1 package edu.uci.iotproject.util;
3 import edu.uci.iotproject.analysis.PcapPacketPair;
4 import org.apache.commons.math3.stat.clustering.Cluster;
5 import org.pcap4j.core.PcapPacket;
6 import org.pcap4j.packet.IpV4Packet;
7 import org.pcap4j.packet.TcpPacket;
9 import java.util.ArrayList;
10 import java.util.List;
11 import java.util.Objects;
14 * Utility methods for inspecting {@link PcapPacket} properties.
16 * @author Janus Varmarken {@literal <jvarmark@uci.edu>}
17 * @author Rahmadi Trimananda {@literal <rtrimana@uci.edu>}
19 public final class PcapPacketUtils {
22 * Gets the source IP (in decimal format) of an IPv4 packet.
23 * @param packet The packet for which the IPv4 source address is to be extracted.
24 * @return The decimal representation of the source IP of {@code packet} <em>iff</em> {@code packet} wraps an
25 * {@link IpV4Packet}, otherwise {@code null}.
27 public static String getSourceIp(PcapPacket packet) {
28 IpV4Packet ipPacket = packet.get(IpV4Packet.class);
29 return ipPacket == null ? null : ipPacket.getHeader().getSrcAddr().getHostAddress();
33 * Helper method to determine if the given combination of IP and port matches the source of the given packet.
34 * @param packet The packet to check.
35 * @param ip The IP to look for in the ip.src field of {@code packet}.
36 * @param port The port to look for in the tcp.port field of {@code packet}.
37 * @return {@code true} if the given ip+port match the corresponding fields in {@code packet}.
39 public static boolean isSource(PcapPacket packet, String ip, int port) {
40 IpV4Packet ipPacket = Objects.requireNonNull(packet.get(IpV4Packet.class));
41 // For now we only support TCP flows.
42 TcpPacket tcpPacket = Objects.requireNonNull(packet.get(TcpPacket.class));
43 String ipSrc = ipPacket.getHeader().getSrcAddr().getHostAddress();
44 int srcPort = tcpPacket.getHeader().getSrcPort().valueAsInt();
45 return ipSrc.equals(ip) && srcPort == port;
49 * Helper method to determine if the given combination of IP and port matches the destination of the given packet.
50 * @param packet The packet to check.
51 * @param ip The IP to look for in the ip.dst field of {@code packet}.
52 * @param port The port to look for in the tcp.dstport field of {@code packet}.
53 * @return {@code true} if the given ip+port match the corresponding fields in {@code packet}.
55 public static boolean isDestination(PcapPacket packet, String ip, int port) {
56 IpV4Packet ipPacket = Objects.requireNonNull(packet.get(IpV4Packet.class));
57 // For now we only support TCP flows.
58 TcpPacket tcpPacket = Objects.requireNonNull(packet.get(TcpPacket.class));
59 String ipDst = ipPacket.getHeader().getDstAddr().getHostAddress();
60 int dstPort = tcpPacket.getHeader().getDstPort().valueAsInt();
61 return ipDst.equals(ip) && dstPort == port;
65 * Checks if {@code packet} wraps a TCP packet that has the SYN flag set.
66 * @param packet A {@link PcapPacket} that is suspected to contain a {@link TcpPacket} for which the SYN flag is set.
67 * @return {@code true} <em>iff</em> {@code packet} contains a {@code TcpPacket} for which the SYN flag is set,
68 * {@code false} otherwise.
70 public static boolean isSyn(PcapPacket packet) {
71 TcpPacket tcp = packet.get(TcpPacket.class);
72 return tcp != null && tcp.getHeader().getSyn();
76 * Checks if {@code packet} wraps a TCP packet that has the ACK flag set.
77 * @param packet A {@link PcapPacket} that is suspected to contain a {@link TcpPacket} for which the ACK flag is set.
78 * @return {@code true} <em>iff</em> {@code packet} contains a {@code TcpPacket} for which the ACK flag is set,
79 * {@code false} otherwise.
81 public static boolean isAck(PcapPacket packet) {
82 TcpPacket tcp = packet.get(TcpPacket.class);
83 return tcp != null && tcp.getHeader().getAck();
87 * Transform a {@code Cluster} of {@code PcapPacketPair} objects into a {@code List} of {@code List} of
88 * {@code PcapPacket} objects.
89 * @param cluster A {@link Cluster} of {@link PcapPacketPair} objects that needs to be transformed.
90 * @return A {@link List} of {@link List} of {@link PcapPacket} objects as the result of the transformation.
92 public static List<List<PcapPacket>> clusterToListOfPcapPackets(Cluster<PcapPacketPair> cluster) {
93 List<List<PcapPacket>> ppListOfList = new ArrayList<>();
94 for (PcapPacketPair ppp: cluster.getPoints()) {
95 // Create a list of PcapPacket objects (list of two members)
96 List<PcapPacket> ppList = new ArrayList<>();
97 ppList.add(ppp.getFirst());
98 if(ppp.getSecond().isPresent())
99 ppList.add(ppp.getSecond().get());
102 // Create a list of list of PcapPacket objects
103 ppListOfList.add(ppList);