andreabont/Project-Riddle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Massive Refactor

Browse source
This commit is contained in:
Andrea Bontempi 2012-06-14 16:40:46 +02:00
commit 13c10fc192
29 changed files with 1638 additions and 2097 deletions
Download patch file Download diff file Expand all files Collapse all files

39
Breeder.cpp
View file

@ -31,55 +31,48 @@
#include <vector>
#include <boost/regex.hpp>
#include <boost/program_options.hpp>
#include "./commons/libPacket.h"
#include "./commons/classPacket.h"
using namespace std;
using namespace boost::program_options;
using namespace libNetwork;
int main(int argc, char **argv) {
options_description desc("Breeder - Network TCP Flux Seletor");
int main ( int argc, char **argv ) {
options_description desc ( "Breeder - Network TCP Flux Seletor" );
desc.add_options()
("help", "prints this")
("http", "select the http protocol.")
( "help", "prints this" )
( "http", "select the http protocol." )
;
variables_map vm;
store(parse_command_line(argc, argv, desc), vm);
notify(vm);
store ( parse_command_line ( argc, argv, desc ), vm );
notify ( vm );
if (vm.count("help"))
{
if ( vm.count ( "help" ) ) {
cout<<desc<<"\n";
return EXIT_SUCCESS;
}
list<std::string> regularexpressions;
if(vm.count("http"))
{
regularexpressions.push_front("HTTP.*");
if ( vm.count ( "http" ) ) {
regularexpressions.push_front ( "HTTP.*" );
}
if(regularexpressions.empty())
{
if ( regularexpressions.empty() ) {
std::cerr<<"ERROR >> You have not selected any protocol!"<<std::endl;
return EXIT_FAILURE;
}
while (1)
{
try
{
while ( 1 ) {
try {
string r_flux;
getline(cin,r_flux);
if (cin.eof()) break;
getline ( cin,r_flux );
if ( cin.eof() ) break;
// TODO
}
catch (packet::Overflow)
{
} catch ( packet::Overflow ) {
std::cerr<<"Overflow! :-P"<<std::endl;
return EXIT_FAILURE;
}

135
Cigarette.cpp
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,7 +22,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
@ -34,8 +34,8 @@
#include <boost/asio.hpp>
#include <boost/program_options.hpp>
#include "./libraries/libCigarette.h"
#include "./commons/libAddress.h"
#include "./commons/libPacket.h"
#include "./commons/classMacAddress.h"
#include "./commons/classPacket.h"
#include "./commons/libDump.h"
using namespace std;
@ -43,49 +43,44 @@ using namespace boost;
using namespace boost::program_options;
using namespace libNetwork;
int main(int argc, char **argv) {
options_description desc("Cigarette - Network Packet Parser");
int main ( int argc, char **argv ) {
options_description desc ( "Cigarette - Network Packet Parser" );
desc.add_options()
("help", "prints this")
("ipv4", "expand IPv4 info")
("tcp", "expand TCP info")
("icmp", "expand ICMP info")
("payload", "print payload dump")
( "help", "prints this" )
( "ipv4", "expand IPv4 info" )
( "tcp", "expand TCP info" )
( "icmp", "expand ICMP info" )
( "payload", "print payload dump" )
;
variables_map vm;
store(parse_command_line(argc, argv, desc), vm);
notify(vm);
store ( parse_command_line ( argc, argv, desc ), vm );
notify ( vm );
if (vm.count("help"))
{
if ( vm.count ( "help" ) ) {
cout<<desc<<"\n";
return 1;
}
while (1)
{
try
{
while ( 1 ) {
try {
string r_packet;
getline(cin,r_packet);
if (cin.eof()) break;
getline ( cin,r_packet );
if ( cin.eof() ) break;
packet* pkg = packet::factory(r_packet);
packet* pkg = packet::factory ( r_packet );
cout << "[" << std::dec << pkg->getEpoch() << " " << setfill('0') << std::setw(6) << pkg->getMillis() << "] Size: " << pkg->getPacketLength() << " byte" << endl;
cout << "[" << std::dec << pkg->getEpoch() << " " << setfill ( '0' ) << std::setw ( 6 ) << pkg->getMillis() << "] Size: " << pkg->getPacketLength() << " byte" << endl;
cout << " From " << pkg->getSenderMac().to_string() << " to "<< pkg->getTargetMac().to_string() << endl;
cout << " EtherType: 0x" << std::hex << pkg->getEtherType() << " ("<< ether_type_decode(pkg->getEtherType()) << ")" << endl;
cout << " EtherType: 0x" << std::hex << pkg->getEtherType() << " ("<< ether_type_decode ( pkg->getEtherType() ) << ")" << endl;
cout << endl;
if (pkg->isArp())
{
if ( pkg->isArp() ) {
ARPpacket *pkg_arp = dynamic_cast<ARPpacket*>(pkg);
ARPpacket *pkg_arp = dynamic_cast<ARPpacket*> ( pkg );
if (pkg_arp->getOpCode() == 1)
{
if ( pkg_arp->getOpCode() == 1 ) {
cout << " Who has " << pkg_arp->getTargetIp().to_string() << " ? Tell "<< pkg_arp->getSenderIp().to_string() << endl;
cout << endl;
@ -96,25 +91,20 @@ int main(int argc, char **argv) {
}
} else if (pkg->isIPv4())
{
} else if ( pkg->isIPv4() ) {
IPv4packet *pkg_ipv4 = dynamic_cast<IPv4packet*>(pkg);
IPv4packet *pkg_ipv4 = dynamic_cast<IPv4packet*> ( pkg );
cout << " From " << pkg_ipv4->getSenderIp().to_string() << " to "<< pkg_ipv4->getTargetIp().to_string() << endl;
cout << " ProtocolType: 0x" << pkg_ipv4->getProtocolType() << " ("<< ipv4_type_decode(pkg_ipv4->getProtocolType()) << ")" << endl;
cout << " ProtocolType: 0x" << pkg_ipv4->getProtocolType() << " ("<< ipv4_type_decode ( pkg_ipv4->getProtocolType() ) << ")" << endl;
if (vm.count("ipv4"))
{
if ( vm.count ( "ipv4" ) ) {
cout << " + Time To Live " << std::dec << pkg_ipv4->getTTL() << endl;
cout << " + Identification 0x" << std::hex << pkg_ipv4->getIdentity() << endl;;
cout << " + Checksum 0x" << std::hex << pkg_ipv4->getIPChecksum();
if(pkg_ipv4->verifyIPChecksum())
{
if ( pkg_ipv4->verifyIPChecksum() ) {
cout << " (Correct) ";
}
else
{
} else {
cout << " (Invalid) ";
}
cout << endl;
@ -122,70 +112,63 @@ int main(int argc, char **argv) {
cout << endl;
if (pkg_ipv4->isTCP())
{
if ( pkg_ipv4->isTCP() ) {
TCPv4packet* pkg_tcpv4 = dynamic_cast<TCPv4packet*>(pkg);
TCPv4packet* pkg_tcpv4 = dynamic_cast<TCPv4packet*> ( pkg );
cout << " From port " << std::dec << pkg_tcpv4->getSenderPort() << " to port " << pkg_tcpv4->getTargetPort() << endl;
if (vm.count("tcp"))
{
if ( vm.count ( "tcp" ) ) {
cout << " + Sequence Number " << pkg_tcpv4->getSequenceNumber() << endl;
cout << " + Acknowledgment Number " << pkg_tcpv4->getAcknowledgmentNumber() << endl;
cout << " + Header Length " << pkg_tcpv4->getHeaderLength() << " byte" << endl;
cout << " + Flags ";
if(pkg_tcpv4->isSYN()) cout << "SYN ";
if(pkg_tcpv4->isFIN()) cout << "FIN ";
if(pkg_tcpv4->isRST()) cout << "RST ";
if(pkg_tcpv4->isACK()) cout << "ACK ";
if(pkg_tcpv4->isPSH()) cout << "PSH ";
if(pkg_tcpv4->isURG()) cout << "URG ";
if(pkg_tcpv4->isECE()) cout << "ECE ";
if(pkg_tcpv4->isCWR()) cout << "CWR ";
if ( pkg_tcpv4->isSYN() ) cout << "SYN ";
if ( pkg_tcpv4->isFIN() ) cout << "FIN ";
if ( pkg_tcpv4->isRST() ) cout << "RST ";
if ( pkg_tcpv4->isACK() ) cout << "ACK ";
if ( pkg_tcpv4->isPSH() ) cout << "PSH ";
if ( pkg_tcpv4->isURG() ) cout << "URG ";
if ( pkg_tcpv4->isECE() ) cout << "ECE ";
if ( pkg_tcpv4->isCWR() ) cout << "CWR ";
cout << endl;
cout << " + Window Size " << pkg_tcpv4->getWindowSize() << " byte" << endl;
cout << " + Checksum 0x" << std::hex << pkg_tcpv4->getTCPChecksum() << endl;
cout << " + Urgent Pointer 0x" << std::hex << pkg_tcpv4->getUrgentPointer() << endl;
std::map<int, std::string> options = pkg_tcpv4->getOptionMap();
if(pkg_tcpv4->isOption())
{
if ( pkg_tcpv4->isOption() ) {
std::map<int, std::string>::const_iterator itr;
for(itr = options.begin(); itr != options.end(); ++itr) {
cout << " + Option " << (*itr).first << " -> " << (*itr).second << endl;
for ( itr = options.begin(); itr != options.end(); ++itr ) {
cout << " + Option " << ( *itr ).first << " -> " << ( *itr ).second << endl;
}
}
}
if (vm.count("payload"))
{
cout << " + Payload:" << endl;
cout << libDump::classicDump(pkg_tcpv4->getPayLoad()) << endl;
if ( vm.count ( "payload" ) ) {
cout << " + Payload:" << endl;
cout << libDump::classicDump ( pkg_tcpv4->getPayLoad() ) << endl;
}
cout << endl;
} else if (pkg_ipv4->isUDP())
{
} else if ( pkg_ipv4->isUDP() ) {
UDPv4packet* pkg_udpv4 = dynamic_cast<UDPv4packet*>(pkg);
UDPv4packet* pkg_udpv4 = dynamic_cast<UDPv4packet*> ( pkg );
cout << " From port " << std::dec << pkg_udpv4->getSenderPort() << " to port " << pkg_udpv4->getTargetPort() << endl;
cout << endl;
} else if (pkg_ipv4->isICMP())
{
} else if ( pkg_ipv4->isICMP() ) {
ICMPv4packet* pkg_icmpv4 = dynamic_cast<ICMPv4packet*>(pkg);
ICMPv4packet* pkg_icmpv4 = dynamic_cast<ICMPv4packet*> ( pkg );
cout << " Message Type: " << pkg_icmpv4->getMessageType() << " (" << icmpv4_type_decode(pkg_icmpv4->getMessageType()) << ")" << endl;
cout << " Message Type: " << pkg_icmpv4->getMessageType() << " (" << icmpv4_type_decode ( pkg_icmpv4->getMessageType() ) << ")" << endl;
if (vm.count("icmp"))
{
if ( vm.count ( "icmp" ) ) {
cout << " Message Code: " << pkg_icmpv4->getMessageCode() << endl;
}
@ -202,9 +185,7 @@ int main(int argc, char **argv) {
}
delete pkg;
}
catch (packet::Overflow)
{
} catch ( packet::Overflow ) {
std::cerr<<"Overflow! :-P"<<std::endl;
return EXIT_FAILURE;
}

