-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathTODO.txt
249 lines (213 loc) · 7.59 KB
/
TODO.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
###########################
# improvement:
# adapt code to fulfill PEP 8
###########################
###########################
# improvement:
# replace print() with logging.info(), logging.warning() and logging.error() as it corresponds
###########################
###########################
# new feature:
# show other connection states, in addition to ESTABLISHED:
# states: LISTEN, SYN-SENT, SYN-RECEIVED, ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK,
TIME-WAIT, and the fictional state CLOSED
# RFC 739: https://datatracker.ietf.org/doc/html/rfc793
###########################
###########################
# improvement:
# use rx_kB and tx_kB instead of rx and tx in nodes
###########################
#######################
# improvement:
# add IPv6 support?
# for now just deactivate IPv6 on your network interface.
#######################
##################
# new feature:
# show current connections that are:
# waiting/listening also with a symbol on the side towards corresponding IP
##################
###########################
# new feature:
# add an "interface" between running Javascript and IPRadar2
# in order to have a smooth update of infos on the browser..
# e.g. INTERACTIVE MAP (as we did in old IPRadar):
# * select line and show infos (RX, TX bytes, timestampt).. Labels in Google Maps
# * show nr. of packets/bytes and date of each connection in title
# * select on GUI after selection on maps
# * etc.
##################
###########################
# new feature: ********** IMP ******************
# QUIT-Function: popup needs to be quit every time a BAD guy is detected
# we force the attention of the user and take the chance to decide:
# - add to blacklist?
# - add rule? -> range X -> Y
###########################
###########################
# new feature: ********** IMP ******************
# start NetworkTrafficView automatically on start -> option (# note: for checking NW connections e.g. avira-VPN - strange names of servers...)
# add a button to start it only once..one instance only..check first...
# NOTE: long period of CPU at 12% due to this tool !!!
###########################
###########################
# new feature: ********** IMP ******************
# search in IPs - or SORT - use Table ***************
#
# IMPLEMENT like this: use combo-box from Ping -> make sortable...and when selected -> select in list (similar to selection when clicking killed process...)
#
###########################
###########################
# workaround for antivirus: hosts without owner name!
# new category of audit based on Network Name: XXX as indicated by whilte-list for networks...
# e.g.: Network Name: M247-LAS-VEGAS
###########################
###########################
# new feature: ********** IMP ******************
# WARNING: if kiddy behind Telekom-Deutschland then complete Telekom blocked!!!
# - when range blocked need USER CONFIRMATION first !!!!!!!!!!!!!
# but dont block anything...just buffer...use different thread????
# WARNING: not yet clear if EMPTY owners really bad, we may block GOOD important things...
# bocking rule of a RANGE of IPs, extracted from infos obtained with Whosip
###########################
#########################################
# general:
# clean up code:
# check TODOs
# rename functions and variables
# remove obsolete code
# check consistent use of mutexes
# etc.
# implement logging levels
# use a nice icon
# add ToolTips
# check again memory leak when using playsound() -> windows bug!
# implement live capture on/off
#######################
# some BUGs:
# USE_DOUBLE_BUFFER
# ...
#######################
#######################
# new feature:
# handle broadcast, multicast and other protocols in a proper manner
# locals, multicast, broadcast, etc.:
# 10.0.0.0 - 10.255.255.255
# 127.0.0.0 - 127.255.255.255
# 169.254.0.0 - 169.254.255.255
# 172.16.0.0 - 172.31.255.255
# 192.168.0.0 - 192.168.255.255
# 224.0.0.0 - 239.255.255.255
#######################
#######################
# new feature:
# replace list of nodes in GUI with a sortable table
#######################
###########################
# code cleaning:
# remove deprecated counters for failed-past, resol-past
# on GUI (hidden below): statusHostsRequested, statusHostsFailed, statusHostsFailedOld, statusHostsResolvedOld
###########################
###########################
# new feature:
# bocking rule of a RANGE of IPs, extracted from infos obtained with Whosip
###########################
###########################
# check/remove workaround in processor.py
# why do we need to check against sanitized_ip?
###########################
###########################
# new feature:
# out to console & file simultaneously
# > pipe ? script ?
# fork stdout and stderr both to file and to shell ?
###########################
###########################
# improvement:
# replace lists with dicts
# to avoid for [] + for [] every time..
###########################
###########################
# new feature:
# create Option to use Google API KEY
# but from File !
###########################
###########################
# new feature:
# set Labels for known IPs manually
# and then store in file
###########################
###########################
# new feature:
# set/unset BAD directly on browser (manually)
###########################
###########################
# new feature:
# when blocking consider also a time-window ?
# network protocol, port number, etc. ?
###########################
###########################
# improvement / BUG correction:
# activation / deactivation of add-blocking-rule-to-firewall
# e.g. not only adding rule when host resolved, but also later if re-enabled, etc.
###########################
###########################
# new feature:
# PORTS SCANNER e.g. on suspicious nodes
# what for? which ports?
###########################
########################
# improvement:
# killed-IPs get lost when reading log_DATE.pcapng alone...
# the information killed=True is in the corresponding report_DATE.txt, it can be parsed from there..
# ..or store infos somwhere else? e.g. in a killed.txt/npy file?
########################
##################
# BUG correction:
# why and when do "we" write None in lat, lon? default? Geo-calculation?
##################
##################
# improvement:
# try to RUN_AS_ADMIN and still:
# - be able to debug
# - reuse current App (dont start a new instance)
# - dont duplicate background threads of both apps..
##################
##################
# improvement:
# add IPs detected with netstat which are NOT in node_dict...e.g. connections established "before" running IPRadar2
##################
##################
# new feature:
# integrate pynids?
# https://pypi.org/project/pynids/
# wrapper for libnids, a Network Intrusion Detection System library offering sniffing, IP defragmentation, TCP stream reassembly and TCP port scan detection
##################
##################
# new feature:
# show TRACERT results on map (as we did in the old IPRadar)
##################
####################
''' new features:
Use this tool in combination with one or more of these tools (interfaces available?):
Wireshark
ipscan
cports
NetworkMiner
NetworkTrafficView
DNSQuerySniffer
HTTPNetworkSniffer
MicrosoftMessageAnalyzer
MicrosoftNetworkMonitor
TcpLogView
syswranalyzer
ipnetinfo (DONE)
DomainHostView
NetRouteView
ostinate - similar to cports?
whois - (does not work)
WifiChannelMonitor - (does not work? Antivirus blocks it)
WifiInfoView (shows available infos of WLANs in neighborhood)
RawCap
'''
#####################