old topic, there are many apps like this out there that do not need google maps. there is open streetmaps to name a common alternative. And python most of this app could have been done using plain javascript.
I had a look at the python code and it looks very like a beginner programmer Sorry..
old topic:
-> I don't agree
there are many apps like this out there that do not need google maps:
-> please provide the links
there is open streetmaps to name a common alternative:
-> the Linux variant of my tool uses folium which is built on top of leaflet.js which is the same technology behind OpenStreetMap
-> the current Windows variant can be easily ported to folium (the Linux variant can be used as a reference)
most of this app could have been done using plain javascript:
-> maybe,...or C++, C#, etc.
code looks very like a beginner programmer Sorry..:
-> don't need to be sorry about that, CodeProject allows also beginners to share their projects
vote of 1:
-> sorry, with all of the above I cannot take your vote seriously
-> besides, in your profile you don't have own references to prove that you are actually better in none of the topics you mention
Another note, since I'm at it; your "IDS" is monolithic, and while that may be ok to "play around" it can't be adapted or scaled, also, nowadays most/all LANs are behind a NAT which also acts as a Firewall/Router, so your program will only "see" the traffic which is already INSIDE the LAN, and then if the LAN is segmented and/or uses VLANs and so on, it's difficult, if not impossible, to "see everything"
A better idea imVHo would be splitting the program in three components, a "sensor" which collects the live network data from its "tap point", an "aggregator" which receives the data from the sensors, processes them and stores the processed infos and finally a "console" which fetches the processed data and visualizes it as desired
Let me try a simple example, let's say we have a setup like this
Internet --- DSL modem --- NAT/Router/Firewall --- Switch --- Our LAN
now, let's say we configure a mirror port on the switch and plug a "sensor" (as seen above) there, we'll now be able to see all traffic passing through the switch, be it local or toward an external host, but now let's modify the setup this way
Internet --- DSL modem --- Switch --- NAT/Router/Firewall --- Switch --- Our LAN
that is adding another switch between the "modem" and the "NAT", not let's say we put another "sensor" there, in such a case we'll be able to see ALL the traffic, even the one which gets filtered by the firewall; also, imagine having a number of other switches inside the network and let's say that we also have VLANs, adding further "sensors" to the appropriate tap points would allow us to see ALL the traffic
By the way, at this point the "aggregator" should also have the ability to correlate the traffic, so if a given stream of data is seen (in the example above) both on the external and internal "sensors" the aggregator should be able to recognize it and correlate the "two streams" as a single one ...
Please be aware that this tool was originally aimed for the "standard Windows user"...I was myself one, and often faced attacks of all sorts...in that context the tool helped me solve lots of problems and fulfilled its goal.
But you are right, I also thought about all kind of scenarios where this (or a similar) tool could be useful...just by creating the Linux variant I entered a new terrain...Linux users usually have other concerns and use-cases....for now I just "ported" the original software to Linux and hope that it can be useful in that context as well (without modifications for now).
In future, I may not put the "own" computer on the "center" of the logic. I may even address more sophisticated scenarios...but to be honest, I have not the background for that...e.g., in order for the software to scale up to larger traffic I shall first check / find performance bottle-necks and use new data-structures / techniques (you find some notes in my TODO.txt file).
Thanks again for your comments!
5 start from me.
But I have some problems to build it correctly. In Visual Studio code I get it running. But I only see connections but no nodes.
What version of tshark do you use?
Is it possible to get an exe file?
strange, connections without nodes can only be the result of filtering (e.g. Show general -> nodes = unchecked).
have you checked?:
https://github.com/ClarkFieseln/IPRadar2/blob/master/pyshark/config.ini
check also point 6) here (there you see the version I was using back then, it was 3.2.3):
https://github.com/ClarkFieseln/IPRadar2/blob/master/READ_ME.txt
note you may need to run the application as admin. Set RUN_AS_ADMIN to 1 here:
https://github.com/ClarkFieseln/IPRadar2/blob/master/dist/config.ini
Regarding the .exe file check my comment furhter below:
https://www.codeproject.com/Messages/5725222/Re-Wheres-the-beef
Hi,
thx for the fast reply.
I have debuggt some code at the weekend.
I have 3 network cars. One private net and one for WAN and one is a tap from OpenVPN.
In the config.ini I have set the INTERFACE to my WAN connection. In processor.py in line 460 "self.local = socket.gethostbyname(self.localHost)" return the IP from the OpenVPN interface.
if I change the self.local Ip to my WAN IP then I only get connetions but no nodes.
But in the console I get many new connections "Found NEW connected IP"
You change self.local Ip to your WAN IP, then you only get connections but no nodes.
I think that might be the problem. Why do you do that by hand / hardcoded?
Each of the intefaces will have a different local IP. Don't mix this up.
