Passive Network Sensor External Application

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
tubosunedward
Posts: 7
Joined: Fri Aug 02, 2013 5:15 pm

Re: Passive Network Sensor External Application

Post by tubosunedward »

Can anyone help return a 0 or 2 with the code attached so I can intergrate it with nagios. The code listens passively to broadcast traffic either arp or udp and displays the ip address seen and the time intervals.

=========================

Code: Select all

import sys
import string
import datetime
import socket
from datetime import datetime
from scapy.all import *
m_iface = "eth0"
default_gw = "192.168.26.2"
COUNTER_SLOTS = 5
TIMEOUT = 20
SCREEN_REFRESH = 15
circular_counter = [0]*COUNTER_SLOTS
session_start = {}
session_stop = {}
host_names = {}
last_printed = 0

host_names ["196.168.26.254"]=u'macbook'
host_names ["192.167.26.237"]=u'testlocal'
host_names ["192.168.26.238"]=u'xp1'
host_names ["192.168.26.239"]=u'xp2'
host_names ["192.168.26.2"]=u'default gateway'


def arp_monitor_callback(pkt):
    if ARP in pkt and pkt[ARP].op in (1,2): #who-has or is-at
        addr = pkt[ARP].psrc
        arp_counter(addr) 
          return
# circular buffer for statistics, 1 slot for 
    if UDP in pkt and IP in pkt:
        ipdata = pkt[IP]
        addr = ipdata.getlayer(IP).src
        arp_counter(addr)
        return

def arp_counter(src):
    global last_printed
    tm = int(time.time())

    #print (pkt.psrc)
    #all_stats[src] = tm

    pos = src.find("192.168.26")
    if pos == -1:
        # print "wrong address"
        return
    
    if src in session_stop.keys():
        sess_stop = session_stop[src]
        if (tm - sess_stop)/60 > TIMEOUT:
            session_start[src] = tm   # start a new session
            session_stop[src] = tm   # start a new session
        else:
            session_stop[src] = tm   # start a new session
    
    else: # never saw the host
        session_start[src] = tm   # start a new session
        session_stop[src] = tm   # start a new session


    # print 
    if (tm - last_printed > SCREEN_REFRESH):
        print "-----------------------------------"
        last_printed = tm
        i = 1
    for k in sorted(session_start.keys(), cmp=lambda x, y: cmp(socket.inet_aton(x), socket.inet_aton(y))):
            if k in host_names.keys():
                hn = string.ljust(host_names[k], 40)
            else:
                hn = u'local_host_machine_ip'.ljust(40)
 
            last_hours = (tm - session_stop[k])/3600
            last_mins = ((tm - session_stop[k])/60) % 60
            
            s_start = (datetime.fromtimestamp(int(session_start[k])).strftime('%d/%m %H:%M'))
            s_stop = (datetime.fromtimestamp(int(session_stop[k])).strftime('%d/%m %H:%M'))

            pos = k.find("192.168.26")
            if pos != -1:
                print i, k,"\t", hn,"\t",last_hours,":",last_mins,"\t","(",s_start,"==",s_stop,")",(session_stop[k] - session_start[k])/60
                i = i + 1

    #sys.stdout.flush()


p = sniff(prn=arp_monitor_callback, store = 0)
Hi, can anyone try and edit this code to return a 0 when a packet a seen and a 3 there are no more packets. You can try and run the code as well.

Code: Select all

import sys
import string
import datetime
import socket
from datetime import datetime
from scapy.all import *
m_iface = "eth0"
default_gw = "192.168.26.2"
COUNTER_SLOTS = 5
TIMEOUT = 20
SCREEN_REFRESH = 15
circular_counter = [0]*COUNTER_SLOTS
session_start = {}
session_stop = {}
host_names = {}
last_printed = 0

host_names ["196.168.26.254"]=u'macbook'
host_names ["192.167.26.237"]=u'testlocal'
host_names ["192.168.26.238"]=u'xp1'
host_names ["192.168.26.239"]=u'xp2'
host_names ["192.168.26.2"]=u'default gateway'


def arp_monitor_callback(pkt):
    if ARP in pkt and pkt[ARP].op in (1,2): #who-has or is-at
        addr = pkt[ARP].psrc
        arp_counter(addr) 
          return
# circular buffer for statistics, 1 slot for 
    if UDP in pkt and IP in pkt:
        ipdata = pkt[IP]
        addr = ipdata.getlayer(IP).src
        arp_counter(addr)
        return

def arp_counter(src):
    global last_printed
    tm = int(time.time())

    #print (pkt.psrc)
    #all_stats[src] = tm

    pos = src.find("192.168.26")
    if pos == -1:
        # print "wrong address"
        return
    
    if src in session_stop.keys():
        sess_stop = session_stop[src]
        if (tm - sess_stop)/60 > TIMEOUT:
            session_start[src] = tm   # start a new session
            session_stop[src] = tm   # start a new session
        else:
            session_stop[src] = tm   # start a new session
    
    else: # never saw the host
        session_start[src] = tm   # start a new session
        session_stop[src] = tm   # start a new session


    # print 
    if (tm - last_printed > SCREEN_REFRESH):
        print "-----------------------------------"
        last_printed = tm
        i = 1
    for k in sorted(session_start.keys(), cmp=lambda x, y: cmp(socket.inet_aton(x), socket.inet_aton(y))):
            if k in host_names.keys():
                hn = string.ljust(host_names[k], 40)
            else:
                hn = u'local_host_machine_ip'.ljust(40)
 
            last_hours = (tm - session_stop[k])/3600
            last_mins = ((tm - session_stop[k])/60) % 60
            
            s_start = (datetime.fromtimestamp(int(session_start[k])).strftime('%d/%m %H:%M'))
            s_stop = (datetime.fromtimestamp(int(session_stop[k])).strftime('%d/%m %H:%M'))

            pos = k.find("192.168.26")
            if pos != -1:
                print i, k,"\t", hn,"\t",last_hours,":",last_mins,"\t","(",s_start,"==",s_stop,")",(session_stop[k] - session_start[k])/60
                i = i + 1

    #sys.stdout.flush()


p = sniff(prn=arp_monitor_callback, store = 0)
Last edited by slansing on Wed Aug 14, 2013 2:43 pm, edited 1 time in total.
Reason: Please do not make duplicate posts, just edit your previous post. And also please use the code wrapping function to wrap your code as it saves space and scrolling.
Top
sreinhardt
-fno-stack-protector
Posts: 4366
Joined: Mon Nov 19, 2012 12:10 pm

Re: Passive Network Sensor External Application

Post by sreinhardt »

If you wanted, you can certainly contact [email protected] for custom development, however development work is out of the scope of normal forum activities. You might find someone here that is willing to help, but more than likely the nagios-plugins mailing list would be a better alternative. In the end, you are going to have to come up with a fair chunk of logic to handle exit codes, modify the current output that you have to suite nagios, and a few other minor issues.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Top
Locked

Return to “Open Source Nagios Projects”