package edu.uci.iotproject;
-import edu.uci.iotproject.maclayer.MacLayerFlowPattern;
-import edu.uci.iotproject.maclayer.MacLayerFlowPatternFinder;
+import edu.uci.iotproject.analysis.PcapPacketPair;
+import edu.uci.iotproject.analysis.PcapProcessingPipeline;
+import edu.uci.iotproject.analysis.TcpConversationUtils;
import org.pcap4j.core.*;
import java.io.EOFException;
import java.net.UnknownHostException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.List;
import java.util.concurrent.TimeoutException;
/**
////
//// // ========================
-
+ /*
PcapReader pcapReader = new PcapReader(args[0]);
PcapProcessingPipeline pipeline = new PcapProcessingPipeline(pcapReader);
TcpReassembler tcpReassembler = new TcpReassembler();
pipeline.addPcapPacketConsumer(tcpReassembler);
pipeline.executePipeline();
System.out.println("Pipeline terminated");
+
+ List<List<PcapPacketPair>> pairs = new ArrayList<>();
+ for (Conversation c : tcpReassembler.getTcpConversations()) {
+ pairs.add(TcpConversationUtils.extractPacketPairs(c));
+ }
+ */
+
+ // -------- 07-17-2018 --------
+ // Only consider packets to/from the TP-Link plug.
+ PcapReader pcapReader = new PcapReader(args[0], "ip host 192.168.1.159");
+ TcpReassembler tcpReassembler = new TcpReassembler();
+ PcapPacket packet;
+ while((packet = pcapReader.readNextPacket()) != null) {
+ tcpReassembler.consumePacket(packet);
+ }
+ // Now we have a set of reassembled TCP conversations.
+ List<Conversation> conversations = tcpReassembler.getTcpConversations();
+ for(Conversation c : conversations) {
+ List<PcapPacketPair> pairs = TcpConversationUtils.extractPacketPairs(c);
+ for (PcapPacketPair pair : pairs) {
+ // TODO ...
+ // 1. discard packets that are not within X seconds after trigger time
+ // 2. conversations may be (are) with different servers - so need to plot in different plots, one per hostname?
+ }
+ }
+
+ // ----------------------------
+
+
+
+
+
}
+
}
+
+
+// TP-Link MAC 50:c7:bf:33:1f:09 and usually IP 192.168.1.159 (remember to verify per file)
\ No newline at end of file
--- /dev/null
+package edu.uci.iotproject.analysis;
+
+import org.pcap4j.core.PcapPacket;
+
+/**
+ * TODO add class documentation.
+ *
+ * @author Janus Varmarken
+ */
+public interface PcapPacketFilter {
+
+ boolean shouldIncludePacket(PcapPacket packet);
+
+}
--- /dev/null
+package edu.uci.iotproject.analysis;
+
+import org.pcap4j.core.PcapPacket;
+
+/**
+ * TODO add class documentation.
+ *
+ * @author Janus Varmarken
+ */
+public class PcapPacketPair {
+
+ private final PcapPacket mFirst;
+
+ private final PcapPacket mSecond;
+
+ public PcapPacketPair(PcapPacket first, PcapPacket second) {
+ mFirst = first;
+ mSecond = second;
+ }
+
+ public PcapPacket getFirst() { return mFirst; }
+
+ public PcapPacket getSecond() { return mSecond; }
+
+}
--- /dev/null
+package edu.uci.iotproject.analysis;
+
+import edu.uci.iotproject.Conversation;
+import edu.uci.iotproject.util.PcapPacketUtils;
+import org.pcap4j.core.PcapPacket;
+import org.pcap4j.packet.IpV4Packet;
+import org.pcap4j.packet.TcpPacket;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * TODO add class documentation.
+ *
+ * @author Janus Varmarken
+ */
+public class TcpConversationUtils {
+
+ public static List<PcapPacketPair> extractPacketPairs(Conversation conv) {
+ List<PcapPacket> packets = conv.getPackets();
+ List<PcapPacketPair> pairs = new ArrayList<>();
+ int i = 0;
+ while (i < packets.size()) {
+ PcapPacket p1 = packets.get(i);
+ String p1SrcIp = p1.get(IpV4Packet.class).getHeader().getSrcAddr().getHostAddress();
+ int p1SrcPort = p1.get(TcpPacket.class).getHeader().getSrcPort().valueAsInt();
+ if (i+1 < packets.size()) {
+ PcapPacket p2 = packets.get(i+1);
+ if (PcapPacketUtils.isSource(p2, p1SrcIp, p1SrcPort)) {
+ // Two packets in a row going in the same direction -> create one item pair for p1
+ pairs.add(new PcapPacketPair(p1, null));
+ // Advance one packet as the following two packets may form a valid two-item pair.
+ i++;
+ } else {
+ // The two packets form a response-reply pair, create two-item pair.
+ pairs.add(new PcapPacketPair(p1, p2));
+ // Advance two packets as we have already processed the packet at index i+1 in order to create the pair.
+ i += 2;
+ }
+ } else {
+ // Last packet of conversation => one item pair
+ pairs.add(new PcapPacketPair(p1, null));
+ // Advance i to ensure termination.
+ i++;
+ }
+ }
+ return pairs;
+ // TODO: what if there is long time between response and reply packet? Should we add a threshold and exclude those cases?
+ }
+
+}
projects / pingpong.git / commitdiff