Added mirros and updated LICENSE

2024-01-20 21:47:39 -05:00 · 2024-01-20 21:47:39 -05:00 · ab158c1c9c
commit ab158c1c9c
parent 51e3b5f01f
6 changed files with 178 additions and 189 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 ISC License
-Copyright (c) 2023, acidvegas <acid.vegas@acid.vegas>
+Copyright (c) 2024, acidvegas <acid.vegas@acid.vegas>
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
--- a/README.md
+++ b/README.md
@ -8,6 +8,7 @@ This Packet Analysis Tool is designed to capture and analyze network packets in
 - Supports analysis of TCP, UDP, and ICMP protocols.
 - Displays packet details such as source/destination IP, source/destination port, packet length, and TTL.
 - Identifies and displays printable payloads in network traffic.
 - JSON packet logs for deep analysis.
 ## Usage
 | Argument | Description                                                 |
@ -16,3 +17,7 @@ This Packet Analysis Tool is designed to capture and analyze network packets in
 | `-c`     | Set the packets-per-second threshold for logging.           |
 | `-x`     | Provide a comma-separated list of IPs and ports to exclude. |
 | `-i`     | Provide a comma-separated list of IPs and ports to include. |
 ___
 ###### Mirrors for this repository: [acid.vegas](https://git.acid.vegas/ddosmonit) • [SuperNETs](https://git.supernets.org/acidvegas/ddosmonit) • [GitHub](https://github.com/acidvegas/ddosmonit) • [GitLab](https://gitlab.com/acidvegas/ddosmonit) • [Codeberg](https://codeberg.org/acidvegas/ddosmonit)
--- a/ddosmonit/ddosmonit.go
+++ b/ddosmonit/ddosmonit.go
@ -7,18 +7,22 @@ import (
 	"fmt"
 	"log"
 	"net"
 	"os"
 	"regexp"
 	"strconv"
 	"strings"
 	"time"
 	"unicode"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 	"github.com/google/gopacket/pcap"
 )
 var (
 	deviceMonitor   = flag.String("d", "eth0", "Device to monitor")
 	packetThreshold = flag.Int("c", 5000, "Packets per second threshold to start logging")
 	excludeList     = flag.String("x", "", "Comma-separated list of IPs and ports to exclude")
 	includeList     = flag.String("i", "", "Comma-separated list of IPs and ports to include")
 )
 const (
 	ColorReset    = "\033[0m"
 	ColorDarkGrey = "\033[90m"
@ -30,27 +34,20 @@ const (
 	ColorPink     = "\033[95m"
 )
 var (
 	deviceMonitor   = flag.String("d", "eth0", "Device to monitor")
 	packetThreshold = flag.Int("c", 5000, "Packets per second threshold to start logging")
 	excludeList     = flag.String("x", "", "Comma-separated list of IPs and ports to exclude")
 	includeList     = flag.String("i", "", "Comma-separated list of IPs and ports to include")
 )
 type PacketInfo struct {
 	Timestamp   string `json:"timestamp"`
 	Protocol    string `json:"protocol"`
 	SourceIP    net.IP `json:"source_ip"`
 	DestIP      net.IP `json:"dest_ip"`
 	SourcePort  int    `json:"source_port"`
 	DestIP      net.IP `json:"dest_ip"`
 	DestPort    int    `json:"dest_port"`
 	Length      int    `json:"length,omitempty"`
 	TTL         int    `json:"ttl,omitempty"`
 	WindowSize  int    `json:"window_size,omitempty"`
 	TCPFlags    string `json:"tcp_flags,omitempty"`
 	Checksum    int    `json:"checksum,omitempty"`
-	PayloadData string `json:"payload_data,omitempty"`
+	TCPFlags    string `json:"tcp_flags,omitempty"`
 	ICMPData    string `json:"icmp_data,omitempty"`
 	PayloadData string `json:"payload_data,omitempty"`
 }
 func main() {
@ -138,105 +135,6 @@ func main() {