115
Pursuer.cpp
View file

@ -34,8 +34,8 @@
#include <boost/asio.hpp>
#include <boost/program_options.hpp>
#include "./libraries/libCigarette.h"
#include "./commons/libAddress.h"
#include "./commons/libPacket.h"
#include "./commons/classMacAddress.h"
#include "./commons/classPacket.h"
#include "./libraries/libPursuer.h"
using namespace std;
@ -43,19 +43,18 @@ using namespace boost;
using namespace boost::program_options;
using namespace libNetwork;
int main(int argc, char **argv) {
options_description desc("Pursuer - Network TCP Follower");
int main ( int argc, char **argv ) {
options_description desc ( "Pursuer - Network TCP Follower" );
desc.add_options()
("help", "prints this")
("tofile", "redirect payload to file (a file for each stream)")
( "help", "prints this" )
( "tofile", "redirect payload to file (a file for each stream)" )
;
variables_map vm;
store(parse_command_line(argc, argv, desc), vm);
notify(vm);
store ( parse_command_line ( argc, argv, desc ), vm );
notify ( vm );
if (vm.count("help"))
{
if ( vm.count ( "help" ) ) {
cout<<desc<<"\n";
return EXIT_SUCCESS;
}
@ -64,62 +63,48 @@ int main(int argc, char **argv) {
string r_packet;
while (1)
{
try
{
while ( 1 ) {
try {
getline(cin,r_packet);
if (cin.eof()) break;
getline ( cin,r_packet );
if ( cin.eof() ) break;
packet* pkg = packet::factory(r_packet);
packet* pkg = packet::factory ( r_packet );
if(pkg->isIPv4())
{
IPv4packet *pkg_ipv4 = dynamic_cast<IPv4packet*>(pkg);
if ( pkg->isIPv4() ) {
IPv4packet *pkg_ipv4 = dynamic_cast<IPv4packet*> ( pkg );
if(pkg_ipv4->isTCP())
{
if ( pkg_ipv4->isTCP() ) {
TCPv4packet *pkg_tcpv4 = dynamic_cast<TCPv4packet*>(pkg);
TCPv4packet *pkg_tcpv4 = dynamic_cast<TCPv4packet*> ( pkg );
if(pkg_tcpv4->isSYN() && !pkg_tcpv4->isACK())
{
if ( pkg_tcpv4->isSYN() && !pkg_tcpv4->isACK() ) {
stream *temp = new stream();
temp->factory(pkg_tcpv4);
packet_stream.push_back(temp);
}
else
{
temp->factory ( pkg_tcpv4 );
packet_stream.push_back ( temp );
} else {
for (list<stream*>::iterator it = packet_stream.begin(); it != packet_stream.end(); it++)
{
for ( list<stream*>::iterator it = packet_stream.begin(); it != packet_stream.end(); it++ ) {
// MA LOL !!!!!
if( ( ( (*it)->getFirstIpAddress() == pkg_tcpv4->getSenderIp() && (*it)->getFirstPort() == pkg_tcpv4->getSenderPort()) &&
( (*it)->getSecondIpAddress() == pkg_tcpv4->getTargetIp() && (*it)->getSecondPort() == pkg_tcpv4->getTargetPort())) ||
( ( (*it)->getFirstIpAddress() == pkg_tcpv4->getTargetIp() && (*it)->getFirstPort() == pkg_tcpv4->getTargetPort()) &&
( (*it)->getSecondIpAddress() == pkg_tcpv4->getSenderIp() && (*it)->getSecondPort() == pkg_tcpv4->getSenderPort())))
{
if ( ( ( ( *it )->getFirstIpAddress() == pkg_tcpv4->getSenderIp() && ( *it )->getFirstPort() == pkg_tcpv4->getSenderPort() ) &&
( ( *it )->getSecondIpAddress() == pkg_tcpv4->getTargetIp() && ( *it )->getSecondPort() == pkg_tcpv4->getTargetPort() ) ) ||
( ( ( *it )->getFirstIpAddress() == pkg_tcpv4->getTargetIp() && ( *it )->getFirstPort() == pkg_tcpv4->getTargetPort() ) &&
( ( *it )->getSecondIpAddress() == pkg_tcpv4->getSenderIp() && ( *it )->getSecondPort() == pkg_tcpv4->getSenderPort() ) ) ) {
if(pkg_tcpv4->isSYN())
{
(*it)->factory(pkg_tcpv4);
}
else if(pkg_tcpv4->isRST() || pkg_tcpv4->isFIN())
{
(*it)->flushFirstBuffer();
(*it)->flushSecondBuffer();
if ( pkg_tcpv4->isSYN() ) {
( *it )->factory ( pkg_tcpv4 );
} else if ( pkg_tcpv4->isRST() || pkg_tcpv4->isFIN() ) {
( *it )->flushFirstBuffer();
( *it )->flushSecondBuffer();
writeout((*it), vm.count("tofile"));
writeout ( ( *it ), vm.count ( "tofile" ) );
packet_stream.remove(*it);
packet_stream.remove ( *it );
break;
}
else
{
(*it)->addPacket(pkg_tcpv4);
} else {
( *it )->addPacket ( pkg_tcpv4 );
}
break;
}
@ -135,22 +120,19 @@ int main(int argc, char **argv) {
// Regole di pulizia.
for (list<stream*>::iterator it2 = packet_stream.begin(); it2 != packet_stream.end(); it2++)
{
for ( list<stream*>::iterator it2 = packet_stream.begin(); it2 != packet_stream.end(); it2++ ) {
if((*it2)->getFlowLength() > (100*1024*1024) || (*it2)->getTimeEpoch() > pkg->getEpoch() + (10*60))
{
if ( ( *it2 )->getFlowLength() > ( 100*1024*1024 ) || ( *it2 )->getTimeEpoch() > pkg->getEpoch() + ( 10*60 ) ) {
writeout((*it2), vm.count("tofile"));
writeout ( ( *it2 ), vm.count ( "tofile" ) );
packet_stream.erase(it2);
packet_stream.erase ( it2 );
break;
} else if( (*it2)->getBufferLength() > 1024 )
{
} else if ( ( *it2 )->getBufferLength() > 1024 ) {
(*it2)->flushFirstBuffer();
(*it2)->flushSecondBuffer();
( *it2 )->flushFirstBuffer();
( *it2 )->flushSecondBuffer();
}
@ -158,9 +140,7 @@ int main(int argc, char **argv) {
}
catch (packet::Overflow)
{
} catch ( packet::Overflow ) {
std::cerr<<"Overflow! :-P"<<std::endl;
return EXIT_FAILURE;
}
@ -168,12 +148,11 @@ int main(int argc, char **argv) {
// Esporto fussi non terminati prima dell'uscita.
// Non usare il for, non va d'accordo con gli erase.
while (!packet_stream.empty())
{
while ( !packet_stream.empty() ) {
list<stream*>::iterator it3 = packet_stream.begin();
writeout((*it3), vm.count("tofile"));
packet_stream.erase(it3);
writeout ( ( *it3 ), vm.count ( "tofile" ) );
packet_stream.erase ( it3 );
}

165
Ranging.cpp
View file

@ -1,13 +1,13 @@
/**
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,7 +22,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
@ -36,8 +36,8 @@
#include <boost/program_options.hpp>
#include <curses.h>
#include "./commons/libAddress.h"
#include "./commons/libPacket.h"
#include "./commons/classMacAddress.h"
#include "./commons/classPacket.h"
#include "./libraries/libRanging.h"
#define TIMETOLIVE 50
@ -54,35 +54,33 @@ using namespace boost::posix_time;
using namespace libNetwork;
void setHead();
void printLine(int countLine, string mac, string ip, long int epoch, long int lastEpoch);
void printLine ( int countLine, string mac, string ip, long int epoch, long int lastEpoch );
int main(int argc, char **argv) {
int main ( int argc, char **argv ) {
options_description desc("Ranging - Network Passive Scanner");
options_description desc ( "Ranging - Network Passive Scanner" );
desc.add_options()
("help", "prints this")
( "help", "prints this" )
;
variables_map vm;
store(parse_command_line(argc, argv, desc), vm);
notify(vm);
store ( parse_command_line ( argc, argv, desc ), vm );
notify ( vm );
if (vm.count("help"))
{
if ( vm.count ( "help" ) ) {
cout<<desc<<"\n";
return EXIT_SUCCESS;
}
string r_packet;
getline(cin,r_packet);
if (cin.eof()) return EXIT_SUCCESS;
getline ( cin,r_packet );
if ( cin.eof() ) return EXIT_SUCCESS;
WINDOW *wnd;
wnd = initscr(); // curses call to initialize window
if (!has_colors())
{
if ( !has_colors() ) {
endwin();
cerr << "FAIL: Your terminal does not support color." << endl;
return EXIT_FAILURE;
@ -93,7 +91,7 @@ int main(int argc, char **argv) {
noecho(); // curses call to set no echoin
clear(); // curses call to clear screen, send cursor to position (0,0)
getmaxyx(wnd, rows, cols);
getmaxyx ( wnd, rows, cols );
setHead();
list<device> found;
@ -102,31 +100,26 @@ int main(int argc, char **argv) {
bool refresh_display;
while (1)
{
try
{
while ( 1 ) {
try {
packet* pkg = packet::factory(r_packet);
packet* pkg = packet::factory ( r_packet );
refresh_display = (pkg->getEpoch() - lastEpoch > THRESHOLD);
refresh_display = ( pkg->getEpoch() - lastEpoch > THRESHOLD );
lastEpoch = pkg->getEpoch();
if(pkg->isArp())
{
ARPpacket *pkg_arp = dynamic_cast<ARPpacket*>(pkg);
if ( pkg->isArp() ) {
ARPpacket *pkg_arp = dynamic_cast<ARPpacket*> ( pkg );
bool isFound = false;
list<device>::iterator p = found.begin();
while(p != found.end())
{
while ( p != found.end() ) {
if(p->getMacAddress() == pkg_arp->getSenderMac() && p->getIpAddress() == pkg_arp->getSenderIp())
{
p->setEpoch(lastEpoch);
if ( p->getMacAddress() == pkg_arp->getSenderMac() && p->getIpAddress() == pkg_arp->getSenderIp() ) {
p->setEpoch ( lastEpoch );
isFound = true;
break;
}
@ -134,39 +127,33 @@ int main(int argc, char **argv) {
p++;
}
if(!isFound)
{
device newDevice(pkg_arp->getSenderMac(), pkg_arp->getSenderIp(), lastEpoch);
found.push_back(newDevice);
if ( !isFound ) {
device newDevice ( pkg_arp->getSenderMac(), pkg_arp->getSenderIp(), lastEpoch );
found.push_back ( newDevice );
}
}
list<device>::iterator q = found.begin();
while(q != found.end())
{
if(lastEpoch >= q->getEpoch() + TIMETOLIVE)
{
q = found.erase(q);
while ( q != found.end() ) {
if ( lastEpoch >= q->getEpoch() + TIMETOLIVE ) {
q = found.erase ( q );
}
q++;
}
delete pkg;
getline(cin,r_packet);
if (cin.eof()) break;
getline ( cin,r_packet );
if ( cin.eof() ) break;
}
catch (packet::Overflow)
{
} catch ( packet::Overflow ) {
cerr << "Overflow! :-P" << endl;
endwin();
return EXIT_FAILURE;
}
if(refresh_display)
{
if ( refresh_display ) {
clear();
setHead();
@ -175,9 +162,9 @@ int main(int argc, char **argv) {
list<device>::iterator r = found.begin();
while(r != found.end()) {
while ( r != found.end() ) {
printLine(countLine, r->getMacAddress().to_string(), r->getIpAddress().to_string(), r->getEpoch(), lastEpoch);
printLine ( countLine, r->getMacAddress().to_string(), r->getIpAddress().to_string(), r->getEpoch(), lastEpoch );
countLine++;
r++;
@ -189,58 +176,50 @@ int main(int argc, char **argv) {
return EXIT_SUCCESS;
}
void setHead()
{
void setHead() {
char *head;
int ind1;
int ind2;
if(head = (char*)malloc(cols * sizeof(char)))
{
if ( head = ( char* ) malloc ( cols * sizeof ( char ) ) ) {
snprintf(head, cols, " Mac address | IP address | Epoch | TTL");
snprintf ( head, cols, " Mac address | IP address | Epoch | TTL" );
ind2 = strlen(head);
ind2 = strlen ( head );
for (ind1 = ind2; ind1 < cols; ind1++)
{
head[ind1] = (int)' ';
for ( ind1 = ind2; ind1 < cols; ind1++ ) {
head[ind1] = ( int ) ' ';
}
head[cols] = (int)'\0';
}
else
{
printf("FAIL: Memory Allocation Failure\n");
head[cols] = ( int ) '\0';
} else {
printf ( "FAIL: Memory Allocation Failure\n" );
return;
}
move(0, 0);
move ( 0, 0 );
init_pair(1, COLOR_BLACK, COLOR_GREEN);
init_pair ( 1, COLOR_BLACK, COLOR_GREEN );
attron(COLOR_PAIR(1)); // set color for title
attron ( COLOR_PAIR ( 1 ) ); // set color for title
addstr(head);
addstr ( head );
free(head);
free ( head );
refresh();
return;
}
void printLine(int countLine, string mac, string ip, long int epoch, long int lastEpoch)
{
void printLine ( int countLine, string mac, string ip, long int epoch, long int lastEpoch ) {
int ip_length = ip.length();
if(ip_length < 15)
{
if ( ip_length < 15 ) {
for(int ip_filler = 15 - ip_length; ip_filler > 0; ip_filler--)
{
for ( int ip_filler = 15 - ip_length; ip_filler > 0; ip_filler-- ) {
ip += ' ';
}
@ -250,35 +229,31 @@ void printLine(int countLine, string mac, string ip, long int epoch, long int la
int ind1;
int ind2;
if(head = (char*)malloc(cols * sizeof(char)))
{
int ttl = TIMETOLIVE - (lastEpoch - epoch);
snprintf(head, cols, " %s | %s | %d | %d", mac.c_str(), ip.c_str(), epoch, ttl );
if ( head = ( char* ) malloc ( cols * sizeof ( char ) ) ) {
int ttl = TIMETOLIVE - ( lastEpoch - epoch );
snprintf ( head, cols, " %s | %s | %d | %d", mac.c_str(), ip.c_str(), epoch, ttl );
ind2 = strlen(head);
ind2 = strlen ( head );
for (ind1 = ind2; ind1 < cols; ind1++)
{
head[ind1] = (int)' ';
for ( ind1 = ind2; ind1 < cols; ind1++ ) {
head[ind1] = ( int ) ' ';
}
head[cols] = (int)'\0';
}
else
{
printf("FAIL: Memory Allocation Failure\n");
head[cols] = ( int ) '\0';
} else {
printf ( "FAIL: Memory Allocation Failure\n" );
return;
}
move(countLine, 0);
move ( countLine, 0 );
init_pair(2, COLOR_WHITE, COLOR_BLACK);
init_pair ( 2, COLOR_WHITE, COLOR_BLACK );
attron(COLOR_PAIR(2)); // set color for title
attron ( COLOR_PAIR ( 2 ) ); // set color for title
addstr(head);
addstr ( head );
free(head);
free ( head );
refresh();

