nb_collect output netbeacon packet from pcap or live capture.
Example usage:
nb_collect.py -r test.pcap
The extended output includes the timestamp of the pcap header.
-s option is checking the expected sequence value and store
the last seen value in a persistent shelve. The sequence is
an incremented unsigned integer value.
-t option to check time delta or not
netbeacon is a small free software to send beacon over the network
to test the following properties of your network capture (e.g. for
your honeypot network data capture, your data interception device,
your NIDS, ...):
- Checking how long it takes for a packet to reach your monitoring.
- Checking time inconsistencies between devices.
- Checking missing packets or its ordering.
The netbeacon format is a simple ASCII format encapsulated in an UDP
packet. The format is the following:
header;epoch;sequence;hmac
The current header is nb
The epoch value (in UTC format)
The sequence an unsigned integer
and the HMAC-SHA1 signature.
A private shared key (PSK) is agreed between the netbeacon sender
and netbeacon recipient to ensure packet integrity using HMAC (SHA1).
As a test, you can directly send the debug output from nb_send.py to
nb_verify.py to verify your netbeacons.
python nb_send.py | python nb_verify.py
4aa846f627ae7f92991622e9a0199fbbdb71e48d
valid signature for nb;1354690456;1;
Time delay 0.0
8b7ec2d5bb5e0644f2ba7f9842797296171e20e1
valid signature for nb;1354690456;2;