Search in sources :

Example 6 with IPPacket

use of com.att.aro.core.packetreader.pojo.IPPacket in project VideoOptimzer by attdevsupport.

the class TraceDataReaderImpl method updatePacket.

private void updatePacket(Packet packet) {
    if (packet instanceof TCPPacket) {
        TCPPacket ipPacket = (TCPPacket) packet;
        for (PacketInfo info : allPackets) {
            Packet curPacket = (Packet) info.getPacket();
            if (curPacket instanceof TCPPacket) {
                TCPPacket tcpPacket = (TCPPacket) curPacket;
                if (ipPacket.getDestinationIPAddress().equals(tcpPacket.getDestinationIPAddress()) && ipPacket.getSourceIPAddress().equals(tcpPacket.getSourceIPAddress()) && ipPacket.getSequenceNumber() == tcpPacket.getSequenceNumber() && ipPacket.getAckNumber() == tcpPacket.getAckNumber() && packet.getData().length > 66) {
                    byte[] data = Arrays.copyOfRange(packet.getData(), 66, packet.getData().length);
                    tcpPacket.setDecrypted(true);
                    curPacket.setData(data);
                }
            }
        }
    }
}
Also used : TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) Packet(com.att.aro.core.packetreader.pojo.Packet) IPPacket(com.att.aro.core.packetreader.pojo.IPPacket) UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket) TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) PacketInfo(com.att.aro.core.packetanalysis.pojo.PacketInfo)

Example 7 with IPPacket

use of com.att.aro.core.packetreader.pojo.IPPacket in project VideoOptimzer by attdevsupport.

the class TraceDataReaderImpl method readPcapTraceFile.

