EyeSpy: C:/work/RevealedSystems/EyeSpy-RS/eyespy/src/objects/logic/entity/networkEntity.py Source File

00001 # Copyright (C) 2008-2009  Mark Hanegraaff
00002 #
00003 # This program is free software: you can redistribute it and/or modify
00004 # it under the terms of the GNU General Public License as published by
00005 # the Free Software Foundation, either version 3 of the License, or
00006 # (at your option) any later version.
00007 #
00008 # This program is distributed in the hope that it will be useful,
00009 # but WITHOUT ANY WARRANTY; without even the implied warranty of
00010 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00011 # GNU General Public License for more details.
00012 #
00013 # You should have received a copy of the GNU General Public License
00014 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
00015 
00016 
00017 
00018 import time
00019 from objects.logic.common.logger import logger
00020 
00021 ## An entity is a simple object containing various properties of an Endpoint or Peer (both terms)
00022 # are used throughout the documentation.
00023 class networkEntity():
00024     def __init__(self, selfIPAddress, decodedPacketDict, geoIPDatabase, xportTableDict):
00025         # all sorts of ill shit
00026         self.selfIPAddress = selfIPAddress
00027         
00028         
00029         if decodedPacketDict['sourceIP'] == self.selfIPAddress:
00030             self.foreignIPAddress = decodedPacketDict['destIP']
00031             self.foreignPort      = decodedPacketDict['destPort']
00032             self.selfPort         = decodedPacketDict['sourcePort']            
00033         else:
00034             self.foreignIPAddress = decodedPacketDict['sourceIP']
00035             
00036             self.foreignPort      = decodedPacketDict['sourcePort']
00037             self.selfPort         = decodedPacketDict['destPort']
00038         
00039         self.since                = time.time()
00040         self.lastUpdateTS         = time.time()
00041         self.totalBytes           = 0
00042         self.procID               = ""
00043         self.procName             = ""
00044         
00045         self.foreignLongitude     = 0.0
00046         self.foreignLatitude      = 0.0        
00047         self.foreignCity          = ""
00048         self.foreignStateProv     = ""
00049         self.foreignCountry       = ""
00050         self.foreignOrganization  = ""
00051         self.foreignISP           = ""
00052         
00053         self.Pid                  = "0"        
00054         self.processName          = "Unknown";
00055         
00056         self.resolveGeoData(geoIPDatabase)        
00057         
00058         # now get the PID and Process Name
00059         nodeInfo, processState = xportTableDict.getXportTableInfo(self.selfPort)
00060         
00061         if nodeInfo is not None:
00062             self.processName = nodeInfo["ProcessName"]
00063             self.Pid         = "%d" % nodeInfo["Pid"]
00064             
00065     
00066     def __str__(self):
00067         pass
00068     
00069     def __getitem__(self, key):
00070         
00071         if hasattr(self, key):
00072             return getattr(self, key)
00073         else:
00074             errString = ":There was an error getting retreiving [%s] key: Attribute does not exist" % (key)
00075             logger.log(__name__ + errString)
00076             return ""        
00077     
00078     ## Given a reference the Geo IP Database, this function will
00079     # resolve the Geographical details of itself
00080     # @param geoIPDatabase database object created by the entityManager class
00081     def resolveGeoData(self, geoIPDatabase):
00082         
00083         geoIPDatabase.find_by_addr(self.foreignIPAddress)
00084         
00085         try:
00086             self.foreignLatitude     = geoIPDatabase.latitude
00087             self.foreignLongitude    = geoIPDatabase.longitude
00088             self.foreignCity         = unicode(geoIPDatabase.city)
00089             self.foreignCountry      = geoIPDatabase.country_name      
00090             self.foreignOrganization  = unicode(geoIPDatabase.organization)
00091             self.foreignISP           = unicode(geoIPDatabase.isp)
00092         except Exception, ex:
00093             logger.log(__name__ + ": There was an exception extracting GEOIP information")
00094             logger.log(ex) 
00095         
00096         if self.foreignCity == "" or self.foreignCity == None:
00097             self.exactLocation = False
00098             self.foreignCity = "Unknown"
00099             
00100         else:
00101             self.exactLocation = True
00102             
00103         if self.foreignCountry == "" or self.foreignCountry == None:
00104             self.foreignCountry = "Unknown"
00105         
00106                         
00107     ## Computed some basic statistics (last update, total bytes)
00108     # @param decodedPacketDict Decoded Packet Dictionary
00109     def computeStatistics(self, decodedPacketDict):
00110         self.lastUpdateTS         = time.time()
00111         self.totalBytes          += decodedPacketDict['payloadSize']
00112         
00113         #print self.foreignIPAddress, " ", self.totalBytes
00114     
00115     
00116