| < | September 2006 | > | ||||
| Su | Mo | Tu | We | Th | Fr | Sa |
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
Libnids is an implementation of an E-component of Network Intrusion Detection
System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP
defragmentation, TCP stream assembly and TCP port scan detection.
Libnids Homepage: http://libnids.sf.net
Such wonderful power of monitoring and uniquely identifying each TCP session if available in Ruby would make it more powerful, with this idea in mind I did the Ruby wrapper for libnids library last week.
The project page is located at: http://ruby-libnids.rubyforge.org
I upload testing codes at: http://ruby-libnids.rubyforge.org/testing/
An example script may look like this.
require 'libnids'
$l = 0
def callback(opts = nil, ss = nil)
return unless opts
case opts["nids_state"]
when NIDS::STATE_JUST_EST
str = String.new
str += "[NEW CONNECTION] #{opts['saddress']}:#{opts['sport']} --> "
str += "#{opts[ 'daddress']}:#{opts['dport']}"
when NIDS::STATE_DATA
str = String.new
str += "[DATA] #{opts['saddress']}:#{opts['sport']} --> "
str += "#{opts['daddress' ]}:#{opts['dport']} "
str += "[SEND: #{opts['server_data_len']}] [RECV:
#{opts['client_data_len']}]"
puts str
when NIDS::STATE_CLOSE, NIDS::STATE_RESET
str = String.new
str += "[CLOSE] #{opts['saddress']}:#{opts['sport']} --> "
str += "#{opts['daddress ']}:#{opts['dport']}"
end
end
$l = NIDS::Sniffer.new
$l.register_tcp(self, :callback)
$l.run
This thing is pretty new at the moment and tested only on a network of around 10 systems. I dont think it will be much efficient on high speed networks with large number of parallel TCP connections.
and oh, last but not the least, special thanks to Sumit Datta for making the webpage for http://ruby-libnids.rubyforge.org
posted at: 11:24 | path: / | permanent link to this entry