-
Notifications
You must be signed in to change notification settings - Fork 2
Gateway detection
License
ashmastaflash/gwdetect
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
To Do: 1) Move the route tracking to using real objects instead of a matrix 2) Change to file-based configuration 3) Support live capture 4) Periodic snapshots, garbage collection for external hosts and routes on the same interval 5) Support whitelisting of gateway MAC addresses, separate event ID for rogue gateway. 6) Support syslog as well as pre-defined log file 7) Timestamps in log messages 8) Define licensing, ensure credit is given where it is due. 9) Daemonize 10) Support SIGx to force XML dump 11) Support SIGy to force debug level change 12) ARP support 13) VLAN support 14) Track routes to nodes within enterprise, but outside of protected subnet, separately from 'outside' nodes. This will help with garbage collection, and having minimal performance impact after such an event. 15) Sanity check for subnet input 16) Eventually, get away from tracking subnets altogether and use ARP inside VLANs to determine what hosts are 'protected' and distant. We can glean some inspiration from Kismet if we want to take a stab at guessing subnets. gwdetect.py MUST RUN IN SUDO Tested against Python 2.7.2 2.6.6 can throw errors. This tool is designed to observe network behavior and generate log events for anomalies. Currently, only pcap processing is supported, with live network monitoring coming someday This is what it does now: From a pcap file Creates a list of observed gateways, hosts, 1:1 routes Usage: sudo python ./gwdetect.py -f ../gwdetect-pcap/twogateway.pcap -s 10.0.100.0 -C ../circos.out -l ../gwdetect.out This product includes software developed by CORE Security Technologies (http://www.coresecurity.com/)."
About
Gateway detection
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published