JESS: Help using IDS

I’m going to prepare my last project of study in computer ingeenering (program of IDS : intrusion detection system) by java language and i found some difficulties in one stage
Here i’m going to explain to you my problem :
I capture one packet on the network by java, and for the acceptation of this packet i used Jess (Java expert system shell)  for putting filtring rules on this packet (analysis packet)
The capturing code by java is :
 

import java.net.InetAddress;

import jpcap.packet.Packet;

import jess.*;

import  jpcap.packet.*;

public class Filter_TCP_Pkt {

     

      Packet packet;

      TCPPacket tcpPacket;

     

      Console console = new Console();

      private String dataPacket;

     

      public void filter_tcp_pkt(){

     

            Capture capture = new Capture();

      try{

            if (packet instanceof TCPPacket) {

              tcpPacket = (TCPPacket) packet;

              byte[] data = tcpPacket.data;

             

              dataPacket = new String(data, "ISO-8859-1");

             

              console.print("\t Adr IP Source: "+

              " (" + "<"+tcpPacket.src_ip+">" +

              ")Adr IP Distination:"+"<"+tcpPacket.dst_ip+">"+"\n" );

   

           console.print("\t[Paquet TCP] - Port source : " +

                  String.valueOf(tcpPacket.src_port) +

                  " (" + //tcpPacket +

                  ") Destination port : " +

                  String.valueOf(tcpPacket.dst_port) +

                  " (" + //tcpPacket.dst_ip +

                  ")\n\tSequence Number : " +

                  String.valueOf(tcpPacket.sequence) +

                  "\n\tAcknowledgment Number : " +

                  String.valueOf(tcpPacket.ack_num) +

                  "\n\tHeader Length : " +

                  String.valueOf(tcpPacket.header.length));

                  // Flags

                  if (tcpPacket.urg)

                    console.println("\n\tURG[0x" + Integer.toHexString(tcpPacket.urgent_pointer) + "]");

                  if (tcpPacket.ack)

                    console.println("\n\tACK[0x" + Long.toHexString(tcpPacket.ack_num) + "]");

                  if (tcpPacket.psh)

                    console.println("\n\tPSH");

                  if (tcpPacket.rst)

                    console.println("\n\tRST");

                  if (tcpPacket.syn)

                    console.println("\n\tSYN[0x" + Long.toHexString(tcpPacket.sec) + "]");

                  if (tcpPacket.fin)

                    console.println("\n\tFIN");

                  console.println("\tData : " + dataPacket);

                 

                                         

            }

  console.println("");

}catch (Exception e) {

  e.printStackTrace();

}

 

  }

// l’execution du fichier jess qui contient les règles de filtrage

      try{ 

              Rete rete = new Rete();

              rete.store("tcpPacket",TcpPacket);

          rete.executeCommand("(batch C:/Users/Hacene/Desktop/Projet_Fin_Etu/Analyser_tcp_pkt.clp)");

              rete.executeCommand("(reset)");

              rete.executeCommand("(run)");

      }

      catch(JessException jess){

            jess.printStackTrace();

      }    

}    

 
My question is , how to make those rules by Jess on the same packet captured by java (TCP, UDP ;ICMP,…..)

So, the problem wich i found are :

When i capte (intrcepte ) a packet on the port 80 or 21 java didn’t show me a message (found HTTP packet ) althought i tried by  this code

 

(deftemplate TcpPacket

    (declare (from-class jpcap.packet.TCPPacket)

                 (include-variables TRUE)))

 

 

(defrule is-port-80

    (TcpPacket (dst_port 80))

    =>

    (printout t "Found an HTTP packet!" crlf))

 

but no way.

 (ie : jess don’t  return  the message to java to show it to me ).

 

And i have another problem that my Jess is Expired, Help me because i am in horribole situation

 
Finally , thanks a lot for your help

 

---

Vous voulez savoir ce que vous pouvez faire avec le nouveau Windows Live ? Lancez-vous !