|
@@ -97,8 +97,8 @@ std::string pcap_processor::merge_pcaps(const std::string pcap_path) {
|
|
}
|
|
}
|
|
iterator_base++;
|
|
iterator_base++;
|
|
}
|
|
}
|
|
- }
|
|
|
|
-
|
|
|
|
|
|
+ }
|
|
|
|
+
|
|
// This may happen if the base PCAP is smaller than the attack PCAP
|
|
// This may happen if the base PCAP is smaller than the attack PCAP
|
|
// In this case append the remaining packets of the attack PCAP
|
|
// In this case append the remaining packets of the attack PCAP
|
|
for (; iterator_attack != sniffer_attack.end(); iterator_attack++) {
|
|
for (; iterator_attack != sniffer_attack.end(); iterator_attack++) {
|
|
@@ -121,8 +121,8 @@ void pcap_processor::collect_statistics() {
|
|
std::cout << "Loading pcap..." << std::endl;
|
|
std::cout << "Loading pcap..." << std::endl;
|
|
FileSniffer sniffer(filePath);
|
|
FileSniffer sniffer(filePath);
|
|
FileSniffer snifferOverview(filePath);
|
|
FileSniffer snifferOverview(filePath);
|
|
-
|
|
|
|
- SnifferIterator i = sniffer.begin();
|
|
|
|
|
|
+
|
|
|
|
+ SnifferIterator i = sniffer.begin();
|
|
std::chrono::microseconds currentPktTimestamp;
|
|
std::chrono::microseconds currentPktTimestamp;
|
|
|
|
|
|
// Save timestamp of first packet
|
|
// Save timestamp of first packet
|
|
@@ -135,10 +135,10 @@ void pcap_processor::collect_statistics() {
|
|
std::chrono::microseconds firstTimestamp = stats.getTimestampFirstPacket();
|
|
std::chrono::microseconds firstTimestamp = stats.getTimestampFirstPacket();
|
|
|
|
|
|
// An empty loop to know the capture duration, then choose a suitable time interval
|
|
// An empty loop to know the capture duration, then choose a suitable time interval
|
|
- SnifferIterator lastpkt;
|
|
|
|
|
|
+ SnifferIterator lastpkt;
|
|
for (SnifferIterator j = snifferOverview.begin(); j != snifferOverview.end(); ++j, ++totalPackets) {lastpkt = j;}
|
|
for (SnifferIterator j = snifferOverview.begin(); j != snifferOverview.end(); ++j, ++totalPackets) {lastpkt = j;}
|
|
|
|
|
|
- std::chrono::microseconds lastTimestamp = lastpkt->timestamp();
|
|
|
|
|
|
+ std::chrono::microseconds lastTimestamp = lastpkt->timestamp();
|
|
std::chrono::microseconds captureDuration = lastTimestamp - firstTimestamp;
|
|
std::chrono::microseconds captureDuration = lastTimestamp - firstTimestamp;
|
|
if(captureDuration.count()<=0){
|
|
if(captureDuration.count()<=0){
|
|
std::cout<<"ERROR: PCAP file is empty!"<<"\n";
|
|
std::cout<<"ERROR: PCAP file is empty!"<<"\n";
|
|
@@ -179,9 +179,12 @@ void pcap_processor::collect_statistics() {
|
|
}
|
|
}
|
|
|
|
|
|
std::cout << "\n";
|
|
std::cout << "\n";
|
|
-
|
|
|
|
// Save timestamp of last packet into statistics
|
|
// Save timestamp of last packet into statistics
|
|
stats.setTimestampLastPacket(currentPktTimestamp);
|
|
stats.setTimestampLastPacket(currentPktTimestamp);
|
|
|
|
+
|
|
|
|
+ if(hasUnrecognized) {
|
|
|
|
+ std::cout << "Unrecognized PDUs detected: Check 'unrecognized_pdus' table!" << std::endl;
|
|
|
|
+ }
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
@@ -209,7 +212,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
|
|
const PDU::PDUType pdu_l3_type = pdu_l3->pdu_type();
|
|
const PDU::PDUType pdu_l3_type = pdu_l3->pdu_type();
|
|
std::string ipAddressSender;
|
|
std::string ipAddressSender;
|
|
std::string ipAddressReceiver;
|
|
std::string ipAddressReceiver;
|
|
-
|
|
|
|
|
|
+
|
|
// PDU is IPv4
|
|
// PDU is IPv4
|
|
if (pdu_l3_type == PDU::PDUType::IP) {
|
|
if (pdu_l3_type == PDU::PDUType::IP) {
|
|
const IP &ipLayer = (const IP &) *pdu_l3;
|
|
const IP &ipLayer = (const IP &) *pdu_l3;
|
|
@@ -232,7 +235,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
|
|
// Assign IP Address to MAC Address
|
|
// Assign IP Address to MAC Address
|
|
stats.assignMacAddress(ipAddressSender, macAddressSender);
|
|
stats.assignMacAddress(ipAddressSender, macAddressSender);
|
|
stats.assignMacAddress(ipAddressReceiver, macAddressReceiver);
|
|
stats.assignMacAddress(ipAddressReceiver, macAddressReceiver);
|
|
-
|
|
|
|
|
|
+
|
|
} // PDU is IPv6
|
|
} // PDU is IPv6
|
|
else if (pdu_l3_type == PDU::PDUType::IPv6) {
|
|
