nzymedefense / nzyme Goto Github PK

View Code? Open in Web Editor NEW

1.3K 54.0 147.0 63.75 MB

Network Defense System.

Home Page: https://www.nzyme.org/

License: Other

Java 50.90% Shell 0.01% Python 0.16% C++ 0.09% FreeMarker 10.92% JavaScript 28.38% CSS 0.97% HTML 0.19% Rust 8.37%

wifi security detection ethernet ids ndr network response visibility wireless

nzyme's People

Contributors

Stargazers

Watchers

Forkers

tim1512 rvaughan minkione y0d4a aln7 tr3x85 deepeshalways chunchila cneskey wanjarus jiubadao mauchiyuyo puppycodes buysse t03cuta dpsarrou terry2012 christianhito ahmetyukselmis drclean sp1ke77 awesome-security rockystevejobs yeyintminthuhtut hewa6254 johnjohnsp1 m41doror patrickvanreck 0patch sh1nu11bi adolfaka ansell artur21 raghu999 tmaxter ognz stibish 5up3rc aurorafang ekingg heikipikker poruchikrj molotof kirito70 rabitw badfish5150 lidebin thisisfalcon w00t3k alimp5 goffinet paralax haroldnistlered neo4reo m4rkh0r brandonkovacs apegetinfo toads sshimko benhe119 sketchybinary dizhaung databill86 vaginessa leandroald7 ma5onic 5l1v3r1 xiangshengsaber ykankaya macdaliot hopelesspoet hartl3y94 ericdelasecu chaoscalm sinsixx natblida68 peterg75 andrewbeard christiankiller h4xl0r dukat-gul goranoberg fxcebx gubbelgobbel olivierh59500 vodkanaut mathieubrun old-code-archive rajivraj 0xfh optionalg takianfif kawael offensive-wireless justinfreitag honsa damnjeyy airbone42 faisal-w mlynchcogent

nzyme's Issues

MAC timestamp is not parsed on Linux

Include WiFi interface in GELF messages

Read BS Timestamp to detect evil twin APs

Automate release process

Use ~~travis~~ CircleCI to upload to GitHub releases or something like Bintray.

Not really a bug or anything but the documentation uses the ALFA AWUS036ACH as one of its examples. I bought that one off of amazon and it doesn't seem to support monitor mode anymore (or I'm doing something horribly wrong, always possible). Just wanted to bring that up. Great project.

Check if assoc-req SSID extraction works on Linux

Allow to configure where to store pcap files locally

Allow HTTPs for REST API

Allow to start without GELF target

Sometimes you want to run this without sending logs to Graylog. Especially when developing without a second NIC.

Describe how to run without root permissions

sudo setcap cap_net_raw,cap_net_admin=eip /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/python2.7

Test auth frames with WEP

Support for other Logging providers

It would be great to be able to point to http://logz.io whether via rsyslog, logstash or other "out of the box".

Read in PCAP files

It would be very useful to input PCAP files from other sources or previous sessions to perform analysis with this tool.

Read channel and frequency from RadioTap header

Get rid of the channel switch logic stuff and read the channel and frequency from the received frame's RadioTpa header instead.

Integrate Codecov

https://github.com/codecov/example-java-maven

Detect WEP networks

Detect WEP networks by looking at beacon and probe-resp frames. Those frames should include that information. (Open System / Shared Key capabilities?)

Allow to have one nzyme instance listen on multiple interface

Adapt the channels config to supply interface names.

Make BeaconFrameHandler use extracted SSID extraction logic

Request for clarifications in README

For those not familiar with Graylog, it would be helpful to have a brief description about creating a GELF input when discussing the graylog_addresses configuration option. While not for the current version, this page helped me understand what I needed to do http://docs.graylog.org/en/2.1/pages/getting_started/config_input.html

The README does not show to run java with sudo. If I try to start it as documented on Ubuntu, nzyme fails to start when setting up the PCAP handle. Do you recommend setting capabilities on the java executable so that sudo is not required?

When running on Ubuntu, I had to disable NetworkManager, or create an entry for my wireless network interface in /etc/network/interfaces which prevents NetworkManager from managing the device. Otherwise NetworkManager would interfere with the device and prevent any frames from being captured. Also, I had to make sure that the interface was up or the capture wouldn't start.

This is an amazing 0.1 release and your Derbycon presentation was fantastic. Thank you for yet another contribution to the Open Source world.

Error running jar

Hello,

I would like to extend nzyme to capture more package information. Therefore I built a jar-file with mvn package and executed it (without modifying any code). Unfortunately, when executing the jar, I cannot connect to my graylog instance (error message below).

