Skip to content

Instantly share code, notes, and snippets.

@maakunh

maakunh/arp_watch.php

Last active October 24, 2017 08:15
Show Gist options
  • Save maakunh/f081d80b4db7602277fa7ccbb9ebefbd to your computer and use it in GitHub Desktop.
Save maakunh/f081d80b4db7602277fa7ccbb9ebefbd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
arp_watch.php
<?php
require_once "parse_arp_from_pcap.php";
//センサー操作指示を取得する
echo sensor_operation();
//センサー情報をサーバへ通知する
//echo arp_sensor();
$dir = sensor_system_root()."/pcap";
$url = sensor_server_url();
if($handle = opendir($dir)){
$pcapfilenames=array();
while(false !== ($pcapfilename=readdir($handle))){
if(preg_match('/.(pcap)$/i',$pcapfilename)){
$pcapfilename = $dir."/".$pcapfilename;
$maxlength = maxlength($pcapfilename);
$packetstart = init_packetstart();
$packetend = init_packetend();
if(md5sum($pcapfilename)){
while($packetstart < $maxlength){
if(check_arpdata($pcapfilename,$packetstart)) {
echo $pcapfilename.PHP_EOL;
$timeval = timeval($pcapfilename, $packetstart);
$s_mac_address = sender_mac_address($pcapfilename, $packetstart);
$s_ip_address = sender_ip_address($pcapfilename, $packetstart);
$t_mac_address = target_mac_address($pcapfilename, $packetstart);
$t_ip_address = target_ip_address($pcapfilename, $packetstart);
if($t_mac_address != '01:02:03:04:05:06'){ //宛先が偽装MACアドレスの場合(ブロック通信の場合)は無視
//ノード検出履歴書き込み
echo $timeval. PHP_EOL;
echo $s_mac_address. PHP_EOL;
echo $s_ip_address. PHP_EOL;
echo data_send($url."/arp_records_api", $timeval, $s_mac_address, $s_ip_address, $pcapfilename);
echo $t_mac_address. PHP_EOL;
echo $t_ip_address. PHP_EOL;
echo data_send($url."/arp_records_api", $timeval, $t_mac_address, $t_ip_address, $pcapfilename);
//ノード検出履歴削除
echo $s_mac_address. PHP_EOL;
echo $s_ip_address. PHP_EOL;
echo data_delete($url."/arp_records_del_api", $s_mac_address, $s_ip_address);
echo $t_mac_address. PHP_EOL;
echo $t_ip_address. PHP_EOL;
echo data_delete($url."/arp_records_del_api", $t_mac_address, $t_ip_address);
//ブロック判断
$flg_arp_controls = flg_arp_controls($url."/arp_records_csel_api",$s_mac_address,$s_ip_address);
echo $flg_arp_controls. PHP_EOL;
if($flg_arp_controls == 0){
$flg_arp_records = flg_arp_records($url."/arp_records_rsel_api",$s_mac_address,$s_ip_address);
echo $flg_arp_records. PHP_EOL;
if($flg_arp_records == 1){
echo $s_mac_address. PHP_EOL;
echo $s_ip_address. PHP_EOL;
arp_update_by_addr($s_mac_address, $s_ip_address); //未対応ノードをブロック
}
}
$flg_arp_controls = flg_arp_controls($url."/arp_records_csel_api",$t_mac_address,$t_ip_address);
echo $flg_arp_controls. PHP_EOL;
if($flg_arp_controls == 0){
$flg_arp_records = flg_arp_records($url."/arp_records_rsel_api",$t_mac_address,$t_ip_address);
echo $flg_arp_records. PHP_EOL;
if($flg_arp_records == 1){
echo $t_mac_address. PHP_EOL;
echo $t_ip_address. PHP_EOL;
arp_update_by_addr($t_mac_address, $t_ip_address); //未対応ノードをブロック
}
}
echo "" . PHP_EOL;
$packetstart = $packetstart + $packetend - padding($pcapfilename,$packetstart);
}else{
echo "No ARP DATA!";
break;
}
}
}
}
}
}
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment