Generate MUD Profiles using PCAP.
- LibPcap (install tcpdump)
Linux: ``apt-get install tcpdump''
OSX: readily available by default.
Windows: follow instructions at: https://nmap.org/npcap/- Maven
Follow instructions at: https://www.baeldung.com/install-maven-on-windows-linux-mac for installation.$ git clone https://github.com/ayyoob/mudgee.git
$ cd mudgee
$ mvn clean installA sample config file is provided in the target directory (i.e. /mudgee/src/main/resources/apps/mud_config.json). Before executing the tool, make sure to declare three parameters including "defaultGatewayConfig", "deviceConfig" and "pcapLocation".
$ java -jar target/mudgee-1.0.0-SNAPSHOT.jar target/mud_config.json After execution, this tool outputs the generated MUD profile into the results directory (i.e. /mudgee/result/)
This tool generates MUD profile of a device by analyzing its traffic trace.
A sample config file is provided in /mudgee/src/main/resources/apps/mud_config.json you need to specify three parameters in the config file: "defaultGatewayConfig" (MAC/IPv4/IPv6 addresses), "deviceConfig" (MAC address, name) and "pcapLocation" (file path and name).
"pcapLocation": "/Users/ayyoobhamza/Documents/mud/pcap/0024e42028c6.pcap"
Location/name of the traffic trace.
"deviceConfig":{ "device":"00:24:e4:20:28:c3", "deviceName": "augustdoorbellcam" }
"device": MAC address of the device that we aim to generate the MUD profile for. "deviceName": name that appears in the output MUD profile.
"defaultGatewayConfig": { "macAddress" : "14:cc:20:51:33:ea", "ipAddress": "192.168.1.1", "ipv6Address": "fe80:0:0:0:16cc:20ff:fe51:33ea" }
In order to capture communications between the device and servers on the Internet , our tool requires the default gateway details. Therefore, MAC address and IP addresses of the default gateway are needed to be declared in the config file.