smb protocol stats for 2010 so far
gnuplotsql.py is a script I wrote to visualize the sqlite database in a useful way.
You can browse my statistics here while you use the script to create stats for your own database:
time ./gnuplotsql.py -d /opt/dionaea/var/dionaea/logsql.sqlite -p smbd -p epmapper -p mssqld -p httpd -p ftpd
Be aware, the script takes some time, in my case 25minutes for a 89MByte large database.
And, in fact, browsing the images you can identify things you may have missed before, for example this one:
There is a sudden rise in http connections, but the number of hosts accessing dioneaea's httpd does not really increase.
Looking at the traffic I saw this:
GET / HTTP/1.1 Host: 123.234.34.56 User-Agent: Mozilla/5.0 (ABE, http://noscript.net/abe/wan) Pragma: no-cache Cache-Control: no-cache
which is issued by my desktop, turns out, thats the side effect of a new NoScript feature.
2
Hi,
I got the follow error message when running “gnuplotsql.py” as the blog description:
[+] getting data for general overview
Traceback (most recent call last):
File "./gnuplotsql.py", line 400, in <module>
get_overview_data(cursor, "", options.tempfile)
File "./gnuplotsql.py", line 285, in get_overview_data
connection_timestamp DESC;""".format(protofilter))
sqlite3.OperationalError: no such column: connections.connection_timestamp
real 0m12.733s
user 0m0.068s
sys 0m3.204s
Would you help me to solve it?
Thx
3
run:
/opt/dionaea/bin/python3 import sqlite3 sqlite3.sqlite_version_info
and maybe even provide some details on your system.
I general I'd prefer if you'd use the ml instead of comments in the blog.
4
Sorry for misuse the blog comment, I will post the question to mailing list, Thx
[…] 2010:09:19:gnuplotsql [carnivore news] […]