private AbstractTraceResult readPcapTraceFile(String filepath, Double startTime, Double duration, AbstractTraceResult dresult) throws IOException {
    if (!filereader.fileExist(filepath)) {
        if (LOGGER != null) {
            LOGGER.error("No packet file found at: " + filepath);
        }
        return null;
    }
    AbstractTraceResult result = dresult;
    if (this.packetreader == null) {
        // this.packetreader = new PacketReaderImpl();
        throw new NullPointerException("this.packetreader is null");
    }
    this.packetreader.readPacket(filepath, this);
    double pcapTime0 = 0;
    double traceDuration = 0;
    // Determine application name associated with each packet
    if (!allPackets.isEmpty()) {
        pcapTime0 = startTime != null ? startTime.doubleValue() : allPackets.get(0).getPacket().getTimeStamp();
        traceDuration = duration != null ? duration.doubleValue() : allPackets.get(allPackets.size() - 1).getPacket().getTimeStamp() - pcapTime0;
        List<Integer> appIds = result.getAppIds();
        if (appIds == null) {
            appIds = Collections.emptyList();
            result.setAppIds(appIds);
        }
        // Determine if timezone difference needs to be accounted for
        int tzDiff = 0;
        int captureOffset = result.getCaptureOffset();
        if (captureOffset != -1) {
            int localOffset = Calendar.getInstance().getTimeZone().getRawOffset() / 1000;
            int collectorOffset = captureOffset * 60 * -1;
            tzDiff = collectorOffset - localOffset;
        }
        result.setPcapTimeOffset(pcapTime0 - tzDiff);
        int packetIdx = 0;
        List<String> appInfos = result.getAppInfos();
        Set<String> allAppNames = result.getAllAppNames();
        Map<String, Set<InetAddress>> appIps = result.getAppIps();
        for (Iterator<PacketInfo> iter = allPackets.iterator(); iter.hasNext(); ) {
            PacketInfo packetInfo = iter.next();
            // Filter out non-IP packets
            if (!(packetInfo.getPacket() instanceof IPPacket)) {
                iter.remove();
                continue;
            }
            IPPacket ipPacket = (IPPacket) packetInfo.getPacket();
            PacketDirection packetDirection = determinePacketDirection(packetInfo, ipPacket.getSourceIPAddress(), ipPacket.getDestinationIPAddress());
            if (packetDirection.equals(PacketDirection.UNKNOWN) && (ipPacket instanceof TCPPacket || ipPacket instanceof UDPPacket)) {
                unknownPackets.add(packetInfo);
            }
            packetInfo.setDir(packetDirection);
            packetInfo.setTimestamp(ipPacket.getTimeStamp() - pcapTime0 - tzDiff);
            // Associate application ID with the packet
            String appName = getAppNameForPacket(packetIdx, appIds, appInfos);
            packetInfo.setAppName(appName);
            allAppNames.add(appName);
            // Group IPs by app
            Set<InetAddress> ips = appIps.get(appName);
            if (ips == null) {
                ips = new HashSet<InetAddress>();
                appIps.put(appName, ips);
            }
            ips.add(packetInfo.getRemoteIPAddress());
            // Set packet ID to match Wireshark ID
            packetInfo.setPacketId(++packetIdx);
        }
        if (!unknownPackets.isEmpty()) {
            for (Iterator<PacketInfo> iterator = unknownPackets.iterator(); iterator.hasNext(); ) {
                PacketInfo packetInfo = iterator.next();
                IPPacket ipPacket = (IPPacket) packetInfo.getPacket();
                PacketDirection packetDirection = determinePacketDirection(packetInfo, ipPacket.getSourceIPAddress(), ipPacket.getDestinationIPAddress());
                iterator.remove();
                if (packetDirection.equals(PacketDirection.UNKNOWN)) {
                    packetDirection = PacketDirection.UPLINK;
                    Packet packet = packetInfo.getPacket();
                    if (packet instanceof TCPPacket) {
                        int sourcePort = ((TCPPacket) packet).getSourcePort();
                        int destinationPort = ((TCPPacket) packet).getDestinationPort();
                        this.localIPAddresses.add(ipPacket.getSourceIPAddress().getHostAddress());
                        this.remoteIPAddresses.add(ipPacket.getDestinationIPAddress().getHostAddress());
                        this.localPortNumbers.add(sourcePort);
                        this.remotePortNumbers.add(destinationPort);
                    } else if (packet instanceof UDPPacket) {
                        int sourcePort = ((UDPPacket) packet).getSourcePort();
                        int destinationPort = ((UDPPacket) packet).getDestinationPort();
                        this.localIPAddresses.add(ipPacket.getSourceIPAddress().getHostAddress());
                        this.remoteIPAddresses.add(ipPacket.getDestinationIPAddress().getHostAddress());
                        this.localPortNumbers.add(sourcePort);
                        this.remotePortNumbers.add(destinationPort);
                    }
                }
                packetInfo.setDir(packetDirection);
            }
        }
        if (!unknownPackets.isEmpty()) {
            LOGGER.error("Packets with no direction identified.");
        }
        Collections.sort(allPackets);
    } else {
        pcapTime0 = startTime != null ? startTime.doubleValue() : filereader.getLastModified(filepath) / 1000.0;
        traceDuration = duration != null ? duration.doubleValue() : 0.0;
    }
    Date traceDateTime = new Date((long) (pcapTime0 * 1000));
    result.setPcapTime0(pcapTime0);
    result.setTraceDuration(traceDuration);
    result.setTraceDateTime(traceDateTime);
    return result;
}
Also used : TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) Packet(com.att.aro.core.packetreader.pojo.Packet) IPPacket(com.att.aro.core.packetreader.pojo.IPPacket) UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket) Set(java.util.Set) HashSet(java.util.HashSet) PacketDirection(com.att.aro.core.packetreader.pojo.PacketDirection) UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket) Date(java.util.Date) AbstractTraceResult(com.att.aro.core.packetanalysis.pojo.AbstractTraceResult) TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) PacketInfo(com.att.aro.core.packetanalysis.pojo.PacketInfo) InetAddress(java.net.InetAddress) IPPacket(com.att.aro.core.packetreader.pojo.IPPacket)

Example 8 with IPPacket

use of com.att.aro.core.packetreader.pojo.IPPacket in project VideoOptimzer by attdevsupport.

the class PacketServiceImpl method createPacket.

