Last active
October 24, 2017 08:15
-
-
Save maakunh/f081d80b4db7602277fa7ccbb9ebefbd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
require_once "parse_arp_from_pcap.php"; | |
//センサー操作指示を取得する | |
echo sensor_operation(); | |
//センサー情報をサーバへ通知する | |
//echo arp_sensor(); | |
$dir = sensor_system_root()."/pcap"; | |
$url = sensor_server_url(); | |
if($handle = opendir($dir)){ | |
$pcapfilenames=array(); | |
while(false !== ($pcapfilename=readdir($handle))){ | |
if(preg_match('/.(pcap)$/i',$pcapfilename)){ | |
$pcapfilename = $dir."/".$pcapfilename; | |
$maxlength = maxlength($pcapfilename); | |
$packetstart = init_packetstart(); | |
$packetend = init_packetend(); | |
if(md5sum($pcapfilename)){ | |
while($packetstart < $maxlength){ | |
if(check_arpdata($pcapfilename,$packetstart)) { | |
echo $pcapfilename.PHP_EOL; | |
$timeval = timeval($pcapfilename, $packetstart); | |
$s_mac_address = sender_mac_address($pcapfilename, $packetstart); | |
$s_ip_address = sender_ip_address($pcapfilename, $packetstart); | |
$t_mac_address = target_mac_address($pcapfilename, $packetstart); | |
$t_ip_address = target_ip_address($pcapfilename, $packetstart); | |
if($t_mac_address != '01:02:03:04:05:06'){ //宛先が偽装MACアドレスの場合(ブロック通信の場合)は無視 | |
//ノード検出履歴書き込み | |
echo $timeval. PHP_EOL; | |
echo $s_mac_address. PHP_EOL; | |
echo $s_ip_address. PHP_EOL; | |
echo data_send($url."/arp_records_api", $timeval, $s_mac_address, $s_ip_address, $pcapfilename); | |
echo $t_mac_address. PHP_EOL; | |
echo $t_ip_address. PHP_EOL; | |
echo data_send($url."/arp_records_api", $timeval, $t_mac_address, $t_ip_address, $pcapfilename); | |
//ノード検出履歴削除 | |
echo $s_mac_address. PHP_EOL; | |
echo $s_ip_address. PHP_EOL; | |
echo data_delete($url."/arp_records_del_api", $s_mac_address, $s_ip_address); | |
echo $t_mac_address. PHP_EOL; | |
echo $t_ip_address. PHP_EOL; | |
echo data_delete($url."/arp_records_del_api", $t_mac_address, $t_ip_address); | |
//ブロック判断 | |
$flg_arp_controls = flg_arp_controls($url."/arp_records_csel_api",$s_mac_address,$s_ip_address); | |
echo $flg_arp_controls. PHP_EOL; | |
if($flg_arp_controls == 0){ | |
$flg_arp_records = flg_arp_records($url."/arp_records_rsel_api",$s_mac_address,$s_ip_address); | |
echo $flg_arp_records. PHP_EOL; | |
if($flg_arp_records == 1){ | |
echo $s_mac_address. PHP_EOL; | |
echo $s_ip_address. PHP_EOL; | |
arp_update_by_addr($s_mac_address, $s_ip_address); //未対応ノードをブロック | |
} | |
} | |
$flg_arp_controls = flg_arp_controls($url."/arp_records_csel_api",$t_mac_address,$t_ip_address); | |
echo $flg_arp_controls. PHP_EOL; | |
if($flg_arp_controls == 0){ | |
$flg_arp_records = flg_arp_records($url."/arp_records_rsel_api",$t_mac_address,$t_ip_address); | |
echo $flg_arp_records. PHP_EOL; | |
if($flg_arp_records == 1){ | |
echo $t_mac_address. PHP_EOL; | |
echo $t_ip_address. PHP_EOL; | |
arp_update_by_addr($t_mac_address, $t_ip_address); //未対応ノードをブロック | |
} | |
} | |
echo "" . PHP_EOL; | |
$packetstart = $packetstart + $packetend - padding($pcapfilename,$packetstart); | |
}else{ | |
echo "No ARP DATA!"; | |
break; | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment