}, dnsMap, tcpReassembler);
outputter.flush();
outputter.close();
-
- /*
- int packets = 0;
- for (Conversation c : tcpReassembler.getTcpConversations()) {
- packets += c.getPackets().size();
- packets += c.getSynPackets().size();
- // only count the FIN packets, not the ACKs; every FinAckPair holds a FIN packet
- packets += c.getFinAckPairs().size();
- }
- // Produces 271 packets for the Feb 13 experiment
- // Applying filter: "(tcp and not tcp.len == 0 and not tcp.analysis.retransmission and not tcp.analysis.fast_retransmission) or (tcp.flags.syn == 1) or (tcp.flags.fin == 1)"
- // to the file gives 295 packets, but there are 24 TCP-Out-Of-Order SYN/SYNACKs which are filtered as retransmissions in Conversation, so the numbers seem to match.
- System.out.println("number of packets: " + packets);
- */
-
- List<List<PcapPacketPair>> pairs = new ArrayList<>();
- for (Conversation c : tcpReassembler.getTcpConversations()) {
- pairs.add(TcpConversationUtils.extractPacketPairs(c));
- }
- /*
- // Sort pairs according to timestamp of first packet of conversation for (debugging) convenience.
- Collections.sort(pairs, (l1, l2) -> {
- if (l1.get(0).getFirst().getTimestamp().isBefore(l2.get(0).getFirst().getTimestamp())) return -1;
- else if (l2.get(0).getFirst().getTimestamp().isBefore(l1.get(0).getFirst().getTimestamp())) return 1;
- else return 0;
- });
- */
- System.out.println("list of pairs produced");
- List<PcapPacketPair> eventstplinkraPairs = new ArrayList<>();
- List<List<PcapPacketPair>> otherPairs = new ArrayList<>();
- String hostname = "events.tplinkra.com";
- int emptyLists = 0;
- for (List<PcapPacketPair> lppp : pairs) {
- if (lppp.size() < 1) {
- emptyLists++;
- continue;
- }
- IpV4Packet ipPacket = lppp.get(0).getFirst().get(IpV4Packet.class);
- // If packets are associated with the hostname
- if (dnsMap.isRelatedToCloudServer(ipPacket.getHeader().getSrcAddr().getHostAddress(), hostname) ||
- dnsMap.isRelatedToCloudServer(ipPacket.getHeader().getDstAddr().getHostAddress(), hostname)) {
- eventstplinkraPairs.addAll(lppp);
- } else {
- // Pairs associated with different server
- otherPairs.add(lppp);
- }
- }
- System.out.println("number of empty list of packet pairs: " + emptyLists);
- HashMap<String, Integer> pairCount = new HashMap<>();
- for (PcapPacketPair ppp : eventstplinkraPairs) {
- if (pairCount.containsKey(ppp.toString())) {
- pairCount.put(ppp.toString(), pairCount.get(ppp.toString()) + 1);
- } else {
- pairCount.put(ppp.toString(), 1);
- }
- }
- System.out.println("pairCount map built");
-
- // Build map containing frequencies of packet lengths exchanged with events.tplinkra.com as well as a map with
- // the frequencies of specific sequences of packet lengths for the same hostname
- HashMap<Integer, Integer> eventstplinkraPacketLengthFreqMap = new HashMap<>();
- HashMap<String, Integer> eventstplinkraPacketSequenceFreqMap = new HashMap<>();
- for (Conversation c : tcpReassembler.getTcpConversations()) {
- if (c.getPackets().size() == 0) {
- continue;
- }
- PcapPacket firstPacket = c.getPackets().get(0);
- IpV4Packet firstPacketIp = firstPacket.get(IpV4Packet.class);
- if (!dnsMap.isRelatedToCloudServer(firstPacketIp.getHeader().getSrcAddr().getHostAddress(), hostname) &&
- !dnsMap.isRelatedToCloudServer(firstPacketIp.getHeader().getDstAddr().getHostAddress(), hostname)) {
- continue;
- }
- // Update the packet length freq map
- for (PcapPacket pp : c.getPackets()) {
- eventstplinkraPacketLengthFreqMap.merge(pp.length(), 1, (i1, i2) -> i1 + i2);
- }
- // Update the packet sequence freq map
- StringBuilder sb = new StringBuilder();
- for (PcapPacket pp : c.getPackets()) {
- sb.append(pp.length() + " ");
- }
- eventstplinkraPacketSequenceFreqMap.merge(sb.toString(), 1, (i1, i2) -> i1+i2);
- }
- System.out.println("packet length frequency map created");
-
- Map<String, List<Conversation>> hostnameConversationMap =
- TcpConversationUtils.groupConversationsByHostname(tcpReassembler.getTcpConversations(), dnsMap);
- System.out.println("hostnameConversationMap created");
// ----------------------------
}