/**
 * Returns a new instance of the Packet class, using the specified
 * parameters to initialize the class members.
 *
 * @param network
 *            The datalink to the network.
 * @param seconds
 *            The number of seconds for the packet.
 * @param microSeconds
 *            The number of microseconds for the packet.
 * @param len
 *            The length of the data portion of the packet (in bytes).
 * @param datalinkHdrLen
 *            The length of the header portion of the packet (in bytes).
 * @param data
 *            An array of bytes that is the data portion of the packet.
 *
 * @return The newly created packet.
 */
@Override
public Packet createPacket(short network, long seconds, long microSeconds, int len, int datalinkHdrLen, byte[] data) {
    Packet packet = null;
    // Minimum IP header length is 20 bytes
    ByteBuffer bytes = ByteBuffer.wrap(data);
    if (network == IPV6 && data.length >= datalinkHdrLen + 40) {
        // Determine IPV6 protocol
        Pair pair = new Pair(data[datalinkHdrLen + 6], 0);
        calculateLengthOfExtensionHeaders(data, datalinkHdrLen + 40, pair);
        // Create IPPacket
        switch(pair.protocol) {
            case // TCP
            6:
                packet = new TCPPacket(seconds, microSeconds, len, datalinkHdrLen, pair.protocol, pair.extensionHeadersLength, data);
                break;
            case // UDP
            17:
                packet = createUDPPacket(seconds, microSeconds, len, datalinkHdrLen, pair.protocol, pair.extensionHeadersLength, data);
                break;
            default:
                packet = new IPPacket(seconds, microSeconds, len, datalinkHdrLen, pair.protocol, pair.extensionHeadersLength, data);
                break;
        }
    } else if (network == IPV4 && data.length >= datalinkHdrLen + 20) {
        byte iphlen = (byte) ((bytes.get(datalinkHdrLen) & 0x0f) << 2);
        if (data.length < datalinkHdrLen + iphlen) {
            // Truncated packet
            packet = new Packet(seconds, microSeconds, len, datalinkHdrLen, data);
        } else {
            // Determine IP protocol
            byte protocol = bytes.get(datalinkHdrLen + 9);
            switch(protocol) {
                case // TCP
                6:
                    if (data.length >= datalinkHdrLen + iphlen + 20) {
                        packet = new TCPPacket(seconds, microSeconds, len, datalinkHdrLen, null, null, data);
                    } else {
                        packet = new Packet(seconds, microSeconds, len, datalinkHdrLen, data);
                    }
                    break;
                case // UDP
                17:
                    if (data.length >= datalinkHdrLen + iphlen + 6) {
                        packet = createUDPPacket(seconds, microSeconds, len, datalinkHdrLen, null, null, data);
                    } else {
                        packet = new Packet(seconds, microSeconds, len, datalinkHdrLen, data);
                    }
                    break;
                default:
                    packet = new IPPacket(seconds, microSeconds, len, datalinkHdrLen, null, null, data);
            }
        }
    } else {
        packet = new Packet(seconds, microSeconds, len, datalinkHdrLen, data);
    }
    return packet;
}
Also used : UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket) TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) Packet(com.att.aro.core.packetreader.pojo.Packet) IPPacket(com.att.aro.core.packetreader.pojo.IPPacket) TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) ByteBuffer(java.nio.ByteBuffer) IPPacket(com.att.aro.core.packetreader.pojo.IPPacket)

Example 9 with IPPacket

use of com.att.aro.core.packetreader.pojo.IPPacket in project VideoOptimzer by attdevsupport.

the class PacketReaderLibraryImpl method translatePcap4jPacket.

/**
 * Translate Pcap4j packet to VO packet
 * @param pcap4jPacket
 * @return
 */
private com.att.aro.core.packetreader.pojo.Packet translatePcap4jPacket(long timestampInSeconds, long timestampInMicroSeconds, Packet pcap4jPacket) {
    TcpPacket pcap4jTcpPacket;
    UdpPacket pcap4jUdpPacket;
    if (pcap4jPacket.contains(IcmpV4CommonPacket.class) || pcap4jPacket.contains(IcmpV6CommonPacket.class)) {
        return new IPPacket(timestampInSeconds, timestampInMicroSeconds, pcap4jPacket);
    } else if ((pcap4jTcpPacket = pcap4jPacket.get(TcpPacket.class)) != null) {
        return new TCPPacket(timestampInSeconds, timestampInMicroSeconds, pcap4jPacket, pcap4jTcpPacket);
    } else if ((pcap4jUdpPacket = pcap4jPacket.get(UdpPacket.class)) != null) {
        return new UDPPacket(timestampInSeconds, timestampInMicroSeconds, pcap4jPacket, pcap4jUdpPacket);
    } else {
        return new IPPacket(timestampInSeconds, timestampInMicroSeconds, pcap4jPacket);
    }
}
Also used : TcpPacket(org.pcap4j.packet.TcpPacket) IcmpV4CommonPacket(org.pcap4j.packet.IcmpV4CommonPacket) IcmpV6CommonPacket(org.pcap4j.packet.IcmpV6CommonPacket) TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) UdpPacket(org.pcap4j.packet.UdpPacket) UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket) IPPacket(com.att.aro.core.packetreader.pojo.IPPacket)