123
Riddle.cpp
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,7 +22,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
@ -43,55 +43,50 @@
using namespace std;
using namespace boost::program_options;
int main(int argc, char **argv) {
options_description desc("Riddle - Network Sniffer");
int main ( int argc, char **argv ) {
options_description desc ( "Riddle - Network Sniffer" );
desc.add_options()
("help", "prints this")
("dump", "enable dump mode")
("iface", value<string>(), "interface to sniff from (not set = default device)")
("input", value<string>(), "reads packets from a pcap file (disable iface input)")
("filter", value<string>(), "use to filter packet with bpf")
("limit", value<int>(), "set max number of packet")
( "help", "prints this" )
( "dump", "enable dump mode" )
( "iface", value<string>(), "interface to sniff from (not set = default device)" )
( "input", value<string>(), "reads packets from a pcap file (disable iface input)" )
( "filter", value<string>(), "use to filter packet with bpf" )
( "limit", value<int>(), "set max number of packet" )
#ifdef __linux__
("secure", "Drop root privileges after initialization.")
( "secure", "Drop root privileges after initialization." )
#endif
;
variables_map vm;
store(parse_command_line(argc, argv, desc), vm);
notify(vm);
store ( parse_command_line ( argc, argv, desc ), vm );
notify ( vm );
if (vm.count("help"))
{
if ( vm.count ( "help" ) ) {
cout<<desc<<"\n";
return EXIT_SUCCESS;
}
#ifdef __linux__
int realuid, realgid, effectiveuid, effectivegid;
if (vm.count("secure"))
{
if ( vm.count ( "secure" ) ) {
realuid = getuid(); // UID del lanciatore
effectiveuid = geteuid(); // UID del proprietario
realgid = getgid(); // GID del lanciatore
effectivegid = getegid(); // GID del proprietario
realgid = getgid(); // GID del lanciatore
effectivegid = getegid(); // GID del proprietario
if(realuid == -1 || effectiveuid == -1 || realgid == -1 || effectivegid == -1)
{
if ( realuid == -1 || effectiveuid == -1 || realgid == -1 || effectivegid == -1 ) {
cerr << "ERROR >> Can't read real and effective UID/GID." << endl;
return EXIT_FAILURE;
}
if(effectiveuid || effectivegid)
{
if ( effectiveuid || effectivegid ) {
cerr << "ERROR >> To use the \"secure\" option the program must be owned by root and must have enabled the setuid bit. (EUID = " << effectiveuid << ", EGID = " << effectivegid << ")" << endl;
return EXIT_FAILURE;
}
if (!realuid || !realgid)
{
if ( !realuid || !realgid ) {
cerr << "ERROR >> To use the \"secure\" option the program must't run as root. (RUID = " << realuid << ", RGID = " << realgid << ")" << endl;
return EXIT_FAILURE;
}
@ -103,34 +98,30 @@ int main(int argc, char **argv) {
pcap_t *pcap_handle;
if(vm.count("input"))
{
pcap_handle = pcap_open_offline(vm["input"].as<string>().c_str(), error_buffer);
if (pcap_handle == NULL) {
pcap_fatal("pcap_open_offline", error_buffer);
if ( vm.count ( "input" ) ) {
pcap_handle = pcap_open_offline ( vm["input"].as<string>().c_str(), error_buffer );
if ( pcap_handle == NULL ) {
pcap_fatal ( "pcap_open_offline", error_buffer );
}
cerr << ">> Reading packets from " << vm["input"].as<string>() << endl;
}
else
{
} else {
string pcap_device;
if (vm.count("iface"))
{
if ( vm.count ( "iface" ) ) {
pcap_device=vm["iface"].as<string>();
} else {
// Cerca e restituisce interfaccia
char *dev=pcap_lookupdev(error_buffer);
if (dev!=NULL) pcap_device = dev;
else pcap_fatal("pcap_lookupdev", error_buffer);
char *dev=pcap_lookupdev ( error_buffer );
if ( dev!=NULL ) pcap_device = dev;
else pcap_fatal ( "pcap_lookupdev", error_buffer );
}
// Apre il device in mod promiscua
pcap_handle = pcap_open_live(pcap_device.c_str(), 4096, 1, 0, error_buffer);
if (pcap_handle == NULL) {
pcap_fatal("pcap_open_live", error_buffer);
pcap_handle = pcap_open_live ( pcap_device.c_str(), 4096, 1, 0, error_buffer );
if ( pcap_handle == NULL ) {
pcap_fatal ( "pcap_open_live", error_buffer );
}
cerr << ">> Sniffing on device " << pcap_device << endl;
@ -138,62 +129,56 @@ int main(int argc, char **argv) {
}
#ifdef __linux__
if (vm.count("secure"))
{
if ( vm.count ( "secure" ) ) {
cerr << ">> Drop root privileges. Set Real UID to '" << realuid << "' and Real GID to '" << realgid << "'." << endl;
seteuid(realuid);
setegid(realgid);
seteuid ( realuid );
setegid ( realgid );
}
#endif
if (vm.count("filter"))
{
if ( vm.count ( "filter" ) ) {
string filter = vm["filter"].as<string>();
struct bpf_program fp;
bpf_u_int32 net;
cerr<<">> Filtering with '"<<filter<<"'"<<endl;
if (pcap_compile(pcap_handle, &fp, filter.c_str(), 0, net) == -1)
{
cerr<< "ERROR >> Couldn't parse filter '"<<filter<<"': "<<pcap_geterr(pcap_handle)<<endl;
return(2);
if ( pcap_compile ( pcap_handle, &fp, filter.c_str(), 0, net ) == -1 ) {
cerr<< "ERROR >> Couldn't parse filter '"<<filter<<"': "<<pcap_geterr ( pcap_handle ) <<endl;
return ( 2 );
}
if (pcap_setfilter(pcap_handle, &fp) == -1) {
cerr<< "ERROR >> Couldn't install filter '"<<filter<<"': "<<pcap_geterr(pcap_handle)<<endl;
return(2);
if ( pcap_setfilter ( pcap_handle, &fp ) == -1 ) {
cerr<< "ERROR >> Couldn't install filter '"<<filter<<"': "<<pcap_geterr ( pcap_handle ) <<endl;
return ( 2 );
}
}
int maxpacket = numeric_limits<int>::max();
if (vm.count("limit"))
{
if ( vm.count ( "limit" ) ) {
maxpacket=vm["limit"].as<int>();
}
void (*dumper)(const unsigned char*,struct pcap_pkthdr);
if (vm.count("dump")) dumper=hexDump;
void ( *dumper ) ( const unsigned char*,struct pcap_pkthdr );
if ( vm.count ( "dump" ) ) dumper=hexDump;
else dumper=rawDump;
const u_char *packet;
pcap_pkthdr header;
for (; maxpacket > 0;)
{
packet = pcap_next(pcap_handle, &header);
if(packet == NULL)
{
for ( ; maxpacket > 0; ) {
packet = pcap_next ( pcap_handle, &header );
if ( packet == NULL ) {
cerr<<">> Flow terminated"<<endl;
break;
}
dumper(packet, header);
if (maxpacket!=numeric_limits<int>::max()) maxpacket--;
dumper ( packet, header );
if ( maxpacket!=numeric_limits<int>::max() ) maxpacket--;
}
cerr<<">> I finished the job, goodbye!"<<endl;
pcap_close(pcap_handle);
pcap_close ( pcap_handle );
return EXIT_SUCCESS;
}

2
commons/CMakeLists.txt
View file

@ -1,6 +1,6 @@
project (commons)
add_library (libNetwork STATIC libAddress.h libAddress.cpp libPacket.h libPacket.cpp)
add_library (libNetwork STATIC classMacAddress.h classMacAddress.cpp classPacket.h classPacket.cpp classFlow.h classFlow.cpp)
add_library (libDump STATIC libDump.h libDump.cpp)
target_link_libraries (libNetwork)

