Isto irá apagar a página "Input of a CSV or XML File Containing Abstract Botnet Communication"
. Por favor, certifique-se.
As part of this program, one needs to input a CSV or XML file that contains abstract Botnet communication that is to be injected into the input PCAP. From this abstract communication file an interval is chosen that fits into the input PCAP. After transforming this interval into actual communication, the created packets are injected into the input PCAP. The transformation has several stages that are explained further in this Wiki.
The required format for the input CSV file is best shown by an example of 5 abstract packets:
Src: 10, Dst: 140, Type: 103, Time: 1000.1
Src: 10, Dst: 42, Type: 103, Time: 1000.15
Src: 42, Dst: 10, Type: 104, Time: 1000.19
Src: 10, Dst: 42, Type: 101, Time: 1001.4
Src: 42, Dst: 10, Type: 102, Time: 1001.9
The required format for the input XML file is best shown by an example of 5 abstract packets:
<trace name="example">
<packet Src="53" Dst="285" Type="103" Time="3712.30121813772" LineNumber="1" />
<packet Src="53" Dst="32" Type="103" Time="3712.30121813772" LineNumber="2" />
<packet Src="53" Dst="175" Type="103" Time="3712.30121813772" LineNumber="3" />
<packet Src="53" Dst="239" Type="103" Time="3712.30121813772" LineNumber="4" />
<packet Src="285" Dst="53" Type="3" Time="3712.40121813772" LineNumber="5" />
</trace>
LineNumber
is another (optional) attribute.packet
.Src
: The ID of the bot sending the abstract message.Dst
: The ID of the bot receiving the abstract message.Type
: The type of the abstract message (further details below).Time
: The timestamp of when the message was logged.LineNumber
: The line number this message appeared at in the CSV file. Line numbers start at 1.There are 5 message types that are based on simple (Botnet) Membership Management Communication.
3
: This message type symbolizes a TIMEOUT
, which means the message could not be logged because no message was seen within a timeout interval.101
: This message symbolizes a SALITY_NL_REQUEST
. This message serves as a request for the addressed bot's Neighborlist, which contains all other bots the addressed bot knows about.102
: This message symbolizes a SALITY_NL_REPLY
, which serves as a reply to a previously sent SALITY_NL_REQUEST
and contains the sender bot's Neighborlist.103
: This message symbolizes a SALITY_HELLO
, which serves as a kind of hearbeat message. It is (almost) analogous to a ping request message (i.e ICMP Echo Request).104
: This message symbolizes a SALITY_HELLO_REPLY
, which serves as a reply to a previously sent SALITY_HELLO
. It is (almost) analogous to a ping reply message (i.e ICMP Echo Reply).Isto irá apagar a página "Input of a CSV or XML File Containing Abstract Botnet Communication"
. Por favor, certifique-se.