so the following are my current codes, i want to ask how to print the output like if detected a packet that contains of "tcp.flags==0x000" will print out its attack A , packet with "tcp.flags==0x029" is attack B. Thanks.
P.S. output2.txt is the IP address of the sender of the packet that contains either "tcp.flags==0x000" or "tcp.flags==0x029"
import sys
import os
import time
import subprocess
b='sudo tshark -i ens33 -Y "tcp contains tcp.flags==0x000 || tcp.flags==0X029" -T fields -e ip.src -a duration:30>output2.txt'
a=os.popen(b)
time.sleep(32)
with open('output2.txt','r') as f:
ip_not_found = True
for line in f:
ip_not_found = False
print "Captured and blocked attacker's IP address {IP}".format(IP=line)
ips.append(line)
if ip_not_found:
print 'no ip address was found'
subprocess.call(['./iptables.sh'])
f.close()
Aucun commentaire:
Enregistrer un commentaire