237
commons/classFlow.cpp Normal file
View file

@ -0,0 +1,237 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#include <stdint.h>
#include <boost/asio.hpp>
#include "classFlow.h"
#include "classMacAddress.h"
#include "classPacket.h"
bool libNetwork::stream::factory ( libNetwork::TCPv4packet *packet ) {
if ( packet->isSYN() ) {
if ( !packet->isACK() ) {
timeEpoch = packet->getEpoch();
timeMillis = packet->getMillis();
macAddress[0] = packet->getSenderMac();
macAddress[1] = packet->getTargetMac();
ipAddress[0] = packet->getSenderIp();
ipAddress[1] = packet->getTargetIp();
port[0] = packet->getSenderPort();
port[1] = packet->getTargetPort();
sequenceNumber[0] = packet->getSequenceNumber();
sequenceNumber[1] = 0;
flagFirstFIN = false;
flagSecondFIN = false;
delete packet;
return true;
} else {
if ( sequenceNumber[0] + 1 == packet->getAcknowledgmentNumber() ) {
sequenceNumber[1] = packet->getSequenceNumber();
delete packet;
return true;
}
}
}
delete packet;
return false;
}
void libNetwork::stream::factory ( std::string packet ) {
}
bool libNetwork::stream::addPacket ( libNetwork::TCPv4packet *newPacket ) {
using namespace std;
int a,b;
if ( !newPacket->isSYN() ) {
if ( newPacket->getSenderPort() == port[0] ) {
// Siamo nel primo buffer
a = 1;
b = 0;
} else if ( newPacket->getSenderPort() == port[1] ) {
// Siamo nel secondo buffer
a = 0;
b = 1;
} else return false; // Buffer non identificato.
if ( newPacket->isACK() ) { // Se c'è ACK setto il flag sul pacchetto corrispondente, se c'è.
for ( list<libNetwork::TCPv4packet*>::iterator it = buffer[a].begin(); it != buffer[a].end(); it++ ) {
if ( ( *it )->getSequenceNumber() == newPacket->getAcknowledgmentNumber() - ( ( *it )->getPayLoad().size() /2 ) ) {
( *it )->public_flag = true;
break;
}
}
}
if ( newPacket->getPayLoad().size() != 0 ) { // Salvo il pacchetto solo se ha del payload.
buffer[b].push_back ( newPacket );
}
return true;
}
return false;
}
void libNetwork::stream::flushBuffer ( int number ) {
bool isFound;
do {
isFound = false;
for ( std::list<libNetwork::TCPv4packet*>::iterator it = buffer[number].begin(); it != buffer[number].end(); it++ ) {
if ( sequenceNumber[number] + 1 == ( *it )->getSequenceNumber() && ( *it )->public_flag ) {
std::string payload = ( *it )->getPayLoad();
flow[number] += payload;
sequenceNumber[number] += payload.size() /2; // unsigned, si azzera come avviene nel tcp.
buffer[number].remove ( *it );
isFound = true;
break;
}
}
} while ( isFound );
}
void libNetwork::stream::flushFirstBuffer() {
flushBuffer ( 0 );
}
void libNetwork::stream::flushSecondBuffer() {
flushBuffer ( 1 );
}
std::string libNetwork::stream::exportFlow() {
std::stringstream stdstring;
stdstring << timeEpoch << "!" << timeMillis << "!";
stdstring << macAddress[0].to_string() << "!" << macAddress[1].to_string() << "!";
stdstring << ipAddress[0].to_string() << "!" << ipAddress[1].to_string() << "!";
stdstring << port[0] << "!" << port[1] << "!";
stdstring << flow[0] << "!" << flow[1];
return stdstring.str();;
}
uint64_t libNetwork::stream::getBufferLength() {
uint64_t bufferlenght = 0;
for ( int i = 0; i <= 1; i++ ) {
for ( std::list<libNetwork::TCPv4packet*>::iterator it = buffer[i].begin(); it != buffer[i].end(); it++ ) {
bufferlenght += ( *it )->getPayloadLength();
}
}
return bufferlenght;
}
uint64_t libNetwork::stream::getFlowLength() {
return ( flow[0].length() + flow[1].length() ) /2;
}
uint64_t libNetwork::stream::getTimeEpoch() {
return timeEpoch;
}
uint32_t libNetwork::stream::getTimeMillis() {
return timeMillis;
}
libNetwork::mac_address libNetwork::stream::getFirstMacAddress() {
return macAddress[0];
}
libNetwork::mac_address libNetwork::stream::getSecondMacAddress() {
return macAddress[1];
}
boost::asio::ip::address libNetwork::stream::getFirstIpAddress() {
return ipAddress[0];
}
boost::asio::ip::address libNetwork::stream::getSecondIpAddress() {
return ipAddress[1];
}
uint16_t libNetwork::stream::getFirstPort() {
return port[0];
}
uint16_t libNetwork::stream::getSecondPort() {
return port[1];
}
uint32_t libNetwork::stream::getFirstSN() {
return sequenceNumber[0];
}
uint32_t libNetwork::stream::getSecondSN() {
return sequenceNumber[1];
}
bool libNetwork::stream::isFIN() {
return flagFirstFIN && flagSecondFIN;
}
std::string libNetwork::stream::getFirstBuffer() {
return flow[0];
}
std::string libNetwork::stream::getSecondBuffer() {
return flow[1];
}

100
commons/classFlow.h Normal file
View file

@ -0,0 +1,100 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#ifndef CLASSFLOW_H
#define CLASSFLOW_H
#include <stdint.h>
#include <list>
#include <string>
#include <boost/asio.hpp>
#include "classMacAddress.h"
#include "classPacket.h"
namespace libNetwork {
/** Class for managing TCP flow. */
class stream
{
private:
uint64_t timeEpoch;
uint32_t timeMillis;
bool flagFirstFIN;
bool flagSecondFIN;
libNetwork::mac_address macAddress[2];
boost::asio::ip::address ipAddress[2];
uint16_t port[2];
std::list<libNetwork::TCPv4packet*> buffer[2];
uint32_t sequenceNumber[2];
std::string flow[2];
void flushBuffer ( int number );
public:
bool factory ( libNetwork::TCPv4packet *packet );
void factory ( std::string packet );
bool addPacket ( libNetwork::TCPv4packet *newPacket );
void flushFirstBuffer();
std::string getFirstBuffer();
void flushSecondBuffer();
std::string getSecondBuffer();
uint64_t getTimeEpoch();
uint32_t getTimeMillis();
libNetwork::mac_address getFirstMacAddress();
libNetwork::mac_address getSecondMacAddress();
boost::asio::ip::address getFirstIpAddress();
boost::asio::ip::address getSecondIpAddress();
uint16_t getFirstPort();
uint16_t getSecondPort();
uint32_t getFirstSN();
uint32_t getSecondSN();
/* Ritorna in byte la somma dei payload dei pachetti nel buffer */
uint64_t getBufferLength();
/* Ritorna lunghezza in byte dei due flussi in uscita */
uint64_t getFlowLength();
std::string exportFlow();
bool isFIN();
};
}
#endif // CLASSFLOW_H

44
commons/libAddress.cpp → commons/classMacAddress.cpp
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,29 +22,26 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#include <string>
#include <sstream>
#include <iomanip>
#include "libAddress.h"
#include "classMacAddress.h"
/** Costruttore */
libNetwork::mac_address::mac_address(const std::string& rawData)
{
libNetwork::mac_address::mac_address ( const std::string& rawData ) {
int l = 0;
std::string temp;
temp.reserve(2);
temp.reserve ( 2 );
for (int i=0; i<=11; i++)
{
for ( int i=0; i<=11; i++ ) {
temp += rawData[i];
if (i%2 != 0)
{
std::stringstream convert(temp);
if ( i%2 != 0 ) {
std::stringstream convert ( temp );
convert>>std::hex>>byte[l];
l++;
temp = "";
@ -55,29 +52,24 @@ libNetwork::mac_address::mac_address(const std::string& rawData)
}
/** Restituisce indirizzo stampabile */
std::string libNetwork::mac_address::to_string()
{
std::string libNetwork::mac_address::to_string() {
std::string stamp;
std::stringstream temp;
for (int i=0; i<=5; i++)
{
temp<<std::setfill('0')<<std::setw(2)<<std::hex<<(int) byte[i];
for ( int i=0; i<=5; i++ ) {
temp<<std::setfill ( '0' ) <<std::setw ( 2 ) <<std::hex<< ( int ) byte[i];
stamp += temp.str();
temp.str("");
if (i != 5) stamp += ':';
temp.str ( "" );
if ( i != 5 ) stamp += ':';
}
return stamp;
}
/** Overload, definisco confronto tra indirizzi */
bool libNetwork::mac_address::operator==(const mac_address& otherMac)
{
for(int i=0; i<=5; i++)
{
if(byte[i] != otherMac.byte[i])
{
bool libNetwork::mac_address::operator== ( const mac_address& otherMac ) {
for ( int i=0; i<=5; i++ ) {
if ( byte[i] != otherMac.byte[i] ) {
return false;
}
}

38
commons/libAddress.h → commons/classMacAddress.h
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,7 +22,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
@ -35,26 +35,26 @@
namespace libNetwork {
/* Class for managing MAC address */
class mac_address
{
/* Class for managing MAC address */
class mac_address
{
private:
uint16_t byte[6];
private:
uint16_t byte[6];
public:
public:
/** Costruttore: riceve indirizzo in stringa codifica esadecimale. */
mac_address() {
std::memset(byte,0,6);
}
mac_address(const std::string&);
/** Costruttore: riceve indirizzo in stringa codifica esadecimale. */
mac_address() {
std::memset ( byte,0,6 );
}
mac_address ( const std::string& );
bool operator==(const mac_address& otherMac);
bool operator== ( const mac_address& otherMac );
/** Restituisce stringa stampabile a schermo. */
std::string to_string();
};
/** Restituisce stringa stampabile a schermo. */
std::string to_string();
};
}

