Search in sources :

Example 26 with TCPPacket

use of com.att.aro.core.packetreader.pojo.TCPPacket in project VideoOptimzer by attdevsupport.

the class SessionManagerImpl method analyzeRequestResponsesForSecureSessions.

/**
 * Estimate RequestResponseObjects for Secure Sessions
 * @param session
 * @return
 */
private ArrayList<HttpRequestResponseInfo> analyzeRequestResponsesForSecureSessions(Session session) {
    session.setDataInaccessible(true);
    boolean flag = false;
    TCPPacket tcpPacket = null;
    HttpRequestResponseInfo rrInfo = null;
    HttpRequestResponseInfo downlinkRRInfo = null;
    ArrayList<HttpRequestResponseInfo> results = new ArrayList<>();
    for (PacketInfo packetInfo : session.getAllPackets()) {
        tcpPacket = (TCPPacket) packetInfo.getPacket();
        byte[] data = tcpPacket.getData();
        int packetPosition = tcpPacket.getDataOffset();
        if (packetInfo.getDir() == PacketDirection.UPLINK) {
            if ((packetPosition + 4) < tcpPacket.getLen() && data[packetPosition] == TLS_APPLICATION_DATA) {
                rrInfo = generateRequestResponseObjectsForSSLOrUDPSessions(session.getRemoteHostName(), packetInfo.getDir(), packetInfo, true);
                results.add(rrInfo);
                flag = true;
            }
            updateRequestResponseObject(rrInfo, packetInfo);
        }
        if (packetInfo.getDir() == PacketDirection.DOWNLINK) {
            if (flag && (packetPosition + 4) < tcpPacket.getLen() && data[packetPosition] == TLS_APPLICATION_DATA) {
                downlinkRRInfo = generateRequestResponseObjectsForSSLOrUDPSessions(session.getRemoteHostName(), packetInfo.getDir(), packetInfo, true);
                results.add(downlinkRRInfo);
                flag = false;
            }
            updateRequestResponseObject(downlinkRRInfo, packetInfo);
        }
    }
    if (results.isEmpty()) {
        if (!session.getUplinkPacketsSortedBySequenceNumbers().isEmpty()) {
            PacketInfo packetInfo = identifyCorrectTransmissionStream(session.getUplinkPacketsSortedBySequenceNumbers().firstEntry().getValue(), session.getAckNumbers(), session, PacketDirection.UPLINK);
            rrInfo = generateRequestResponseObjectsForSSLOrUDPSessions(session.getRemoteHostName(), PacketDirection.UPLINK, packetInfo, true);
            packetInfo = identifyCorrectTransmissionStream(session.getUplinkPacketsSortedBySequenceNumbers().lastEntry().getValue(), session.getAckNumbers(), session, PacketDirection.UPLINK);
            rrInfo.setLastDataPacket(packetInfo);
            results.add(rrInfo);
        }
        if (!session.getDownlinkPacketsSortedBySequenceNumbers().isEmpty()) {
            PacketInfo packetInfo = identifyCorrectTransmissionStream(session.getDownlinkPacketsSortedBySequenceNumbers().firstEntry().getValue(), session.getAckNumbers(), session, PacketDirection.DOWNLINK);
            downlinkRRInfo = generateRequestResponseObjectsForSSLOrUDPSessions(session.getRemoteHostName(), PacketDirection.DOWNLINK, packetInfo, true);
            packetInfo = identifyCorrectTransmissionStream(session.getDownlinkPacketsSortedBySequenceNumbers().lastEntry().getValue(), session.getAckNumbers(), session, PacketDirection.DOWNLINK);
            downlinkRRInfo.setLastDataPacket(packetInfo);
            results.add(downlinkRRInfo);
        }
    }
    return results;
}
Also used : HttpRequestResponseInfo(com.att.aro.core.packetanalysis.pojo.HttpRequestResponseInfo) TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) ArrayList(java.util.ArrayList) PacketInfo(com.att.aro.core.packetanalysis.pojo.PacketInfo)

Example 27 with TCPPacket

use of com.att.aro.core.packetreader.pojo.TCPPacket in project VideoOptimzer by attdevsupport.

the class SessionManagerImpl method identifyCorrectTCPTransmissionStreamHelper.

