Added mirros and updated LICENSE

This commit is contained in:
Dionysus 2024-01-20 21:47:39 -05:00
parent 51e3b5f01f
commit ab158c1c9c
Signed by: acidvegas
GPG Key ID: EF4B922DB85DC9DE
6 changed files with 178 additions and 189 deletions

View File

@ -1,6 +1,6 @@
ISC License ISC License
Copyright (c) 2023, acidvegas <acid.vegas@acid.vegas> Copyright (c) 2024, acidvegas <acid.vegas@acid.vegas>
Permission to use, copy, modify, and/or distribute this software for any Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above purpose with or without fee is hereby granted, provided that the above

View File

@ -8,6 +8,7 @@ This Packet Analysis Tool is designed to capture and analyze network packets in
- Supports analysis of TCP, UDP, and ICMP protocols. - Supports analysis of TCP, UDP, and ICMP protocols.
- Displays packet details such as source/destination IP, source/destination port, packet length, and TTL. - Displays packet details such as source/destination IP, source/destination port, packet length, and TTL.
- Identifies and displays printable payloads in network traffic. - Identifies and displays printable payloads in network traffic.
- JSON packet logs for deep analysis.
## Usage ## Usage
| Argument | Description | | Argument | Description |
@ -16,3 +17,7 @@ This Packet Analysis Tool is designed to capture and analyze network packets in
| `-c` | Set the packets-per-second threshold for logging. | | `-c` | Set the packets-per-second threshold for logging. |
| `-x` | Provide a comma-separated list of IPs and ports to exclude. | | `-x` | Provide a comma-separated list of IPs and ports to exclude. |
| `-i` | Provide a comma-separated list of IPs and ports to include. | | `-i` | Provide a comma-separated list of IPs and ports to include. |
___
###### Mirrors for this repository: [acid.vegas](https://git.acid.vegas/ddosmonit) • [SuperNETs](https://git.supernets.org/acidvegas/ddosmonit) • [GitHub](https://github.com/acidvegas/ddosmonit) • [GitLab](https://gitlab.com/acidvegas/ddosmonit) • [Codeberg](https://codeberg.org/acidvegas/ddosmonit)

View File

@ -7,18 +7,22 @@ import (
"fmt" "fmt"
"log" "log"
"net" "net"
"os"
"regexp" "regexp"
"strconv"
"strings" "strings"
"time" "time"
"unicode"
"github.com/google/gopacket" "github.com/google/gopacket"
"github.com/google/gopacket/layers" "github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap" "github.com/google/gopacket/pcap"
) )
var (
deviceMonitor = flag.String("d", "eth0", "Device to monitor")
packetThreshold = flag.Int("c", 5000, "Packets per second threshold to start logging")
excludeList = flag.String("x", "", "Comma-separated list of IPs and ports to exclude")
includeList = flag.String("i", "", "Comma-separated list of IPs and ports to include")
)
const ( const (
ColorReset = "\033[0m" ColorReset = "\033[0m"
ColorDarkGrey = "\033[90m" ColorDarkGrey = "\033[90m"
@ -30,27 +34,20 @@ const (
ColorPink = "\033[95m" ColorPink = "\033[95m"
) )
var (
deviceMonitor = flag.String("d", "eth0", "Device to monitor")
packetThreshold = flag.Int("c", 5000, "Packets per second threshold to start logging")
excludeList = flag.String("x", "", "Comma-separated list of IPs and ports to exclude")
includeList = flag.String("i", "", "Comma-separated list of IPs and ports to include")
)
type PacketInfo struct { type PacketInfo struct {
Timestamp string `json:"timestamp"` Timestamp string `json:"timestamp"`
Protocol string `json:"protocol"` Protocol string `json:"protocol"`
SourceIP net.IP `json:"source_ip"` SourceIP net.IP `json:"source_ip"`
DestIP net.IP `json:"dest_ip"`
SourcePort int `json:"source_port"` SourcePort int `json:"source_port"`
DestIP net.IP `json:"dest_ip"`
DestPort int `json:"dest_port"` DestPort int `json:"dest_port"`
Length int `json:"length,omitempty"` Length int `json:"length,omitempty"`
TTL int `json:"ttl,omitempty"` TTL int `json:"ttl,omitempty"`
WindowSize int `json:"window_size,omitempty"` WindowSize int `json:"window_size,omitempty"`
TCPFlags string `json:"tcp_flags,omitempty"`
Checksum int `json:"checksum,omitempty"` Checksum int `json:"checksum,omitempty"`
PayloadData string `json:"payload_data,omitempty"` TCPFlags string `json:"tcp_flags,omitempty"`
ICMPData string `json:"icmp_data,omitempty"` ICMPData string `json:"icmp_data,omitempty"`
PayloadData string `json:"payload_data,omitempty"`
} }
func main() { func main() {
@ -138,105 +135,6 @@ func main() {
} }
} }
func getInterfaceMAC(interfaceName string) (net.HardwareAddr, error) {
iface, err := net.InterfaceByName(interfaceName)
if err != nil {
return nil, err
}
return iface.HardwareAddr, nil
}
func parseAndValidateIPsAndPorts(list string) ([]net.IP, []int) {
var ips []net.IP
var ports []int
items := strings.Split(list, ",")
for _, item := range items {
item = strings.TrimSpace(item)
if ip := net.ParseIP(item); ip != nil {
ips = append(ips, ip)
} else if port, err := strconv.Atoi(item); err == nil {
ports = append(ports, port)
}
}
return ips, ports
}
func shouldProcessPacket(packet gopacket.Packet, excludeIPs []net.IP, excludePorts []int, includeIPs []net.IP, includePorts []int) bool {
ipv4Layer := packet.Layer(layers.LayerTypeIPv4)
tcpLayer := packet.Layer(layers.LayerTypeTCP)
udpLayer := packet.Layer(layers.LayerTypeUDP)
var srcIP, dstIP net.IP
var srcPort, dstPort int
if ipv4Layer != nil {
ipv4, _ := ipv4Layer.(*layers.IPv4)
srcIP = ipv4.SrcIP
dstIP = ipv4.DstIP
}
if tcpLayer != nil {
tcp, _ := tcpLayer.(*layers.TCP)
srcPort = int(tcp.SrcPort)
dstPort = int(tcp.DstPort)
} else if udpLayer != nil {
udp, _ := udpLayer.(*layers.UDP)
srcPort = int(udp.SrcPort)
dstPort = int(udp.DstPort)
}
if containsIP(excludeIPs, srcIP) || containsIP(excludeIPs, dstIP) || containsPort(excludePorts, srcPort) || containsPort(excludePorts, dstPort) {
return false
}
if len(includeIPs) > 0 || len(includePorts) > 0 {
return containsIP(includeIPs, srcIP) || containsIP(includeIPs, dstIP) || containsPort(includePorts, srcPort) || containsPort(includePorts, dstPort)
}
return true
}
func containsIP(ips []net.IP, ip net.IP) bool {
for _, listedIP := range ips {
if ip.Equal(listedIP) {
return true
}
}
return false
}
func containsPort(ports []int, port int) bool {
for _, listedPort := range ports {
if port == listedPort {
return true
}
}
return false
}
func isLikelyPlainText(data []byte) bool {
if len(data) == 0 {
return false
}
var printableCount, controlCount int
for _, runeValue := range string(data) {
if unicode.IsPrint(runeValue) || unicode.IsSpace(runeValue) {
printableCount++
} else if unicode.IsControl(runeValue) {
controlCount++
}
}
totalChars := len(data)
printableRatio := float64(printableCount) / float64(totalChars)
controlRatio := float64(controlCount) / float64(totalChars)
return printableRatio > 0.7 && controlRatio < 0.3
}
func printPacketInfo(packet gopacket.Packet) { func printPacketInfo(packet gopacket.Packet) {
var srcIP, dstIP net.IP var srcIP, dstIP net.IP
var srcPort, dstPort int var srcPort, dstPort int
@ -312,57 +210,43 @@ func printWithColors(info PacketInfo) {
if len(payloadDisplay) != 0 { if len(payloadDisplay) != 0 {
if isLikelyPlainText([]byte(payloadDisplay)) { if isLikelyPlainText([]byte(payloadDisplay)) {
reg := regexp.MustCompile(`[\s\r\n\v\f]+`) reg := regexp.MustCompile(`[\s\r\n\v\f]+`)
payloadDisplay = reg.ReplaceAllString(payloadDisplay, " ") payloadDisplay = strings.TrimSpace(reg.ReplaceAllString(payloadDisplay, " "))
payloadDisplay = strings.TrimSpace(payloadDisplay) format := "%sPayload: %s%s%s"
if len(payloadDisplay) > 100 { if len(payloadDisplay) > 100 {
payloadDisplay = fmt.Sprintf("%sPayload: %s%s... %s(%d)%s", ColorCyan, ColorPurple, payloadDisplay[:100], ColorDarkGrey, len(payloadDisplay), ColorReset) payloadDisplay = fmt.Sprintf(format, ColorCyan, ColorPurple, payloadDisplay[:100]+"... "+fmt.Sprintf("%s(%d)%s", ColorDarkGrey, len(payloadDisplay), ColorReset), ColorReset)
} else { } else {
payloadDisplay = fmt.Sprintf("%sPayload: %s%s%s", ColorCyan, ColorPurple, payloadDisplay, ColorReset) payloadDisplay = fmt.Sprintf(format, ColorCyan, ColorPurple, payloadDisplay, ColorReset)
} }
} else { } else {
payloadDisplay = fmt.Sprintf("%sPayload: %sNon-printable data %s(%d)%s", ColorCyan, ColorPurple, ColorDarkGrey, len(payloadDisplay), ColorReset) payloadDisplay = fmt.Sprintf("%sPayload: %sNon-printable data %s(%d)%s", ColorCyan, ColorPurple, ColorDarkGrey, len(payloadDisplay), ColorReset)
} }
} }
srcPortDisplay := "" srcPortDisplay := fmt.Sprintf("%d", info.SourcePort)
dstPortDisplay := fmt.Sprintf("%d", info.DestPort)
if info.SourcePort == 0 { if info.SourcePort == 0 {
srcPortDisplay = "" srcPortDisplay = ""
} else {
srcPortDisplay = fmt.Sprintf("%d", info.SourcePort)
} }
dstPortDisplay := ""
if info.DestPort == 0 { if info.DestPort == 0 {
dstPortDisplay = "" dstPortDisplay = ""
} else {
dstPortDisplay = fmt.Sprintf("%d", info.DestPort)
} }
protocolColor := "" protocolColorMap := map[string]string{
switch info.Protocol { "TCP": ColorGreen,
case "TCP": "UDP": ColorYellow,
protocolColor = ColorGreen "ICMP": ColorPurple,
case "UDP":
protocolColor = ColorYellow
case "ICMP":
protocolColor = ColorPurple
} }
protocolColor := protocolColorMap[info.Protocol]
extraData := " " extraData := " "
if info.Protocol == "ICMP" { if info.Protocol == "ICMP" {
extraData = fmt.Sprintf("%3s", info.ICMPData) extraData = fmt.Sprintf("%3s", info.ICMPData)
} else if info.Protocol == "UDP" { } else if info.Protocol == "TCP" && info.TCPFlags != "" {
extraData = " "
} else if info.Protocol == "TCP" {
if info.TCPFlags == "" {
extraData = " "
} else {
extraData = info.TCPFlags extraData = info.TCPFlags
} }
}
SEP := ColorDarkGrey + "│" + ColorReset SEP := ColorDarkGrey + "│" + ColorReset
fmt.Printf("%s %s %s %s %15s %-5s -> %15s %-5s %s %s %4d %s %s %3d %s %s %5d %s %s %5d %s %s %s %s\n", fmt.Printf("%s %s %s %s %15s %-5s -> %15s %-5s %s %s %5d %s %s %3d %s %s %5d %s %s %5d %s %s %s %s\n",
ColorDarkGrey+info.Timestamp+ColorReset, ColorDarkGrey+info.Timestamp+ColorReset,
SEP, SEP,
protocolColor+fmt.Sprintf("%4s", info.Protocol)+ColorReset, protocolColor+fmt.Sprintf("%4s", info.Protocol)+ColorReset,
@ -386,47 +270,3 @@ func printWithColors(info PacketInfo) {
) )
} }
func writeToFile(data []byte) {
fileName := "packet_info.json"
file, err := os.OpenFile(fileName, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
if err != nil {
fmt.Println("Error opening file:", err)
return
}
defer file.Close()
_, err = file.Write(data)
if err != nil {
fmt.Println("Error writing to file:", err)
return
}
_, err = file.WriteString("\n")
if err != nil {
fmt.Println("Error writing newline to file:", err)
return
}
}
func getTCPFlags(tcp *layers.TCP) string {
flagNames := map[bool]string{
tcp.FIN: "FIN",
tcp.SYN: "SYN",
tcp.RST: "RST",
tcp.PSH: "PSH",
tcp.ACK: "ACK",
tcp.URG: "URG",
tcp.ECE: "ECE",
tcp.CWR: "CWR",
tcp.NS: "NS",
}
var flags []string
for flag, name := range flagNames {
if flag {
flags = append(flags, name)
}
}
return strings.Join(flags, ",")
}

