Introduction

ruby-libnids is a Ruby binding for libnids library written in C programming language.

Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection.

libnids homepage: http://libnids.sourceforge.net

Homepage

http://ruby-libnids.rubyforge.org

Requirements

Ruby (Tested on 1.8.x)
libnids (Tested on 1.21)

Synopsis


require 'libnids' 

$l = 0 

def callback(opts = nil, ss = nil) 
   return unless opts 

   case opts["nids_state"] 
      when NIDS::STATE_JUST_EST 
         str = String.new
         str += "[NEW CONNECTION] #{opts['saddress']}:#{opts['sport']} --> "
         str += "#{opts[ 'daddress']}:#{opts['dport']}" 

      when NIDS::STATE_DATA 
         str = String.new
         str += "[DATA] #{opts['saddress']}:#{opts['sport']} --> "
         str += "#{opts['daddress' ]}:#{opts['dport']} " 
         str += "[SEND: #{opts['server_data_len']}] [RECV: #{opts['client_data_len']}]" 

         puts str

      when NIDS::STATE_CLOSE, NIDS::STATE_RESET 
         str = String.new
         str += "[CLOSE] #{opts['saddress']}:#{opts['sport']} --> "
         str += "#{opts['daddress ']}:#{opts['dport']}" 

   end 
end
$l = NIDS::Sniffer.new 
$l.register_tcp(self, :callback) 
$l.run 

Source

http://rubyforge.org/projects/ruby-libnids/ (Release)
http://ruby-libnids.rubyforge.org/testing/ (Testing versions)

Subversion

svn checkout svn://rubyforge.org/var/svn/ruby-libnids

Compile

If ruby supports dynamic link of extension module on your OS, following commands will install ruby-libnids:

ruby extconf.rb
make
make install

Usage

See the documentation under the directory 'doc'.
Directory 'examples' contains some simple scripts.

Bug Reports

Abhisek Datta <abhisek[at]rubyforge[dot]org>

Contributors

Marshall Beddoe <mbeddoe[at]gmail[dot]com> [developer]
Sumit Datta <sumitdatta[at]gmail[dot]com> [website]

License

You can redistribute it and/or modify it under the terms of the LGPL (GNU LESSER GENERAL PUBLIC LICENSE). See COPYING file about LGPL. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. See the LGPL for more details.