summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Janus Varmarken [Fri, 13 Jul 2018 23:52:32 +0000 (16:52 -0700)]
Code for reassembling TCP streams. Not thoroughly tested, but seems to work for a simple, small pcap file
Janus Varmarken [Wed, 11 Jul 2018 22:24:46 +0000 (15:24 -0700)]
Add code for recording SYN packets in Conversation.
Janus Varmarken [Wed, 11 Jul 2018 02:30:30 +0000 (19:30 -0700)]
Bug-fix: Use seperate, direction-dependent sets of sequence numbers (used when determining if a segment is a retransmission) as client and server may (after a while) end up using a sequence number that the other party has already used for sending a packet in the opposite direction.
Janus Varmarken [Fri, 6 Jul 2018 22:19:31 +0000 (15:19 -0700)]
Experimenting with reverse engineered TP-link API
rtrimana [Fri, 6 Jul 2018 21:47:42 +0000 (14:47 -0700)]
A few more changes for capturing pairs.
rtrimana [Mon, 18 Jun 2018 21:55:19 +0000 (14:55 -0700)]
Adding timestamp checks into the packet filtering for obtaining datapoints.
rtrimana [Fri, 15 Jun 2018 18:29:37 +0000 (11:29 -0700)]
Getting pairs of packets from the client-server communications.
rtrimana [Mon, 4 Jun 2018 23:36:34 +0000 (16:36 -0700)]
Merge branch 'master' of https://github.uci.edu/rtrimana/smart_home_traffic
rtrimana [Mon, 4 Jun 2018 23:36:11 +0000 (16:36 -0700)]
Using adb to click automatically on Android app; enabling automation
Janus Varmarken [Sun, 20 May 2018 00:39:53 +0000 (17:39 -0700)]
First (rushed) implementation of pattern seach at the MAC layer. Not pretty, but seems functional.
Janus Varmarken [Sun, 20 May 2018 00:36:31 +0000 (17:36 -0700)]
correct typo
Janus Varmarken [Fri, 11 May 2018 05:12:13 +0000 (22:12 -0700)]
Added sub sequence search function, and put this into effect; seems to work just fine. Added subset pcap trace of TP_LINK_LOCAL_ON.
Janus Varmarken [Fri, 11 May 2018 04:12:05 +0000 (21:12 -0700)]
Clean up
Janus Varmarken [Fri, 11 May 2018 04:11:34 +0000 (21:11 -0700)]
Put checks for explicit termination of conversation to use in FlowPatternFinder.
Janus Varmarken [Fri, 11 May 2018 02:38:49 +0000 (19:38 -0700)]
add method for checking if a Conversation has been gracefully shut down.
Janus Varmarken [Fri, 11 May 2018 02:22:05 +0000 (19:22 -0700)]
Prepare a data structure for keeping track of FIN and their corresponding ACK packets. This is to be used for detecting when a connection is (gracefully) shut down.
Janus Varmarken [Thu, 10 May 2018 22:36:32 +0000 (15:36 -0700)]
fix typo in javadoc keyword
rtrimana [Fri, 4 May 2018 21:10:03 +0000 (14:10 -0700)]
Adding feature to hold multiple hostnames and lists of packet orders in FlowPattern, but keeping the old method of searching patterns (i.e. just one hostname and one pattern) for now---need to think more carefully so that we won't break stuff.
Janus Varmarken [Fri, 4 May 2018 08:17:16 +0000 (01:17 -0700)]
Merge branch 'master' of https://github.uci.edu/rtrimana/smart_home_traffic
# Conflicts:
# Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java
# Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/Main.java
Janus Varmarken [Fri, 4 May 2018 08:05:27 +0000 (01:05 -0700)]
Clean up + read filename from program args; default to Rahmadi's hardcoded test file if no program args provided.
Janus Varmarken [Fri, 4 May 2018 08:00:44 +0000 (01:00 -0700)]
Major revamp of FlowPatternFinder to ensure thread safety. Added generic structure for comparison code which should allow for easy plugin of more sophisticated comparison algorithm later on.
Janus Varmarken [Fri, 4 May 2018 07:57:13 +0000 (00:57 -0700)]
Move retransmission checks to Conversation class.
rtrimana [Fri, 4 May 2018 00:02:16 +0000 (17:02 -0700)]
Adding pre-processing for training set---we take packet lengths directly from a training set pcap file for FlowPattern.
Janus Varmarken [Fri, 4 May 2018 00:02:11 +0000 (17:02 -0700)]
Add getPackets to Conversation's API.