 	}
 }
 func getInterfaceMAC(interfaceName string) (net.HardwareAddr, error) {
 	iface, err := net.InterfaceByName(interfaceName)
 	if err != nil {
 		return nil, err
 	}
 	return iface.HardwareAddr, nil
 }
 func parseAndValidateIPsAndPorts(list string) ([]net.IP, []int) {
 	var ips []net.IP
 	var ports []int
 	items := strings.Split(list, ",")
 	for _, item := range items {
 		item = strings.TrimSpace(item)
 		if ip := net.ParseIP(item); ip != nil {
 			ips = append(ips, ip)
 		} else if port, err := strconv.Atoi(item); err == nil {
 			ports = append(ports, port)
 		}
 	}
 	return ips, ports
 }
 func shouldProcessPacket(packet gopacket.Packet, excludeIPs []net.IP, excludePorts []int, includeIPs []net.IP, includePorts []int) bool {
 	ipv4Layer := packet.Layer(layers.LayerTypeIPv4)
 	tcpLayer := packet.Layer(layers.LayerTypeTCP)
 	udpLayer := packet.Layer(layers.LayerTypeUDP)
 	var srcIP, dstIP net.IP
 	var srcPort, dstPort int
 	if ipv4Layer != nil {
 		ipv4, _ := ipv4Layer.(*layers.IPv4)
 		srcIP = ipv4.SrcIP
 		dstIP = ipv4.DstIP
 	}
 	if tcpLayer != nil {
 		tcp, _ := tcpLayer.(*layers.TCP)
 		srcPort = int(tcp.SrcPort)
 		dstPort = int(tcp.DstPort)
 	} else if udpLayer != nil {
 		udp, _ := udpLayer.(*layers.UDP)
 		srcPort = int(udp.SrcPort)
 		dstPort = int(udp.DstPort)
 	}
 	if containsIP(excludeIPs, srcIP) || containsIP(excludeIPs, dstIP) || containsPort(excludePorts, srcPort) || containsPort(excludePorts, dstPort) {
 		return false
 	}
 	if len(includeIPs) > 0 || len(includePorts) > 0 {
 		return containsIP(includeIPs, srcIP) || containsIP(includeIPs, dstIP) || containsPort(includePorts, srcPort) || containsPort(includePorts, dstPort)
 	}
 	return true
 }
 func containsIP(ips []net.IP, ip net.IP) bool {
 	for _, listedIP := range ips {
 		if ip.Equal(listedIP) {
 			return true
 		}
 	}
 	return false
 }
 func containsPort(ports []int, port int) bool {
 	for _, listedPort := range ports {
 		if port == listedPort {
 			return true
 		}
 	}
 	return false
 }
 func isLikelyPlainText(data []byte) bool {
 	if len(data) == 0 {
 		return false
 	}
 	var printableCount, controlCount int
 	for _, runeValue := range string(data) {
 		if unicode.IsPrint(runeValue) || unicode.IsSpace(runeValue) {
 			printableCount++
 		} else if unicode.IsControl(runeValue) {
 			controlCount++
 		}
 	}
 	totalChars := len(data)
 	printableRatio := float64(printableCount) / float64(totalChars)
 	controlRatio := float64(controlCount) / float64(totalChars)
 	return printableRatio > 0.7 && controlRatio < 0.3
 }
 func printPacketInfo(packet gopacket.Packet) {
 	var srcIP, dstIP net.IP
 	var srcPort, dstPort int
@ -312,57 +210,43 @@ func printWithColors(info PacketInfo) {
 	if len(payloadDisplay) != 0 {
 		if isLikelyPlainText([]byte(payloadDisplay)) {
 			reg := regexp.MustCompile(`[\s\r\n\v\f]+`)
-			payloadDisplay = reg.ReplaceAllString(payloadDisplay, " ")
+			payloadDisplay = strings.TrimSpace(reg.ReplaceAllString(payloadDisplay, " "))
-			payloadDisplay = strings.TrimSpace(payloadDisplay)
+			format := "%sPayload: %s%s%s"
 			if len(payloadDisplay) > 100 {
-				payloadDisplay = fmt.Sprintf("%sPayload: %s%s... %s(%d)%s", ColorCyan, ColorPurple, payloadDisplay[:100], ColorDarkGrey, len(payloadDisplay), ColorReset)
+				payloadDisplay = fmt.Sprintf(format, ColorCyan, ColorPurple, payloadDisplay[:100]+"... "+fmt.Sprintf("%s(%d)%s", ColorDarkGrey, len(payloadDisplay), ColorReset), ColorReset)
