Example 26 with TCPPacket
use of com.att.aro.core.packetreader.pojo.TCPPacket in project VideoOptimzer by attdevsupport.
the class SessionManagerImpl method analyzeRequestResponsesForSecureSessions.
/**
* Estimate RequestResponseObjects for Secure Sessions
* @param session
* @return
*/
private ArrayList<HttpRequestResponseInfo> analyzeRequestResponsesForSecureSessions(Session session) {
session.setDataInaccessible(true);
boolean flag = false;
TCPPacket tcpPacket = null;
HttpRequestResponseInfo rrInfo = null;
HttpRequestResponseInfo downlinkRRInfo = null;
ArrayList<HttpRequestResponseInfo> results = new ArrayList<>();
for (PacketInfo packetInfo : session.getAllPackets()) {
tcpPacket = (TCPPacket) packetInfo.getPacket();
byte[] data = tcpPacket.getData();
int packetPosition = tcpPacket.getDataOffset();
if (packetInfo.getDir() == PacketDirection.UPLINK) {
if ((packetPosition + 4) < tcpPacket.getLen() && data[packetPosition] == TLS_APPLICATION_DATA) {
rrInfo = generateRequestResponseObjectsForSSLOrUDPSessions(session.getRemoteHostName(), packetInfo.getDir(), packetInfo, true);
results.add(rrInfo);
flag = true;
}
updateRequestResponseObject(rrInfo, packetInfo);
}
if (packetInfo.getDir() == PacketDirection.DOWNLINK) {
if (flag && (packetPosition + 4) < tcpPacket.getLen() && data[packetPosition] == TLS_APPLICATION_DATA) {
downlinkRRInfo = generateRequestResponseObjectsForSSLOrUDPSessions(session.getRemoteHostName(), packetInfo.getDir(), packetInfo, true);
results.add(downlinkRRInfo);
flag = false;
}
updateRequestResponseObject(downlinkRRInfo, packetInfo);
}
}
if (results.isEmpty()) {
if (!session.getUplinkPacketsSortedBySequenceNumbers().isEmpty()) {
PacketInfo packetInfo = identifyCorrectTransmissionStream(session.getUplinkPacketsSortedBySequenceNumbers().firstEntry().getValue(), session.getAckNumbers(), session, PacketDirection.UPLINK);
rrInfo = generateRequestResponseObjectsForSSLOrUDPSessions(session.getRemoteHostName(), PacketDirection.UPLINK, packetInfo, true);
packetInfo = identifyCorrectTransmissionStream(session.getUplinkPacketsSortedBySequenceNumbers().lastEntry().getValue(), session.getAckNumbers(), session, PacketDirection.UPLINK);
rrInfo.setLastDataPacket(packetInfo);
results.add(rrInfo);
}
if (!session.getDownlinkPacketsSortedBySequenceNumbers().isEmpty()) {
PacketInfo packetInfo = identifyCorrectTransmissionStream(session.getDownlinkPacketsSortedBySequenceNumbers().firstEntry().getValue(), session.getAckNumbers(), session, PacketDirection.DOWNLINK);
downlinkRRInfo = generateRequestResponseObjectsForSSLOrUDPSessions(session.getRemoteHostName(), PacketDirection.DOWNLINK, packetInfo, true);
packetInfo = identifyCorrectTransmissionStream(session.getDownlinkPacketsSortedBySequenceNumbers().lastEntry().getValue(), session.getAckNumbers(), session, PacketDirection.DOWNLINK);
downlinkRRInfo.setLastDataPacket(packetInfo);
results.add(downlinkRRInfo);
}
}
return results;
}
Also used :
HttpRequestResponseInfo(com.att.aro.core.packetanalysis.pojo.HttpRequestResponseInfo)
TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket)
ArrayList(java.util.ArrayList)
PacketInfo(com.att.aro.core.packetanalysis.pojo.PacketInfo)
Example 27 with TCPPacket
use of com.att.aro.core.packetreader.pojo.TCPPacket in project VideoOptimzer by attdevsupport.
the class SessionManagerImpl method identifyCorrectTCPTransmissionStreamHelper.