Janus Varmarken [Thu, 3 May 2018 23:41:59 +0000 (16:41 -0700)]
Extract Conversation to separate file (i.e. it is no longer an inner class). Add List of associated packets to Conversation class. Add Javadoc. Reformat variable names to match android convetions (indicating member variables by prefixing these with 'm').
rtrimana [Wed, 2 May 2018 23:58:50 +0000 (16:58 -0700)]
Adding pcap files for remote ON and remote ON charging cases.
rtrimana [Wed, 2 May 2018 23:10:24 +0000 (16:10 -0700)]
Adding combined PCAP (local and remote) to test out the algorithm- it successfully detects the only pattern specified in the FlowPattern class.
rtrimana [Wed, 2 May 2018 23:04:43 +0000 (16:04 -0700)]
Separating pattern collection and analysis into 2 different threads.
rtrimana [Wed, 2 May 2018 00:41:59 +0000 (17:41 -0700)]
Making retransmission check O(1) using HashSet/Set.
rtrimana [Tue, 1 May 2018 23:53:21 +0000 (16:53 -0700)]
Refactoring and restructuring - Adding DnsMap class
Janus Varmarken [Sun, 29 Apr 2018 07:49:12 +0000 (00:49 -0700)]
Filter out retransmissions when reconstructing TCP flows. Now able to detect all local ON events in wlan1.local.dns.pcap.
Janus Varmarken [Sun, 29 Apr 2018 03:34:58 +0000 (20:34 -0700)]
Update pcap4j to v2.0.0-alpha to get access to packet timestamps (and possibly TCP session reassembly at a later stage). Now prints the timestamp for the occurrence of a complete match in the trace.
Janus Varmarken [Sun, 29 Apr 2018 03:01:20 +0000 (20:01 -0700)]
1) Skip zero-payload packets when reassemlbing conversations from individual packets. 2) Hardcode TP-Link Local ON pattern. 3) Rushed implementation that finds complete matches of the pattern.
Janus Varmarken [Sun, 29 Apr 2018 01:46:40 +0000 (18:46 -0700)]
First small step towards pattern search: separate packets related to packet into separate lists, one list for each conversation/session.
Janus Varmarken [Fri, 27 Apr 2018 23:56:44 +0000 (16:56 -0700)]
Converted IP to hostname map from Map<String,List<String>> to Map<String,Set<String>> to prevent multiple entries of the same hostname showing up for the same IP. Added some javadoc. Removed KataiStruct packet representations.
Janus Varmarken [Fri, 27 Apr 2018 23:37:00 +0000 (16:37 -0700)]
Add functional code that loads a pcap file and constructs the IP->hostname map/dictionary. Note that the map is actually of type Map<String, List<String>> as the trace contains cases where ONE IP maps to MULTIPLE hostnames. Bug in current implementation: the map should be changed to Map<String, Set<String>> to prevent the same hostname from showing up in the list multiple times (occurs when a set of DNS queries return the same IP).
rtrimana [Thu, 26 Apr 2018 22:31:26 +0000 (15:31 -0700)]
Kaitai parser half baked; there seems to be a problem with the parsing of DNS packets (missing type A addresses in the data structure).
rtrimana [Thu, 26 Apr 2018 17:52:01 +0000 (10:52 -0700)]
Managed to pick and parse DNS packets; but, still need to get the detailed information from inside the packet.
rtrimana [Thu, 26 Apr 2018 00:42:55 +0000 (17:42 -0700)]
Reading and parsing through packets; handling unwanted packets; ready to create a good parser to create a nice data structure.
rtrimana [Wed, 25 Apr 2018 18:55:48 +0000 (11:55 -0700)]
Skipping packets that do not have etherType, e.g. XID, EAPOL, etc.
rtrimana [Wed, 25 Apr 2018 01:00:55 +0000 (18:00 -0700)]
Fixing build flow (broken because of a missing return statement).
rtrimana [Wed, 25 Apr 2018 00:51:26 +0000 (17:51 -0700)]
Resolving merge conflict in Main.java
rtrimana [Wed, 25 Apr 2018 00:49:45 +0000 (17:49 -0700)]
Adding the Kaitai library to parse PCAP files.
Janus Varmarken [Tue, 24 Apr 2018 18:04:38 +0000 (11:04 -0700)]
add notes
Janus Varmarken [Tue, 24 Apr 2018 16:48:07 +0000 (09:48 -0700)]
apply application plugin
Janus Varmarken [Tue, 24 Apr 2018 16:30:40 +0000 (09:30 -0700)]
add project for Smart Plug detection
rtrimana [Fri, 23 Mar 2018 15:17:04 +0000 (08:17 -0700)]
Updating coloring for graphs.
rtrimana [Wed, 21 Mar 2018 17:25:56 +0000 (10:25 -0700)]
Changing Packet Bytes into Traffic Volume in the generated time series graphs.
rtrimana [Mon, 19 Mar 2018 22:36:55 +0000 (15:36 -0700)]
More scripts to plot graphs with labels.
