© Chet Hosmer 2018
Chet HosmerDefending IoT Infrastructures with the Raspberry Pihttps://doi.org/10.1007/978-1-4842-3700-7_6

6. Adding Finishing Touches

Chet Hosmer1 
(1)
Longs, South Carolina, USA
 

As with most hardware solutions, they are never finished until they are no longer relevant. This chapter adds a couple of final touches to this version of the Pi sensor. As this book proceeds to print, I’m sure more changes, updates, and enhancements will continue. Not to worry, the updates and source code for the latest changes will be available via git-hub. Go to www.apress.com/9781484236994 .

Raspberry Pi Latest Version

On Pi Day 2018 (March 14, i.e., 3.14), the Raspberry Pi foundation announced the release of the Raspberry Pi 3 Model B+. According to the foundation, the new improvements allow the computer to sustain higher performance for longer periods of time (see Figure 6-1).
../images/448940_1_En_6_Chapter/448940_1_En_6_Fig1_HTML.jpg
Figure 6-1

Raspberry Pi 3 Model B+

The 3B+ upgrade offers a faster processor (200MHz increase in CPU clock frequency), better thermal management, three times the wired and wireless network throughput, and Gigabit Ethernet. These improvements add value to our sensor solution by delivering additional speed to process packets faster without overheating the Pi.

Adding a new rugged case with a built-in fan (see Figure 6-2) adds greater stability, sleekness, and cooling to the sensor.
../images/448940_1_En_6_Chapter/448940_1_En_6_Fig2_HTML.jpg
Figure 6-2

Raspberry Pi in ruggedized Smraza case

As of this writing, the multilayer Smraza case is available from Amazon, among other places. The case includes an on/off switch cable, a fan, and heat sinks.

Sensor Software Updates

Along with the new Raspberry Pi 3 Model B+, several important software updates were made to the sensor. They include NIC selection and MAC address filtering, as shown in Figure 6-3 and labeled A and B respectively.
../images/448940_1_En_6_Chapter/448940_1_En_6_Fig3_HTML.jpg
Figure 6-3

Sensor updates: (A) NIC selection; (B) MAC address filtering

(A) NIC Selection

Determining the available interfaces on the Raspberry Pi is quite straightforward. The directory /sys/class/net holds the names of the available interfaces. For our purposes, this allows us to provide a drop-down list of possible interfaces and most importantly allows the selection of the wireless interface in addition to the standard Ethernet port. As mentioned in the preceding, both interfaces have been significantly improved on the Raspberry Pi 3 Model B+.

To build a list and the GUI drop-down menu, see Listing 6-1.

try:
    nicList = os.listdir('/sys/class/net')
    nicList.sort()
    nicTuple = tuple(nicList)          
except:
    nicTuple= tuple(['eth0'])
self.ethPort['values'] = nicTuple
self.ethPort.current(0)
self.ethPort.grid(row=5, column=1, padx=5, pady=10, sticky="w")
Listing 6-1

Targeting Specific Devices to Monitor

Note, for example, if you select the wireless LAN (wlan0), you must first connect to the desired wireless network to monitor. On the Raspberry Pi you can select, connect, and log in to the desired wireless interface using the icon in the upper right corner (see Figure 6-4).
../images/448940_1_En_6_Chapter/448940_1_En_6_Fig4_HTML.jpg
Figure 6-4

Raspberry Pi wireless selection

(B) MAC Address Filtering

The second addition included in finishing touches is the ability to monitor, record, and activate the sensor to target specific MAC addresses. Within industrial control or compartmentalized IoT environments, it is quite common to closely monitor critical assets. This selection uses a list of MAC addresses supplied in a flat text file. Figures 6-5 and 6-6 demonstrate the selection of the MAC filter file and the check box that enables MAC filtering.
../images/448940_1_En_6_Chapter/448940_1_En_6_Fig5_HTML.jpg
Figure 6-5

Selection of the MAC filtering list

../images/448940_1_En_6_Chapter/448940_1_En_6_Fig6_HTML.jpg
Figure 6-6

Enabling the MAC filter

The MAC-LIST text file contains a simple list of MAC addresses, one per line, as shown in Figure 6-7.
../images/448940_1_En_6_Chapter/448940_1_En_6_Fig7_HTML.jpg
Figure 6-7

Sample MAC-LIST text file

You might be questioning why we chose to use a MAC address for filtering instead of the IP address. IP addresses for devices are dynamically assigned by DHCP unless they are statically defined. Therefore, using MAC addresses (which can be manipulated as well, but require targeted action to do so) provides better filtering options. When the sensor is operated, only packets with source or destination MAC addresses provided in the list will be recorded. This allows for easier analysis of the reports such as port usage and country, allowing you to verify the inbound and outbound traffic from specific devices.

The MAC address filtering is handled in just a few lines of code. First, we create a list of MACs to filter when a MAC filtering file is provided, and MAC filtering is enabled (see Listing 6-2).

self.fileSelection = tkFileDialog.askopenfilename(initialdir = "./",
     title = "Select Include MAC Address List File")
self.IncludeFile['text'] = self.fileSelection
    if self.fileSelection:
        self.macList = []
        self.macEnable = True
        with open(self.fileSelection) as ips:
            for eachLine in ips:
                self.macList.append(eachLine.strip())
    else:
        self.macEnable = False
Listing 6-2

Honoring User Filter Selections

This method provides easy filtering of MAC addresses during packet extraction (see Listing 6-3).

ethernetHeader=packet[0:ETH_LEN]
ethFields =struct.unpack("!6s6sH",ethernetHeader)
# Extract DST MAC, SRC MAC and Frame Type
self.dstMac = hexlify(ethFields[0]).upper()
self.srcMac = hexlify(ethFields[1]).upper()
# Check if MAC Filtering is on
if self.macFilterEnable and self.macFilterSet:
    if not (self.dstMac in self.macFilter) and
       not (self.srcMac in self.macFilter):
       # Filter this packet
       return
Listing 6-3

Filtering Out Other Device Packets

Summary

This chapter added some finishing touches to the Raspberry Pi sensor, specifically, the ability to monitor any network interface that is available on the Pi. This provides a wider view of activity on the network in question.

In addition, the capability to target specific MAC addresses detected during recording or sensor activation further refines the applications of the Pi sensor.

In Chapter 7, we will discuss future capabilities that are planned for the Pi sensor, and how you can participate in the project.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.139.81.58