#63 ip_ports table enhancements(issue #25)

Merged
carlos.garcia merged 10 commits from stefan.schmidt/port_services into SPIN/master 6 years ago

This adds more information about ports to the ip_ports table. This includes:

  1. The protocol of the port(UDP or TCP), as suggested in issue #25.
  2. The service of the port(extracted from nmap-services-tcp.csv).
This adds more information about ports to the ip_ports table. This includes: 1. The protocol of the port(UDP or TCP), as suggested in issue #25. 2. The service of the port(extracted from nmap-services-tcp.csv).
Carlos Garcia commented 6 years ago
Owner

The change looks good. There is however a problem with the way you search for the nmap-services file in the resources folder. Currently, you assume that the folder where ID2T is has the name "ID2T-toolkit". This is not a general case. Please adapt the code so that the current directory of the executable is used instead. You can look at this for inspiration: https://github.com/gpakosz/whereami

The change looks good. There is however a problem with the way you search for the nmap-services file in the resources folder. Currently, you assume that the folder where ID2T is has the name "ID2T-toolkit". This is not a general case. Please adapt the code so that the current directory of the executable is used instead. You can look at this for inspiration: https://github.com/gpakosz/whereami
Stefano Acquaviti commented 6 years ago
Collaborator

Thanks for the feedback. I already used the working directory from getcwd, however the reason I manipulated the path is the following problem:

The working directory is different depending on how the database is built. (If you run idt2, run_tests or tests from within pycharm for example) However, I now changed it so that instead of assuming that "ID2T-toolkit" exists which isn't necessarily true, I check if the file is already reachable from the working directory and return the correct path if that is the case.

If it's not already reachable, I check if the path of the working directory ends on "/code" or "/code/Test". If so, this means that the database is built through tests and I cut that part off before appending the "/resources/nmap-services-tcp.csv".

In other words: Now, if you just run id2t.sh, it will just append "/resources/nmap-services-tcp.csv" to the working directory. If you run a test, it will first cut off the end of the working directory path so that it points to the working directory of id2t.sh. So as long as the inner directory structure isn't changed, this should work.

Thanks for the feedback. I already used the working directory from getcwd, however the reason I manipulated the path is the following problem: The working directory is different depending on how the database is built. (If you run idt2, run_tests or tests from within pycharm for example) However, I now changed it so that instead of assuming that "ID2T-toolkit" exists which isn't necessarily true, I check if the file is already reachable from the working directory and return the correct path if that is the case. If it's not already reachable, I check if the path of the working directory ends on "/code" or "/code/Test". If so, this means that the database is built through tests and I cut that part off before appending the "/resources/nmap-services-tcp.csv". In other words: Now, if you just run id2t.sh, it will just append "/resources/nmap-services-tcp.csv" to the working directory. If you run a test, it will first cut off the end of the working directory path so that it points to the working directory of id2t.sh. So as long as the inner directory structure isn't changed, this should work.
Carlos Garcia commented 6 years ago
Owner

The solution you propose sounds reasonable. Lets got with it.

One last change before pulling in the changes: In the file "statistics_db.cpp", line 505, you set the protocol to "unknown". This same is used when a protocol is not specified in the nmap file. I suggest that we change line 505 so that it uses the status "unavailable" instead. This gives the "PortService" field two distinct meanings:

  • "unknown" - there are no well known services assign to this port
  • "unavailable" - we were not able to search for the service used
The solution you propose sounds reasonable. Lets got with it. One last change before pulling in the changes: In the file "statistics_db.cpp", line 505, you set the protocol to "unknown". This same is used when a protocol is not specified in the nmap file. I suggest that we change line 505 so that it uses the status "unavailable" instead. This gives the "PortService" field two distinct meanings: * "unknown" - there are no well known services assign to this port * "unavailable" - we were not able to search for the service used
Stefano Acquaviti commented 6 years ago
Collaborator

That's a good idea.

I changed it so that it says "unavailable" when a port isn't specified in the nmap file.

That's a good idea. I changed it so that it says "unavailable" when a port isn't specified in the nmap file.
Carlos Garcia commented 6 years ago
Owner

Sorry for the confusion. I meant to say that line 241 should set the service to "unknown" and line 505 to "unavailable". What do you think?

My reasoning behind this is: I'd like to distinguish between not knowing if a well known service exists (unknown) or if I was not able to consult the nmap services file (unavailable).

Sorry for the confusion. I meant to say that line 241 should set the service to "unknown" and line 505 to "unavailable". What do you think? My reasoning behind this is: I'd like to distinguish between not knowing if a well known service exists (unknown) or if I was not able to consult the nmap services file (unavailable).
This pull request has been merged successfully!
Sign in to join this conversation.
No Milestone
No assignee
2 Participants
Loading...
Cancel
Save
There is no content yet.