 			} else {
-				payloadDisplay = fmt.Sprintf("%sPayload: %s%s%s", ColorCyan, ColorPurple, payloadDisplay, ColorReset)
+				payloadDisplay = fmt.Sprintf(format, ColorCyan, ColorPurple, payloadDisplay, ColorReset)
 			}
 		} else {
 			payloadDisplay = fmt.Sprintf("%sPayload: %sNon-printable data %s(%d)%s", ColorCyan, ColorPurple, ColorDarkGrey, len(payloadDisplay), ColorReset)
 		}
 	}
-	srcPortDisplay := ""
+	srcPortDisplay := fmt.Sprintf("%d", info.SourcePort)
 	dstPortDisplay := fmt.Sprintf("%d", info.DestPort)
 	if info.SourcePort == 0 {
 		srcPortDisplay = ""
 	} else {
 		srcPortDisplay = fmt.Sprintf("%d", info.SourcePort)
 	}
 	dstPortDisplay := ""
 	if info.DestPort == 0 {
 		dstPortDisplay = ""
 	} else {
 		dstPortDisplay = fmt.Sprintf("%d", info.DestPort)
 	}
-	protocolColor := ""
+	protocolColorMap := map[string]string{
-	switch info.Protocol {
+		"TCP":  ColorGreen,
-	case "TCP":
+		"UDP":  ColorYellow,
-		protocolColor = ColorGreen
+		"ICMP": ColorPurple,
 	case "UDP":
 		protocolColor = ColorYellow
 	case "ICMP":
 		protocolColor = ColorPurple
 	}
 	protocolColor := protocolColorMap[info.Protocol]
-	extraData := ""
+	extraData := "   "
 	if info.Protocol == "ICMP" {
 		extraData = fmt.Sprintf("%3s", info.ICMPData)
-	} else if info.Protocol == "UDP" {
+	} else if info.Protocol == "TCP" && info.TCPFlags != "" {
-		extraData = "   "
+		extraData = info.TCPFlags
 	} else if info.Protocol == "TCP" {
 		if info.TCPFlags == "" {
 			extraData = "   "
 		} else {
 			extraData = info.TCPFlags
 		}
 	}
 	SEP := ColorDarkGrey + "│" + ColorReset
-	fmt.Printf("%s %s %s %s %15s %-5s -> %15s %-5s %s %s %4d %s %s %3d %s %s %5d %s %s %5d %s %s %s %s\n",
+	fmt.Printf("%s %s %s %s %15s %-5s -> %15s %-5s %s %s %5d %s %s %3d %s %s %5d %s %s %5d %s %s %s %s\n",
 		ColorDarkGrey+info.Timestamp+ColorReset,
 		SEP,
 		protocolColor+fmt.Sprintf("%4s", info.Protocol)+ColorReset,
@ -386,47 +270,3 @@ func printWithColors(info PacketInfo) {
 	)
 }
 func writeToFile(data []byte) {
 	fileName := "packet_info.json"
 	file, err := os.OpenFile(fileName, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
 	if err != nil {
 		fmt.Println("Error opening file:", err)
 		return
 	}
 	defer file.Close()
 	_, err = file.Write(data)
 	if err != nil {
 		fmt.Println("Error writing to file:", err)
 		return
 	}
 	_, err = file.WriteString("\n")
 	if err != nil {
 		fmt.Println("Error writing newline to file:", err)
 		return
 	}
 }
 func getTCPFlags(tcp *layers.TCP) string {
 	flagNames := map[bool]string{
 		tcp.FIN: "FIN",
 		tcp.SYN: "SYN",
 		tcp.RST: "RST",
 		tcp.PSH: "PSH",
 		tcp.ACK: "ACK",
 		tcp.URG: "URG",
 		tcp.ECE: "ECE",
 		tcp.CWR: "CWR",
 		tcp.NS:  "NS",
 	}
 	var flags []string
 	for flag, name := range flagNames {
 		if flag {
 			flags = append(flags, name)
 		}
 	}
 	return strings.Join(flags, ",")
 }
--- a/ddosmonit/dmon
+++ b/ddosmonit/dmon
--- a/ddosmonit/go.mod
+++ b/ddosmonit/go.mod
@ -1,8 +1,8 @@
-module dmon
+module ddosmonit
 go 1.21.5
 require (
-	github.com/google/gopacket v1.1.19 // indirect
+	github.com/google/gopacket v1.1.19 // direct
 	golang.org/x/sys v0.0.0-20190412213103-97732733099d // indirect
 )
--- a/ddosmonit/utils.go
+++ b/ddosmonit/utils.go
@ -0,0 +1,144 @@
 package main
 import (
 	"fmt"
 	"net"
 	"os"
 	"strconv"
 	"strings"
 	"unicode"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