/**
 * Helper method to recursively iterate through all of the child packets by next sequence number (relative to parent packet) to identify if there is any ACK received
 * @param packetInfoListForSequenceNumber Initial packet list by a sequence number
 * @param ackNumbersSet Set of all the ACK numbers
 * @param session Session object
 * @param direction Packet direction Uplink or Downlink
 * @return True if any packet in the chain has received an ACK in session, otherwise False
 */
private boolean identifyCorrectTCPTransmissionStreamHelper(List<PacketInfo> packetInfoListForSequenceNumber, Set<Long> ackNumbersSet, Session session, PacketDirection direction) {
    if (packetInfoListForSequenceNumber == null || packetInfoListForSequenceNumber.size() == 0) {
        return false;
    }
    for (PacketInfo packetInfo : packetInfoListForSequenceNumber) {
        TCPPacket tcpPacket = (TCPPacket) packetInfo.getPacket();
        long nextSequenceOrAckNumber = tcpPacket.getSequenceNumber() + tcpPacket.getPayloadLen();
        if (ackNumbersSet.contains(nextSequenceOrAckNumber)) {
            return true;
        }
        List<PacketInfo> packetInfoListForNextSequenceNumber = PacketDirection.DOWNLINK.equals(direction) ? session.getDownlinkPacketsSortedBySequenceNumbers().get(nextSequenceOrAckNumber) : session.getUplinkPacketsSortedBySequenceNumbers().get(nextSequenceOrAckNumber);
        return identifyCorrectTCPTransmissionStreamHelper(packetInfoListForNextSequenceNumber, ackNumbersSet, session, direction);
    }
    return false;
}
Also used : TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) PacketInfo(com.att.aro.core.packetanalysis.pojo.PacketInfo)

Example 28 with TCPPacket

use of com.att.aro.core.packetreader.pojo.TCPPacket in project VideoOptimzer by attdevsupport.

the class TraceDataReaderImpl method readPcapTraceFile.