/**
* Helper method to recursively iterate through all of the child packets by next sequence number (relative to parent packet) to identify if there is any ACK received
* @param packetInfoListForSequenceNumber Initial packet list by a sequence number
* @param ackNumbersSet Set of all the ACK numbers
* @param session Session object
* @param direction Packet direction Uplink or Downlink
* @return True if any packet in the chain has received an ACK in session, otherwise False
*/
private boolean identifyCorrectTCPTransmissionStreamHelper(List<PacketInfo> packetInfoListForSequenceNumber, Set<Long> ackNumbersSet, Session session, PacketDirection direction) {
if (packetInfoListForSequenceNumber == null || packetInfoListForSequenceNumber.size() == 0) {
return false;
}
for (PacketInfo packetInfo : packetInfoListForSequenceNumber) {
TCPPacket tcpPacket = (TCPPacket) packetInfo.getPacket();
long nextSequenceOrAckNumber = tcpPacket.getSequenceNumber() + tcpPacket.getPayloadLen();
if (ackNumbersSet.contains(nextSequenceOrAckNumber)) {
return true;
}
List<PacketInfo> packetInfoListForNextSequenceNumber = PacketDirection.DOWNLINK.equals(direction) ? session.getDownlinkPacketsSortedBySequenceNumbers().get(nextSequenceOrAckNumber) : session.getUplinkPacketsSortedBySequenceNumbers().get(nextSequenceOrAckNumber);
return identifyCorrectTCPTransmissionStreamHelper(packetInfoListForNextSequenceNumber, ackNumbersSet, session, direction);
}
return false;
}
Also used :
TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket)
PacketInfo(com.att.aro.core.packetanalysis.pojo.PacketInfo)
Example 28 with TCPPacket
use of com.att.aro.core.packetreader.pojo.TCPPacket in project VideoOptimzer by attdevsupport.
the class TraceDataReaderImpl method readPcapTraceFile.
private AbstractTraceResult readPcapTraceFile(String filepath, Double startTime, Double duration, AbstractTraceResult dresult) throws IOException {
if (!filereader.fileExist(filepath)) {
if (LOGGER != null) {
LOGGER.error("No packet file found at: " + filepath);
}
return null;
}
AbstractTraceResult result = dresult;
if (this.packetreader == null) {
// this.packetreader = new PacketReaderImpl();
throw new NullPointerException("this.packetreader is null");
}
this.packetreader.readPacket(filepath, this);
double pcapTime0 = 0;
double traceDuration = 0;
// Determine application name associated with each packet
if (!allPackets.isEmpty()) {
pcapTime0 = startTime != null ? startTime.doubleValue() : allPackets.get(0).getPacket().getTimeStamp();
traceDuration = duration != null ? duration.doubleValue() : allPackets.get(allPackets.size() - 1).getPacket().getTimeStamp() - pcapTime0;
List<Integer> appIds = result.getAppIds();
if (appIds == null) {
appIds = Collections.emptyList();
result.setAppIds(appIds);
}
// Determine if timezone difference needs to be accounted for
int tzDiff = 0;
int captureOffset = result.getCaptureOffset();
if (captureOffset != -1) {
int localOffset = Calendar.getInstance().getTimeZone().getRawOffset() / 1000;
int collectorOffset = captureOffset * 60 * -1;
tzDiff = collectorOffset - localOffset;
}
result.setPcapTimeOffset(pcapTime0 - tzDiff);
int packetIdx = 0;
List<String> appInfos = result.getAppInfos();
Set<String> allAppNames = result.getAllAppNames();
Map<String, Set<InetAddress>> appIps = result.getAppIps();
for (Iterator<PacketInfo> iter = allPackets.iterator(); iter.hasNext(); ) {
PacketInfo packetInfo = iter.next();
// Filter out non-IP packets
if (!(packetInfo.getPacket() instanceof IPPacket)) {
iter.remove();
continue;
}
IPPacket ipPacket = (IPPacket) packetInfo.getPacket();
PacketDirection packetDirection = determinePacketDirection(packetInfo, ipPacket.getSourceIPAddress(), ipPacket.getDestinationIPAddress());
if (packetDirection.equals(PacketDirection.UNKNOWN) && (ipPacket instanceof TCPPacket || ipPacket instanceof UDPPacket)) {
unknownPackets.add(packetInfo);
}
packetInfo.setDir(packetDirection);
packetInfo.setTimestamp(ipPacket.getTimeStamp() - pcapTime0 - tzDiff);
// Associate application ID with the packet
String appName = getAppNameForPacket(packetIdx, appIds, appInfos);
packetInfo.setAppName(appName);
allAppNames.add(appName);
// Group IPs by app
Set<InetAddress> ips = appIps.get(appName);
if (ips == null) {
ips = new HashSet<InetAddress>();
appIps.put(appName, ips);
}
ips.add(packetInfo.getRemoteIPAddress());
// Set packet ID to match Wireshark ID
packetInfo.setPacketId(++packetIdx);
}
if (!unknownPackets.isEmpty()) {
for (Iterator<PacketInfo> iterator = unknownPackets.iterator(); iterator.hasNext(); ) {
PacketInfo packetInfo = iterator.next();
IPPacket ipPacket = (IPPacket) packetInfo.getPacket();
PacketDirection packetDirection = determinePacketDirection(packetInfo, ipPacket.getSourceIPAddress(), ipPacket.getDestinationIPAddress());
iterator.remove();
if (packetDirection.equals(PacketDirection.UNKNOWN)) {
packetDirection = PacketDirection.UPLINK;
Packet packet = packetInfo.getPacket();
if (packet instanceof TCPPacket) {
int sourcePort = ((TCPPacket) packet).getSourcePort();
int destinationPort = ((TCPPacket) packet).getDestinationPort();