else if (pdu_l3_type == PDU::PDUType::IPv6) {
|
|
const IPv6 &ipLayer = (const IPv6 &) *pdu_l3;
|
|
const IPv6 &ipLayer = (const IPv6 &) *pdu_l3;
|
|
@@ -255,10 +258,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
|
|
|
|
|
|
} //PDU is unrecognized
|
|
} //PDU is unrecognized
|
|
else {
|
|
else {
|
|
- if(!hasUnrecognized) {
|
|
|
|
- std::cerr << "Unrecognized PDUs detected: Check 'unrecognized_pdus' table!" << std::endl;
|
|
|
|
- hasUnrecognized = true;
|
|
|
|
- }
|
|
|
|
|
|
+ hasUnrecognized = true;
|
|
|
|
|
|
EthernetII eth = (const EthernetII &) *pdu_l2;
|
|
EthernetII eth = (const EthernetII &) *pdu_l2;
|
|
Tins::Timestamp ts = pkt.timestamp();
|
|
Tins::Timestamp ts = pkt.timestamp();
|
|
@@ -271,8 +271,8 @@ void pcap_processor::process_packets(const Packet &pkt) {
|
|
const PDU *pdu_l4 = pdu_l3->inner_pdu();
|
|
const PDU *pdu_l4 = pdu_l3->inner_pdu();
|
|
if (pdu_l4 != 0) {
|
|
if (pdu_l4 != 0) {
|
|
// Protocol distribution - layer 4
|
|
// Protocol distribution - layer 4
|
|
- PDU::PDUType p = pdu_l4->pdu_type();
|
|
|
|
-
|
|
|
|
|
|
+ PDU::PDUType p = pdu_l4->pdu_type();
|
|
|
|
+
|
|
// Check for IPv4: payload
|
|
// Check for IPv4: payload
|
|
if (pdu_l3_type == PDU::PDUType::IP) {
|
|
if (pdu_l3_type == PDU::PDUType::IP) {
|
|
stats.checkPayload(pdu_l4);
|
|
stats.checkPayload(pdu_l4);
|
|
@@ -280,7 +280,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
|
|
|
|
|
|
if (p == PDU::PDUType::TCP) {
|
|
if (p == PDU::PDUType::TCP) {
|
|
TCP tcpPkt = (const TCP &) *pdu_l4;
|
|
TCP tcpPkt = (const TCP &) *pdu_l4;
|
|
-
|
|
|
|
|
|
+
|
|
// Check TCP checksum
|
|
// Check TCP checksum
|
|
if (pdu_l3_type == PDU::PDUType::IP) {
|
|
if (pdu_l3_type == PDU::PDUType::IP) {
|
|
stats.checkTCPChecksum(ipAddressSender, ipAddressReceiver, tcpPkt);
|
|
stats.checkTCPChecksum(ipAddressSender, ipAddressReceiver, tcpPkt);
|
|
@@ -296,7 +296,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
|
|
int win = tcpPkt.window();
|
|
int win = tcpPkt.window();
|
|
stats.incrementWinCount(ipAddressSender, win);
|
|
stats.incrementWinCount(ipAddressSender, win);
|
|
|
|
|
|
- try {
|
|
|
|
|
|
+ try {
|
|
int val = tcpPkt.mss();
|
|
int val = tcpPkt.mss();
|
|
|
|
|
|
// MSS distribution
|
|
// MSS distribution
|
|
@@ -306,7 +306,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
|
|
}
|
|
}
|
|
stats.incrementPortCount(ipAddressSender, tcpPkt.sport(), ipAddressReceiver, tcpPkt.dport(), "TCP");
|
|
stats.incrementPortCount(ipAddressSender, tcpPkt.sport(), ipAddressReceiver, tcpPkt.dport(), "TCP");
|
|
stats.increasePortByteCount(ipAddressSender, tcpPkt.sport(), ipAddressReceiver, tcpPkt.dport(), sizeCurrentPacket, "TCP");
|
|
stats.increasePortByteCount(ipAddressSender, tcpPkt.sport(), ipAddressReceiver, tcpPkt.dport(), sizeCurrentPacket, "TCP");
|
|
-
|
|
|
|
|
|
+
|
|
// UDP Packet
|
|
// UDP Packet
|
|
} else if (p == PDU::PDUType::UDP) {
|
|
} else if (p == PDU::PDUType::UDP) {
|
|
const UDP udpPkt = (const UDP &) *pdu_l4;
|
|
const UDP udpPkt = (const UDP &) *pdu_l4;
|
|
@@ -314,7 +314,7 @@ void pcap_processor::process_packets(const Packet &pkt) {
|
|
stats.increaseProtocolByteCount(ipAddressSender, "UDP", sizeCurrentPacket);
|
|
stats.increaseProtocolByteCount(ipAddressSender, "UDP", sizeCurrentPacket);
|
|
stats.incrementPortCount(ipAddressSender, udpPkt.sport(), ipAddressReceiver, udpPkt.dport(), "UDP");
|
|
stats.incrementPortCount(ipAddressSender, udpPkt.sport(), ipAddressReceiver, udpPkt.dport(), "UDP");
|
|
stats.increasePortByteCount(ipAddressSender, udpPkt.sport(), ipAddressReceiver, udpPkt.dport(), sizeCurrentPacket, "UDP");
|
|
stats.increasePortByteCount(ipAddressSender, udpPkt.sport(), ipAddressReceiver, udpPkt.dport(), sizeCurrentPacket, "UDP");
|
|
-
|
|
|
|
|
|
+
|
|
} else if (p == PDU::PDUType::ICMP) {
|
|
} else if (p == PDU::PDUType::ICMP) {
|
|
stats.incrementProtocolCount(ipAddressSender, "ICMP");
|
|
stats.incrementProtocolCount(ipAddressSender, "ICMP");
|
|
stats.increaseProtocolByteCount(ipAddressSender, "ICMP", sizeCurrentPacket);
|
|
stats.increaseProtocolByteCount(ipAddressSender, "ICMP", sizeCurrentPacket);
|