private AbstractTraceResult readPcapTraceFile(String filepath, Double startTime, Double duration, AbstractTraceResult dresult) throws IOException {
    if (!filereader.fileExist(filepath)) {
        if (LOGGER != null) {
            LOGGER.error("No packet file found at: " + filepath);
        }
        return null;
    }
    AbstractTraceResult result = dresult;
    if (this.packetreader == null) {
        // this.packetreader = new PacketReaderImpl();
        throw new NullPointerException("this.packetreader is null");
    }
    this.packetreader.readPacket(filepath, this);
    double pcapTime0 = 0;
    double traceDuration = 0;
    // Determine application name associated with each packet
    if (!allPackets.isEmpty()) {
        pcapTime0 = startTime != null ? startTime.doubleValue() : allPackets.get(0).getPacket().getTimeStamp();
        traceDuration = duration != null ? duration.doubleValue() : allPackets.get(allPackets.size() - 1).getPacket().getTimeStamp() - pcapTime0;
        List<Integer> appIds = result.getAppIds();
        if (appIds == null) {
            appIds = Collections.emptyList();
            result.setAppIds(appIds);
        }
        // Determine if timezone difference needs to be accounted for
        int tzDiff = 0;
        int captureOffset = result.getCaptureOffset();
        if (captureOffset != -1) {
            int localOffset = Calendar.getInstance().getTimeZone().getRawOffset() / 1000;
            int collectorOffset = captureOffset * 60 * -1;
            tzDiff = collectorOffset - localOffset;
        }
        result.setPcapTimeOffset(pcapTime0 - tzDiff);
        int packetIdx = 0;
        List<String> appInfos = result.getAppInfos();
        Set<String> allAppNames = result.getAllAppNames();
        Map<String, Set<InetAddress>> appIps = result.getAppIps();
        for (Iterator<PacketInfo> iter = allPackets.iterator(); iter.hasNext(); ) {
            PacketInfo packetInfo = iter.next();
            // Filter out non-IP packets
            if (!(packetInfo.getPacket() instanceof IPPacket)) {
                iter.remove();
                continue;
            }
            IPPacket ipPacket = (IPPacket) packetInfo.getPacket();
            PacketDirection packetDirection = determinePacketDirection(packetInfo, ipPacket.getSourceIPAddress(), ipPacket.getDestinationIPAddress());
            if (packetDirection.equals(PacketDirection.UNKNOWN) && (ipPacket instanceof TCPPacket || ipPacket instanceof UDPPacket)) {
                unknownPackets.add(packetInfo);
            }
            packetInfo.setDir(packetDirection);
            packetInfo.setTimestamp(ipPacket.getTimeStamp() - pcapTime0 - tzDiff);
            // Associate application ID with the packet
            String appName = getAppNameForPacket(packetIdx, appIds, appInfos);
            packetInfo.setAppName(appName);
            allAppNames.add(appName);
            // Group IPs by app
            Set<InetAddress> ips = appIps.get(appName);
            if (ips == null) {
                ips = new HashSet<InetAddress>();
                appIps.put(appName, ips);
            }
            ips.add(packetInfo.getRemoteIPAddress());
            // Set packet ID to match Wireshark ID
            packetInfo.setPacketId(++packetIdx);
        }
        if (!unknownPackets.isEmpty()) {
            for (Iterator<PacketInfo> iterator = unknownPackets.iterator(); iterator.hasNext(); ) {
                PacketInfo packetInfo = iterator.next();
                IPPacket ipPacket = (IPPacket) packetInfo.getPacket();
                PacketDirection packetDirection = determinePacketDirection(packetInfo, ipPacket.getSourceIPAddress(), ipPacket.getDestinationIPAddress());
                iterator.remove();
                if (packetDirection.equals(PacketDirection.UNKNOWN)) {
                    packetDirection = PacketDirection.UPLINK;
                    Packet packet = packetInfo.getPacket();
                    if (packet instanceof TCPPacket) {
                        int sourcePort = ((TCPPacket) packet).getSourcePort();
                        int destinationPort = ((TCPPacket) packet).getDestinationPort();
                        this.localIPAddresses.add(ipPacket.getSourceIPAddress().getHostAddress());
                        this.remoteIPAddresses.add(ipPacket.getDestinationIPAddress().getHostAddress());
                        this.localPortNumbers.add(sourcePort);
                        this.remotePortNumbers.add(destinationPort);
                    } else if (packet instanceof UDPPacket) {
                        int sourcePort = ((UDPPacket) packet).getSourcePort();
                        int destinationPort = ((UDPPacket) packet).getDestinationPort();
                        this.localIPAddresses.add(ipPacket.getSourceIPAddress().getHostAddress());
                        this.remoteIPAddresses.add(ipPacket.getDestinationIPAddress().getHostAddress());
                        this.localPortNumbers.add(sourcePort);
                        this.remotePortNumbers.add(destinationPort);
                    }
                }
                packetInfo.setDir(packetDirection);
            }
        }
        if (!unknownPackets.isEmpty()) {
            LOGGER.error("Packets with no direction identified.");
        }
        Collections.sort(allPackets);
    } else {
        pcapTime0 = startTime != null ? startTime.doubleValue() : filereader.getLastModified(filepath) / 1000.0;
        traceDuration = duration != null ? duration.doubleValue() : 0.0;
    }
    Date traceDateTime = new Date((long) (pcapTime0 * 1000));
    result.setPcapTime0(pcapTime0);
    result.setTraceDuration(traceDuration);
    result.setTraceDateTime(traceDateTime);
    return result;
}
Also used : TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) Packet(com.att.aro.core.packetreader.pojo.Packet) IPPacket(com.att.aro.core.packetreader.pojo.IPPacket) UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket) Set(java.util.Set) HashSet(java.util.HashSet) PacketDirection(com.att.aro.core.packetreader.pojo.PacketDirection) UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket) Date(java.util.Date) AbstractTraceResult(com.att.aro.core.packetanalysis.pojo.AbstractTraceResult) TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) PacketInfo(com.att.aro.core.packetanalysis.pojo.PacketInfo) InetAddress(java.net.InetAddress) IPPacket(com.att.aro.core.packetreader.pojo.IPPacket)

