farrokhi/fsipd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- CVS Logging

Browse Source 
- Update README
This commit is contained in:
Babak Farrokhi
2015-10-25 15:58:23 +03:30
parent 9d92166d72
commit e3ee2782b7
2 changed files with 34 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@ -2,8 +2,18 @@
fsipd - Fake SIP Daemon fsipd - Fake SIP Daemon
fsipd is a minimal SIP honeypot. It listens on TCP/UDP 5060 and logs all incoming SIP requests along with SRC/DST Source and Port in CSV format or syslog. fsipd is a minimal SIP honeypot. It listens on TCP/UDP 5060 and logs all incoming SIP requests along with SRC/DST Source and Port in CSV format.
NOTE: This program depends on [libpidutil](https://github.com/farrokhi/libpidutil) ## LOG Format
WARNING: This is a work in progress. Incoming packets are logged in CSV format in "fsipd.log". Log format is described below:
`epoch, protocol, src ip, src port, "message"`
example:
`1445775973,UDP,127.0.0.1,50751,"INVITE"`
## Dependencies
This program depends on [libpidutil](https://github.com/farrokhi/libpidutil)

28
fsipd.c
View File

@ -114,13 +114,27 @@ signal_handler(int sig)
} }
void void
process_request(const struct sockaddr_in *sa, char *str) process_request(const struct sockaddr_in *sa, int type, char *str)
{ {
/* TODO: change format to CSV */ char *s_types[] = {"TCP", "UDP", "RAW", "Unknown"};
char *ptype;
switch (type) {
case SOCK_STREAM:
ptype = s_types[0];
break;
case SOCK_DGRAM:
ptype = s_types[1];
break;
case SOCK_RAW:
ptype = s_types[2];
default:
ptype = s_types[3];;
}
chomp(str); chomp(str);
log_tsprintf(lfh, "sip: %s, sport: %d, payload: \"%s\"", log_printf(lfh, "%ld,%s,%s,%d,\"%s\"",
inet_ntoa(sa->sin_addr), ntohs(sa->sin_port), str); time(NULL), ptype, inet_ntoa(sa->sin_addr), ntohs(sa->sin_port), str);
} }
/* /*
@ -145,7 +159,7 @@ daemon_start()
err(EXIT_FAILURE, "Cannot open or create pidfile"); err(EXIT_FAILURE, "Cannot open or create pidfile");
} }
/* open a log file in current directory */ /* open a log file in current directory */
if ((lfh = log_open(NULL, 0644)) == NULL) { if ((lfh = log_open("fsipd.log", 0644)) == NULL) {
err(EXIT_FAILURE, "Cannot open log file"); err(EXIT_FAILURE, "Cannot open log file");
} }
/* setup TCP socket */ /* setup TCP socket */
@ -270,7 +284,7 @@ tcp_handler(void *args)
} }
bzero(str, sizeof(str));/* just in case */ bzero(str, sizeof(str));/* just in case */
fgets(str, sizeof(str), client); fgets(str, sizeof(str), client);
process_request(&t_other, str); process_request(&t_other, SOCK_STREAM, str);
fclose(client); fclose(client);
} }
return (args); /* mute the compiler warning */ return (args); /* mute the compiler warning */
@ -287,7 +301,7 @@ udp_handler(void *args)
sa_len = sizeof(u_other); sa_len = sizeof(u_other);
while (1) { while (1) {
if ((len = recvfrom(u_sockfd, str, sizeof(str), 0, (struct sockaddr *)&u_other, &sa_len)) > 0) { if ((len = recvfrom(u_sockfd, str, sizeof(str), 0, (struct sockaddr *)&u_other, &sa_len)) > 0) {
process_request(&u_other, str); process_request(&u_other, SOCK_DGRAM, str);
} }
} }