Network Pipeline Scripts¶
Capture Agents¶
Here are the AntiNex Network Pipeline Capture Agents. These scripts allow for capturing traffic on a network device and flattening it into JSON dictionaries before publishing to the aggregation message broker. Please refer to the handle_packets
method for more details.
Warning
These tools will capture network traffic. Please be careful where you deploy them.
ARP¶
ICMP¶
TCP¶
-
network_pipeline.scripts.capture_ssh.
capture_tcp_packets_over_ssh
()[source]¶ Capture
TCP
packets over ssh and call thehandle_packets
methodChange the network interface by
export CAP_DEVICE=eth0
UDP¶
Publishers¶
These tools are designed to show how to save captured packet dictionaries to CSVs and how to publish them for live predictions using a pre-trained Deep Neural Network.
-
network_pipeline.scripts.packets_rabbitmq.
recv_msg
(body, message)[source]¶ Handler method - fires when a messages is consumed from the
FORWARD_QUEUE
queue running in theFORWARD_BROKER_URL
broker.Parameters: - body – message body
- message – message object can ack, requeue or reject
-
network_pipeline.scripts.packets_rabbitmq.
consume_network_packet_messages_from_rabbitmq
()[source]¶ Setup a
celery_connectors.KombuSubscriber
to consume meessages from theFORWARD_BROKER_URL
broker in theFORWARD_QUEUE
queue.
Test Tools¶
These will send mock traffic data to the targeted network device.
-
network_pipeline.scripts.base_capture.
example_capture
()[source]¶ An example capture script
Change the network interface by
export CAP_DEVICE=eth0
-
network_pipeline.scripts.arp_send_msg.
send_arp_msg
()[source]¶ Send an
ARP
message to the network device (enp0s3
by default).
-
network_pipeline.scripts.tcp_send_large_msg.
send_tcp_large_message
()[source]¶ Send a large
TCP
message to port 80 by default.
-
network_pipeline.scripts.tcp_send_msg.
send_tcp_message
()[source]¶ Send a
TCP
message to port 80 by default.
-
network_pipeline.scripts.udp_send_msg.
send_udp_message
()[source]¶ Send a
UDP
message to port 80 by default.Environment variables:
UDP_SEND_TO_HOST
- host ip addressUDP_SEND_TO_PORT
- send to this UDP port
-
network_pipeline.scripts.listen_tcp_port.
listen_on_tcp_port
()[source]¶ Run a simple server for processing messages over
TCP
.LISTEN_ON_HOST
- listen on this host ip addressLISTEN_ON_PORT
- listen on thisTCP
portLISTEN_SIZE
- listen on to packets of this sizeLISTEN_SLEEP
- sleep this number of seconds per loopLISTEN_SHUTDOWN_HOOK
- shutdown if file is found on disk
-
network_pipeline.scripts.listen_udp_port.
listen_on_udp_port
()[source]¶ Run a simple server for processing messages over
UDP
.UDP_LISTEN_ON_HOST
- listen on this host ip addressUDP_LISTEN_ON_PORT
- listen on thisUDP
portUDP_LISTEN_SIZE
- listen on to packets of this sizeUDP_LISTEN_SLEEP
- sleep this number of seconds per loopUDP_LISTEN_SHUTDOWN_HOOK
- shutdown if file is found on disk
-
network_pipeline.scripts.builders.prepare_dataset.
find_all_headers
(pipeline_files=[], label_rules=None)[source]¶ Parameters: - pipeline_files – files to process
- label_rules – labeling rules
-
network_pipeline.scripts.builders.prepare_dataset.
build_csv
(pipeline_files=[], fulldata_file=None, clean_file=None, post_proc_rules=None, label_rules=None, metadata_filename='metadata.json')[source]¶ Parameters: - pipeline_files – files to process
- fulldata_file – output all columns to this csv file
- clean_file – output all numeric-ready columns to this csv file
- post_proc_rules – rules after building the DataFrame
- label_rules – labeling rules
- metadata_filename – metadata