Analyzing the individual packets on a network might seem to be be very accurate but very impractical because of large data involve. Analyzing the packet's metadata would seem to be a better way to approach the problem. Metadata only involves the time, ip destination and ip source. Once data are obtained, each ip will be further analyzed based on its rated reputation this is done by using the following online tools:
- MX ToolBox
- CISCO Senderbase
- McAfee TrustedSource
- Spamhaus
- Project Honeypot
And to capture the pcap file and covert it to csv file, I use the following python script:
1 2 3 4 5 6 | import os import pandas as pd os.system("tshark -i 3 -T fields -E separator=, -e frame.time -e ip.src -e ip.dst -e udp.srcport -e udp.dstport -w Eavesdrop_Data.pcap > Eavesdrop_Data.csv -F pcap -a duration:20") df = pd.read_csv('Eavesdrop_Data.csv') new_df = new_df.dropna() new_df.to_csv("Eavesdrop_Data.csv") |
Once the data captured, I will use selenium to submit the ip addresses to above mentioned online tools.
....(to be continued)
No comments:
Post a Comment