1. Luis C Avatar Luis C
  2. Untitled project
  3. aiengine

Wiki

Clone wiki

aiengine / TorNetworkRuby

View History

IP activity

On this example we will see how IPSets and IPBloomSets works, we will try to detect Tor activity on the network by providing a list of IP addresses to the engine, but now in Ruby language.

require './ruaiengine'
Define a callback function for the set. 
def callback_ipset(flow)
  printf "Detecting Tor activity on %s", flow.srcip 
end
We use a external list of Tor IPs from https://www.dan.me.uk/torlist/ and we load them into a IPSetManager object 
def load_tor_address
  ip = IPSet.new("Some IPSet")

  f = File.new("torips.dat","r")
  while (line = f.gets)
    ip.add_ip_address(line.chop)
    ip.callback = method(:callback_ipset)
  end

  ipmng = IPSetManager.new()
  ipmng.add_ip_set(ip)
  return ipmng
end
On the main thread, create a Lan stack object and a PacketDispatcher. 
s = StackLan.new
pd = PacketDispatcher.new
pd.stack = s
configure the number of flows to process 
s.total_udp_flows = 500000
Attach the IPSetManager to the current stack 
s.tcpip_set_manager = load_tor_address()
Open the network device and run the engine 
pd.open("ens7")
begin
    pd.run()
rescue
    print "Stop capturing packets"
end

pd.close()

Updated