519
commons/classPacket.cpp Normal file
View file

@ -0,0 +1,519 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#include <cstdio>
#include <stdint.h>
#include <iostream>
#include <cstdlib>
#include <sstream>
#include <stdexcept>
#include <string>
#include <ios>
#include <map>
#include <boost/lexical_cast.hpp>
#include <boost/algorithm/string/split.hpp>
#include <boost/algorithm/string/classification.hpp>
#include "classMacAddress.h"
#include "classPacket.h"
/* PACKET */
using namespace boost;
libNetwork::packet* libNetwork::packet::factory ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i ) {
uint16_t protocol_type;
std::string temp;
temp.reserve ( 4 );
for ( int i = 24; i <= 27; i++ ) {
temp += rawData_i[i];
}
std::stringstream convert ( temp );
convert>>std::hex>>protocol_type;
packet *p;
if ( protocol_type == ETHER_TYPE_ARP ) {
p = new ARPpacket ( timeEpoch_i, timeMillis_i, rawData_i );
} else if ( protocol_type == ETHER_TYPE_IPV4 ) {
p = IPv4packet::factory ( timeEpoch_i, timeMillis_i, rawData_i );
} else {
p = new UnknownPacket ( timeEpoch_i, timeMillis_i, rawData_i );
}
return p;
}
libNetwork::packet* libNetwork::packet::factory ( std::string packetLine ) {
std::vector< std::string > section;
boost::algorithm::split ( section, packetLine, boost::algorithm::is_any_of ( "!" ) );
packet* pkg = packet::factory ( lexical_cast<int> ( section[0] ), lexical_cast<int> ( section[1] ), section[2] );
return pkg;
}
uint32_t libNetwork::packet::getPacketLength() {
return pkgLength;
}
uint64_t libNetwork::packet::getEpoch() {
return timeEpoch;
}
uint32_t libNetwork::packet::getMillis() {
return timeMillis;
}
std::string libNetwork::packet::getHexString ( int string_cursor, int read_byte ) {
std::string temp;
temp.reserve ( read_byte * 2 );
if ( string_cursor + read_byte > this->getPacketLength() ) throw Overflow();
for ( int i = string_cursor * 2; i < ( string_cursor * 2 ) + ( read_byte * 2 ); i++ ) {
temp += rawData[i];
}
return temp;
}
std::string libNetwork::packet::getDecimalIP ( int string_cursor ) {
std::string temp;
std::string stamp;
temp.reserve ( 2 );
for ( int i=0; i <= 7; i++ ) {
temp += rawData[ ( string_cursor*2 ) +i];
if ( i%2 != 0 ) {
std::stringstream convert ( temp );
int a;
convert>>std::hex>>a;
stamp += lexical_cast<std::string> ( a );
if ( i != 7 ) stamp += ".";
temp = "";
}
}
return stamp;
}
libNetwork::mac_address libNetwork::packet::getMacAddress ( int string_cursor ) {
mac_address mac_temp ( this->getHexString ( string_cursor, 6 ) );
return mac_temp;
}
bool libNetwork::packet::isArp() {
return ( this->getEtherType() == ETHER_TYPE_ARP );
}
bool libNetwork::packet::isIPv4() {
return ( this->getEtherType() == ETHER_TYPE_IPV4 );
}
bool libNetwork::packet::isIPv6() {
return ( this->getEtherType() == ETHER_TYPE_IPV6 );
}
libNetwork::mac_address libNetwork::packet::getSenderMac() {
return this->getMacAddress ( 6 );
}
libNetwork::mac_address libNetwork::packet::getTargetMac() {
return this->getMacAddress ( 0 );
}
uint16_t libNetwork::packet::getEtherType() {
uint16_t protocol_type;
std::stringstream convert ( this->getHexString ( 12, 2 ) );
convert>>std::hex>>protocol_type;
return protocol_type;
}
/* ARP */
libNetwork::ARPpacket::ARPpacket ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i ) {
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
return;
}
uint16_t libNetwork::ARPpacket::getOpCode() {
uint16_t opcode;
std::stringstream convert ( this->getHexString ( ARP_OFFSET+6, 2 ) );
convert>>std::hex>>opcode;
return opcode;
}
boost::asio::ip::address libNetwork::ARPpacket::getSenderIp() {
boost::asio::ip::address newaddr = boost::asio::ip::address::from_string ( this->getDecimalIP ( ARP_OFFSET+14 ) );
return newaddr;
}
boost::asio::ip::address libNetwork::ARPpacket::getTargetIp() {
boost::asio::ip::address newaddr = boost::asio::ip::address::from_string ( this->getDecimalIP ( ARP_OFFSET+24 ) );
return newaddr;
}
/* IPV4 */
libNetwork::packet* libNetwork::IPv4packet::factory ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i ) {
uint16_t protocol_type;
std::string temp;
temp.reserve ( 2 );
for ( int i = 46; i <= 47; i++ ) {
temp += rawData_i[i];
}
std::stringstream convert ( temp );
convert>>std::hex>>protocol_type;
packet *p;
if ( protocol_type == IPV4_TYPE_TCP ) {
p = new TCPv4packet ( timeEpoch_i, timeMillis_i, rawData_i );
} else if ( protocol_type == IPV4_TYPE_UDP ) {
p = new UDPv4packet ( timeEpoch_i, timeMillis_i, rawData_i );
} else if ( protocol_type == IPV4_TYPE_ICMP ) {
p = new ICMPv4packet ( timeEpoch_i, timeMillis_i, rawData_i );
} else {
p = new UnknownPacket ( timeEpoch_i, timeMillis_i, rawData_i );
}
return p;
}
asio::ip::address libNetwork::IPv4packet::getSenderIp() {
boost::asio::ip::address newaddr = boost::asio::ip::address::from_string ( this->getDecimalIP ( IPv4_OFFSET+12 ) );
return newaddr;
}
asio::ip::address libNetwork::IPv4packet::getTargetIp() {
boost::asio::ip::address newaddr = boost::asio::ip::address::from_string ( this->getDecimalIP ( IPv4_OFFSET+16 ) );
return newaddr;
}
uint16_t libNetwork::IPv4packet::getIdentity() {
uint16_t id;
std::stringstream convert ( this->getHexString ( IPv4_OFFSET+4, 2 ) );
convert>>std::hex>>id;
return id;
}
uint16_t libNetwork::IPv4packet::getTTL() {
uint16_t ttl;
std::stringstream convert ( this->getHexString ( IPv4_OFFSET+8, 1 ) );
convert>>std::hex>>ttl;
return ttl;
}
uint16_t libNetwork::IPv4packet::getProtocolType() {
uint16_t protocol_type;
std::stringstream convert ( this->getHexString ( IPv4_OFFSET+9, 1 ) );
convert>>std::hex>>protocol_type;
return protocol_type;
}
uint16_t libNetwork::IPv4packet::getIPChecksum() {
uint16_t cs;
std::stringstream convert ( this->getHexString ( IPv4_OFFSET+10, 2 ) );
convert>>std::hex>>cs;
return cs;
}
bool libNetwork::IPv4packet::verifyIPChecksum() {
int sum = 0;
for ( int i = 0; i < 20; i += 2 ) {
short unsigned int temp;
std::stringstream convert ( this->getHexString ( IPv4_OFFSET+i,2 ) );
convert >> std::hex >> temp;
sum += temp;
}
return ( ( sum & 0xFFFF ) + ( sum >>= 16 ) == 0xFFFF );
}
bool libNetwork::IPv4packet::isTCP() {
return ( this->getProtocolType() == IPV4_TYPE_TCP );
}
bool libNetwork::IPv4packet::isUDP() {
return ( this->getProtocolType() == IPV4_TYPE_UDP );
}
bool libNetwork::IPv4packet::isICMP() {
return ( this->getProtocolType() == IPV4_TYPE_ICMP );
}
/* ICMP */
libNetwork::ICMPv4packet::ICMPv4packet ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i ) {
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
return;
}
uint16_t libNetwork::ICMPv4packet::getMessageType() {
uint16_t message_type;
std::stringstream convert ( this->getHexString ( ICMPV4_OFFSET, 1 ) );
convert>>std::hex>>message_type;
return message_type;
}
uint16_t libNetwork::ICMPv4packet::getMessageCode() {
uint16_t message_code;
std::stringstream convert ( this->getHexString ( ICMPV4_OFFSET+1, 1 ) );
convert>>std::hex>>message_code;
return message_code;
}
/* TCP */
libNetwork::TCPv4packet::TCPv4packet ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i ) {
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
public_flag = false;
return;
}
uint16_t libNetwork::TCPv4packet::getSenderPort() {
uint16_t port;
std::stringstream convert ( this->getHexString ( TCP_OFFSET, 2 ) );
convert>>std::hex>>port;
return port;
}
uint16_t libNetwork::TCPv4packet::getTargetPort() {
uint16_t port;
std::stringstream convert ( this->getHexString ( TCP_OFFSET+2, 2 ) );
convert>>std::hex>>port;
return port;
}
uint32_t libNetwork::TCPv4packet::getSequenceNumber() {
uint32_t sn;
std::stringstream convert ( this->getHexString ( TCP_OFFSET+4, 4 ) );
convert>>std::hex>>sn;
return sn;
}
uint32_t libNetwork::TCPv4packet::getAcknowledgmentNumber() {
uint32_t an;
std::stringstream convert ( this->getHexString ( TCP_OFFSET+8, 4 ) );
convert>>std::hex>>an;
return an;
}
unsigned int libNetwork::TCPv4packet::getHeaderLength() {
/*
* Sono utilizzati solo i primi 8 bit del byte, necessita traslazione.
* Indica i gruppi da 32 bit contenuti, necessita conversione.
*/
unsigned int hl;
std::stringstream convert ( this->getHexString ( TCP_OFFSET+12, 1 ) );
convert>>std::hex>>hl;
hl >>= 4;
hl = ( hl * 32 ) / 8;
return hl;
}
unsigned int libNetwork::TCPv4packet::getPayloadLength() {
return ( this->getPayLoad().length() ) /2;
}
int libNetwork::TCPv4packet::getFlags() {
int flag;
std::stringstream convert ( this->getHexString ( TCP_OFFSET+13, 1 ) );
convert>>std::hex>>flag;
return flag;
}
unsigned int libNetwork::TCPv4packet::getWindowSize() {
unsigned int ws;
std::stringstream convert ( this->getHexString ( TCP_OFFSET+14, 2 ) );
convert>>std::hex>>ws;
return ws;
}
unsigned int libNetwork::TCPv4packet::getTCPChecksum() {
unsigned int cs;
std::stringstream convert ( this->getHexString ( TCP_OFFSET+16, 2 ) );
convert>>std::hex>>cs;
return cs;
}
bool libNetwork::TCPv4packet::verifyTCPChecksum() {
// TODO - Checksum TCP non viene usato???
}
unsigned int libNetwork::TCPv4packet::getUrgentPointer() {
unsigned int up;
std::stringstream convert ( this->getHexString ( TCP_OFFSET+18, 2 ) );
convert>>std::hex>>up;
return up;
}
std::string libNetwork::TCPv4packet::getOptionRaw() {
return this->getHexString ( TCP_OFFSET + TCP_STANDARD, this->getHeaderLength() - TCP_STANDARD );
}
std::map< int, std::string > libNetwork::TCPv4packet::getOptionMap() {
std::map<int, std::string> tempMap;
if ( this->isOption() && !this->isSYN() ) { // FIXME - SYN usa altro protocollo???
for ( int i=0; i < ( this->getHeaderLength() - TCP_STANDARD ); i++ ) {
int read;
std::stringstream convert ( this->getHexString ( TCP_OFFSET+TCP_STANDARD+i, 1 ) );
convert >> std::hex >> read;
if ( read != 1 ) {
std::stringstream convert2 ( this->getHexString ( TCP_OFFSET+TCP_STANDARD+i+1, 1 ) );
int optionLength;
convert2 >> std::hex >> optionLength;
tempMap[read] = this->getHexString ( TCP_OFFSET+TCP_STANDARD+i+2, optionLength-2 );
i += optionLength;
}
}
}
return tempMap;
}
std::string libNetwork::TCPv4packet::getPayLoad() {
int start = TCP_OFFSET + this->getHeaderLength();
return this->getHexString ( start, this->getPacketLength() - start );
}
bool libNetwork::TCPv4packet::isCWR() {
return ( this->getFlags() & 128 );
}
bool libNetwork::TCPv4packet::isECE() {
return ( this->getFlags() & 64 );
}
bool libNetwork::TCPv4packet::isURG() {
return ( this->getFlags() & 32 );
}
bool libNetwork::TCPv4packet::isACK() {
return ( this->getFlags() & 16 );
}
bool libNetwork::TCPv4packet::isPSH() {
return ( this->getFlags() & 8 );
}
bool libNetwork::TCPv4packet::isRST() {
return ( this->getFlags() & 4 );
}
bool libNetwork::TCPv4packet::isSYN() {
return ( this->getFlags() & 2 );
}
bool libNetwork::TCPv4packet::isFIN() {
return ( this->getFlags() & 1 );
}
bool libNetwork::TCPv4packet::isOption() {
return ( this->getHeaderLength() > TCP_STANDARD );
}
/* UDP */
libNetwork::UDPv4packet::UDPv4packet ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i ) {
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
return;
}
uint16_t libNetwork::UDPv4packet::getSenderPort() {
uint16_t port;
std::stringstream convert ( this->getHexString ( UDP_OFFSET, 2 ) );
convert>>std::hex>>port;
return port;
}
uint16_t libNetwork::UDPv4packet::getTargetPort() {
uint16_t port;
std::stringstream convert ( this->getHexString ( UDP_OFFSET+2, 2 ) );
convert>>std::hex>>port;
return port;
}
/* UNKNOWN */
libNetwork::UnknownPacket::UnknownPacket ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i ) {
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
return;
}

