stamparm / tsusen Goto Github PK
View Code? Open in Web Editor NEWNetwork traffic sensor
License: MIT License
Network traffic sensor
License: MIT License
Thanks in advance.
The system works well. the CSV file is created and updated.
The webserver port is listening.
The problem is that by entering the web port, no server response.
any url ?
thanks sir
great work
Hello!
Just an why-not?
idea, totally similar to 185 from Maltrail
git.
The goal also is the same: This info can be also sent to some monitoring system like Cacti via syslog to track server/sensor possible lacks of work.
tsusen.conf
:
TIMESTAMP_START=$(date)
TIMESTAMP_STOP=$(date)
Hello!
date
: Wed May 16 08:06:42 EEST 2018
first_seen
, last_seen
fields: 05:07:22
Steps-to-reproduce: [0] https://www.youtube.com/watch?v=DAuZvfAbvI0
Hello!
proto dst_port dst_ip src_ip first_seen last_seen count
TCP 1080 192.165.63.181 222.186.56.107 1446188056 1446188056 1
TCP 1080 192.165.63.181 64.125.239.78 1446191096 1446191096 1
TCP 1081 192.165.63.181 111.248.100.185 1446175412 1446175412 1
TCP 1081 192.165.63.181 111.248.102.150 1446183374 1446183374 1
TCP 1081 192.165.63.181 36.225.254.129 1446170512 1446170512 1
...
...
where proto (e.g. in first entry this is TCP) represents the protocol that has been
used by initiator coming from src_ip (e.g. in first entry this is 222.186.56.107)
toward our <dst_ip:dst_port> (e.g. in first entry this is 192.165.63.181:1080) service,
first_seen represents the time of (that day's first) connection attempt represented
in Unix timestamp format (e.g. in first entry this is 1446188056,
which stands for Fri, 30 Oct 2015 06:54:16 GMT), last_seen represents (that day's last)
connection attempt (e.g. in first entry it's the same as the first_seen value),
while the count holds a total number of connection attempts.
have a question: why src_port
parameter isn't in use?
For example: I initiate ftp
connection onto some ftp server in terminal and then do ls
command.
tsusen
displays some incoming connection on TCP
, which seems not to be related to current ftp session.
Q: How can I have info about src_port
to be displayed in tsusen
, like it is displayed in Maltrail
app?
README.md
with multiple connections to different ports, e.g. TCP 22 (ssh)
.http://i.imgur.com/EOAAWb2.png
Q: Does this list relate to port list:
# Reference: https://sixohthree.com/media/2003/06/26/lock_your_doors/portscan.txt
MISC_PORTS = { 17: "qotd", 53: "dns", 135: "dcom-rpc", 502: "modbus", 623: "ipmi", 1433: "mssql", 1723: "pptp", 1900: "upnp", 3128: "squid", 3389: "rdesktop", 5351: "nat-pmp", 5357: "wsdapi", 5631: "pc-anywhere", 5800: "vnc", 5900: "vnc", 5901: "vnc-1", 5902: "vnc-2", 5903: "vnc-3", 6379: "redis", 7547: "cwmp", 8118: "privoxy", 8338: "maltrail", 8339: "tsusen", 8443: "https-alt", 9200: "wap-wsp", 11211: "memcached", 17185: "vxworks", 27017: "mongo", 53413: "netis" }
from /tsusen/core/settings.py
file?
And how can it be managed (e.g. to display ssh
connection attempts from Internet only, from local network sources only)?
Thanks!
Hello!
On ALT Linux tsusen displays its statistics on :8339 normally. Firefox version: 38.2.0
pip show python-geoip
---
Name: python-geoip
Version: 1.2
Location: /usr/lib/python2.7/site-packages
Requires:
---
pip show python-geoip-geolite2
---
Name: python-geoip-geolite2
Version: 2015.0303
Location: /usr/lib/python2.7/site-packages
Requires: python-geoip
---
On openSUSE 42.1, Firefox version: 47.0, tsusen cannot display its statistics:
pip show python-geoip
---
Metadata-Version: 2.0
Name: python-geoip
Version: 1.2
Summary: Provides GeoIP functionality for Python.
Home-page: http://github.com/mitsuhiko/python-geoip
Author: Armin Ronacher
Author-email: [email protected]
Installer: pip
License: UNKNOWN
Location: /usr/lib/python2.7/site-packages
Requires:
Classifiers:
Programming Language :: Python
License :: OSI Approved :: BSD License
pip show python-geoip-geolite2
---
Metadata-Version: 2.0
Name: python-geoip-geolite2
Version: 2015.303
Summary: Provides access to the geolite2 database. This product includes GeoLite2 data created by MaxMind, available from http://www.maxmind.com/
Home-page: http://github.com/mitsuhiko/python-geoip
Author: Armin Ronacher
Author-email: [email protected]
Installer: pip
License: UNKNOWN
Location: /usr/lib/python2.7/site-packages
Requires: python-geoip
Classifiers:
Programming Language :: Python
To have a test I downgraded Firefox to 41 on openSUSE and tsusen displays its statistics on :8339 normally here. When I'm back on 47 again - problem also returns. Please, check this out on different Firefox versions. Thanks!
please help me to get both internal and external traffic
Hello:
I tried to run tsusen but i have this error:
**python tsusen.py
tsusen #v0.3.3
Traceback (most recent call last):
File "tsusen.py", line 54, in
main()
File "tsusen.py", line 39, in main
init_sensor()
File "/root/tsusen-master/core/sensor.py", line 192, in init_sensor
items = re.findall(regex, subprocess.check_output(cmd))
AttributeError: 'module' object has no attribute 'check_output'**
mi python version = 2.6.6
Regards
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.