Janus Varmarken [Sat, 10 Mar 2018 07:51:47 +0000 (23:51 -0800)]
SIGCOMM paper template
rtrimana [Fri, 23 Feb 2018 18:59:09 +0000 (10:59 -0800)]
Adjustments for the addition of eth1 for SmartThings plug
rtrimana [Wed, 21 Feb 2018 19:40:23 +0000 (11:40 -0800)]
Fixing G.nodes() iteration that needs us to force Python to create a copy for iteration condition by adding list()
rtrimana [Thu, 15 Feb 2018 19:52:44 +0000 (11:52 -0800)]
Removing main_flow.sh; fixing flow to take time series plots from non DNS data
rtrimana [Wed, 14 Feb 2018 19:45:27 +0000 (11:45 -0800)]
Working scripts and plots for 4 devices (smart plugs)
rtrimana [Fri, 9 Feb 2018 19:39:44 +0000 (11:39 -0800)]
Adding combining plots script
rtrimana [Wed, 7 Feb 2018 23:58:03 +0000 (15:58 -0800)]
Completing a new flow that will do automated analysis and graph generation for one device
rtrimana [Tue, 6 Feb 2018 23:40:26 +0000 (15:40 -0800)]
Adding a new flow to yield per device data, analysis, and graphs.
rtrimana [Fri, 2 Feb 2018 22:00:00 +0000 (14:00 -0800)]
Removing bipartite_iot_web_gexf_generator.py; the bipartite feature has been merged into base_gexf_generator.py
rtrimana [Fri, 2 Feb 2018 17:25:21 +0000 (09:25 -0800)]
Merging bipartite functionality into the main base_gexf_generator.py script
rtrimana [Fri, 1 Dec 2017 23:36:30 +0000 (15:36 -0800)]
Merge branch 'master' of https://github.uci.edu/rtrimana/smart_home_traffic
rtrimana [Fri, 1 Dec 2017 23:36:02 +0000 (15:36 -0800)]
Adding the seconds in which there is 0 packet so that we will see the graph being plotted from 0
Janus Varmarken [Fri, 1 Dec 2017 23:07:24 +0000 (15:07 -0800)]
update base_gexf_generator with islocal node attribute
changes to networkx neighbors call - needs more updates
add flag for producing local-only graphs
Janus Varmarken [Wed, 29 Nov 2017 06:38:44 +0000 (22:38 -0800)]
Bipartite generator:
- Skip non IP traffic.
- Guard against cases where the device does not perform DNS lookups (or DNS lookups that occurred before data collection started).
Janus Varmarken [Mon, 27 Nov 2017 02:15:54 +0000 (18:15 -0800)]
Add bipartite graph generator. Needs to be merged with Rahmadi's changes to the base generator (I was unable to pull when implementing this functionaliy).
rtrimana [Fri, 24 Nov 2017 19:43:11 +0000 (11:43 -0800)]
Adding binning capabilities to parse_packet_frequency.py script to smoothen and emphasize certain packet frequencies in the graph
rtrimana [Wed, 15 Nov 2017 18:28:10 +0000 (10:28 -0800)]
Adding packet sizes and send/received bytes plots/analyses
rtrimana [Mon, 13 Nov 2017 19:20:32 +0000 (11:20 -0800)]
Adding new analysis - incoming (not yet including outgoing) packets inter-arrival time
rtrimana [Mon, 13 Nov 2017 18:01:37 +0000 (10:01 -0800)]
Adding traffic volume information into edges
rtrimana [Sat, 11 Nov 2017 00:16:27 +0000 (16:16 -0800)]
Collapsing leaf nodes if they have the same set of protocols
rtrimana [Fri, 10 Nov 2017 18:29:36 +0000 (10:29 -0800)]
Adding protocols as the property of edges; simplifying protocol tracking through scanning the frame.protocols field
rtrimana [Thu, 9 Nov 2017 19:50:23 +0000 (11:50 -0800)]
Adding excluded devices list; Adding protocol names; restructuring, cleaning-up etc.
