[2010-01] an lame sorta-functional network keyword monitor

monitor.py

#!/usr/bin/env python
# encoding: utf-8
from __future__ import division, with_statement
import sys, os
import subprocess

# This is a horrible little script written by someone who doesn't understand
# how to use tcpdumbp or subprocess well. It intends to display an allert
# whenever specified keywords (such as a password) are seen in network
# traffic. Along with the warning it sends 3 \x07 beeps to stdout, in case
# you aren't paying attention.
# 
# If I don't run this as root it eats a processor core and achives nothing.
# Beware.

def main():
	# It may not be en1 for you.
	monitorApp = "tcpdump -s 0 -A -i en1".split(" ")
	
	process = subprocess.Popen(monitorApp, stdout = subprocess.PIPE, stderr = subprocess.STDOUT)
	
	keywords = []
	
	while True:
		next = raw_input("Triggering Keyword: ")
		if next:
			keywords.append(next)
		else:
			break
		
	
	if not keywords:
		raise ValueError("Must provide triggering keywords.")
	
	keywords = ["password", "wordpass"]
	
	data = ""
	lastLen = 0
	
	while process.returncode is None:
		new = process.stdout.read(1024)
		data = data[-lastLen:] + new
		lastLen = len(new)
		# This is to ensure nothing is cut between two chunks that are read.
		# As a side effect, twice as many alets as neccessary are displayed.
		
		if any(word in data for word in keywords):
			sys.stderr.write("Keyword found in traffic!\x07\x07\x07\n")
		else:
			pass
			# sys.stdout.write(".")
		
	

if __name__ == "__main__": sys.exit(main())