this.localIPAddresses.add(ipPacket.getSourceIPAddress().getHostAddress());
this.remoteIPAddresses.add(ipPacket.getDestinationIPAddress().getHostAddress());
this.localPortNumbers.add(sourcePort);
this.remotePortNumbers.add(destinationPort);
} else if (packet instanceof UDPPacket) {
int sourcePort = ((UDPPacket) packet).getSourcePort();
int destinationPort = ((UDPPacket) packet).getDestinationPort();
this.localIPAddresses.add(ipPacket.getSourceIPAddress().getHostAddress());
this.remoteIPAddresses.add(ipPacket.getDestinationIPAddress().getHostAddress());
this.localPortNumbers.add(sourcePort);
this.remotePortNumbers.add(destinationPort);
}
}
packetInfo.setDir(packetDirection);
}
}
if (!unknownPackets.isEmpty()) {
LOGGER.error("Packets with no direction identified.");
}
Collections.sort(allPackets);
} else {
pcapTime0 = startTime != null ? startTime.doubleValue() : filereader.getLastModified(filepath) / 1000.0;
traceDuration = duration != null ? duration.doubleValue() : 0.0;
}
Date traceDateTime = new Date((long) (pcapTime0 * 1000));
result.setPcapTime0(pcapTime0);
result.setTraceDuration(traceDuration);
result.setTraceDateTime(traceDateTime);
return result;
}
Also used :
TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket)
Packet(com.att.aro.core.packetreader.pojo.Packet)
IPPacket(com.att.aro.core.packetreader.pojo.IPPacket)
UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket)
Set(java.util.Set)
HashSet(java.util.HashSet)
PacketDirection(com.att.aro.core.packetreader.pojo.PacketDirection)
UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket)
Date(java.util.Date)
AbstractTraceResult(com.att.aro.core.packetanalysis.pojo.AbstractTraceResult)
TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket)
PacketInfo(com.att.aro.core.packetanalysis.pojo.PacketInfo)
InetAddress(java.net.InetAddress)
IPPacket(com.att.aro.core.packetreader.pojo.IPPacket)
Example 29 with TCPPacket
use of com.att.aro.core.packetreader.pojo.TCPPacket in project VideoOptimzer by attdevsupport.
the class PacketServiceImpl method createPacket.
/**
* Returns a new instance of the Packet class, using the specified
* parameters to initialize the class members.
*
* @param network
* The datalink to the network.
* @param seconds
* The number of seconds for the packet.
* @param microSeconds
* The number of microseconds for the packet.
* @param len
* The length of the data portion of the packet (in bytes).
* @param datalinkHdrLen
* The length of the header portion of the packet (in bytes).
* @param data
* An array of bytes that is the data portion of the packet.
*
* @return The newly created packet.
*/
@Override
public Packet createPacket(short network, long seconds, long microSeconds, int len, int datalinkHdrLen, byte[] data) {
Packet packet = null;
// Minimum IP header length is 20 bytes
ByteBuffer bytes = ByteBuffer.wrap(data);
if (network == IPV6 && data.length >= datalinkHdrLen + 40) {
// Determine IPV6 protocol
Pair pair = new Pair(data[datalinkHdrLen + 6], 0);
calculateLengthOfExtensionHeaders(data, datalinkHdrLen + 40, pair);
// Create IPPacket
switch(pair.protocol) {
case // TCP
6:
packet = new TCPPacket(seconds, microSeconds, len, datalinkHdrLen, pair.protocol, pair.extensionHeadersLength, data);
break;
case // UDP
17:
packet = createUDPPacket(seconds, microSeconds, len, datalinkHdrLen, pair.protocol, pair.extensionHeadersLength, data);
break;
default:
packet = new IPPacket(seconds, microSeconds, len, datalinkHdrLen, pair.protocol, pair.extensionHeadersLength, data);
break;
}
} else if (network == IPV4 && data.length >= datalinkHdrLen + 20) {
byte iphlen = (byte) ((bytes.get(datalinkHdrLen) & 0x0f) << 2);
if (data.length < datalinkHdrLen + iphlen) {
// Truncated packet
packet = new Packet(seconds, microSeconds, len, datalinkHdrLen, data);
} else {
// Determine IP protocol
byte protocol = bytes.get(datalinkHdrLen + 9);
switch(protocol) {
case // TCP
6:
if (data.length >= datalinkHdrLen + iphlen + 20) {
packet = new TCPPacket(seconds, microSeconds, len, datalinkHdrLen, null, null, data);
} else {
packet = new Packet(seconds, microSeconds, len, datalinkHdrLen, data);
}
break;
case // UDP
17:
if (data.length >= datalinkHdrLen + iphlen + 6) {
packet = createUDPPacket(seconds, microSeconds, len, datalinkHdrLen, null, null, data);
} else {
packet = new Packet(seconds, microSeconds, len, datalinkHdrLen, data);
}
break;
default:
packet = new IPPacket(seconds, microSeconds, len, datalinkHdrLen, null, null, data);
}
}
} else {
packet = new Packet(seconds, microSeconds, len, datalinkHdrLen, data);
}
return packet;
}
Also used :
UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket)
TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket)
Packet(com.att.aro.core.packetreader.pojo.Packet)
IPPacket(com.att.aro.core.packetreader.pojo.IPPacket)
TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket)
ByteBuffer(java.nio.ByteBuffer)
IPPacket(com.att.aro.core.packetreader.pojo.IPPacket)
Example 30 with TCPPacket
use of com.att.aro.core.packetreader.pojo.TCPPacket in project VideoOptimzer by attdevsupport.