Running the deb package works fine though.
You know what's wrong?


10:51:06.888 [gelfTcpTransport-1-1] INFO  org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
10:51:07.948 [gelfTcpTransport-1-1] ERROR org.graylog2.gelfclient.transport.GelfTcpTransport - Exception caught
java.io.IOException: Connection reset by peer
	at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[?:1.8.0_171]
	at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) ~[?:1.8.0_171]
	at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) ~[?:1.8.0_171]
	at sun.nio.ch.IOUtil.read(IOUtil.java:192) ~[?:1.8.0_171]
	at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) ~[?:1.8.0_171]
	at io.netty.buffer.UnpooledUnsafeDirectByteBuf.setBytes(UnpooledUnsafeDirectByteBuf.java:447) ~[nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:881) ~[nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:242) ~[nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119) [nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) [nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468) [nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382) [nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) [nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111) [nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137) [nzyme-0.2-SNAPSHOT.jar:?]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
10:51:07.960 [gelfTcpTransport-1-1] ERROR org.graylog2.gelfclient.encoder.GelfMessageJsonEncoder - JSON encoding error
java.io.IOException: Connection reset by peer
	at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[?:1.8.0_171]
	at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) ~[?:1.8.0_171]
	at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) ~[?:1.8.0_171]
	at sun.nio.ch.IOUtil.read(IOUtil.java:192) ~[?:1.8.0_171]
	at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) ~[?:1.8.0_171]
	at io.netty.buffer.UnpooledUnsafeDirectByteBuf.setBytes(UnpooledUnsafeDirectByteBuf.java:447) ~[nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:881) ~[nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:242) ~[nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119) [nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) [nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468) [nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382) [nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) [nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111) [nzyme-0.2-SNAPSHOT.jar:?]
	at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137) [nzyme-0.2-SNAPSHOT.jar:?]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]

Remove startup log about where logs are stored

This is not 100% clear because of the Log4j config. Especially confusing with new DEB packages that log into /var/log.

HELP Nzyme Failed to Start

Extract SSID from assoc-req

Extract the SSID from assoc-req frames. Wireshark filter is wlan.fc.type_subtype == 0x0000.

Support all relevant management frame types

Parked for more noisy environment:

Re-association request
Re-association response

Fix disassoc and deauth reason detection on non-OSX systems

The disassoc and deauth reason is not properly extracted on, for example, Linux.

Have a periodical that checks all machines for rogue tcpdump processes

Run every 15min? Check with ps aux | grep tcpdump | grep nzyme or something.

Lock frame processing during channel hop

Lock frame processing during a channel hop to avoid race conditions when using getCurrentChannel().

New CLI parameter to start in DEBUG or TRACE mode

Describe Python installation and dependencies

sudo apt install python-pip
pip install scapy
configure python= in nzyme.conf
v3 vs v2.7

Do not include underscores in Notifications

This is GELF specific and should be added in GraylogUplink

Add LICENSE and file headers

Allow to send notifications to multiple Graylog servers

GelfTcpTransport - Channel disconnected!

I'm running Nzyme on Ubuntu I'm using Atheros ar9271 as my WiFi adapter. I configured my wifi interface "channel_hop_command = sudo /sbin/iwconfig wlan0mon channel 14" Wlan0mon is my WiFi interface.
Nzyme is active and running but the channel is disconnecting. Please HELP

$ sudo systemctl status nzyme
● nzyme.service - Nzyme
Loaded: loaded (/usr/lib/systemd/system/nzyme.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2018-11-18 22:22:32 IST; 3s ago
Docs: https://github.com/lennartkoopmann/nzyme
Main PID: 8279 (nzyme)
Tasks: 19 (limit: 4915)
CGroup: /system.slice/nzyme.service
├─8279 /bin/sh /usr/share/nzyme/bin/nzyme
└─8280 /usr/bin/java -jar -Dlog4j.configurationFile=file:///etc/nzyme/log4j2-debian.xml /usr/share/nzyme/nzyme.jar -c /etc/nzyme/nzyme.conf

Nov 18 22:22:32 richard-Inspiron-560s systemd[1]: Started Nzyme.

tail -f /var/log/nzyme/nzyme.log
22:22:35.211 [periodicals-0] INFO horse.wtf.nzyme.periodicals.versioncheck.VersioncheckThread - Starting to check for most recent Nzyme version.
22:22:35.890 [main] INFO horse.wtf.nzyme.Nzyme - Building PCAP handle on interface [wlan0mon]
22:22:35.943 [main] INFO horse.wtf.nzyme.Nzyme - PCAP handle for [wlan0mon] acquired. Cycling through channels <1,2,3,4,5,6,7,8,9,10,11,12,13,14>.
22:22:35.949 [nzyme-loop-0] INFO horse.wtf.nzyme.Nzyme - Commencing 802.11 frame processing on [wlan0mon] ... (⌐■_■)–︻╦╤─ – – pew pew
22:22:37.392 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:37.670 [periodicals-0] INFO horse.wtf.nzyme.periodicals.Periodical - Periodical [Versionchecks] finished in <2458 ms>.
22:22:38.844 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:40.194 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:41.649 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:43.105 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:44.563 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:46.017 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:47.474 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:48.832 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:50.287 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:51.746 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:53.204 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:54.451 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:55.909 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:57.367 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:22:58.822 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:00.277 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:01.733 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:03.189 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:04.650 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:06.105 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:07.569 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:08.913 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:10.373 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:11.830 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:13.285 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:14.741 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:16.197 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:17.653 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:18.901 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:20.357 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:21.817 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:23.273 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:24.625 [gelfTcpTransport-1-1] ERROR org.graylog2.gelfclient.transport.GelfTcpTransport - Exception caught
java.io.IOException: Connection reset by peer
at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[?:1.8.0_181]
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) ~[?:1.8.0_181]
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) ~[?:1.8.0_181]
at sun.nio.ch.IOUtil.read(IOUtil.java:192) ~[?:1.8.0_181]
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) ~[?:1.8.0_181]
at io.netty.buffer.UnpooledUnsafeDirectByteBuf.setBytes(UnpooledUnsafeDirectByteBuf.java:447) ~[nzyme-0.2.1.jar:?]
at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:881) ~[nzyme-0.2.1.jar:?]
at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:242) ~[nzyme-0.2.1.jar:?]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119) [nzyme-0.2.1.jar:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) [nzyme-0.2.1.jar:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468) [nzyme-0.2.1.jar:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382) [nzyme-0.2.1.jar:?]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) [nzyme-0.2.1.jar:?]
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111) [nzyme-0.2.1.jar:?]
at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137) [nzyme-0.2.1.jar:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
22:23:24.634 [gelfTcpTransport-1-1] ERROR org.graylog2.gelfclient.encoder.GelfMessageJsonEncoder - JSON encoding error
java.io.IOException: Connection reset by peer
at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[?:1.8.0_181]
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) ~[?:1.8.0_181]
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) ~[?:1.8.0_181]
at sun.nio.ch.IOUtil.read(IOUtil.java:192) ~[?:1.8.0_181]
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) ~[?:1.8.0_181]
at io.netty.buffer.UnpooledUnsafeDirectByteBuf.setBytes(UnpooledUnsafeDirectByteBuf.java:447) ~[nzyme-0.2.1.jar:?]
at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:881) ~[nzyme-0.2.1.jar:?]
at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:242) ~[nzyme-0.2.1.jar:?]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119) [nzyme-0.2.1.jar:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) [nzyme-0.2.1.jar:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468) [nzyme-0.2.1.jar:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382) [nzyme-0.2.1.jar:?]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) [nzyme-0.2.1.jar:?]
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111) [nzyme-0.2.1.jar:?]
at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137) [nzyme-0.2.1.jar:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
22:23:24.635 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:26.081 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:27.537 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:28.893 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:30.348 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:31.804 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:33.261 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!
22:23:34.160 [statistics-0] INFO horse.wtf.nzyme.Main -
+++++ Statistics: +++++
Total frames considered: 773 (0 malformed), beacon: 757, probe-resp: 3, probe-req: 13
Frames per channel: 1: 773
Malformed Frames per channel:
Probing devices: 1 (last 60s)
Access points: 1 (last 60s)
Beaconing networks: 1 (last 60s)
22:23:34.716 [gelfTcpTransport-1-1] INFO org.graylog2.gelfclient.transport.GelfTcpTransport - Channel disconnected!

Write some tests 😂

😂 😂 😂

Write a GitHub repo description

Run tests on Travis-CI

Describe script copying mechanism in README

Describe how we are copying python scripts from the resources to a path where we can execute it and which parameters influence where it is stored.

Implement sophisticated metrics

Dot11 Frame Parsers
Uplinks
Received / Sent frames

Allow to define SSH credentials

Allow to configure path to key and a username to use.