Example 29 with TCPPacket

use of com.att.aro.core.packetreader.pojo.TCPPacket in project VideoOptimzer by attdevsupport.

the class PacketServiceImpl method createPacket.

/**
 * Returns a new instance of the Packet class, using the specified
 * parameters to initialize the class members.
 *
 * @param network
 *            The datalink to the network.
 * @param seconds
 *            The number of seconds for the packet.
 * @param microSeconds
 *            The number of microseconds for the packet.
 * @param len
 *            The length of the data portion of the packet (in bytes).
 * @param datalinkHdrLen
 *            The length of the header portion of the packet (in bytes).
 * @param data
 *            An array of bytes that is the data portion of the packet.
 *
 * @return The newly created packet.
 */
@Override
public Packet createPacket(short network, long seconds, long microSeconds, int len, int datalinkHdrLen, byte[] data) {
    Packet packet = null;
    // Minimum IP header length is 20 bytes
    ByteBuffer bytes = ByteBuffer.wrap(data);
    if (network == IPV6 && data.length >= datalinkHdrLen + 40) {
        // Determine IPV6 protocol
        Pair pair = new Pair(data[datalinkHdrLen + 6], 0);
        calculateLengthOfExtensionHeaders(data, datalinkHdrLen + 40, pair);
        // Create IPPacket
        switch(pair.protocol) {
            case // TCP
            6:
                packet = new TCPPacket(seconds, microSeconds, len, datalinkHdrLen, pair.protocol, pair.extensionHeadersLength, data);
                break;
            case // UDP
            17:
                packet = createUDPPacket(seconds, microSeconds, len, datalinkHdrLen, pair.protocol, pair.extensionHeadersLength, data);
                break;
            default:
                packet = new IPPacket(seconds, microSeconds, len, datalinkHdrLen, pair.protocol, pair.extensionHeadersLength, data);
                break;
        }
    } else if (network == IPV4 && data.length >= datalinkHdrLen + 20) {
        byte iphlen = (byte) ((bytes.get(datalinkHdrLen) & 0x0f) << 2);
        if (data.length < datalinkHdrLen + iphlen) {
            // Truncated packet
            packet = new Packet(seconds, microSeconds, len, datalinkHdrLen, data);
        } else {
            // Determine IP protocol
            byte protocol = bytes.get(datalinkHdrLen + 9);
            switch(protocol) {
                case // TCP
                6:
                    if (data.length >= datalinkHdrLen + iphlen + 20) {
                        packet = new TCPPacket(seconds, microSeconds, len, datalinkHdrLen, null, null, data);
                    } else {
                        packet = new Packet(seconds, microSeconds, len, datalinkHdrLen, data);
                    }
                    break;
                case // UDP
                17:
                    if (data.length >= datalinkHdrLen + iphlen + 6) {
                        packet = createUDPPacket(seconds, microSeconds, len, datalinkHdrLen, null, null, data);
                    } else {
                        packet = new Packet(seconds, microSeconds, len, datalinkHdrLen, data);
                    }
                    break;
                default:
                    packet = new IPPacket(seconds, microSeconds, len, datalinkHdrLen, null, null, data);
            }
        }
    } else {
        packet = new Packet(seconds, microSeconds, len, datalinkHdrLen, data);
    }
    return packet;
}
Also used : UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket) TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) Packet(com.att.aro.core.packetreader.pojo.Packet) IPPacket(com.att.aro.core.packetreader.pojo.IPPacket) TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) ByteBuffer(java.nio.ByteBuffer) IPPacket(com.att.aro.core.packetreader.pojo.IPPacket)