Example 10 with IPPacket

use of com.att.aro.core.packetreader.pojo.IPPacket in project VideoOptimzer by attdevsupport.

the class PacketAnalyzerImpl method getStatistic.

@Override
public Statistic getStatistic(List<PacketInfo> packetInfos) {
    Statistic stat = new Statistic();
    Set<String> appNames = new HashSet<String>();
    if (!packetInfos.isEmpty() && packetInfos.size() > 0) {
        long totalHTTPSBytes = 0;
        long totalBytes = 0;
        long totalTCPBytes = 0;
        long totalPayloadBytes = 0;
        long totalTCPPayloadBytes = 0;
        int totalTCPPackets = 0;
        double minTCPPacketTimestamp = Double.MAX_VALUE;
        double maxTCPPacketTimestamp = Double.MIN_VALUE;
        List<IPPacketSummary> ipPacketSummary = new ArrayList<>();
        List<ApplicationPacketSummary> applicationPacketSummary = new ArrayList<>();
        Map<Integer, Integer> packetSizeToCountMap = new HashMap<>();
        Map<String, PacketCounter> appPackets = new HashMap<>();
        Map<InetAddress, PacketCounter> ipPackets = new HashMap<>();
        for (PacketInfo packetInfo : packetInfos) {
            if (packetInfo != null) {
                totalBytes += packetInfo.getLen();
                totalPayloadBytes += packetInfo.getPacket().getPayloadLen();
                PacketCounter pCounter;
                if (packetInfo.getPacket() instanceof TCPPacket) {
                    ++totalTCPPackets;
                    minTCPPacketTimestamp = Math.min(minTCPPacketTimestamp, packetInfo.getTimeStamp());
                    maxTCPPacketTimestamp = Math.max(maxTCPPacketTimestamp, packetInfo.getTimeStamp());
                    TCPPacket tcp = (TCPPacket) packetInfo.getPacket();
                    totalTCPBytes += tcp.getPacketLength();
                    totalTCPPayloadBytes += tcp.getPayloadLen();
                    if (tcp.isSsl() || tcp.getDestinationPort() == 443 || tcp.getSourcePort() == 443) {
                        totalHTTPSBytes += tcp.getPayloadLen();
                    }
                }
                if (packetInfo.getPacket() instanceof IPPacket) {
                    // Count packets by packet size
                    Integer packetSize = packetInfo.getPacket().getPayloadLen();
                    Integer iValue = packetSizeToCountMap.get(packetSize);
                    if (iValue == null) {
                        iValue = 1;
                    } else {
                        iValue++;
                    }
                    packetSizeToCountMap.put(packetSize, iValue);
                    // Get IP address summary
                    InetAddress ipAddress = packetInfo.getRemoteIPAddress();
                    pCounter = ipPackets.get(ipAddress);
                    if (pCounter == null) {
                        pCounter = new PacketCounter();
                        ipPackets.put(ipAddress, pCounter);
                    }
                    pCounter.add(packetInfo);
                }
                String appName = packetInfo.getAppName();
                appNames.add(appName);
                pCounter = appPackets.get(appName);
                if (pCounter == null) {
                    pCounter = new PacketCounter();
                    appPackets.put(appName, pCounter);
                }
                pCounter.add(packetInfo);
            }
        }
        for (Map.Entry<InetAddress, PacketCounter> ipPacketMap : ipPackets.entrySet()) {
            ipPacketSummary.add(new IPPacketSummary(ipPacketMap.getKey(), ipPacketMap.getValue().getPacketCount(), ipPacketMap.getValue().getTotalBytes(), ipPacketMap.getValue().getTotalPayloadBytes()));
        }
        for (Map.Entry<String, PacketCounter> appPacketMap : appPackets.entrySet()) {
            applicationPacketSummary.add(new ApplicationPacketSummary(appPacketMap.getKey(), appPacketMap.getValue().getPacketCount(), appPacketMap.getValue().getTotalBytes(), appPacketMap.getValue().getTotalPayloadBytes()));
        }
        double packetsDuration = packetInfos.get(packetInfos.size() - 1).getTimeStamp() - packetInfos.get(0).getTimeStamp();
        double tcpPacketDuration = (maxTCPPacketTimestamp > minTCPPacketTimestamp) ? (maxTCPPacketTimestamp - minTCPPacketTimestamp) : 0.0d;
        double avgKbps = packetsDuration != 0 ? totalBytes * 8.0 / 1000.0 / packetsDuration : 0.0d;
        double avgTCPKbps = tcpPacketDuration != 0 ? totalTCPBytes * 8.0 / 1000.0 / tcpPacketDuration : 0.0d;
        stat.setApplicationPacketSummary(applicationPacketSummary);
        stat.setAverageKbps(avgKbps);
        stat.setAverageTCPKbps(avgTCPKbps);
        stat.setIpPacketSummary(ipPacketSummary);
        stat.setPacketDuration(packetsDuration);
        stat.setTcpPacketDuration(tcpPacketDuration);
        stat.setTotalByte(totalBytes);
        stat.setTotalPayloadBytes(totalPayloadBytes);
        stat.setTotalTCPBytes(totalTCPBytes);
        stat.setTotalTCPPayloadBytes(totalTCPPayloadBytes);
        stat.setTotalHTTPSByte(totalHTTPSBytes);
        stat.setTotalPackets(packetInfos.size());
        stat.setTotalTCPPackets(totalTCPPackets);
        stat.setPacketSizeToCountMap(packetSizeToCountMap);
    }
    stat.setAppName(appNames);
    return stat;
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) PacketCounter(com.att.aro.core.packetanalysis.pojo.PacketCounter) Statistic(com.att.aro.core.packetanalysis.pojo.Statistic) IPPacketSummary(com.att.aro.core.packetanalysis.pojo.IPPacketSummary) HashSet(java.util.HashSet) TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) PacketInfo(com.att.aro.core.packetanalysis.pojo.PacketInfo) ApplicationPacketSummary(com.att.aro.core.packetanalysis.pojo.ApplicationPacketSummary) InetAddress(java.net.InetAddress) Map(java.util.Map) SortedMap(java.util.SortedMap) HashMap(java.util.HashMap) TreeMap(java.util.TreeMap) IPPacket(com.att.aro.core.packetreader.pojo.IPPacket)

