stamparm / tsusen Goto Github PK
View Code? Open in Web Editor NEWNetwork traffic sensor
License: MIT License
tsusen's People
Contributors
Stargazers
Watchers
Forkers
securityigi 4sp1r3 darg0001 xditx32 samyoyo securitywarrior busz fcayci psuedoelastic jijicanyu jmswag blueroutecn tuian cacalote krodyx jsaldanar n4yk kuggaa ewebconsult s4b3rt0oth hybridious cybersme ro9ueadmin nav60 macdaliot modulexcite rahmiy alchemycyberblaze 5l1v3r1 marcos-diniz actorexpose fdlucifer amrt1n3zm mikhailkasimovtsusen's Issues
web server
Thanks in advance.
The system works well. the CSV file is created and updated.
The webserver port is listening.
The problem is that by entering the web port, no server response.
any url ?
thanks sir
great work
Possibly wrong graph-statistics
Hello!
Possibly wrong graph-statistics. tsusen conf and setting parameters are by default, with no changes.
tsusen version: 0.3.6
See UDP 67 statistics:
- On graph: 1
- On
Countertab: 4
[Feature request] Display timestamp of tsusen being started/stopped
Hello!
Just an why-not? idea, totally similar to 185 from Maltrail git.
The goal also is the same: This info can be also sent to some monitoring system like Cacti via syslog to track server/sensor possible lacks of work.
tsusen.conf:
TIMESTAMP_START=$(date)
TIMESTAMP_STOP=$(date)
-3 hours of current timezone in tsusen log
Hello!
date : Wed May 16 08:06:42 EEST 2018
first_seen, last_seen fields: 05:07:22
Steps-to-reproduce: [0] https://www.youtube.com/watch?v=DAuZvfAbvI0
[Support] 'src_port' column question
Hello!
- Reading snippet from README.md:
proto dst_port dst_ip src_ip first_seen last_seen count
TCP 1080 192.165.63.181 222.186.56.107 1446188056 1446188056 1
TCP 1080 192.165.63.181 64.125.239.78 1446191096 1446191096 1
TCP 1081 192.165.63.181 111.248.100.185 1446175412 1446175412 1
TCP 1081 192.165.63.181 111.248.102.150 1446183374 1446183374 1
TCP 1081 192.165.63.181 36.225.254.129 1446170512 1446170512 1
...
...
where proto (e.g. in first entry this is TCP) represents the protocol that has been
used by initiator coming from src_ip (e.g. in first entry this is 222.186.56.107)
toward our <dst_ip:dst_port> (e.g. in first entry this is 192.165.63.181:1080) service,
first_seen represents the time of (that day's first) connection attempt represented
in Unix timestamp format (e.g. in first entry this is 1446188056,
which stands for Fri, 30 Oct 2015 06:54:16 GMT), last_seen represents (that day's last)
connection attempt (e.g. in first entry it's the same as the first_seen value),
while the count holds a total number of connection attempts.
have a question: why src_port parameter isn't in use?
For example: I initiate ftp connection onto some ftp server in terminal and then do ls command.
tsusen displays some incoming connection on TCP, which seems not to be related to current ftp session.
Q: How can I have info about src_port to be displayed in tsusen, like it is displayed in Maltrail app?
- Here is an informative screenshot in
README.mdwith multiple connections to different ports, e.g.TCP 22 (ssh).
http://i.imgur.com/EOAAWb2.png
Q: Does this list relate to port list:
# Reference: https://sixohthree.com/media/2003/06/26/lock_your_doors/portscan.txt
MISC_PORTS = { 17: "qotd", 53: "dns", 135: "dcom-rpc", 502: "modbus", 623: "ipmi", 1433: "mssql", 1723: "pptp", 1900: "upnp", 3128: "squid", 3389: "rdesktop", 5351: "nat-pmp", 5357: "wsdapi", 5631: "pc-anywhere", 5800: "vnc", 5900: "vnc", 5901: "vnc-1", 5902: "vnc-2", 5903: "vnc-3", 6379: "redis", 7547: "cwmp", 8118: "privoxy", 8338: "maltrail", 8339: "tsusen", 8443: "https-alt", 9200: "wap-wsp", 11211: "memcached", 17185: "vxworks", 27017: "mongo", 53413: "netis" }
from /tsusen/core/settings.py file?
And how can it be managed (e.g. to display ssh connection attempts from Internet only, from local network sources only)?
Thanks!
Doesn't display statistics on Firefox 47
Hello!
On ALT Linux tsusen displays its statistics on :8339 normally. Firefox version: 38.2.0
pip show python-geoip
---
Name: python-geoip
Version: 1.2
Location: /usr/lib/python2.7/site-packages
Requires:
---
pip show python-geoip-geolite2
---
Name: python-geoip-geolite2
Version: 2015.0303
Location: /usr/lib/python2.7/site-packages
Requires: python-geoip
---
On openSUSE 42.1, Firefox version: 47.0, tsusen cannot display its statistics:
pip show python-geoip
---
Metadata-Version: 2.0
Name: python-geoip
Version: 1.2
Summary: Provides GeoIP functionality for Python.
Home-page: http://github.com/mitsuhiko/python-geoip
Author: Armin Ronacher
Author-email: [email protected]
Installer: pip
License: UNKNOWN
Location: /usr/lib/python2.7/site-packages
Requires:
Classifiers:
Programming Language :: Python
License :: OSI Approved :: BSD License
pip show python-geoip-geolite2
---
Metadata-Version: 2.0
Name: python-geoip-geolite2
Version: 2015.303
Summary: Provides access to the geolite2 database. This product includes GeoLite2 data created by MaxMind, available from http://www.maxmind.com/
Home-page: http://github.com/mitsuhiko/python-geoip
Author: Armin Ronacher
Author-email: [email protected]
Installer: pip
License: UNKNOWN
Location: /usr/lib/python2.7/site-packages
Requires: python-geoip
Classifiers:
Programming Language :: Python
To have a test I downgraded Firefox to 41 on openSUSE and tsusen displays its statistics on :8339 normally here. When I'm back on 47 again - problem also returns. Please, check this out on different Firefox versions. Thanks!
traffic inside
please help me to get both internal and external traffic
Disappeared Trendlines
Hello!
Can't get the nature of trouble, but some time after tsusen is being started, Trendlines are disappeared.
Browser: Firefox 57.0.1 (64-bit).
Screenshot:
Error in sensor.py
Hello:
I tried to run tsusen but i have this error:
**python tsusen.py
tsusen #v0.3.3
Traceback (most recent call last):
File "tsusen.py", line 54, in
main()
File "tsusen.py", line 39, in main
init_sensor()
File "/root/tsusen-master/core/sensor.py", line 192, in init_sensor
items = re.findall(regex, subprocess.check_output(cmd))
AttributeError: 'module' object has no attribute 'check_output'**
mi python version = 2.6.6
Regards
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.