Enter ipconfig on a console and check the local IP of the corresponding interfaces.
IPRadar2 will get the right local IP automatically.
What have you set PUBLIC_IP to ?
I have tried LAN and WLAN on my PC in different combinations (active, inactive) with different settings in config.ini and I could not reproduce your problem.
I assume for some reason you have hard-coded the local IP of the "wrong" card. Although it may also have something to do with openVPN (?)
Please check that. Make tests e.g. with WLAN and LAN.
Hi,
I have installed all tools on my laptop and don´t change any code. I directly make the exe with pyinstaller and do not make point 10 in README.txt.
Unfortunately I have the same strange problem. I see connections but no nodes.
This time the Local Ip is the right one .....the public ip is also right.
I don´t know what I make wrong.
But I have some questions:
1. What Python Version do you use? I think it´s 3.7 because of READ_ME.txt pont 3 and 7
2. Which pyinstaller version do you have used?
3. Which pyshark version do you have used? Itßs not mentioned in the READ_ME.txt or requirements.txt
4. Why do you have listet dataclasses==0.8 in requirements.txt? It´s part of Python 3.7. So I can´t install it with 3.7. And the highest Version that I could install is 0.6. But it seems that it is only mandatory for Python versions prior 3.7.
Ok....I have it working now. After debugging the code I have seen that the "sniffingThread" was not alive.
The fault was mine. Now I understand that the config.ini in the "pyshark" folder must be copied to the "installation_path\Python36\Lib\site-packages\pyshark\" folder or the config.ini in the folder must be adjusted. As a noob, I would have thought that it would simply be read. You should probably include the step in the Read_Me.txt.
Hi 15783861,
first: sorry, I am not working on this project since 2 years and I have really no time at the moment to go deep into details.
You solved the problem already, so that is the most important thing.
Regarding versions:
- I provided back then all infos I was aware of (I used Pyhton 3.7)
- I also worked later with Python 3.9 and it worked as well. Probably I adapted some dependencies, but that is fine / normal.
If you have experience with Python you will realize that you kind'a need to get used to solve dependencies in different contexts. Yes I know, that hurts sometimes, but that's life. I highly recommend you using virtual environments!
It will not help (I don't recommend) sticking to some specific configuration to solve problems. You shall yourself find out how to deal with such things to make things work (what you have already done).
I will update the readme file to mention that the config.ini of pyshark needs to be adapted if the installation path is different. I think that was your problem further above.
I will also update other things if required, but again, think that that is only a "photograph"...and you will have again to adapt dependencies some time later.
Mostly I could cope with it very well up to now.
I have just checked and in one installation I have right now I use pyinstaller 4.3. That works.
Sorry, I can really not help anymore for the moment.
Hi there,
I finally found some time to go back to this project.
There were indeed things that needed corrections.
I hope the updated code will help you solve some of the issues that you pointed out.
In this case I tested everything with PyCharm, Python 3.9 and Win11 (further details in requirements.txt).
Some changes are very general and will sure help also in other configurations.
Good luck!
the tool was only tested on Win10, so yes.
Don't know though what you mean with "client".
You probably need to check your settings: e.g. check READ_ME.txt here: Downloads: IP Radar 2[^]
Hi big efforts and nice tool and ideas to adopt but tell me, does it monitor only the box where it will run or can it monitor a network, domain, range of IPs or single IP that is not the IP of the box where it is running? Thanks again for your efforts
- if your network card can run in "promiscuous mode" (you probably need especial HW) then you can monitor "everything" happening in your local network.
- The tool has been designed to focus on a machine (yours) being the "center of the world", but for sure, you can still see traffic going to other IPs. You can then filter the things you are interested in.
- I actually see other computers in my network talking to each other or sending broadcast packets.
- remember you have also the possibility to load network capture files (*.pcapng *.pcap *.cap) generated with tshark or wireshark. Therefore, you can play with all possibilities there and then visualize the results with this tool. In addition, you could set up config.ini correspondingly.
I hope this helps. Thank you for your comment!
Both Wireless LAN (WLAN) and Ethernet LAN are supported.
Make sure you have "installed" WiresharkPortable to the right folder (and also Npcap as admin) as described here:
https://www.codeproject.com/script/Articles/ViewDownloads.aspx?aid=5269206
-> dist/WiresharkPortable/todo.txt
* To test which interfaces you have you can open WiresharkPortable directly, there you get an overview.
Alternatively, you can type "tshark -D" in a command window.
If you don't see your interface listed then you probably have a problem with the installation.
* To specify your "default" interface in config.ini proceed as described here:
https://www.codeproject.com/script/Articles/ViewDownloads.aspx?aid=5269206
-> config.ini -> see comment for parameter INTERFACE
Last Visit: 31-Dec-99 18:00 Last Update: 16-Sep-24 11:55