Aggregations

IPPacket (com.att.aro.core.packetreader.pojo.IPPacket)14 PacketInfo (com.att.aro.core.packetanalysis.pojo.PacketInfo)9 TCPPacket (com.att.aro.core.packetreader.pojo.TCPPacket)9 UDPPacket (com.att.aro.core.packetreader.pojo.UDPPacket)8 InetAddress (java.net.InetAddress)8 ArrayList (java.util.ArrayList)6 Date (java.util.Date)6 BaseTest (com.att.aro.core.BaseTest)5 HashSet (java.util.HashSet)5 Test (org.junit.Test)5 Packet (com.att.aro.core.packetreader.pojo.Packet)4 UnknownHostException (java.net.UnknownHostException)4 IPacketListener (com.att.aro.core.packetreader.IPacketListener)3 NetworkTypeObject (com.att.aro.core.peripheral.pojo.NetworkTypeObject)3 HashMap (java.util.HashMap)3 InvocationOnMock (org.mockito.invocation.InvocationOnMock)3 ScheduledAlarmInfo (com.att.aro.core.packetanalysis.pojo.ScheduledAlarmInfo)2 Session (com.att.aro.core.packetanalysis.pojo.Session)2 TraceDirectoryResult (com.att.aro.core.packetanalysis.pojo.TraceDirectoryResult)2 DomainNameSystem (com.att.aro.core.packetreader.pojo.DomainNameSystem)2