327
commons/classPacket.h Normal file
View file

@ -0,0 +1,327 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#ifndef LIBHEADER_H
#define LIBHEADER_H
/* EtherType */
#define ETHER_V2_CODE 0x0600 /** Più alto è ethertype, più basso è dimensione */
#define ETHER_TYPE_IPV4 0x0800 /** EtherType IPv4 */
#define ETHER_TYPE_ARP 0x0806 /** EtherType ARP */
#define ETHER_TYPE_IEEE802 0x8100 /** EtherType IEEE 802 */
#define ETHER_TYPE_IPV6 0x86DD /** EtherType IPv6 */
#define ETHER_TYPE_PPP 0x880B /** EtherType PPP */
/* ARP */
#define ARP_OFFSET 14 /** Punto dove inizia l'header ARP */
/* IPv4 */
#define IPv4_OFFSET 14 /** Punto dove inizia l'header IPv4 */
#define IPV4_TYPE_ICMP 0x01 /** IPv4 Type ICMP */
#define IPV4_TYPE_TCP 0x06 /** IPv4 Type TCP */
#define IPV4_TYPE_UDP 0x11 /** IPv4 Type UDP */
/* TCP */
#define TCP_OFFSET 34 /** Punto dove inizia l'header TCP */
#define TCP_STANDARD 20 /** Standard header lenght (byte) */
/* UDP */
#define UDP_OFFSET 34 /** Punto dove inizia l'header UDP */
/* ICMP */
#define ICMPV4_OFFSET 34 /** Punto dove inizia l'header ICMP */
#define ICMPV4_ECHO_REP 0 /** ICMP Type - Echo Reply (PING) */
#define ICMPV4_UNREACH 3 /** ICMP Type - Unreach */
#define ICMPV4_REDIRECT 5 /** ICMP Type - Redirect */
#define ICMPV4_ECHO_REQ 8 /** ICMP Type - Echo Request (PING) */
#define ICMPV4_TRACERT 30 /** ICMP Type - Tracert */
/* INCLUDE */
#include <string>
#include <boost/asio.hpp>
#include <stdint.h>
#include "classMacAddress.h"
namespace libNetwork {
/** Class for managing packets */
class packet
{
protected:
uint64_t timeEpoch; /** Timestamp */
uint32_t timeMillis; /** Millisecond from timestamp */
uint32_t pkgLength; /** Packet length */
std::string rawData; /** Raw packet recived from riddle */
public:
/** Overflow management */
class Overflow {};
/** Class constructor with delayed instantiation*/
static packet* factory ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i );
/** Class constructor with delayed instantiation, auto-split mode*/
static packet* factory ( std::string packetLine );
/** Virtual destructor */
virtual ~packet() {}
/* GENERAL FUNCTIONS */
/** Returns the packet length in bytes. */
uint32_t getPacketLength();
/** Returns packet epoch */
uint64_t getEpoch();
/** Returns milliseconds passed from epoch */
uint32_t getMillis();
/** Legge n byte a partire dal byte voluto e li restituisce in stringa. */
std::string getHexString ( int string_cursor, int read_byte );
/** Legge IPv4 dal byte voluto e restituisce in formato decimale. */
std::string getDecimalIP ( int string_cursor );
/** Salva MAC address a partire da un punto (n° del byte) della stringa rawData */
mac_address getMacAddress ( int string_cursor );
/** Salva IPv4 address a partire da un punto (n° del byte) della stringa rawData */
boost::asio::ip::address getIPv4Address ( int string_cursor );
/** True se e' un pacchetto ARP */
bool isArp();
/** True se e' un pacchetto IPv4 */
bool isIPv4();
/** True se e' un pacchetto IPv6*/
bool isIPv6();
/* ETHERNET FUNCTIONS */
/** Restituisce MAC della scheda di rete che ha inviato la trama*/
mac_address getSenderMac();
/** Restituisce MAC del destinatario della trama*/
mac_address getTargetMac();
/** Restituisce ethertype */
uint16_t getEtherType();
};
/** Class for managing ARP packets */
class ARPpacket : public packet
{
public:
/** Costruttore finale */
ARPpacket ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i );
/** Ritorna OpCode */
uint16_t getOpCode();
/** Ritorna indirizzo IP del mittente */
boost::asio::ip::address getSenderIp();
/** Ritorna indirizzo IP del destinatario */
boost::asio::ip::address getTargetIp();
};
/** Class for managing IPv4 packets */
class IPv4packet : public packet
{
public:
/** Class constructor with delayed instantiation */
static packet* factory ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i );
/** Ritorna indirizzo IP del mittente */
boost::asio::ip::address getSenderIp();
/** Ritorna indirizzo IP del destinatario */
boost::asio::ip::address getTargetIp();
/** Ritorna identificatore **/
uint16_t getIdentity();
/** Ritorna il Time To Live **/
uint16_t getTTL();
/** Ritorna il tipo di protocollo incapsulato */
uint16_t getProtocolType();
/** Ritorna checksum */
uint16_t getIPChecksum();
/** Verify checksum **/
bool verifyIPChecksum();
/** True se incapsula un pacchetto TCP */
bool isTCP();
/** True se incapsula un pacchetto UDP */
bool isUDP();
/** True se incapsula un pacchetto ICMP */
bool isICMP();
};
/** Class for managing TCPv4 packets */
class TCPv4packet : public IPv4packet
{
public:
/** Flag pubblica usabile per marcare uno specifico oggetto TCPv4packet **/
bool public_flag;
/** Costruttore finale */
TCPv4packet ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i );
/** Restituisce porta TCP del mittente */
uint16_t getSenderPort();
/** Restituisce porta TCP del destinatario */
uint16_t getTargetPort();
/** Restituisce il numero di sequenza */
uint32_t getSequenceNumber();
/** Restituisce il numero di acknowledgment */
uint32_t getAcknowledgmentNumber();
/** Ritorna dimensione dell'header TCP in byte */
unsigned int getHeaderLength();
/** Ritorna dimensione del payload TCP in byte */
unsigned int getPayloadLength();
/** Ritorna i flag TCP in formato raw, da processare */
int getFlags();
/** Ritorna dimensione della finestra di ricezione */
unsigned int getWindowSize();
/** Ritorna checksum */
unsigned int getTCPChecksum();
/** Verify checksum **/
bool verifyTCPChecksum();
/** Ritorna l'urgent pointer */
unsigned int getUrgentPointer();
/** Ritorna le opzioni TCP in formato raw, da processare */
std::string getOptionRaw();
/** Ritorna le opzioni TCP in una std::map */
std::map<int, std::string> getOptionMap();
/** Ritorna i dati trasportati dal pacchetto TCP */
std::string getPayLoad();
/** True se ha flag ACK */
bool isACK();
/** True se ha flag SYN */
bool isSYN();
/** True se ha flag FIN */
bool isFIN();
/** True se ha flag RST */
bool isRST();
/** True se ha flag PSH */
bool isPSH();
/** True se ha flag URG */
bool isURG();
/** True se ha flag ECE */
bool isECE();
/** True se ha flag CWR */
bool isCWR();
/** True se sono presenti delle opzioni aggiuntive */
bool isOption();
};
/** Class for managing UDPv4 packets */
class UDPv4packet : public IPv4packet
{
public:
/** Costruttore finale */
UDPv4packet ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i );
/** Ritorna porta UDP del mittente */
uint16_t getSenderPort();
/** Ritorna porta UDP del destinatario */
uint16_t getTargetPort();
};
/** Class for managing ICMPv4 packets */
class ICMPv4packet : public IPv4packet
{
public:
/** Costruttore finale */
ICMPv4packet ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i );
/** Ritorna il tipo di messaggio ICMP */
uint16_t getMessageType();
/** Ritorna il MessageCode */
uint16_t getMessageCode();
};
/** Class for managing unknown packets */
class UnknownPacket : public packet
{
public:
/** Costruttore finale */
UnknownPacket ( uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i );
};
}
#endif //LIBHEADER_H

49
commons/libDump.cpp
View file

@ -35,36 +35,29 @@
#include <stdint.h>
#include "libDump.h"
std::string libDump::classicDump(std::string input)
{
std::string libDump::classicDump ( std::string input ) {
std::stringstream out;
int stringlen = input.length();
int stringtodo = input.length();
for(uint16_t address = 0; address < stringlen; address += LINE*2)
{
out << "0x" << std::setfill('0') << std::setw(5) << std::hex << address/2 << " | ";
for ( uint16_t address = 0; address < stringlen; address += LINE*2 ) {
out << "0x" << std::setfill ( '0' ) << std::setw ( 5 ) << std::hex << address/2 << " | ";
for(int i = 0; i < LINE*2; i+=2)
{
for ( int i = 0; i < LINE*2; i+=2 ) {
if(i < stringtodo)
{
if ( i < stringtodo ) {
out << std::hex << input[address + i];
out << std::hex << input [address + i + 1] << " ";
}
else
{
} else {
out << " ";
}
if(i == LINE-2)
{
if ( i == LINE-2 ) {
out << " ";
}
@ -72,37 +65,29 @@ std::string libDump::classicDump(std::string input)
out << "| ";
for(int i = 0; i < LINE*2; i+=2)
{
for ( int i = 0; i < LINE*2; i+=2 ) {
if(i < stringtodo)
{
if ( i < stringtodo ) {
std::string comp;
comp += (char)input[address + i];
comp += (char)input[address + i + 1];
std::stringstream convert(comp);
comp += ( char ) input[address + i];
comp += ( char ) input[address + i + 1];
std::stringstream convert ( comp );
int temp;
convert >> std::hex >> temp;
if((temp>32)&&(temp<128))
{
out << (char)temp;
}
else
{
if ( ( temp>32 ) && ( temp<128 ) ) {
out << ( char ) temp;
} else {
out << ".";
}
}
else
{
} else {
out << " ";
}
if(i == LINE-2)
{
if ( i == LINE-2 ) {
out << " ";
}

8
commons/libDump.cpp~
View file

@ -119,11 +119,3 @@ std::string libDump::classicDump(std::string input)
return out.str();
}
std::string libDump::classicDump(const unsigned char* input)
{
std::string meta(input);
return libDump::classicDump(meta);
}

16
commons/libDump.h
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,7 +22,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
@ -34,9 +34,9 @@
#include <sstream>
namespace libDump {
std::string classicDump(std::string input);
std::string classicDump ( std::string input );
}
#endif //LIBDUMP_H
#endif //LIBDUMP_H

1
commons/libDump.h~
View file

@ -36,7 +36,6 @@
namespace libDump {
std::string classicDump(std::string input);
std::string classicDump(const unsigned char * input);
}