rtrimana [Thu, 9 Nov 2017 16:51:16 +0000 (08:51 -0800)]
Establishing basic flow for the complete graph processing
Janus Varmarken [Wed, 8 Nov 2017 23:04:01 +0000 (15:04 -0800)]
Update base_gefx_generator.py to new pipeline
rtrimana [Wed, 8 Nov 2017 18:21:43 +0000 (10:21 -0800)]
Separating incoming and outgoing traffic for a more fine-grained analysis
rtrimana [Wed, 8 Nov 2017 00:45:24 +0000 (16:45 -0800)]
Adding moving window average using numpy library
rtrimana [Wed, 8 Nov 2017 00:45:11 +0000 (16:45 -0800)]
Adding moving window average using numpy library
rtrimana [Tue, 7 Nov 2017 22:26:17 +0000 (14:26 -0800)]
Completing flow for time series graph generation
rtrimana [Tue, 7 Nov 2017 19:39:20 +0000 (11:39 -0800)]
Adding time series analysis run script
rtrimana [Tue, 7 Nov 2017 16:43:29 +0000 (08:43 -0800)]
Setting device name as attribute (on Gephi we can choose to display/not display it)
rtrimana [Tue, 7 Nov 2017 00:44:11 +0000 (16:44 -0800)]
Adding local device name mapping into graph
rtrimana [Mon, 6 Nov 2017 23:40:16 +0000 (15:40 -0800)]
Adding list of MAC addresses for device translation
rtrimana [Mon, 6 Nov 2017 18:49:18 +0000 (10:49 -0800)]
Restructuring files and folders
rtrimana [Mon, 6 Nov 2017 18:24:59 +0000 (10:24 -0800)]
Restructuring files and folders
rtrimana [Mon, 6 Nov 2017 18:12:10 +0000 (10:12 -0800)]
Restructuring files and folders
Janus Varmarken [Mon, 6 Nov 2017 07:45:31 +0000 (23:45 -0800)]
Update pipeline: graph now maps IoT devices' MACs to hostnames or other MACs (if local communication), and device-specific DNS queries are taken into account.
Changes:
- base_gefx_generator.py updated such that it considers MAC addresses instead of IPs and considers device-specific DNS queries for the IoT devices during graph construction.
- extract_from_tshark.py: updated to also include eth.src and eth.dst.
- parse_dns.py: corrected return value of hostname_for_ip_at_time such that the method simply returns the hostname instead of a tuple of timestamp and hostname.
- updated example json generated by extract_from_tshark.py
- added example gephi file generated by base_gefx_generator.py
Janus Varmarken [Sat, 4 Nov 2017 02:08:58 +0000 (19:08 -0700)]
Update parse_dns.py with new datastructure that captures all dns requests per device [NOTE: needs testing!]
Janus Varmarken [Sat, 4 Nov 2017 00:22:33 +0000 (17:22 -0700)]
Define DeviceDNSMap: class the stores a specific device's DNS mappings.
Janus Varmarken [Fri, 3 Nov 2017 19:07:13 +0000 (12:07 -0700)]
Initial experimentation with simple pipeline setup: Call parse_json_dns from parse_dns.py in base_gefx_generator.py
Add simple gitignore.
Add example wireshark DNS extract for testing.
Add example wireshark HTTP extract for testing.
rtrimana [Fri, 3 Nov 2017 15:44:44 +0000 (08:44 -0700)]
Fixing indentation and results display
rtrimana [Fri, 3 Nov 2017 15:33:55 +0000 (08:33 -0700)]
A simple script to analyze the distribution of packet frequencies against time
Janus Varmarken [Wed, 1 Nov 2017 20:46:37 +0000 (13:46 -0700)]
Update DNS parser to also construct IP-> hostname map [NOTE: This is the SIMPLEST SOLUTION and does not consider cases where one IP maps to multiple hostnames nor does it consider timing of the mappings -- serves only as a starting point]
Janus Varmarken [Fri, 27 Oct 2017 02:46:16 +0000 (19:46 -0700)]
Add parse_dns.py: reads DNS traffic from a file (JSON formatted by tshark) and constructs a map in which a hostname points to a set of IPs associated with that hostname.
Janus Varmarken [Thu, 26 Oct 2017 05:00:04 +0000 (22:00 -0700)]
extract_from_tshark.py:
- apply Shuba's fix: do not skip packets that do not have a comment.
- include src ip and src port in output
Janus Varmarken [Thu, 26 Oct 2017 04:52:08 +0000 (21:52 -0700)]
Add base_gefx_generator.py: script that constructs a .gefx file from JSON generated by extract_from_tshark.py. The script generates a graph in which nodes are hosts and edges indicate that there is communication between the hosts. The script label/identify hosts by their IPs. It should serve as a starting point when we want to include more information in the graphs (e.g. host name).
Rahmadi Trimananda [Wed, 25 Oct 2017 16:17:04 +0000 (09:17 -0700)]
First version of scripts for traffic analysis
Rahmadi Trimananda [Wed, 25 Oct 2017 16:13:36 +0000 (09:13 -0700)]
Initial commit