the class PacketReaderLibraryImpl method translatePcap4jPacket.
/**
* Translate Pcap4j packet to VO packet
* @param pcap4jPacket
* @return
*/
private com.att.aro.core.packetreader.pojo.Packet translatePcap4jPacket(long timestampInSeconds, long timestampInMicroSeconds, Packet pcap4jPacket) {
TcpPacket pcap4jTcpPacket;
UdpPacket pcap4jUdpPacket;
if (pcap4jPacket.contains(IcmpV4CommonPacket.class) || pcap4jPacket.contains(IcmpV6CommonPacket.class)) {
return new IPPacket(timestampInSeconds, timestampInMicroSeconds, pcap4jPacket);
} else if ((pcap4jTcpPacket = pcap4jPacket.get(TcpPacket.class)) != null) {
return new TCPPacket(timestampInSeconds, timestampInMicroSeconds, pcap4jPacket, pcap4jTcpPacket);
} else if ((pcap4jUdpPacket = pcap4jPacket.get(UdpPacket.class)) != null) {
return new UDPPacket(timestampInSeconds, timestampInMicroSeconds, pcap4jPacket, pcap4jUdpPacket);
} else {
return new IPPacket(timestampInSeconds, timestampInMicroSeconds, pcap4jPacket);
}
}
Also used :
TcpPacket(org.pcap4j.packet.TcpPacket)
IcmpV4CommonPacket(org.pcap4j.packet.IcmpV4CommonPacket)
IcmpV6CommonPacket(org.pcap4j.packet.IcmpV6CommonPacket)
TCPPacket(com.att.aro.core.packetreader.pojo.TCPPacket)
UdpPacket(org.pcap4j.packet.UdpPacket)
UDPPacket(com.att.aro.core.packetreader.pojo.UDPPacket)
IPPacket(com.att.aro.core.packetreader.pojo.IPPacket)
Aggregations
TCPPacket (com.att.aro.core.packetreader.pojo.TCPPacket)39
PacketInfo (com.att.aro.core.packetanalysis.pojo.PacketInfo)29
ArrayList (java.util.ArrayList)21
InetAddress (java.net.InetAddress)19
UDPPacket (com.att.aro.core.packetreader.pojo.UDPPacket)18
Session (com.att.aro.core.packetanalysis.pojo.Session)16
BaseTest (com.att.aro.core.BaseTest)11
HashSet (java.util.HashSet)11
Test (org.junit.Test)11
IPPacket (com.att.aro.core.packetreader.pojo.IPPacket)10
DomainNameSystem (com.att.aro.core.packetreader.pojo.DomainNameSystem)8
HashMap (java.util.HashMap)8
Statistic (com.att.aro.core.packetanalysis.pojo.Statistic)7
Packet (com.att.aro.core.packetreader.pojo.Packet)7
RrcStateRange (com.att.aro.core.packetanalysis.pojo.RrcStateRange)5
BurstCollectionAnalysisData (com.att.aro.core.packetanalysis.pojo.BurstCollectionAnalysisData)4
HttpRequestResponseInfo (com.att.aro.core.packetanalysis.pojo.HttpRequestResponseInfo)4
CpuActivity (com.att.aro.core.peripheral.pojo.CpuActivity)4
BufferedOutputStream (java.io.BufferedOutputStream)4
IOException (java.io.IOException)4
