-
Notifications
You must be signed in to change notification settings - Fork 0
/
ids_monitor.py
63 lines (53 loc) · 1.71 KB
/
ids_monitor.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/usr/bin/env python
"""
A Simple IDS monitoring/receiver program that pushes potential
security risk info as windows notifications via a TCP connection.
"""
import socket
from win10toast import ToastNotifier
SERVER = "10.10.50.2"
PORT = 9000
SIZE = 1024
def main():
# create a socket connection
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind((SERVER, PORT))
sock.listen(1)
print(f"IDS Monitor listening on port {PORT}")
toast = ToastNotifier()
while True:
c, p = sock.accept()
data = c.recv(SIZE) # wait for IDS to send something...
output = ""
while len(data) > 0:
# decode received data
output += data.decode()
data = c.recv(SIZE)
print(output, end='')
alert = parse_alert(output)
# display packet info as a windows notification
toast.show_toast(f"IDS Alert: {alert['type']}",
f"{alert['src']} --> {alert['dst']}\n"
f"{alert['time']} | {alert['seq']} | {alert['len']}",
duration=5, icon_path="alert.ico", threaded=True)
def parse_alert(alert: str) -> dict:
"""
Parse packet info (ICMP only but can be extended)
:param alert: (str) packet info to parse
:return: (dict) parsed packet info
"""
i_list = alert.split(': ')
time, proto, src, _, dst = tuple(i_list[0].split(' '))
a_type, a_id, a_seq, a_len = tuple(i_list[1].split(', '))
return {
"time": time[0:time.find('.')],
"proto": proto,
"src": src,
"dst": dst,
"type": a_type,
"id": a_id,
"seq": a_seq,
"len": a_len
}
if __name__ == '__main__':
main()