Skip to content
/ AutoTCPDump-Discord Public

This is a Shell and Python script that captures network traffic on a given network interface that exceeds a max packet count threshold, stores it in a file, sends the capture data to a Discord channel, and terminates the capture after a certain number of packets have been captured.

License

MIT license
8 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ImAndromeda/AutoTCPDump-Discord

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

capture.sh

capture.sh

 
 

ddos_analyzer.py

ddos_analyzer.py

 
 

Repository files navigation

Packet Capture and DDoS Analyzer Script

This is a shell script that captures network traffic on a given network interface and stores it in a file. The script is designed to detect network attacks and analyze network traffic. It integrates with a Python script that processes the packet captures, detects potential DDoS attacks, and generates iptables rules to block the malicious traffic. For the script to run successfully, tcpdump should be installed on your Linux machine along with the necessary Python packages.

Please note, this project is Beta and may include bugs/issues.

For any problem, please create an issue

Requirements

  • Python 3.x
  • tcpdump
  • scikit-learn
  • scapy

Installation

  1. Install the required Python packages: pip install scikit-learn scapy

  2. Install tcpdump:

On Debian/Ubuntu:

sudo apt-get install tcpdump

On CentOS/RHEL:

sudo yum install tcpdump

Usage

  1. Copy the script to a Linux machine.
  2. Edit the configurable parameters at the beginning of the script to match your needs.
  3. Run the script with sudo or as root.

sudo ./capture.sh

Configuration

The following configurable parameters can be edited at the beginning of the script:

  • interface: The network interface to capture traffic on.
  • dumpdir: The directory to store the captured packet files.
  • max_packets: The maximum number of packets to capture before stopping.
  • attack_threshold: The threshold for detecting a network attack. If the number of packets per second exceeds this threshold, the script will capture packets.
  • capture_duration: The duration of the packet capture in seconds.
  • webhook_url: The URL of the Discord webhook to send messages and packet captures to. This should ideally be moved to a configuration file for security purposes.

Customization

The script can be customized in various ways:

  • Change the interface parameter to capture traffic on a different network interface.
  • Modify the dumpdir parameter to store captured packet files in a different directory.
  • Adjust the max_packets and capture_duration parameters to capture more or less traffic.
  • Modify the attack_threshold parameter to detect attacks with a different packet rate threshold.
  • Customize the log() function to send notifications to different channels or services.
  • Extend the script by adding more functionalities, like deeper packet analysis or integration with other security tools.

About

This is a Shell and Python script that captures network traffic on a given network interface that exceeds a max packet count threshold, stores it in a file, sends the capture data to a Discord channel, and terminates the capture after a certain number of packets have been captured.

Topics

linux shell security pcap networking python3 tcpdump tcpdump-capture firewall-rules

Resources

Readme

License

MIT license
Activity

Stars

8 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 3

Version 1.3.0 Latest
Dec 12, 2023
+ 2 releases

Packages

No packages published

Languages