Binary file not shown.

View File

@ -1,8 +1,8 @@
module dmon module ddosmonit
go 1.21.5 go 1.21.5
require ( require (
github.com/google/gopacket v1.1.19 // indirect github.com/google/gopacket v1.1.19 // direct
golang.org/x/sys v0.0.0-20190412213103-97732733099d // indirect golang.org/x/sys v0.0.0-20190412213103-97732733099d // indirect
) )

144
ddosmonit/utils.go Normal file
View File

@ -0,0 +1,144 @@
package main
import (
"fmt"
"net"
"os"
"strconv"
"strings"
"unicode"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
)
func containsIP(ips []net.IP, ip net.IP) bool {
for _, listedIP := range ips {
if ip.Equal(listedIP) {
return true
}
}
return false
}
func containsPort(ports []int, port int) bool {
for _, listedPort := range ports {
if port == listedPort {
return true
}
}
return false
}
func getInterfaceMAC(interfaceName string) (net.HardwareAddr, error) {
iface, err := net.InterfaceByName(interfaceName)
if err != nil {
return nil, err
}
return iface.HardwareAddr, nil
}
func getTCPFlags(tcp *layers.TCP) string {
flagNames := map[bool]string{
tcp.FIN: "FIN",
tcp.SYN: "SYN",
tcp.RST: "RST",
tcp.PSH: "PSH",
tcp.ACK: "ACK",
tcp.URG: "URG",
tcp.ECE: "ECE",
tcp.CWR: "CWR",
tcp.NS: "NS",
}
var flags []string
for flag, name := range flagNames {
if flag {
flags = append(flags, name)
}
}
return strings.Join(flags, ",")
}
func isLikelyPlainText(data []byte) bool {
if len(data) == 0 {
return false
}
var printableCount, controlCount int
for _, runeValue := range string(data) {
if unicode.IsPrint(runeValue) || unicode.IsSpace(runeValue) {
printableCount++
} else if unicode.IsControl(runeValue) {
controlCount++
}
}
totalChars := len(data)
printableRatio := float64(printableCount) / float64(totalChars)
controlRatio := float64(controlCount) / float64(totalChars)
return printableRatio > 0.7 && controlRatio < 0.3
}
func parseAndValidateIPsAndPorts(list string) ([]net.IP, []int) {
var ips []net.IP
var ports []int
items := strings.Split(list, ",")
for _, item := range items {
item = strings.TrimSpace(item)
if ip := net.ParseIP(item); ip != nil {
ips = append(ips, ip)
} else if port, err := strconv.Atoi(item); err == nil {
ports = append(ports, port)
}
}
return ips, ports
}
func shouldProcessPacket(packet gopacket.Packet, excludeIPs []net.IP, excludePorts []int, includeIPs []net.IP, includePorts []int) bool {
var srcIP, dstIP net.IP
var srcPort, dstPort int
if ipv4Layer := packet.Layer(layers.LayerTypeIPv4); ipv4Layer != nil {
ipv4 := ipv4Layer.(*layers.IPv4)
srcIP, dstIP = ipv4.SrcIP, ipv4.DstIP
}
if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil {
tcp := tcpLayer.(*layers.TCP)
srcPort, dstPort = int(tcp.SrcPort), int(tcp.DstPort)
} else if udpLayer := packet.Layer(layers.LayerTypeUDP); udpLayer != nil {
udp := udpLayer.(*layers.UDP)
srcPort, dstPort = int(udp.SrcPort), int(udp.DstPort)
}
isExcluded := containsIP(excludeIPs, srcIP) || containsIP(excludeIPs, dstIP) ||
containsPort(excludePorts, srcPort) || containsPort(excludePorts, dstPort)
isIncluded := (len(includeIPs) == 0 || containsIP(includeIPs, srcIP) || containsIP(includeIPs, dstIP)) &&
(len(includePorts) == 0 || containsPort(includePorts, srcPort) || containsPort(includePorts, dstPort))
return !isExcluded && isIncluded
}
func writeToFile(data []byte) {
fileName := "packet_info.json"
file, err := os.OpenFile(fileName, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
if err != nil {
fmt.Println("Error opening file:", err)
return
}
defer file.Close()
_, err = file.Write(data)
if err != nil {
fmt.Println("Error writing to file:", err)
return
}
_, err = file.WriteString("\n")
if err != nil {
fmt.Println("Error writing newline to file:", err)
return
}
}