Home Explore Help
Sign In
leon.boeck
/
ID2T-toolkit-BotnetTraffic
forked from SPIN/ID2T-toolkit
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Modify creation of conv_statistics for plotting

Formerly, conv_statistics did not incorporate conversations with
UDP as L4 protocol. In light of MembersMgmtCommAttack, UDP packets
have to be incorporated as well to achieve respective plotting.

Also formerly, conv_statistics did not incorporate conversations with
only 1 sent message. To create a plot stating how many packets
were sent per connection, this is information is needed.

Note that this modifies the C++ code, hence ID2T or the corresponding
object files have to rebuilt/recompiled.
dustin.born 7 years ago
parent
ff47f7ab94
commit
7f9413e88f
2 changed files with 22 additions and 2 deletions
Split View Show Diff Stats
  1. 4 2
      code_boost/src/cxx/pcap_processor.cpp
  2. 18 0
      code_boost/src/cxx/statistics_db.cpp

+ 4 - 2
code_boost/src/cxx/pcap_processor.cpp
View File 

@@ -271,8 +271,10 @@ void pcap_processor::process_packets(const Packet &pkt) {
 
           // UDP Packet
 
         } else if (p == PDU::PDUType::UDP) {
 
             const UDP udpPkt = (const UDP &) *pdu_l4;
 
-            stats.incrementProtocolCount(ipAddressSender, "UDP");            
-            stats.incrementPortCount(ipAddressSender, udpPkt.sport(), ipAddressReceiver, udpPkt.dport());                        
+            stats.incrementProtocolCount(ipAddressSender, "UDP");   
+            // Conversation statistics
 
+            stats.addConvStat(ipAddressSender, udpPkt.sport(), ipAddressReceiver, udpPkt.dport(), pkt.timestamp());           
+            stats.incrementPortCount(ipAddressSender, udpPkt.sport(), ipAddressReceiver, udpPkt.dport());             
           
         } else if (p == PDU::PDUType::ICMP) {
 
             stats.incrementProtocolCount(ipAddressSender, "ICMP");

+ 18 - 0
code_boost/src/cxx/statistics_db.cpp
View File 

@@ -360,6 +360,24 @@ void statistics_db::writeStatisticsConv(std::unordered_map<conv, entry_convStat>
 
                 std::chrono::microseconds conn_duration = end_timesttamp - start_timesttamp;
 
                 e.avg_pkt_rate = (float) e.pkts_count * 1000000 / conn_duration.count(); // pkt per sec
 
 
+                query.bind(1, f.ipAddressA);
 
+                query.bind(2, f.portA);
 
+                query.bind(3, f.ipAddressB);
 
+                query.bind(4, f.portB);
 
+                query.bind(5, (int) e.pkts_count);
 
+                query.bind(6, (float) e.avg_pkt_rate);
 
+                query.bind(7, (int) e.avg_interarrival_time.count());
 
+                query.bind(8, minDelay);
 
+                query.bind(9, maxDelay);
 
+                query.exec();
 
+                query.reset();
 
+            }
 
+            else if (e.pkts_count == 1){
 
+                int minDelay = -1;
 
+                int maxDelay = -1;
 
+                e.avg_pkt_rate = (float) -1;
 
+                e.avg_interarrival_time = e.avg_interarrival_time = (std::chrono::microseconds) 0;
 
+
 
                 query.bind(1, f.ipAddressA);
 
                 query.bind(2, f.portA);
 
                 query.bind(3, f.ipAddressB);