In [1]:
import logging
import json
from datetime import datetime
from scapy.all import *

In [2]:

# Configure logging
logging.basicConfig(filename='intrusion_detection.log', level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')

# Evidence storage file path
evidence_file = 'evidence.json'

# Initialize evidence list1

evidence_data = []

def analyze_packet(packet):
    try:
        if IP in packet and TCP in packet:
            src_ip = packet[IP].src
            dst_ip = packet[IP].dst
            src_port = packet[TCP].sport
            dst_port = packet[TCP].dport

            logging.info(f"TCP Packet - Source: {src_ip}:{src_port} --> Destination: {dst_ip}:{dst_port}")

            # Example: Detect suspicious activity (e.g., connection to port 22)
            if dst_port == 22:
                logging.warning(f"Suspicious TCP connection to port 22 from {src_ip}")
                add_evidence(src_ip, dst_ip, src_port, dst_port)

    except IndexError:
        logging.error("Packet format not supported or missing necessary layers.")

def add_evidence(src_ip, dst_ip, src_port, dst_port):
    evidence_entry = {
        'source_ip': src_ip,
        'destination_ip': dst_ip,
        'source_port': src_port,
        'destination_port': dst_port,
        'timestamp': str(datetime.now())
    }
    evidence_data.append(evidence_entry)

def save_evidence():
    with open(evidence_file, 'w') as f:
        json.dump(evidence_data, f, indent=4)
    print(f"Evidence saved to '{evidence_file}'.")

def capture_packets():
    try:
        print("Starting packet capture... Press Ctrl+C to stop.")
        sniff(prn=analyze_packet, store=0)
    except KeyboardInterrupt:
        print("Packet capture stopped.")
        save_evidence()  # Save evidence to file on exit

def display_logs():
    try:
        with open('intrusion_detection.log', 'r') as log_file:
            logs = log_file.read()
            print(logs)
    except FileNotFoundError:
        print("Log file not found.")

def main_menu():
    while True:
        print("\n=== Network Intrusion System ===")
        print("1. Start Packet Capture")
        print("2. Display Logs")
        print("3. Exit")

        choice = input("Enter your choice: ")

        if choice == '1':
            capture_packets()
        elif choice == '2':
            display_logs()
        elif choice == '3':
            save_evidence()  # Save evidence before exiting
            print("Exiting...")
            break
        else:
            print("Invalid choice. Please try again.")

if __name__ == "__main__":
    main_menu()



=== Network Intrusion System ===
1. Start Packet Capture
2. Display Logs
3. Exit


Enter your choice:  1


Starting packet capture... Press Ctrl+C to stop.

=== Network Intrusion System ===
1. Start Packet Capture
2. Display Logs
3. Exit


Enter your choice:  2


2024-05-06 15:10:55,129 - INFO - TCP Packet - Source: 192.168.10.105:59831 --> Destination: 142.250.183.174:443
2024-05-06 15:10:55,187 - INFO - TCP Packet - Source: 192.168.10.105:59831 --> Destination: 142.250.183.174:443
2024-05-06 15:10:55,187 - INFO - TCP Packet - Source: 192.168.10.105:59831 --> Destination: 142.250.183.174:443
2024-05-06 15:10:55,187 - INFO - TCP Packet - Source: 142.250.183.174:443 --> Destination: 192.168.10.105:59831
2024-05-06 15:10:55,235 - INFO - TCP Packet - Source: 142.250.183.174:443 --> Destination: 192.168.10.105:59831
2024-05-06 15:10:55,236 - INFO - TCP Packet - Source: 142.250.183.174:443 --> Destination: 192.168.10.105:59831
2024-05-06 15:10:55,236 - INFO - TCP Packet - Source: 142.250.183.174:443 --> Destination: 192.168.10.105:59831
2024-05-06 15:10:55,238 - INFO - TCP Packet - Source: 142.250.183.174:443 --> Destination: 192.168.10.105:59831
2024-05-06 15:10:55,238 - INFO - TCP Packet - Source: 142.250.183.174:443 --> Destination: 192.168.10.10

Enter your choice:  3


Evidence saved to 'evidence.json'.
Exiting...
