isc.main
Class DNA_sensor

java.lang.Object
  isc.main.DNA_sensor

public class DNA_sensor
extends java.lang.Object

DNA is an open, flexible, portable and extensible deep network analyzer and software architecture for gathering and analyzing network packets, network sessions and applications protocols passively off enterprise class networks. DNA can be used for Internet Security, Intrustion detection, Network Management, Protocol and Network Analysis, Information Gathering, Network Monitoring.

DNA runs as a distrubuted application under a Java Virtual Machine (JVM) environment and is portable accross many OS environments, including: Network appliances, Switches and Routers. DNA is currently configured to run on Linux, see Application Architecture at DNA Home Page

Hightlights include:

• Extensible Java based network sensor (processing layers 2-7)
• Configurable processing and output: stateless IPFlows like CISCO netflow or stateful protocol sessions (client/server flow pairs)
• Configurable and extensible application layer 7 protocol element parsing.
• Application layer 7 parsing toolkit and APIs allows layer 7 parsers to be easily developed and extended
• Targeting based full session capture, like a realtime targeted TCPDump. Flexible targeting from IPAddr, Port tuple to Application sensitive targeting.
• Configurable and extensible output to (file, DB, stream, JMS, etc)
• Handles both symetric and asymetric traffic flows
• Realtime collection through IPTables (promiscuous patch) and extensible to other types of realtime collection like routers and switches
• File based processing and Live Network Capture though JNI Java PCAP library.
• Support Linux & Win32
• Easily adaptable to other packet gathering environments, like specialized linux drivers mechanism on switches and routers.

DNA_sensor is the main server daemon.
Currently configured to support analysis from pcap files and iptables/ip_queue linux module in iptables (promiscuous patch) mode.
See Netfilter and libpcap.

Author:

John Casey
Project: DNA_sensor - Aug 12, 2005

Field Summary

(package private) static java.lang.Object	admin Administration Object
(package private) static org.apache.log4j.Logger	log log4j object
protected static java.lang.String	PROP_ADMIN_CLASS Property for naming class
protected static java.lang.String	PROP_NAME Property name of this sesnor
(package private) static AppProperties	props Applicatin Properties
(package private) static java.lang.String	serverName The name of this server

Constructor Summary

DNA_sensor()

Method Summary

static int	listDev()
static void	main(java.lang.String[] args) main entry point DNA_sensor process
static void	printError(IPQHandle ipqh) Print out IPQ Erros
static void	printHelp() Print out process help message with command line arguments
static int	processDevice(java.lang.String dname) Analyze packets from a pcap network device.
static int	processFile(java.lang.String fname) Analyze packets from a pcap file.
static int	processIPTQueue() Analyze packets from iptables/ip_queue modules.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

admin

static java.lang.Object admin

Administration Object

props

static AppProperties props

Applicatin Properties

PROP_ADMIN_CLASS

protected static final java.lang.String PROP_ADMIN_CLASS

Property for naming class

See Also:

Constant Field Values

PROP_NAME

protected static final java.lang.String PROP_NAME

Property name of this sesnor

See Also:

Constant Field Values

log

static org.apache.log4j.Logger log

log4j object

serverName

static java.lang.String serverName

The name of this server

Constructor Detail

DNA_sensor

public DNA_sensor()

Method Detail

printError

public static void printError(IPQHandle ipqh)

Print out IPQ Erros

Parameters:

ipqh - The IPQ header

processDevice

public static int processDevice(java.lang.String dname)

Analyze packets from a pcap network device.

Parameters:

fname -

Returns:

exit return code 0 = success.

processFile

public static int processFile(java.lang.String fname)

Analyze packets from a pcap file.

Parameters:

fname -

Returns:

exit return code 0 = success.

processIPTQueue

public static int processIPTQueue()

Analyze packets from iptables/ip_queue modules. For use with iptables promiscous patch.

Returns:

exit return code.

listDev

public static int listDev()
                   throws java.lang.Exception

Throws:

java.lang.Exception

printHelp

public static void printHelp()

Print out process help message with command line arguments

main

public static final void main(java.lang.String[] args)

main entry point DNA_sensor process

Parameters:

args - process args