1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
#!/usr/bin/env ruby
# -*- coding: binary -*-
# Usage:
# rvmsudo ruby examples/idsv2.rb
# Path setting slight of hand:
$: << File.expand_path("../../lib", __FILE__)
require 'packetfu'
iface = ARGV[0] || PacketFu::Utils.default_int
cap = PacketFu::Capture.new(:iface => iface, :start => true, :filter => "ip")
loop do
cap.stream.each do |pkt|
packet = PacketFu::Packet.parse(pkt)
if packet.payload =~ /^\x04\x01{50}/
p "#{Time.now}: %s slammed %s" % [packet.ip_saddr, packet.ip_daddr]
end
end
end
|