593
commons/libPacket.cpp
View file

@ -1,593 +0,0 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#include <cstdio>
#include <stdint.h>
#include <iostream>
#include <cstdlib>
#include <sstream>
#include <stdexcept>
#include <string>
#include <ios>
#include <map>
#include <boost/lexical_cast.hpp>
#include <boost/algorithm/string/split.hpp>
#include <boost/algorithm/string/classification.hpp>
#include "libPacket.h"
#include "libAddress.h"
/* PACKET */
using namespace boost;
libNetwork::packet* libNetwork::packet::factory(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
uint16_t protocol_type;
std::string temp;
temp.reserve(4);
for (int i = 24; i <= 27; i++)
{
temp += rawData_i[i];
}
std::stringstream convert ( temp );
convert>>std::hex>>protocol_type;
packet *p;
if (protocol_type == ETHER_TYPE_ARP)
{
p = new ARPpacket(timeEpoch_i, timeMillis_i, rawData_i);
} else if (protocol_type == ETHER_TYPE_IPV4)
{
p = IPv4packet::factory(timeEpoch_i, timeMillis_i, rawData_i);
} else {
p = new UnknownPacket(timeEpoch_i, timeMillis_i, rawData_i);
}
return p;
}
libNetwork::packet* libNetwork::packet::factory(std::string packetLine)
{
std::vector< std::string > section;
boost::algorithm::split(section, packetLine, boost::algorithm::is_any_of("!"));
packet* pkg = packet::factory(lexical_cast<int>(section[0]), lexical_cast<int>(section[1]), section[2]);
return pkg;
}
uint32_t libNetwork::packet::getPacketLength()
{
return pkgLength;
}
uint64_t libNetwork::packet::getEpoch()
{
return timeEpoch;
}
uint32_t libNetwork::packet::getMillis()
{
return timeMillis;
}
std::string libNetwork::packet::getHexString(int string_cursor, int read_byte)
{
std::string temp;
temp.reserve(read_byte * 2);
if (string_cursor + read_byte > this->getPacketLength()) throw Overflow();
for (int i = string_cursor * 2; i < (string_cursor * 2) + (read_byte * 2); i++)
{
temp += rawData[i];
}
return temp;
}
std::string libNetwork::packet::getDecimalIP(int string_cursor)
{
std::string temp;
std::string stamp;
temp.reserve(2);
for (int i=0; i <= 7; i++)
{
temp += rawData[(string_cursor*2)+i];
if (i%2 != 0)
{
std::stringstream convert(temp);
int a;
convert>>std::hex>>a;
stamp += lexical_cast<std::string>(a);
if (i != 7) stamp += ".";
temp = "";
}
}
return stamp;
}
libNetwork::mac_address libNetwork::packet::getMacAddress(int string_cursor)
{
mac_address mac_temp(this->getHexString(string_cursor, 6));
return mac_temp;
}
bool libNetwork::packet::isArp()
{
return (this->getEtherType() == ETHER_TYPE_ARP);
}
bool libNetwork::packet::isIPv4()
{
return (this->getEtherType() == ETHER_TYPE_IPV4);
}
bool libNetwork::packet::isIPv6()
{
return (this->getEtherType() == ETHER_TYPE_IPV6);
}
libNetwork::mac_address libNetwork::packet::getSenderMac()
{
return this->getMacAddress(6);
}
libNetwork::mac_address libNetwork::packet::getTargetMac()
{
return this->getMacAddress(0);
}
uint16_t libNetwork::packet::getEtherType()
{
uint16_t protocol_type;
std::stringstream convert (this->getHexString(12, 2));
convert>>std::hex>>protocol_type;
return protocol_type;
}
/* ARP */
libNetwork::ARPpacket::ARPpacket(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
return;
}
uint16_t libNetwork::ARPpacket::getOpCode()
{
uint16_t opcode;
std::stringstream convert (this->getHexString(ARP_OFFSET+6, 2));
convert>>std::hex>>opcode;
return opcode;
}
boost::asio::ip::address libNetwork::ARPpacket::getSenderIp()
{
boost::asio::ip::address newaddr = boost::asio::ip::address::from_string(this->getDecimalIP(ARP_OFFSET+14));
return newaddr;
}
boost::asio::ip::address libNetwork::ARPpacket::getTargetIp()
{
boost::asio::ip::address newaddr = boost::asio::ip::address::from_string(this->getDecimalIP(ARP_OFFSET+24));
return newaddr;
}
/* IPV4 */
libNetwork::packet* libNetwork::IPv4packet::factory(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
uint16_t protocol_type;
std::string temp;
temp.reserve(2);
for (int i = 46; i <= 47; i++)
{
temp += rawData_i[i];
}
std::stringstream convert ( temp );
convert>>std::hex>>protocol_type;
packet *p;
if (protocol_type == IPV4_TYPE_TCP)
{
p = new TCPv4packet(timeEpoch_i, timeMillis_i, rawData_i);
} else if (protocol_type == IPV4_TYPE_UDP)
{
p = new UDPv4packet(timeEpoch_i, timeMillis_i, rawData_i);
} else if (protocol_type == IPV4_TYPE_ICMP)
{
p = new ICMPv4packet(timeEpoch_i, timeMillis_i, rawData_i);
} else {
p = new UnknownPacket(timeEpoch_i, timeMillis_i, rawData_i);
}
return p;
}
asio::ip::address libNetwork::IPv4packet::getSenderIp()
{
boost::asio::ip::address newaddr = boost::asio::ip::address::from_string(this->getDecimalIP(IPv4_OFFSET+12));
return newaddr;
}
asio::ip::address libNetwork::IPv4packet::getTargetIp()
{
boost::asio::ip::address newaddr = boost::asio::ip::address::from_string(this->getDecimalIP(IPv4_OFFSET+16));
return newaddr;
}
uint16_t libNetwork::IPv4packet::getIdentity()
{
uint16_t id;
std::stringstream convert (this->getHexString(IPv4_OFFSET+4, 2));
convert>>std::hex>>id;
return id;
}
uint16_t libNetwork::IPv4packet::getTTL()
{
uint16_t ttl;
std::stringstream convert (this->getHexString(IPv4_OFFSET+8, 1));
convert>>std::hex>>ttl;
return ttl;
}
uint16_t libNetwork::IPv4packet::getProtocolType()
{
uint16_t protocol_type;
std::stringstream convert (this->getHexString(IPv4_OFFSET+9, 1));
convert>>std::hex>>protocol_type;
return protocol_type;
}
uint16_t libNetwork::IPv4packet::getIPChecksum()
{
uint16_t cs;
std::stringstream convert (this->getHexString(IPv4_OFFSET+10, 2));
convert>>std::hex>>cs;
return cs;
}
bool libNetwork::IPv4packet::verifyIPChecksum()
{
int sum = 0;
for(int i = 0; i < 20; i += 2)
{
short unsigned int temp;
std::stringstream convert (this->getHexString(IPv4_OFFSET+i,2));
convert >> std::hex >> temp;
sum += temp;
}
return ((sum & 0xFFFF) + (sum >>= 16) == 0xFFFF);
}
bool libNetwork::IPv4packet::isTCP()
{
return (this->getProtocolType() == IPV4_TYPE_TCP);
}
bool libNetwork::IPv4packet::isUDP()
{
return (this->getProtocolType() == IPV4_TYPE_UDP);
}
bool libNetwork::IPv4packet::isICMP()
{
return (this->getProtocolType() == IPV4_TYPE_ICMP);
}
/* ICMP */
libNetwork::ICMPv4packet::ICMPv4packet(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
return;
}
uint16_t libNetwork::ICMPv4packet::getMessageType()
{
uint16_t message_type;
std::stringstream convert (this->getHexString(ICMPV4_OFFSET, 1));
convert>>std::hex>>message_type;
return message_type;
}
uint16_t libNetwork::ICMPv4packet::getMessageCode()
{
uint16_t message_code;
std::stringstream convert (this->getHexString(ICMPV4_OFFSET+1, 1));
convert>>std::hex>>message_code;
return message_code;
}
/* TCP */
libNetwork::TCPv4packet::TCPv4packet(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
public_flag = false;
return;
}
uint16_t libNetwork::TCPv4packet::getSenderPort()
{
uint16_t port;
std::stringstream convert (this->getHexString(TCP_OFFSET, 2));
convert>>std::hex>>port;
return port;
}
uint16_t libNetwork::TCPv4packet::getTargetPort()
{
uint16_t port;
std::stringstream convert (this->getHexString(TCP_OFFSET+2, 2));
convert>>std::hex>>port;
return port;
}
uint32_t libNetwork::TCPv4packet::getSequenceNumber()
{
uint32_t sn;
std::stringstream convert (this->getHexString(TCP_OFFSET+4, 4));
convert>>std::hex>>sn;
return sn;
}
uint32_t libNetwork::TCPv4packet::getAcknowledgmentNumber()
{
uint32_t an;
std::stringstream convert (this->getHexString(TCP_OFFSET+8, 4));
convert>>std::hex>>an;
return an;
}
unsigned int libNetwork::TCPv4packet::getHeaderLength()
{
/*
* Sono utilizzati solo i primi 8 bit del byte, necessita traslazione.
* Indica i gruppi da 32 bit contenuti, necessita conversione.
*/
unsigned int hl;
std::stringstream convert (this->getHexString(TCP_OFFSET+12, 1));
convert>>std::hex>>hl;
hl >>= 4;
hl = (hl * 32) / 8;
return hl;
}
unsigned int libNetwork::TCPv4packet::getPayloadLength()
{
return (this->getPayLoad().length())/2;
}
int libNetwork::TCPv4packet::getFlags()
{
int flag;
std::stringstream convert (this->getHexString(TCP_OFFSET+13, 1));
convert>>std::hex>>flag;
return flag;
}
unsigned int libNetwork::TCPv4packet::getWindowSize()
{
unsigned int ws;
std::stringstream convert (this->getHexString(TCP_OFFSET+14, 2));
convert>>std::hex>>ws;
return ws;
}
unsigned int libNetwork::TCPv4packet::getTCPChecksum()
{
unsigned int cs;
std::stringstream convert (this->getHexString(TCP_OFFSET+16, 2));
convert>>std::hex>>cs;
return cs;
}
bool libNetwork::TCPv4packet::verifyTCPChecksum()
{
// TODO - Checksum TCP non viene usato???
}
unsigned int libNetwork::TCPv4packet::getUrgentPointer()
{
unsigned int up;
std::stringstream convert (this->getHexString(TCP_OFFSET+18, 2));
convert>>std::hex>>up;
return up;
}
std::string libNetwork::TCPv4packet::getOptionRaw()
{
return this->getHexString(TCP_OFFSET + TCP_STANDARD, this->getHeaderLength() - TCP_STANDARD);
}
std::map< int, std::string > libNetwork::TCPv4packet::getOptionMap()
{
std::map<int, std::string> tempMap;
if(this->isOption() && !this->isSYN()) // FIXME - SYN usa altro protocollo???
{
for(int i=0; i < (this->getHeaderLength() - TCP_STANDARD); i++)
{
int read;
std::stringstream convert ( this->getHexString(TCP_OFFSET+TCP_STANDARD+i, 1) );
convert >> std::hex >> read;
if(read != 1)
{
std::stringstream convert2 ( this->getHexString(TCP_OFFSET+TCP_STANDARD+i+1, 1) );
int optionLength;
convert2 >> std::hex >> optionLength;
tempMap[read] = this->getHexString(TCP_OFFSET+TCP_STANDARD+i+2, optionLength-2);
i += optionLength;
}
}
}
return tempMap;
}
std::string libNetwork::TCPv4packet::getPayLoad()
{
int start = TCP_OFFSET + this->getHeaderLength();
return this->getHexString(start, this->getPacketLength() - start);
}
bool libNetwork::TCPv4packet::isCWR()
{
return (this->getFlags() & 128);
}
bool libNetwork::TCPv4packet::isECE()
{
return (this->getFlags() & 64);
}
bool libNetwork::TCPv4packet::isURG()
{
return (this->getFlags() & 32);
}
bool libNetwork::TCPv4packet::isACK()
{
return (this->getFlags() & 16);
}
bool libNetwork::TCPv4packet::isPSH()
{
return (this->getFlags() & 8);
}
bool libNetwork::TCPv4packet::isRST()
{
return (this->getFlags() & 4);
}
bool libNetwork::TCPv4packet::isSYN()
{
return (this->getFlags() & 2);
}
bool libNetwork::TCPv4packet::isFIN()
{
return (this->getFlags() & 1);
}
bool libNetwork::TCPv4packet::isOption()
{
return (this->getHeaderLength() > TCP_STANDARD);
}
/* UDP */
libNetwork::UDPv4packet::UDPv4packet(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
return;
}
uint16_t libNetwork::UDPv4packet::getSenderPort()
{
uint16_t port;
std::stringstream convert (this->getHexString(UDP_OFFSET, 2));
convert>>std::hex>>port;
return port;
}
uint16_t libNetwork::UDPv4packet::getTargetPort()
{
uint16_t port;
std::stringstream convert (this->getHexString(UDP_OFFSET+2, 2));
convert>>std::hex>>port;
return port;
}
/* UNKNOWN */
libNetwork::UnknownPacket::UnknownPacket(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
return;
}

