Reads a pcap file and analyze icmp packets to detect potential DDoS attacks (guaranteed gluten free)
REQUIREMENTS:
- This analyzer requires pipenv and redis 5.0 or above.
- You need at least python3.6 or later to run this.
SETUP:
First, you need to install pipenv:
pip install pipenvThen clone redis where you want it installed:
git clone https://github.com/antirez/redis.git
cd redis
git checkout 5.0
make
cd ..You can finally clone this repo on your machine and simply setup the virtual environment with pipenv like so:
git clone https://github.com/D4-project/analyzer-d4-ipa.git
cd analyzer-d4-ipa
pipenv installDon't forget to set the DB directory in the redis.conf configuration. By default, the redis for IPA is running on TCP port 6405.
../redis/src/redis-server ./etc/redis.confcd ./etc
cp analyzer.conf.sample analyzer.confEdit analyzer.conf to match the UUID of the analyzer queue from your D4 server.
[global]
my-uuid = 6072e072-bfaa-4395-9bb1-cdb3b470d715
d4-server = 127.0.0.1:6380
# INFO|DEBUG
logging-level = INFOcd ../bin
python3 run_ipa.pyIf you have local pcaps stored in a dataset that you want to analyze, use -p argument and specify the absolute path of the dataset root folder.
python3 run_ipa.py -p /absolute/path/to/dataset/root