« Return to Thread: JESS: Help using multislot form from-class template
Re: JESS: Help using IDS
by Wolfgang Laun-2
::
Rate this Message:
-W
I’m going to prepare my last project of study in computer ingeenering (program of IDS : intrusion detection system) by java language and i found some difficulties in one stage
Here i’m going to explain to you my problem :
I capture one packet on the network by java, and for the acceptation of this packet i used Jess (Java expert system shell) for putting filtring rules on this packet (analysis packet)
The capturing code by java is :
import java.net.InetAddress;
import jpcap.packet.Packet;
import jess.*;
import jpcap.packet.*;
public class Filter_TCP_Pkt {
Packet packet;
TCPPacket tcpPacket;
Console console = new Console();
private String dataPacket;
public void filter_tcp_pkt(){
Capture capture = new Capture();
try{
if (packet instanceof TCPPacket) {
tcpPacket = (TCPPacket) packet;
byte[] data = tcpPacket.data;
dataPacket = new String(data, "ISO-8859-1");
console.print("\t Adr IP Source: "+
" (" + "<"+tcpPacket.src_ip+">" +
")Adr IP Distination:"+"<"+tcpPacket.dst_ip+">"+"\n" );
console.print("\t[Paquet TCP] - Port source : " +
String.valueOf(tcpPacket.src_port) +
" (" + //tcpPacket +
") Destination port : " +
String.valueOf(tcpPacket.dst_port) +
" (" + //tcpPacket.dst_ip +
")\n\tSequence Number : " +
String.valueOf(tcpPacket.sequence) +
"\n\tAcknowledgment Number : " +
String.valueOf(tcpPacket.ack_num) +
"\n\tHeader Length : " +
String.valueOf(tcpPacket.header.length));
// Flags
if (tcpPacket.urg)
console.println("\n\tURG[0x" + Integer.toHexString(tcpPacket.urgent_pointer) + "]");
if (tcpPacket.ack)
console.println("\n\tACK[0x" + Long.toHexString(tcpPacket.ack_num) + "]");
if (tcpPacket.psh)
console.println("\n\tPSH");
if (tcpPacket.rst)
console.println("\n\tRST");
if (tcpPacket.syn)
console.println("\n\tSYN[0x" + Long.toHexString(tcpPacket.sec) + "]");
if (tcpPacket.fin)
console.println("\n\tFIN");
console.println("\tData : " + dataPacket);
}
console.println("");
}catch (Exception e) {
e.printStackTrace();
}
}
// l’execution du fichier jess qui contient les règles de filtrage
try{
Rete rete = new Rete();
rete.store("tcpPacket",TcpPacket);
rete.executeCommand("(batch C:/Users/Hacene/Desktop/Projet_Fin_Etu/Analyser_tcp_pkt.clp)");
rete.executeCommand("(reset)");
rete.executeCommand("(run)");
}
catch(JessException jess){
jess.printStackTrace();
}
}
My question is , how to make those rules by Jess on the same packet captured by java (TCP, UDP ;ICMP,…..)
So, the problem wich i found are :
When i capte (intrcepte ) a packet on the port 80 or 21 java didn’t show me a message (found HTTP packet ) althought i tried by this code
(deftemplate TcpPacket
(declare (from-class jpcap.packet.TCPPacket)
(include-variables TRUE)))
(defrule is-port-80
(TcpPacket (dst_port 80))
=>
(printout t "Found an HTTP packet!" crlf))
but no way
.
(ie : jess don’t return the message to java to show it to me ).
And i have another problem that my Jess is Expired, Help me because i am in horribole situation
Finally , thanks a lot for your help
Vous voulez savoir ce que vous pouvez faire avec le nouveau Windows Live ? Lancez-vous !
« Return to Thread: JESS: Help using multislot form from-class template
| Free embeddable forum powered by Nabble | Forum Help |
