Shadow-NET is a light-weight background java application and is intended to be deployed on server and provide continuous monitoring of the network traffic. We built this project for our Undergraduate Final year project.
The core functionality of the system is to extract required information from the packets and check those credentials with provided Threat Intelligence feeds of TRIAM and log them into the database and provide visualization accordingly on the web interface. The feeds are updated on daily basis and contain around 90k malicious IP sources, 10k+ URLs and the same amount of Md5 hashes of malicious files and pages. They provide categorized data according to the types of attacks i.e, Probing, Malware, Web,SIP,Ssh, Db, Md5, Url etc.
The System is also capable of blocking an ip address on linux server, this can be done from the web interface shadownet-spring-boot
- Jnetpcap library to sniff the packets.
- MongoDB for storing packets for visualization and analysis purposes.
- Log4j for logging all the activities of the application.
- Latest Jnetpcap.
- MongoDB server installed
- You would have to place the libjnetpcap.so file in usr/lib directory.
- Once the project is imported as an Existing 'Maven Project' in an IDE, add External .jar files found in the Shadow-NET/lib directory.
- The rest of the dependencies are downloaded from Maven repositories which are mentioned in /pom.xml.
We have been able to reassemble HttpContent from the tcp segments, following screenshots show the side by side comparison of http reassembley from Shadow-NET and Wireshark:
- Spring MVC
- Thymeleaf
- Jquery
- Bootstrap
Check it out at: shadownet-spring-boot