Skip to content

Latest commit

 

History

History
47 lines (40 loc) · 1.75 KB

readme.md

File metadata and controls

47 lines (40 loc) · 1.75 KB

pypcap-monitor

A python project to sniff the internet traffic and stored it into MongoDB database.

How To Run

tmux attach
./make.sh-run.sh &
./kill &
tmux detach
  1. Use tmux to create a session
  2. Run make-run.sh script to keep the python script running
  3. Run kill.sh script to kill the python script every 30 minutes.

Python File Explanation:

  1. sniff.py: Use scapy library to sniff the data. Insert the sniffed data into a MongoDB.
  2. db_rolling.py: Aggregate the data in the last two minutes
  3. db_rolling2.py: delete the aggregated data 1 week before
  4. config.py: the MongoDB Address. This file should not be pushed to GitHub. Use config-example.py as an example. MONGO_DB_ADDRESS = '<MONGO_DB_ADDRESS>'.
  5. addDevices.py: Read the device mac and name information from a file in the router. Store the device information into the MongoDB

Crontab Configuration

* * * * * python3 /home/ubuntu/pypcap-monitor/db_rolling.py # every minute
*/5 * * * * python3 /home/ubuntu/pypcap-monitor/db_rolling2.py # every 5 minutes

Scapy Configuration

Ask Daniel for which iface should be listened to in the router

  # sniff iface en0 of all tcp and udp packets
  sniff(iface='en0', prn=http_header, filter="tcp or udp")
  
  # sniff iface en0 of tcp port 80 and 443 packets
  sniff(iface='en0', prn=http_header, filter="tcp port (80 or 443)")
  
  # sniff iface en1 of tcp port 80 and 443 packets
  sniff(iface='eth1', prn=http_header, filter="tcp port (80 or 443)", store=0)
  
  # sniff iface eth1 of all tcp and udp packets
  sniff(iface='eth1', prn=http_header, filter="tcp or udp")