Commit 0006347
Changed files (4)
lib/tasks/agent.rake
@@ -12,4 +12,10 @@ namespace :agent do
agent = FakeAgent.new(Agent.first.id, 'http://localhost:3000')
agent.scan(Dir.pwd)
end
+
+ desc "scan network traffic"
+ task nfm: :environment do
+ agent = FakeAgent.new(Agent.first.id, 'http://localhost:3000')
+ agent.sniff('en1')
+ end
end
lib/fake_agent.rb
@@ -41,6 +41,35 @@ class FakeAgent
end
end
+ def nfm_scan(interface)
+ capture = PCAPRUB::Pcap.open_live(interface, 65535, true, 0)
+ #capture.setfilter('icmp')
+ #capture.setfilter('tcp and dst port 80')
+ capture.setfilter('port 80')
+ puts 'running...'
+ capture.each_packet do |packet|
+ puts "++++"
+ puts Time.at(packet.time)
+ puts "micro => #{packet.microsec}"
+ puts packet.inspect
+ #puts packet.data
+ end
+ capture.close
+ end
+ include PacketFu
+
+ def sniff(interface)
+ capture = Capture.new(iface: interface, start: true)
+ capture.stream.each do |p|
+ packet = Packet.parse(p)
+ if packet.is_ip?
+ next if packet.ip_saddr == Utils.ifconfig(interface)[:ip_saddr]
+ packet_info = [packet.ip_saddr, packet.ip_daddr, packet.size, packet.proto.last]
+ puts "%-15s -> %-15s %-4d %s" % packet_info
+ end
+ end
+ end
+
private
def publish_event(event, files)
Gemfile
@@ -39,6 +39,8 @@ gem 'foreman'
gem 'foundation-rails'
gem 'chartkick'
gem 'groupdate'
+gem 'pcaprub'
+gem 'packetfu'
group :development, :test do
# Call 'byebug' anywhere in the code to stop execution and get a debugger console
Gemfile.lock
@@ -101,6 +101,8 @@ GEM
multi_json (1.10.1)
nokogiri (1.6.6.2)
mini_portile (~> 0.6.0)
+ packetfu (1.1.10)
+ pcaprub (0.12.0)
pg (0.18.1)
rack (1.6.0)
rack-test (0.6.3)
@@ -198,6 +200,8 @@ DEPENDENCIES
jbuilder (~> 2.0)
jquery-rails
listen
+ packetfu
+ pcaprub
pg
rails (= 4.2.0)
sass-rails (~> 5.0)