</content>
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
- <orderEntry type="library" name="Gradle: org.pcap4j:pcap4j-core:1.7.3" level="project" />
- <orderEntry type="library" name="Gradle: org.pcap4j:pcap4j-packetfactory-static:1.7.3" level="project" />
+ <orderEntry type="library" name="Gradle: org.pcap4j:pcap4j-core:2.0.0-alpha" level="project" />
+ <orderEntry type="library" name="Gradle: org.pcap4j:pcap4j-packetfactory-static:2.0.0-alpha" level="project" />
<orderEntry type="library" name="Gradle: org.slf4j:slf4j-jdk14:1.8.0-beta2" level="project" />
<orderEntry type="library" name="Gradle: net.java.dev.jna:jna:4.2.1" level="project" />
<orderEntry type="library" name="Gradle: org.slf4j:slf4j-api:1.8.0-beta2" level="project" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
<orderEntry type="module" module-name="SmartPlugDetector_main" />
- <orderEntry type="library" name="Gradle: org.pcap4j:pcap4j-core:1.7.3" level="project" />
- <orderEntry type="library" name="Gradle: org.pcap4j:pcap4j-packetfactory-static:1.7.3" level="project" />
+ <orderEntry type="library" name="Gradle: org.pcap4j:pcap4j-core:2.0.0-alpha" level="project" />
+ <orderEntry type="library" name="Gradle: org.pcap4j:pcap4j-packetfactory-static:2.0.0-alpha" level="project" />
<orderEntry type="library" name="Gradle: org.slf4j:slf4j-jdk14:1.8.0-beta2" level="project" />
<orderEntry type="library" name="Gradle: junit:junit:4.11" level="project" />
<orderEntry type="library" name="Gradle: net.java.dev.jna:jna:4.2.1" level="project" />
testCompile group: 'junit', name: 'junit', version: '4.11'
// pcap4j
- compile 'org.pcap4j:pcap4j-core:1.7.3'
- compile 'org.pcap4j:pcap4j-packetfactory-static:1.7.3'
+ // Updated to v2 alpha as the stable release does not include packet timestamps
+ // v2 should add support for TCP session reassembly as well, although it does not appear to be part of the lib yet.
+ compile 'org.pcap4j:pcap4j-core:2.0.0-alpha'
+ compile 'org.pcap4j:pcap4j-packetfactory-static:2.0.0-alpha'
// pcap4j logging dependency
compile 'org.slf4j:slf4j-jdk14:1.8.0-beta2'
import org.pcap4j.core.NotOpenException;
import org.pcap4j.core.PcapHandle;
import org.pcap4j.core.PcapNativeException;
+import org.pcap4j.core.PcapPacket;
import org.pcap4j.packet.IpV4Packet;
import org.pcap4j.packet.Packet;
import org.pcap4j.packet.TcpPacket;
import java.io.EOFException;
+import java.time.Instant;
import java.util.*;
import java.util.concurrent.TimeoutException;
public class FlowPatternFinder {
private final Map<String, Set<String>> dnsMap;
- private final Map<Conversation, List<Packet>> connections = new HashMap<>();
+ private final Map<Conversation, List<PcapPacket>> connections = new HashMap<>();
public FlowPatternFinder(Map<String, Set<String>> dnsMap) {
this.dnsMap = Objects.requireNonNull(dnsMap);
public void findFlowPattern(PcapHandle pcap, FlowPattern pattern)
throws PcapNativeException, NotOpenException, TimeoutException {
try {
- Packet packet;
+ PcapPacket packet;
+
while ((packet = pcap.getNextPacketEx()) != null) {
// For now, we only work support pattern search in TCP over IPv4.
// TODO: this is strictly not sufficient to differentiate one TCP session from another, but should suffice for now.
Conversation conversation = fromClient ? new Conversation(srcAddress, srcPort, dstAddress, dstPort) :
new Conversation(dstAddress, dstPort, srcAddress, srcPort);
- List<Packet> listWrappedPacket = new ArrayList<>();
+ List<PcapPacket> listWrappedPacket = new ArrayList<>();
listWrappedPacket.add(packet);
// Create new conversation entry, or append packet to existing.
connections.merge(conversation, listWrappedPacket, (v1, v2) -> {
private void find(FlowPattern pattern) {
for (Conversation con : connections.keySet()) {
- List<Packet> packets = connections.get(con);
+ List<PcapPacket> packets = connections.get(con);
if (packets.size() != pattern.getPacketOrder().size()) {
// Not a complete match if different number of packets.
continue;
}
}
if (completeMatch) {
- System.out.println(String.format("found a complete match for %s", pattern.getPatternId()));
+ PcapPacket firstPacketInFlow = packets.get(0);
+ System.out.println(
+ String.format("[ detected a complete match of pattern '%s' at %s]",
+ pattern.getPatternId(), firstPacketInFlow.getTimestamp().toString()));
}
}
}
projects / pingpong.git / commitdiff