

netbeacon is a small free software to send beacon over the network
to test the following properties of your network capture (e.g. for
your honeypot network data capture, your data interception device,
your NIDS, ...):

 - Checking how long it takes for a packet to reach your monitoring.
 - Checking time inconsistencies between devices.
 - Checking missing packets or its ordering.

The netbeacon format is a simple ASCII format encapsulated in an UDP
packet. The format is the following:

header;epoch;sequence;hmac

The current header is nb
The epoch value (in UTC format)
The sequence an unsigned integer
and the HMAC-SHA1 signature.

A private shared key (PSK) is agreed between the netbeacon sender
and netbeacon recipient to ensure packet integrity using HMAC (SHA1).

As a test, you can directly send the debug output from nb_send.py to
nb_verify.py to verify your netbeacons.

 python nb_send.py | python nb_verify.py
 4aa846f627ae7f92991622e9a0199fbbdb71e48d
 valid signature for nb;1354690456;1;
 Time delay 0.0
 8b7ec2d5bb5e0644f2ba7f9842797296171e20e1
 valid signature for nb;1354690456;2;
This commit is contained in:
Alexandre Dulaunoy 2012-12-05 07:54:56 +01:00
commit 66a5b4866a
2 changed files with 93 additions and 0 deletions

40
nb_send.py Normal file
View file

@ -0,0 +1,40 @@
import socket
import datetime
import time
try:
from hashlib import sha1
except ImportError:
from sha import sha as sha1
import hmac
## nb;epochvalue;sq;hmac
## hmacfunc("nb;epochvalue;sq;", psk)
def nbsign(message=None, psk="netbeacon"):
auth = hmac.new(psk, message, sha1)
return auth.hexdigest()
# format: nb;1354687980;1;500f5e18df881bb1dd22ee3c468209669a13e4ef
def nbmessage(seq=1):
m = ""
m = m + "nb"
m = m + ";"
t = datetime.datetime.now()
now = time.mktime(t.timetuple())
m = m + (str(int(now)))
m = m + ";"
m = m + str(seq)
m = m + ";"
m = m + nbsign(message=m)
return m
def nbsend(destination=None,payload=None, logging=False):
if destination is None:
return False
if logging:
print (payload)
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.sendto(payload, (destination, 12345))
return True
for x in range(1,10):
nbsend(destination="127.0.0.1", payload=nbmessage(x), logging=True)

53
nb_verify.py Normal file
View file

@ -0,0 +1,53 @@
import socket
import datetime
import time
import sys
try:
from hashlib import sha1
except ImportError:
from sha import sha as sha1
import hmac
## nb;epochvalue;sq;hmac
## hmacfunc("nb;epochvalue;sq;", psk)
def nbsign(message=None, psk="netbeacon"):
auth = hmac.new(psk, message, sha1)
return auth.hexdigest()
message_keys = ['header','epoch','sequence','hmac']
def nbparse(message=None):
if message is None:
return False
i = 0
m = {}
for v in line.rsplit(';'):
if message_keys[i] == "epoch":
m[message_keys[i]] = int(v)
else:
m[message_keys[i]] = v
i = i +1
return m
def deltafromnow(epoch=None):
if epoch is None:
return False
t = datetime.datetime.now()
now = time.mktime(t.timetuple())
return now-epoch
for line in sys.stdin:
line = line.rstrip()
m = {}
m = nbparse(message=line)
print m['hmac']
message = m['header']+";"+str(m['epoch'])+";"+m['sequence']+";"
if m['hmac'] == nbsign(message=message):
print "valid signature for "+message
timedelta = deltafromnow(epoch=m['epoch'])
print "Time delay "+str(timedelta)
else:
print "(!) invalid signature for "+message
#signature = line.rsplit(';')[-1:]