Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Please Code Using Java In this problem, you will write a simple intrusion detect

ID: 3757053 • Letter: P

Question

Please Code Using Java

In this problem, you will write a simple intrusion detection system to detect potential attacks or dangerous behavior in network activity. Attached includes two pcaps with example attacks: 1. arpspoofing.pcap includes an ARP spoof attack. IP address 192.168.0.100 advertises the wrong MAC address for 192.168.0.1 2. portscan.pcap includes a TCP SYN port scan (This is for CSc 6222 only) Your job is to write a software IDS executable (in Java) or script (in Python) that takes as input a pcap trace and looks for such malicious behavior. The local network you are protecting is configured with two machines (192.168.0.100 with MAC address 7c.d1:c3:94:9e:b8 and 192.168.0.103 with MAC address d8:96:95:01:a5:c9) and a router (192.168.0.1 with MAC address f8:1a:67:cd:57:6e). Your scanner should: 1. Detect ARP spoofing attempts. Output a warning including the offending MAC address and the packet number of the offending packet. 2. Detect port scans. A port scan is defined to occur whenever TCP SYNs o UDP packets are sent to a 100 or more different ports on a target system. The scanner should output a warning including the offending source IP address, the victim destination IP address, and the offending packet numbers. Your program should take as input the filename of a pcap file that contains captured network packets. The output of your program will be the warning messages as described above. The format of your result is free but it should be

Explanation / Answer

from scapy.all import *
from datetime import datetime

class id:
__flagsTCP = {
'F': 'FIN',
'S': 'SYN',
'R': 'RST',
'P': 'PSH',
'A': 'ACK',
'U': 'URG',
'E': 'ECE',
'C': 'CWR',
}

__ip_cnt_TCP = {} #ip address requests counter

__THRESH=1000

def sniffPackets(self,pckt):
if pckt.haslayer(IP):
packet_src=pckt[IP].src
packet_dst=pckt[IP].dst
print("IP pckt: %s ==> %s , %s"%(packet_src,packet_dst,str(datetime.now().strftime("%Y-%m-%d %H:%M:%S"))), end=' ')

if pckt.haslayer(TCP):
source_port=pckt.sport
destination_port=pckt.dport
print(", Port: %s --> %s, "%(source_port,destination_port), end='')
print([type(self).__flagsTCP[x] for x in pckt.sprintf('%TCP.flags%')])
self.detect_TCPflood(pckt)
else:
print()


def detect_TCPflood(self,pckt):
if pckt.haslayer(TCP):
packet_src=pckt[IP].src
packet_dst=pckt[IP].dst
stream = packet_src + ':' + packet_dst

if stream in type(self).__ip_cnt_TCP:
type(self).__ip_cnt_TCP[stream] += 1
else:
type(self).__ip_cnt_TCP[stream] = 1

for stream in type(self).__ip_cnt_TCP:
pckts_sent = type(self).__ip_cnt_TCP[stream]
if pckts_sent > type(self).__THRESH:
src = stream.split(':')[0]
dst = stream.split(':')[1]
print("Possible Flooding Attack from %s --> %s"%(src,dst))


if _name_ == '__main__':
print("custom pckt sniffer ")
sniff(filter="ip",iface="enp0s3",prn=id().sniffPackets)

Related Questions

Please Assist in answering the following question, Please do show all of your wo
Question #1560694
Please Assist in answering the following question, Please do show all of your wo
Question #1609279
Please Assist with part c! A highway safety institution conducts experiments in
Question #3371298
Please Assist with the following 5 questions in Language C only. 1). Given an in
Question #3921996
Please Assist witn #15. For the undirected graph Below, find and solve a recurre
Question #2985968
Please Assist! The following data represent the concentration of organic carbon
Question #3371364
Please Assist! The given data represent the total compensation for 10 randomly s
Question #3367798
Please Be sure to describe or define probability, sample space, event, and possi
Question #2896585

Navigate

Previous
Please Cmment in a paragraph or two about the following passage? The Centers for
Next
Please Code in C language. III. Overview & Requirements: Many of us have large d