// ------------ # Code for extracting traffic generated by a device within x seconds of a trigger # ------------
// Paths to input and output files (consider supplying these as arguments instead) and IP of the device for
// which traffic is to be extracted:
-// String path = "/scratch/July-2018"; // Rahmadi
- String path = "/Users/varmarken/temp/UCI IoT Project/experiments"; // Janus
+ String path = "/scratch/July-2018"; // Rahmadi
+// String path = "/Users/varmarken/temp/UCI IoT Project/experiments"; // Janus
+ boolean verbose = true;
// 1) D-Link July 26 experiment
- final String inputPcapFile = path + "/2018-07/dlink/dlink.wlan1.local.pcap";
- final String outputPcapFile = path + "/2018-07/dlink/dlink-processed.pcap";
- final String triggerTimesFile = path + "/2018-07/dlink/dlink-july-26-2018.timestamps";
- final String deviceIp = "192.168.1.246"; // .246 == phone; .199 == dlink plug?
+// final String inputPcapFile = path + "/2018-07/dlink/dlink.wlan1.local.pcap";
+// final String outputPcapFile = path + "/2018-07/dlink/dlink-processed.pcap";
+// final String triggerTimesFile = path + "/2018-07/dlink/dlink-july-26-2018.timestamps";
+// final String deviceIp = "192.168.1.246"; // .246 == phone; .199 == dlink plug?
// 2) TP-Link July 25 experiment
// final String inputPcapFile = path + "/2018-07/tplink/tplink.wlan1.local.pcap";
// 2b) TP-Link July 25 experiment TRUNCATED:
// Only contains "true local" events, i.e., before the behavior changes to remote-like behavior.
// Last included event is at July 25 10:38:11; file filtered to only include packets with arrival time <= 10:38:27.
- final String inputPcapFile = path + "/2018-07/tplink/tplink.wlan1.local.truncated.pcap";
- final String outputPcapFile = path + "/2018-07/tplink/tplink-processed.truncated.pcap";
- final String triggerTimesFile = path + "/2018-07/tplink/tplink-july-25-2018.truncated.timestamps";
- final String deviceIp = "192.168.1.159";
+// final String inputPcapFile = path + "/2018-07/tplink/tplink.wlan1.local.truncated.pcap";
+// final String outputPcapFile = path + "/2018-07/tplink/tplink-processed.truncated.pcap";
+// final String triggerTimesFile = path + "/2018-07/tplink/tplink-july-25-2018.truncated.timestamps";
+// final String deviceIp = "192.168.1.159";
// 3) SmartThings Plug July 25 experiment
// final String inputPcapFile = path + "/2018-07/stplug/stplug.wlan1.local.pcap";
// final String deviceIp = "192.168.1.246"; // .246 == phone; .142 == SmartThings Hub (note: use eth0 capture for this!)
// 4) Wemo July 30 experiment
-// final String inputPcapFile = path + "/2018-07/wemo/wemo.wlan1.local.pcap";
-// final String outputPcapFile = path + "/2018-07/wemo/wemo-processed.pcap";
-// final String triggerTimesFile = path + "/2018-07/wemo/wemo-july-30-2018.timestamps";
-// final String deviceIp = "192.168.1.145";
+ final String inputPcapFile = path + "/2018-07/wemo/wemo.wlan1.local.pcap";
+ final String outputPcapFile = path + "/2018-07/wemo/wemo-processed.pcap";
+ final String triggerTimesFile = path + "/2018-07/wemo/wemo-july-30-2018.timestamps";
+ final String deviceIp = "192.168.1.145";
// 5) Wemo Insight July 31 experiment
// final String inputPcapFile = path + "/2018-07/wemoinsight/wemoinsight.wlan1.local.pcap";
Map<String, Map<String, List<Conversation>>> ons = new HashMap<>();
// Contains all OFF events: hostname -> sequence identifier -> list of conversations with that sequence
Map<String, Map<String, List<Conversation>>> offs = new HashMap<>();
- userActionsToConvsByHostname.forEach((ua, hostnameToConvs) -> {
- Map<String, Map<String, List<Conversation>>> outer = ua.getType() == Type.TOGGLE_ON ? ons : offs;
- hostnameToConvs.forEach((host, convs) -> {
- Map<String, List<Conversation>> seqsToConvs = TcpConversationUtils.
- groupConversationsByPacketSequence(convs);
- outer.merge(host, seqsToConvs, (oldMap, newMap) -> {
- newMap.forEach((sequence, cs) -> oldMap.merge(sequence, cs, (list1, list2) -> {
- list1.addAll(list2);
- return list1;
- }));
- return oldMap;
+
+ if (verbose) {
+ userActionsToConvsByHostname.forEach((ua, hostnameToConvs) -> {
+ Map<String, Map<String, List<Conversation>>> outer = ua.getType() == Type.TOGGLE_ON ? ons : offs;
+ hostnameToConvs.forEach((host, convs) -> {
+ Map<String, List<Conversation>> seqsToConvs = TcpConversationUtils.