Example 30 with TCPPacket

use of com.att.aro.core.packetreader.pojo.TCPPacket in project VideoOptimzer by attdevsupport.

the class PacketReaderLibraryImpl method translatePcap4jPacket.

/**
 * Translate Pcap4j packet to VO packet
 * @param pcap4jPacket
 * @return
 */
private com.att.aro.core.packetreader.pojo.Packet translatePcap4jPacket(long timestampInSeconds, long timestampInMicroSeconds, Packet pcap4jPacket) {
    TcpPacket pcap4jTcpPacket;
    UdpPacket pcap4jUdpPacket;
    if (pcap4jPacket.contains(IcmpV4CommonPacket.class) || pcap4jPacket.contains(IcmpV6CommonPacket.class)) {
        return new IPPacket(timestampInSeconds, timestampInMicroSeconds, pcap4jPacket);
    } else if ((pcap4jTcpPacket = pcap4jPacket.get(TcpPacket.class)) != null) {
        return new TCPPacket(timestampInSeconds, timestampInMicroSeconds, pcap4jPacket, pcap4jTcpPacket);
    } else if ((pcap4jUdpPacket = pcap4jPacket.get(UdpPacket.class)) != null) {
        return new UDPPacket(timestampInSeconds, timestampInMicroSeconds, pcap4jPacket, pcap4jUdpPacket);
    } else {
        return new IPPacket(timestampInSeconds, timestampInMicroSeconds, pcap4jPacket);
    }
}
Also used : TcpPacket(org.pcap4j.packet.TcpPacket) IcmpV4CommonPacket(org.pcap4j.packet.IcmpV4CommonPacket) IcmpV6CommonPacket(org.pcap4j.packet.IcmpV6CommonPacket) TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket) UdpPacket(org.pcap4j.packet.UdpPacket) UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket) IPPacket(com.att.aro.core.packetreader.pojo.IPPacket)

Aggregations

TCPPacket (com.att.aro.core.packetreader.pojo.TCPPacket)39 PacketInfo (com.att.aro.core.packetanalysis.pojo.PacketInfo)29 ArrayList (java.util.ArrayList)21 InetAddress (java.net.InetAddress)19 UDPPacket (com.att.aro.core.packetreader.pojo.UDPPacket)18 Session (com.att.aro.core.packetanalysis.pojo.Session)16 BaseTest (com.att.aro.core.BaseTest)11 HashSet (java.util.HashSet)11 Test (org.junit.Test)11 IPPacket (com.att.aro.core.packetreader.pojo.IPPacket)10 DomainNameSystem (com.att.aro.core.packetreader.pojo.DomainNameSystem)8 HashMap (java.util.HashMap)8 Statistic (com.att.aro.core.packetanalysis.pojo.Statistic)7 Packet (com.att.aro.core.packetreader.pojo.Packet)7 RrcStateRange (com.att.aro.core.packetanalysis.pojo.RrcStateRange)5 BurstCollectionAnalysisData (com.att.aro.core.packetanalysis.pojo.BurstCollectionAnalysisData)4 HttpRequestResponseInfo (com.att.aro.core.packetanalysis.pojo.HttpRequestResponseInfo)4 CpuActivity (com.att.aro.core.peripheral.pojo.CpuActivity)4 BufferedOutputStream (java.io.BufferedOutputStream)4 IOException (java.io.IOException)4