patronus_fati 0.9.15 → 0.9.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2aed771fd8ea32a335bb2617db0563b193d0323a
-  data.tar.gz: 00d0a88b17c2213665f75cc3a8f43656e14810a8
+  metadata.gz: 540a4de3ee3c1a9ff1c056d7677ed1ca6bf780e0
+  data.tar.gz: 924fafdee1e19b35334d354877169471159d300e
 SHA512:
-  metadata.gz: 28e8425775f048d551d5cc38260d7504c9411fe8e16ae60e48251848b596413bebd2e4a7630f3f012633433d82fe127e7c2d98cd334dfdf8e3f6da46ca0fb011
-  data.tar.gz: 178f7ad0ddeb1a15d58f94dce3b22f44a17980f474fec2f2a6023126681aadd088e99714d933e58316e5527cfea6dde6aba1084b5eaa71b16ec2e7cca387f1a9
+  metadata.gz: fc85c22017ccd669d0a3c3c509e1cf075491627fe2fb6d87a16570481330f9ec2922b8e6e0e18ed90f662a6bf14926d8294e44bc98f0a4324091b61870b3edcd
+  data.tar.gz: c1da545bc293ba08ea3406a15db3df7202a720eb1ccaf8c09844e1dc8f027ca88c518c7325e0f819ee3b0b76cc47b97409a600b1a00533799697e83f33b9128d

data/lib/patronus_fati/message_processor/client.rb

@@ -5,9 +5,11 @@ module PatronusFati::MessageProcessor::Client
     # We don't care about objects that would have expired already...
     return if obj[:lasttime] < PatronusFati::DataModels::Client.current_expiration_threshold
 
+    # obj[:mac] is the client's MAC address
+    # obj[:bssid] is the AP's MAC address
     unless obj[:bssid].nil? || obj[:bssid].empty? || obj[:bssid] == obj[:mac]
-      return unless (ap = PatronusFati::DataModels::AccessPoint.first(bssid: obj[:bssid]))
-      ap.seen!
+      ap = PatronusFati::DataModels::AccessPoint.first(bssid: obj[:bssid])
+      ap.seen! if ap
     end
 
     # Some messages from kismet come in corrupted with partial MACs. We care
@@ -19,6 +21,14 @@ module PatronusFati::MessageProcessor::Client
     # These potentially represent wired assets leaking through the WiFi and
     # devices not following the 802.11 spec.
     if %w( unknown from_ds ).include?(obj[:type]) || obj[:mac].nil?
+      # We only care about these assets if the packet is actually coming from
+      # an access point. If it's not coming from an access point than it is
+      # most likely it is a wired client leaking through.
+      #
+      # It is possible but unlikely and unusual that we just haven't seen this
+      # AP yet. Not recording it now will just delay the 'seeing' of the client
+      # a little bit.
+      return unless ap
       client = PatronusFati::DataModels::Client.first({bssid: obj[:mac]})
     else
       client = PatronusFati::DataModels::Client.first_or_create({bssid: obj[:mac]}, client_info)
@@ -34,13 +44,6 @@ module PatronusFati::MessageProcessor::Client
       if (conn = PatronusFati::DataModels::Connection.connected.first(client: client, access_point: ap))
         conn.seen!
       else
-        average =  (obj[:datapackets] == 0 ? 0 : obj[:datasize] / obj[:datapackets])
-
-        # Create a connection only if it meets our thresholding logic below
-        return unless !(obj[:gatewayip].nil? || obj[:ip].nil?) ||
-          (average >= 156 && obj[:datapackets] > 10) ||
-          (average >= 110 && obj[:datapackets] > 50)
-
         PatronusFati::DataModels::Connection.create(client: client, access_point: ap)
       end
     end

data/lib/patronus_fati/version.rb

@@ -1,3 +1,3 @@
 module PatronusFati
-  VERSION = '0.9.15'
+  VERSION = '0.9.16'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: patronus_fati
 version: !ruby/object:Gem::Version
-  version: 0.9.15
+  version: 0.9.16
 platform: ruby
 authors:
 - Sam Stelfox
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-29 00:00:00.000000000 Z
+date: 2016-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dm-constraints
@@ -371,7 +371,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: A ruby implementation of the Kismet client protocol.