+ groupConversationsByPacketSequenceVerbose(convs);
+ outer.merge(host, seqsToConvs, (oldMap, newMap) -> {
+ newMap.forEach((sequence, cs) -> oldMap.merge(sequence, cs, (list1, list2) -> {
+ list1.addAll(list2);
+ return list1;
+ }));
+ return oldMap;
+ });
});
});
- });
+ } else {
+ userActionsToConvsByHostname.forEach((ua, hostnameToConvs) -> {
+ Map<String, Map<String, List<Conversation>>> outer = ua.getType() == Type.TOGGLE_ON ? ons : offs;
+ hostnameToConvs.forEach((host, convs) -> {
+ Map<String, List<Conversation>> seqsToConvs = TcpConversationUtils.
+ groupConversationsByPacketSequence(convs);
+ outer.merge(host, seqsToConvs, (oldMap, newMap) -> {
+ newMap.forEach((sequence, cs) -> oldMap.merge(sequence, cs, (list1, list2) -> {
+ list1.addAll(list2);
+ return list1;
+ }));
+ return oldMap;
+ });
+ });
+ });
+ }
// ================================================================================================
// <<< Some work-in-progress/explorative code that extracts a "representative" sequence >>>
* </em> these payload packets are identical across all {@code Conversation}s in {@code convs} in terms of packet
* length and packet order. For example, if the key is "152 440 550", this means that every individual
* {@code Conversation} in the list of {@code Conversation}s pointed to by that key contain exactly three payload
- * packet of lengths 152, 440, and 550, and these three packets are ordered the in the order prescribed by the key.
+ * packet of lengths 152, 440, and 550, and these three packets are ordered in the order prescribed by the key.
+ * This verbose version prints out the SYNACK, SYN, FINACK, FIN, RST, etc. packets.
*
* @param conversations The collection of {@code Conversation}s to group by packet sequence.
* @return a {@link Map} from {@link String} to {@link List} of {@link Conversation}s such that each key is the
* {@link Conversation#getPackets()}) separated by a delimiter</em> of any {@link Conversation} pointed to
* by that key.
*/
- public static Map<String, List<Conversation>> groupConversationsByPacketSequence(Collection<Conversation> conversations) {
+ public static Map<String, List<Conversation>> groupConversationsByPacketSequenceVerbose(Collection<Conversation> conversations) {
Map<String, List<Conversation>> result = new HashMap<>();
for (Conversation conv : conversations) {
if (conv.getPackets().size() == 0) {
return result;
}
+ /**
+ * Given a {@link Collection} of {@link Conversation}s, builds a {@link Map} from {@link String} to {@link List}
+ * of {@link Conversation}s such that each key is the <em>concatenation of the packet lengths of all payload packets
+ * (i.e., the set of packets returned by {@link Conversation#getPackets()}) separated by a delimiter</em> of any
+ * {@link Conversation} pointed to by that key. In other words, what the {@link Conversation}s {@code cs} pointed to
+ * by the key {@code s} have in common is that they all contain exactly the same number of payload packets <em>and
+ * </em> these payload packets are identical across all {@code Conversation}s in {@code convs} in terms of packet
+ * length and packet order. For example, if the key is "152 440 550", this means that every individual
+ * {@code Conversation} in the list of {@code Conversation}s pointed to by that key contain exactly three payload
+ * packet of lengths 152, 440, and 550, and these three packets are ordered in the order prescribed by the key.
+ *
+ * @param conversations The collection of {@code Conversation}s to group by packet sequence.
+ * @return a {@link Map} from {@link String} to {@link List} of {@link Conversation}s such that each key is the
+ * <em>concatenation of the packet lengths of all payload packets (i.e., the set of packets returned by
+ * {@link Conversation#getPackets()}) separated by a delimiter</em> of any {@link Conversation} pointed to
+ * by that key.
+ */
+ public static Map<String, List<Conversation>> groupConversationsByPacketSequence(Collection<Conversation> conversations) {
+ Map<String, List<Conversation>> result = new HashMap<>();
+ for (Conversation conv : conversations) {
+ if (conv.getPackets().size() == 0) {
+ // Skip conversations with no payload packets.
+ continue;
+ }
+ StringBuilder sb = new StringBuilder();
+ // Then append the length of all application data packets.
+ for (PcapPacket pp : conv.getPackets()) {
+ // Only append a space if there's preceding content.
+ appendSpaceIfNotEmpty(sb);
+ sb.append(pp.length());
+ }
+ List<Conversation> oneItemList = new ArrayList<>();
+ oneItemList.add(conv);
+ result.merge(sb.toString(), oneItemList, (oldList, newList) -> {
+ oldList.addAll(newList);
+ return oldList;
+ });
+ }
+ return result;
+ }
+
/**
* Given a {@link Conversation}, counts the frequencies of each unique packet length seen as part of the
* {@code Conversation}.
projects / pingpong.git / commitdiff