pynids
Description
pynids is a python wrapper for libnids, a Network Intrusion Detection System library offering sniffing, IP defragmentation, TCP stream reassembly and TCP port scan detection. Let your own python routines examine (or kill) network conversations.
This release is an update to Michael Pomraning's 0.5 release. The bundled libnids library has been updated from 1.19 to 1.21 and support for tweaking checksum functionality has been added. Control over the libnids checksum mechanism is needed for systems with modern NICs that employ TCP checksum offloading.
Thanks to Evan Cooke for providing the chksum_ctl function wrapper:
chksum_ctl(...)
chksum_ctl([(addr1, True), (addr2, False)], ...) -> None
takes as arguments an list of tuples where a tuple should have the
following format:
(Source address in CIDR format, Boolean whether to apply checksum)
e.g. ("192.168.1.10/24", True)
Internal checksumming functions will first check elements of this
list one by one, and if the source ip of the current packet
matches the source address and mask of a tuple then the packet with either
be checksummed if the apply boolean is set to True, or not checksummed if
the boolean is set to False. If the packet matches none of the list
elements, the default action is to perform checksumming.
An example usage which disables checksumming for all addresses:
...
nids.param("scan_num_hosts", 0) # disable portscan detection
nids.chksum_ctl([('0.0.0.0/0', False)]) # disable checksumming
nids.init()
...
Download
- pynids-0.5a.tar.gz - released May 4th, 2007
Links
Copyright
Unless stated otherwise, all material on this site is available under a Creative Commons Share-Alike license. Layout design compliments of Wouter Bolsterlee.