🔱 lan gateway identification - rework the mac logic/relation

Srinivas11789 · May 8, 2019 · 865a5bb · 865a5bb
1 parent 6de1b38
commit 865a5bb
Show file tree

Hide file tree

Showing 5 changed files with 139 additions and 106 deletions.
diff --git a/Source/Module/communication_details_fetch.py b/Source/Module/communication_details_fetch.py
@@ -14,11 +14,11 @@ class trafficDetailsFetch():
 
     def __init__(self, option):
         for host in memory.destination_hosts:
-            if not memory.destination_hosts[host]:
+            if "domain_name" not in memory.destination_hosts[host]:
                 if option == "whois":
-                    memory.destination_hosts[host] = self.whois_info_fetch(host)
+                    memory.destination_hosts[host]["domain_name"] = self.whois_info_fetch(host)
                 else:
-                    memory.destination_hosts[host] = self.dns(host)
+                    memory.destination_hosts[host]["domain_name"] = self.dns(host)
 
     def whois_info_fetch(self, ip):
         try:

diff --git a/Source/Module/device_details_fetch.py b/Source/Module/device_details_fetch.py
@@ -20,17 +20,17 @@ def __init__(self, option="ieee"):
         self.target_oui_database = option
 
     def fetch_info(self):
-        for ip in memory.lan_hosts:
+        for mac in memory.lan_hosts:
             if self.target_oui_database == "api":
-                memory.lan_hosts[ip]["device_vendor"] = self.oui_identification_via_api(memory.lan_hosts[ip]["mac"])  
+                memory.lan_hosts[mac]["device_vendor"] = self.oui_identification_via_api(mac)
             else:
-                memory.lan_hosts[ip]["device_vendor"], memory.lan_hosts[ip]["vendor_address"] = self.oui_identification_via_ieee(memory.lan_hosts[ip]["mac"])
-            mac = memory.lan_hosts[ip]["mac"].replace(":",".")
-            if ":" in ip:
-                ip_san = ip.replace(":",".")
+                memory.lan_hosts[mac]["device_vendor"], memory.lan_hosts[mac]["vendor_address"] = self.oui_identification_via_ieee(mac)
+            mac_san = mac.replace(":",".")
+            if ":" in memory.lan_hosts[mac]["ip"]:
+                ip_san = memory.lan_hosts[mac]["ip"].replace(":",".")
             else:
-                ip_san = ip
-            memory.lan_hosts[ip]["node"] = ip_san+"\n"+mac+"\n"+memory.lan_hosts[ip]['device_vendor']
+                ip_san = memory.lan_hosts[mac]["ip"]
+            memory.lan_hosts[mac]["node"] = ip_san+"\n"+mac_san+"\n"+memory.lan_hosts[mac]['device_vendor']
 
     def oui_identification_via_api(self, mac):
         url = "http://macvendors.co/api/" + mac

diff --git a/Source/Module/malicious_traffic_identifier.py b/Source/Module/malicious_traffic_identifier.py
@@ -19,7 +19,7 @@ def __init__(self):
     def malicious_traffic_detection(self, src, dst, port):
         very_well_known_ports = [443] # used to differentiate possible mal vs serious mal
         well_known_ports = [20, 21, 22, 23, 25, 53, 69, 80, 161, 179, 389, 443]
-        if (dst in memory.destination_hosts and memory.destination_hosts[dst] == "NotResolvable") or port not in well_known_ports:
+        if (dst in memory.destination_hosts and memory.destination_hosts[dst]["domain_name"] == "NotResolvable") or port not in well_known_ports:
             return 1
         else:
             return 0

diff --git a/Source/Module/pcap_reader.py b/Source/Module/pcap_reader.py
@@ -112,22 +112,21 @@ def analyse_packet_data(self):
                         else:
                             source_private_ip = key1
                         # IntraNetwork Hosts list
-                        memory.lan_hosts[packet[IP].src] = {"mac": packet[eth_layer].src}
-                        memory.lan_hosts[packet[IP].dst] = {"mac": packet[eth_layer].dst}
+                        memory.lan_hosts[packet[eth_layer].src] = {"ip": packet[IP].src}
+                        memory.lan_hosts[packet[eth_layer].dst] = {"ip": packet[IP].dst}
                     elif private_source: # Internetwork packet
                         key = packet[IP].src + "/" + packet[IP].dst + "/" + tcp_dst
                         source_private_ip = key
                         # IntraNetwork vs InterNetwork Hosts list
-                        memory.lan_hosts[packet[IP].src] = {"mac": packet[eth_layer].src}
-                        memory.destination_hosts[packet[IP].dst] = {}
+                        memory.lan_hosts[packet[eth_layer].src] = {"ip": packet[IP].src}
+                        memory.destination_hosts[packet[eth_layer].dst] = {"ip": packet[IP].dst}
                     elif private_destination: # Internetwork packet
                         #print(packet.show())
                         key = packet[IP].dst + "/" + packet[IP].src + "/" + tcp_src
                         source_private_ip = key
                         # IntraNetwork vs InterNetwork Hosts list
-                        memory.lan_hosts[packet[IP].dst] = {"mac": packet[eth_layer].dst}
-                        memory.destination_hosts[packet[IP].src] = {}
-
+                        memory.lan_hosts[packet[eth_layer].dst] = {"ip": packet[IP].dst}
+                        memory.destination_hosts[packet[IP].src] = {"mac": packet[eth_layer].src}
                 elif "ICMP" in packet:
                     key = packet[IP].src + "/" + packet[IP].dst + "/" + "ICMP"
                     source_private_ip = key