Skip to content
forked from SailWISP/striptz

TZSP Decapsulator for use with Intrusion Detection System

License

Notifications You must be signed in to change notification settings

mtdoughty/striptz

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 

Repository files navigation

In order to use striptz you first need to set up a dummy interface. Currnetly the interface needs to be named eth1. Future revistions will parse config file for setting. If the interface needs to be changed edit the interface paramater of the sniff function.

ip link add eth1 type dummy

ip link set eth1 promisc on

ip link set eth1 up

Next you will need to configure the Mikrotik router to stream sniffed data. The example Configurations are just basics needed to make the system work. Further configurations should be made for

/tool sniffer set streaming-enabled=yes

/tool sniffer set streaming-server=<IP_OR_HOSTNAME_OF_SNORT_SERVER>

/tool sniffer set filter-stream=yes

/tool sniffer start

Start striptz.py

./path_to/striptz.py start

Start snort with -i eth1 tag. (example)

snort -d -h <CIDR_NOTATION_OF_SUBNETS_TO_MONITOR> -l /var/log/snort/ -c /etc/snort/snort.conf -i eth1 -A console

About

TZSP Decapsulator for use with Intrusion Detection System

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%