Allow to set a private key passphrase

Add "Testing on Ubuntu" to README

sudo vim /etc/NetworkManager/NetworkManager.conf

[keyfile]
unmanaged-devices=mac:00:c0:ca:95:68:56

sudo /etc/init.d/network-manager restart

Build a content pack

Graylog webserver error

so i setted up everything as you had described using a alfa AWUS036H wifi adapter my gray log is receiving messages from the gelf tcp input but when i veiw the messages it gives me this error : Loading field information failed with status: cannot get http://127.0.0.1:9000/api/system/fields (500) kindly help i am new to using graylog looked for solutions and i haven't find one could you kindly guide me on how you really configured your graylog webserver plus the lookup tables should i follow every single step from the documentation?

License check maven task

Show percentage of malformed frames in statistics

Allow to define tcpdump path on host system

Extract FrameHandler logic into parsers for easier testing

ALFA AWUS036ACH throws error when Nzyme starts.

When trying to use the ALFA AWUS036ACH on a Raspberry Pi 3 B with Nzyme I am getting errors.
I am opening an issue because README states that this device has been proven with Nzyme.

The RaspberryPI did not recognize the AWUS036ACH on initial plugin of so I found a post on raspberrypi forums where someone had a made a wifi driver tool found here: https://www.raspberrypi.org/forums/viewtopic.php?p=1210087#p1210087

Here is the error that was generated by Nzyme:

13:50:49.030 [main] INFO horse.wtf.nzyme.Nzyme - Building PCAP handle on interface [wlx00c0ca964d63]
13:50:49.075 [main] ERROR horse.wtf.nzyme.Main - Boot error.
horse.wtf.nzyme.NzymeInitializationException: Could not build PCAP handle.
at horse.wtf.nzyme.NzymeImpl.(NzymeImpl.java:128) ~[nzyme-0.2-SNAPSHOT.jar:?]
at horse.wtf.nzyme.Main.main(Main.java:100) [nzyme-0.2-SNAPSHOT.jar:?]
Caused by: org.pcap4j.core.PcapNativeException: wlx00c0ca964d63: SIOCGIWPRIV: Argument list too long
at org.pcap4j.core.PcapHandle.(PcapHandle.java:166) ~[nzyme-0.2-SNAPSHOT.jar:?]
at org.pcap4j.core.PcapHandle.(PcapHandle.java:47) ~[nzyme-0.2-SNAPSHOT.jar:?]
at org.pcap4j.core.PcapHandle$Builder.build(PcapHandle.java:1671) ~[nzyme-0.2-SNAPSHOT.jar:?]
at horse.wtf.nzyme.NzymeImpl.(NzymeImpl.java:122) ~[nzyme-0.2-SNAPSHOT.jar:?]
... 1 more
13:50:49.091 [shutdown-hook] INFO horse.wtf.nzyme.Main - Shutting down.

I have Nzyme successfully running with a ALFA AWUS036NH (also listed in README) but this device is only 2.4 ghz (README states that it is 2.4/5ghz that is wrong) and I want to include 5ghz which is why the ALFA AWUS036ACH.

Build DEB packages

Write README

How to rename interface on Raspberry

pi@parabola:~ $ ifconfig
eth0      Link encap:Ethernet  HWaddr b8:27:eb:0f:0e:d4  
          inet addr:172.16.0.136  Bcast:172.16.0.255  Mask:255.255.255.0
          inet6 addr: fe80::8966:2353:4688:c9a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1327 errors:0 dropped:22 overruns:0 frame:0
          TX packets:1118 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:290630 (283.8 KiB)  TX bytes:233228 (227.7 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:304 errors:0 dropped:0 overruns:0 frame:0
          TX packets:304 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:24552 (23.9 KiB)  TX bytes:24552 (23.9 KiB)

wlan0     Link encap:Ethernet  HWaddr b8:27:eb:5a:5b:81  
          inet6 addr: fe80::77be:fb8a:ad75:cca9/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

zt0       Link encap:Ethernet  HWaddr 66:78:18:42:62:39  
          inet addr:10.243.255.212  Bcast:10.243.255.255  Mask:255.255.0.0
          inet6 addr: fe80::6478:18ff:fe42:6239/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:2800  Metric:1
          RX packets:685 errors:0 dropped:0 overruns:0 frame:0
          TX packets:488 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:60458 (59.0 KiB)  TX bytes:101160 (98.7 KiB)

sudo vim /lib/udev/rules.d/75-persistent-net-generator.rules
# device name whitelist
KERNEL!="wlan*|ath*|msh*|ra*|sta*|ctc*|lcs*|hsi*", \
                                        GOTO="persistent_net_generator_end"

# add wlan*

reboot

sudo vim /etc/udev/rules.d/70-persistent-net.rules
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="b8:27:eb:5a:5b:81", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan0"

# change NAME