Implements trigger alert for TCP flows with no data exchanged

Implements #2801
2026-05-03 09:20:10 +00:00 · 2021-03-30 15:59:27 +02:00 · 2021-03-30 15:59:27 +02:00 · 1cd7c288e2
commit 1cd7c288e2
parent 6f29186743
13 changed files with 260 additions and 1 deletions
--- a/scripts/plugins/alerts/network/tcp_no_data_exchanged/locales/en.lua
+++ b/scripts/plugins/alerts/network/tcp_no_data_exchanged/locales/en.lua
@ -0,0 +1,13 @@
+--
+-- (C) 2020 - ntop.org
+--
+
+return {
+   tcp_no_data_exchanged_description = "Trigger an alert when a flow TCP end and no data were exchanged",
+   tcp_no_data_exchanged_title = "No Data Exchanged",
+
+-- ####################### Alert strings
+
+   alert_tcp_no_data_exchanged_title = "No Data Exchanged",
+   alert_tcp_no_data_exchanged_description = "TCP Flow Ended and no Data were Exchanged",
+}
--- a/scripts/plugins/alerts/network/tcp_no_data_exchanged/locales/it.lua
+++ b/scripts/plugins/alerts/network/tcp_no_data_exchanged/locales/it.lua
@ -0,0 +1,19 @@
+--
+-- (C) 2020 - ntop.org
+--
+
+return {
+   zero_tcp_window_description = "Emette un allarme quando la TCP window di un flusso ha dimensione zero",
+   zero_tcp_window_title = "TCP Window Zero",
+
+-- ####################### Status strings
+
+   status_zero_tcp_window_description     = "La TCP window è zero",
+   status_zero_tcp_window_description_c2s = "La TCP window del client è zero",
+   status_zero_tcp_window_description_s2c = "La TCP window del server è zero",
+
+-- ####################### Alert strings
+
+   alert_zero_tcp_window_title = "TCP Window Zero",
+   alert_zero_tcp_window_description = "La TCP Window è Zero",
+}
--- a/scripts/plugins/alerts/network/tcp_no_data_exchanged/manifest.lua
+++ b/scripts/plugins/alerts/network/tcp_no_data_exchanged/manifest.lua
@ -0,0 +1,10 @@
+--
+-- (C) 2020 - ntop.org
+--
+
+return {
+  title = "No Data Exchanged check",
+  description = "Detects if no data were exchanged in a flow TCP, if it is triggers an alert",
+  author = "ntop",
+  dependencies = {},
+}
--- a/scripts/plugins/alerts/network/tcp_no_data_exchanged/user_scripts/flow/tcp_no_data_exchanged.lua
+++ b/scripts/plugins/alerts/network/tcp_no_data_exchanged/user_scripts/flow/tcp_no_data_exchanged.lua
@ -0,0 +1,39 @@
+--
+-- (C) 2020 - ntop.org
+--
+
+local alerts_api = require("alerts_api")
+local alert_severities = require "alert_severities"
+local user_scripts = require("user_scripts")
+local alert_consts = require("alert_consts")
+
+local script
+
+-- #################################################################
+
+script = {
+  packet_interface_only = true,
+  
+  -- Script category
+  category = user_scripts.script_categories.network,
+
+  -- NB atm working only for packet interfaces
+  packet_interface_only = true,
+  l4_proto = "tcp",
+
+  -- This script is only for alerts generation
+  is_alert = true,
+
+  default_value = {
+   severity = alert_severities.warning,
+  },
+  
+  gui = {
+    i18n_title        = "tcp_no_data_exchanged.tcp_no_data_exchanged_title",
+    i18n_description  = "tcp_no_data_exchanged.tcp_no_data_exchanged_description",
+  }
+}
+
+-- #################################################################
+
+return script