 )
 func containsIP(ips []net.IP, ip net.IP) bool {
 	for _, listedIP := range ips {
 		if ip.Equal(listedIP) {
 			return true
 		}
 	}
 	return false
 }
 func containsPort(ports []int, port int) bool {
 	for _, listedPort := range ports {
 		if port == listedPort {
 			return true
 		}
 	}
 	return false
 }
 func getInterfaceMAC(interfaceName string) (net.HardwareAddr, error) {
 	iface, err := net.InterfaceByName(interfaceName)
 	if err != nil {
 		return nil, err
 	}
 	return iface.HardwareAddr, nil
 }
 func getTCPFlags(tcp *layers.TCP) string {
 	flagNames := map[bool]string{
 		tcp.FIN: "FIN",
 		tcp.SYN: "SYN",
 		tcp.RST: "RST",
 		tcp.PSH: "PSH",
 		tcp.ACK: "ACK",
 		tcp.URG: "URG",
 		tcp.ECE: "ECE",
 		tcp.CWR: "CWR",
 		tcp.NS:  "NS",
 	}
 	var flags []string
 	for flag, name := range flagNames {
 		if flag {
 			flags = append(flags, name)
 		}
 	}
 	return strings.Join(flags, ",")
 }
 func isLikelyPlainText(data []byte) bool {
 	if len(data) == 0 {
 		return false
 	}
 	var printableCount, controlCount int
 	for _, runeValue := range string(data) {
 		if unicode.IsPrint(runeValue) || unicode.IsSpace(runeValue) {
 			printableCount++
 		} else if unicode.IsControl(runeValue) {
 			controlCount++
 		}
 	}
 	totalChars := len(data)
 	printableRatio := float64(printableCount) / float64(totalChars)
 	controlRatio := float64(controlCount) / float64(totalChars)
 	return printableRatio > 0.7 && controlRatio < 0.3
 }
 func parseAndValidateIPsAndPorts(list string) ([]net.IP, []int) {
 	var ips []net.IP
 	var ports []int
 	items := strings.Split(list, ",")
 	for _, item := range items {
 		item = strings.TrimSpace(item)
 		if ip := net.ParseIP(item); ip != nil {
 			ips = append(ips, ip)
 		} else if port, err := strconv.Atoi(item); err == nil {
 			ports = append(ports, port)
 		}
 	}
 	return ips, ports
 }
 func shouldProcessPacket(packet gopacket.Packet, excludeIPs []net.IP, excludePorts []int, includeIPs []net.IP, includePorts []int) bool {
 	var srcIP, dstIP net.IP
 	var srcPort, dstPort int
 	if ipv4Layer := packet.Layer(layers.LayerTypeIPv4); ipv4Layer != nil {
 		ipv4 := ipv4Layer.(*layers.IPv4)
 		srcIP, dstIP = ipv4.SrcIP, ipv4.DstIP
 	}
 	if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil {
 		tcp := tcpLayer.(*layers.TCP)
 		srcPort, dstPort = int(tcp.SrcPort), int(tcp.DstPort)
 	} else if udpLayer := packet.Layer(layers.LayerTypeUDP); udpLayer != nil {
 		udp := udpLayer.(*layers.UDP)
 		srcPort, dstPort = int(udp.SrcPort), int(udp.DstPort)
 	}
 	isExcluded := containsIP(excludeIPs, srcIP) || containsIP(excludeIPs, dstIP) ||
 		containsPort(excludePorts, srcPort) || containsPort(excludePorts, dstPort)
 	isIncluded := (len(includeIPs) == 0 || containsIP(includeIPs, srcIP) || containsIP(includeIPs, dstIP)) &&
 		(len(includePorts) == 0 || containsPort(includePorts, srcPort) || containsPort(includePorts, dstPort))
 	return !isExcluded && isIncluded
 }
 func writeToFile(data []byte) {
 	fileName := "packet_info.json"
 	file, err := os.OpenFile(fileName, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
 	if err != nil {
 		fmt.Println("Error opening file:", err)
 		return
 	}
 	defer file.Close()
 	_, err = file.Write(data)
 	if err != nil {
 		fmt.Println("Error writing to file:", err)
 		return
 	}
 	_, err = file.WriteString("\n")
 	if err != nil {
 		fmt.Println("Error writing newline to file:", err)
 		return
 	}
 }