From 4576e14b4ab0ad6b3535efc1bcf715774526b68e Mon Sep 17 00:00:00 2001 From: Janus Varmarken Date: Sat, 28 Apr 2018 20:34:58 -0700 Subject: [PATCH] Update pcap4j to v2.0.0-alpha to get access to packet timestamps (and possibly TCP session reassembly at a later stage). Now prints the timestamp for the occurrence of a complete match in the trace. --- .../.idea/modules/SmartPlugDetector_main.iml | 4 ++-- .../.idea/modules/SmartPlugDetector_test.iml | 4 ++-- Code/Projects/SmartPlugDetector/build.gradle | 6 ++++-- .../edu/uci/iotproject/FlowPatternFinder.java | 16 +++++++++++----- 4 files changed, 19 insertions(+), 11 deletions(-) diff --git a/Code/Projects/SmartPlugDetector/.idea/modules/SmartPlugDetector_main.iml b/Code/Projects/SmartPlugDetector/.idea/modules/SmartPlugDetector_main.iml index 91357ca..802e727 100644 --- a/Code/Projects/SmartPlugDetector/.idea/modules/SmartPlugDetector_main.iml +++ b/Code/Projects/SmartPlugDetector/.idea/modules/SmartPlugDetector_main.iml @@ -9,8 +9,8 @@ - - + + diff --git a/Code/Projects/SmartPlugDetector/.idea/modules/SmartPlugDetector_test.iml b/Code/Projects/SmartPlugDetector/.idea/modules/SmartPlugDetector_test.iml index ce4e54a..98985ce 100644 --- a/Code/Projects/SmartPlugDetector/.idea/modules/SmartPlugDetector_test.iml +++ b/Code/Projects/SmartPlugDetector/.idea/modules/SmartPlugDetector_test.iml @@ -10,8 +10,8 @@ - - + + diff --git a/Code/Projects/SmartPlugDetector/build.gradle b/Code/Projects/SmartPlugDetector/build.gradle index ad98b35..582dede 100644 --- a/Code/Projects/SmartPlugDetector/build.gradle +++ b/Code/Projects/SmartPlugDetector/build.gradle @@ -16,8 +16,10 @@ dependencies { testCompile group: 'junit', name: 'junit', version: '4.11' // pcap4j - compile 'org.pcap4j:pcap4j-core:1.7.3' - compile 'org.pcap4j:pcap4j-packetfactory-static:1.7.3' + // Updated to v2 alpha as the stable release does not include packet timestamps + // v2 should add support for TCP session reassembly as well, although it does not appear to be part of the lib yet. + compile 'org.pcap4j:pcap4j-core:2.0.0-alpha' + compile 'org.pcap4j:pcap4j-packetfactory-static:2.0.0-alpha' // pcap4j logging dependency compile 'org.slf4j:slf4j-jdk14:1.8.0-beta2' diff --git a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java index df4d447..c8f8fe2 100644 --- a/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java +++ b/Code/Projects/SmartPlugDetector/src/main/java/edu/uci/iotproject/FlowPatternFinder.java @@ -3,11 +3,13 @@ package edu.uci.iotproject; import org.pcap4j.core.NotOpenException; import org.pcap4j.core.PcapHandle; import org.pcap4j.core.PcapNativeException; +import org.pcap4j.core.PcapPacket; import org.pcap4j.packet.IpV4Packet; import org.pcap4j.packet.Packet; import org.pcap4j.packet.TcpPacket; import java.io.EOFException; +import java.time.Instant; import java.util.*; import java.util.concurrent.TimeoutException; @@ -19,7 +21,7 @@ import java.util.concurrent.TimeoutException; public class FlowPatternFinder { private final Map> dnsMap; - private final Map> connections = new HashMap<>(); + private final Map> connections = new HashMap<>(); public FlowPatternFinder(Map> dnsMap) { this.dnsMap = Objects.requireNonNull(dnsMap); @@ -31,7 +33,8 @@ public class FlowPatternFinder { public void findFlowPattern(PcapHandle pcap, FlowPattern pattern) throws PcapNativeException, NotOpenException, TimeoutException { try { - Packet packet; + PcapPacket packet; + while ((packet = pcap.getNextPacketEx()) != null) { // For now, we only work support pattern search in TCP over IPv4. @@ -62,7 +65,7 @@ public class FlowPatternFinder { // TODO: this is strictly not sufficient to differentiate one TCP session from another, but should suffice for now. Conversation conversation = fromClient ? new Conversation(srcAddress, srcPort, dstAddress, dstPort) : new Conversation(dstAddress, dstPort, srcAddress, srcPort); - List listWrappedPacket = new ArrayList<>(); + List listWrappedPacket = new ArrayList<>(); listWrappedPacket.add(packet); // Create new conversation entry, or append packet to existing. connections.merge(conversation, listWrappedPacket, (v1, v2) -> { @@ -78,7 +81,7 @@ public class FlowPatternFinder { private void find(FlowPattern pattern) { for (Conversation con : connections.keySet()) { - List packets = connections.get(con); + List packets = connections.get(con); if (packets.size() != pattern.getPacketOrder().size()) { // Not a complete match if different number of packets. continue; @@ -92,7 +95,10 @@ public class FlowPatternFinder { } } if (completeMatch) { - System.out.println(String.format("found a complete match for %s", pattern.getPatternId())); + PcapPacket firstPacketInFlow = packets.get(0); + System.out.println( + String.format("[ detected a complete match of pattern '%s' at %s]", + pattern.getPatternId(), firstPacketInFlow.getTimestamp().toString())); } } } -- 2.34.1