327
commons/libPacket.h
View file

@ -1,327 +0,0 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The project Riddle is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#ifndef LIBHEADER_H
#define LIBHEADER_H
/* EtherType */
#define ETHER_V2_CODE 0x0600 /** Più alto è ethertype, più basso è dimensione */
#define ETHER_TYPE_IPV4 0x0800 /** EtherType IPv4 */
#define ETHER_TYPE_ARP 0x0806 /** EtherType ARP */
#define ETHER_TYPE_IEEE802 0x8100 /** EtherType IEEE 802 */
#define ETHER_TYPE_IPV6 0x86DD /** EtherType IPv6 */
#define ETHER_TYPE_PPP 0x880B /** EtherType PPP */
/* ARP */
#define ARP_OFFSET 14 /** Punto dove inizia l'header ARP */
/* IPv4 */
#define IPv4_OFFSET 14 /** Punto dove inizia l'header IPv4 */
#define IPV4_TYPE_ICMP 0x01 /** IPv4 Type ICMP */
#define IPV4_TYPE_TCP 0x06 /** IPv4 Type TCP */
#define IPV4_TYPE_UDP 0x11 /** IPv4 Type UDP */
/* TCP */
#define TCP_OFFSET 34 /** Punto dove inizia l'header TCP */
#define TCP_STANDARD 20 /** Standard header lenght (byte) */
/* UDP */
#define UDP_OFFSET 34 /** Punto dove inizia l'header UDP */
/* ICMP */
#define ICMPV4_OFFSET 34 /** Punto dove inizia l'header ICMP */
#define ICMPV4_ECHO_REP 0 /** ICMP Type - Echo Reply (PING) */
#define ICMPV4_UNREACH 3 /** ICMP Type - Unreach */
#define ICMPV4_REDIRECT 5 /** ICMP Type - Redirect */
#define ICMPV4_ECHO_REQ 8 /** ICMP Type - Echo Request (PING) */
#define ICMPV4_TRACERT 30 /** ICMP Type - Tracert */
/* INCLUDE */
#include <string>
#include <boost/asio.hpp>
#include <stdint.h>
#include "libAddress.h"
namespace libNetwork {
/** Class for managing packets */
class packet
{
protected:
uint64_t timeEpoch; /** Timestamp */
uint32_t timeMillis; /** Millisecond from timestamp */
uint32_t pkgLength; /** Packet length */
std::string rawData; /** Raw packet recived from riddle */
public:
/** Overflow management */
class Overflow {};
/** Class constructor with delayed instantiation*/
static packet* factory(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
/** Class constructor with delayed instantiation, auto-split mode*/
static packet* factory(std::string packetLine);
/** Virtual destructor */
virtual ~packet() {}
/* GENERAL FUNCTIONS */
/** Returns the packet length in bytes. */
uint32_t getPacketLength();
/** Returns packet epoch */
uint64_t getEpoch();
/** Returns milliseconds passed from epoch */
uint32_t getMillis();
/** Legge n byte a partire dal byte voluto e li restituisce in stringa. */
std::string getHexString(int string_cursor, int read_byte);
/** Legge IPv4 dal byte voluto e restituisce in formato decimale. */
std::string getDecimalIP(int string_cursor);
/** Salva MAC address a partire da un punto (n° del byte) della stringa rawData */
mac_address getMacAddress(int string_cursor);
/** Salva IPv4 address a partire da un punto (n° del byte) della stringa rawData */
boost::asio::ip::address getIPv4Address(int string_cursor);
/** True se e' un pacchetto ARP */
bool isArp();
/** True se e' un pacchetto IPv4 */
bool isIPv4();
/** True se e' un pacchetto IPv6*/
bool isIPv6();
/* ETHERNET FUNCTIONS */
/** Restituisce MAC della scheda di rete che ha inviato la trama*/
mac_address getSenderMac();
/** Restituisce MAC del destinatario della trama*/
mac_address getTargetMac();
/** Restituisce ethertype */
uint16_t getEtherType();
};
/** Class for managing ARP packets */
class ARPpacket : public packet
{
public:
/** Costruttore finale */
ARPpacket(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
/** Ritorna OpCode */
uint16_t getOpCode();
/** Ritorna indirizzo IP del mittente */
boost::asio::ip::address getSenderIp();
/** Ritorna indirizzo IP del destinatario */
boost::asio::ip::address getTargetIp();
};
/** Class for managing IPv4 packets */
class IPv4packet : public packet
{
public:
/** Class constructor with delayed instantiation */
static packet* factory(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
/** Ritorna indirizzo IP del mittente */
boost::asio::ip::address getSenderIp();
/** Ritorna indirizzo IP del destinatario */
boost::asio::ip::address getTargetIp();
/** Ritorna identificatore **/
uint16_t getIdentity();
/** Ritorna il Time To Live **/
uint16_t getTTL();
/** Ritorna il tipo di protocollo incapsulato */
uint16_t getProtocolType();
/** Ritorna checksum */
uint16_t getIPChecksum();
/** Verify checksum **/
bool verifyIPChecksum();
/** True se incapsula un pacchetto TCP */
bool isTCP();
/** True se incapsula un pacchetto UDP */
bool isUDP();
/** True se incapsula un pacchetto ICMP */
bool isICMP();
};
/** Class for managing TCPv4 packets */
class TCPv4packet : public IPv4packet
{
public:
/** Flag pubblica usabile per marcare uno specifico oggetto TCPv4packet **/
bool public_flag;
/** Costruttore finale */
TCPv4packet(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
/** Restituisce porta TCP del mittente */
uint16_t getSenderPort();
/** Restituisce porta TCP del destinatario */
uint16_t getTargetPort();
/** Restituisce il numero di sequenza */
uint32_t getSequenceNumber();
/** Restituisce il numero di acknowledgment */
uint32_t getAcknowledgmentNumber();
/** Ritorna dimensione dell'header TCP in byte */
unsigned int getHeaderLength();
/** Ritorna dimensione del payload TCP in byte */
unsigned int getPayloadLength();
/** Ritorna i flag TCP in formato raw, da processare */
int getFlags();
/** Ritorna dimensione della finestra di ricezione */
unsigned int getWindowSize();
/** Ritorna checksum */
unsigned int getTCPChecksum();
/** Verify checksum **/
bool verifyTCPChecksum();
/** Ritorna l'urgent pointer */
unsigned int getUrgentPointer();
/** Ritorna le opzioni TCP in formato raw, da processare */
std::string getOptionRaw();
/** Ritorna le opzioni TCP in una std::map */
std::map<int, std::string> getOptionMap();
/** Ritorna i dati trasportati dal pacchetto TCP */
std::string getPayLoad();
/** True se ha flag ACK */
bool isACK();
/** True se ha flag SYN */
bool isSYN();
/** True se ha flag FIN */
bool isFIN();
/** True se ha flag RST */
bool isRST();
/** True se ha flag PSH */
bool isPSH();
/** True se ha flag URG */
bool isURG();
/** True se ha flag ECE */
bool isECE();
/** True se ha flag CWR */
bool isCWR();
/** True se sono presenti delle opzioni aggiuntive */
bool isOption();
};
/** Class for managing UDPv4 packets */
class UDPv4packet : public IPv4packet
{
public:
/** Costruttore finale */
UDPv4packet(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
/** Ritorna porta UDP del mittente */
uint16_t getSenderPort();
/** Ritorna porta UDP del destinatario */
uint16_t getTargetPort();
};
/** Class for managing ICMPv4 packets */
class ICMPv4packet : public IPv4packet
{
public:
/** Costruttore finale */
ICMPv4packet(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
/** Ritorna il tipo di messaggio ICMP */
uint16_t getMessageType();
/** Ritorna il MessageCode */
uint16_t getMessageCode();
};
/** Class for managing unknown packets */
class UnknownPacket : public packet
{
public:
/** Costruttore finale */
UnknownPacket(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
};
}
#endif //LIBHEADER_H

52
libraries/libCigarette.cpp
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,7 +22,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
@ -32,53 +32,45 @@
#include <string>
#include "libCigarette.h"
std::string ether_type_decode(uint16_t start)
{
std::string ether_type_decode ( uint16_t start ) {
// Maggiore o uguale di 1536(0x0600) per Ethernet v2, minore per versione
if (start >= ETHER_V2_CODE)
{
switch (start)
{
case (ETHER_TYPE_IPV4):
if ( start >= ETHER_V2_CODE ) {
switch ( start ) {
case ( ETHER_TYPE_IPV4 ) :
return "IPv4";
case (ETHER_TYPE_ARP):
case ( ETHER_TYPE_ARP ) :
return "ARP";
case (ETHER_TYPE_IPV6):
case ( ETHER_TYPE_IPV6 ) :
return "IPv6";
case (ETHER_TYPE_PPP):
case ( ETHER_TYPE_PPP ) :
return "PPP";
case (ETHER_TYPE_IEEE802):
case ( ETHER_TYPE_IEEE802 ) :
return "IEEE 802.1Q";
default:
return "UNDEFINED";
}
}
else return "Ethernet IEEE 802.3";
} else return "Ethernet IEEE 802.3";
}
std::string ipv4_type_decode(uint16_t start)
{
switch (start)
{
case (IPV4_TYPE_TCP):
std::string ipv4_type_decode ( uint16_t start ) {
switch ( start ) {
case ( IPV4_TYPE_TCP ) :
return "TCP";
case (IPV4_TYPE_UDP):
case ( IPV4_TYPE_UDP ) :
return "UDP";
case (IPV4_TYPE_ICMP):
case ( IPV4_TYPE_ICMP ) :
return "ICMP";
default:
return "UNDEFINED";
}
}
std::string icmpv4_type_decode(uint16_t start)
{
switch (start)
{
case (ICMPV4_ECHO_REQ):
std::string icmpv4_type_decode ( uint16_t start ) {
switch ( start ) {
case ( ICMPV4_ECHO_REQ ) :
return "ECHO Request";
case (ICMPV4_ECHO_REP):
case ( ICMPV4_ECHO_REP ) :
return "ECHO Reply";
default:
return "UNDEFINED";

16
libraries/libCigarette.h
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,7 +22,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
@ -30,10 +30,10 @@
#define LIBCIGARETTE_H
#include <string>
#include "../commons/libPacket.h"
#include "../commons/classPacket.h"
std::string ether_type_decode(uint16_t start);
std::string ipv4_type_decode(uint16_t start);
std::string icmpv4_type_decode(uint16_t start);
std::string ether_type_decode ( uint16_t start );
std::string ipv4_type_decode ( uint16_t start );
std::string icmpv4_type_decode ( uint16_t start );
#endif //LIBCIGARETTE_H

286
libraries/libPursuer.cpp
View file

@ -33,296 +33,58 @@
#include <stdexcept>
#include <fstream>
#include <string>
#include <list>
#include <ios>
#include <boost/asio.hpp>
#include <list>
#include "../commons/libPacket.h"
#include "../commons/libAddress.h"
#include "../commons/classPacket.h"
#include "../commons/classMacAddress.h"
#include "../commons/classFlow.h"
#include "libPursuer.h"
std::string decodeHexText(std::string raw)
{
std::string decodeHexText ( std::string raw ) {
std::string text;
for(int i = 0; i <= raw.size(); i += 2)
{
for ( int i = 0; i <= raw.size(); i += 2 ) {
std::string comp;
comp += (char)raw[i];
comp += (char)raw[i+1];
std::stringstream convert(comp);
comp += ( char ) raw[i];
comp += ( char ) raw[i+1];
std::stringstream convert ( comp );
int temp;
convert >> std::hex >> temp;
text += (char)temp;
text += ( char ) temp;
}
return text;
}
void writeout(stream* stream, bool tofile)
{
if(tofile)
{
void writeout ( libNetwork::stream* stream, bool tofile ) {
if ( tofile ) {
std::stringstream filename;
char buffer[10];
char buffer[10];
filename << "flow_";
filename << stream->getTimeEpoch();
filename << ".txt";
std::ofstream myfile;
myfile.open(filename.str().c_str());
if (myfile.is_open())
{
myfile << stream->exportRawFlow();
myfile.open ( filename.str().c_str() );
if ( myfile.is_open() ) {
myfile << exportFormattedRawFlow ( stream );
myfile.close();
}
} else {
std::cout << stream->exportFlow() << std::endl;
std::cout << exportFormattedRawFlow ( stream ) << std::endl;
}
}
bool stream::factory(libNetwork::TCPv4packet *packet)
{
std::string exportFormattedRawFlow ( libNetwork::stream* stream ) {
if(packet->isSYN())
{
uint16_t first_port = stream->getFirstPort();
uint16_t second_port = stream->getSecondPort();
if(!packet->isACK())
{
timeEpoch = packet->getEpoch();
timeMillis = packet->getMillis();
macAddress[0] = packet->getSenderMac();
macAddress[1] = packet->getTargetMac();
ipAddress[0] = packet->getSenderIp();
ipAddress[1] = packet->getTargetIp();
port[0] = packet->getSenderPort();
port[1] = packet->getTargetPort();
sequenceNumber[0] = packet->getSequenceNumber();
sequenceNumber[1] = 0;
flagFirstFIN = false;
flagSecondFIN = false;
delete packet;
return true;
}
else
{
if(sequenceNumber[0] + 1 == packet->getAcknowledgmentNumber())
{
sequenceNumber[1] = packet->getSequenceNumber();
delete packet;
return true;
}
}
}
delete packet;
return false;
}
void stream::factory(std::string packet)
{
}
bool stream::addPacket(libNetwork::TCPv4packet *newPacket)
{
using namespace std;
int a,b;
if(!newPacket->isSYN())
{
if(newPacket->getSenderPort() == port[0])
{
// Siamo nel primo buffer
a = 1;
b = 0;
}
else if(newPacket->getSenderPort() == port[1])
{
// Siamo nel secondo buffer
a = 0;
b = 1;
}
else return false; // Buffer non identificato.
if(newPacket->isACK()) // Se c'è ACK setto il flag sul pacchetto corrispondente, se c'è.
{
for (list<libNetwork::TCPv4packet*>::iterator it = buffer[a].begin(); it != buffer[a].end(); it++)
{
if( (*it)->getSequenceNumber() == newPacket->getAcknowledgmentNumber() - ((*it)->getPayLoad().size()/2))
{
(*it)->public_flag = true;
break;
}
}
}
if(newPacket->getPayLoad().size() != 0) // Salvo il pacchetto solo se ha del payload.
{
buffer[b].push_back(newPacket);
}
return true;
}
return false;
}
void stream::flushBuffer(int number)
{
bool isFound;
do {
isFound = false;
for (std::list<libNetwork::TCPv4packet*>::iterator it = buffer[number].begin(); it != buffer[number].end(); it++)
{
if(sequenceNumber[number] + 1 == (*it)->getSequenceNumber() && (*it)->public_flag)
{
std::string payload = (*it)->getPayLoad();
flow[number] += payload;
sequenceNumber[number] += payload.size()/2; // unsigned, si azzera come avviene nel tcp.
buffer[number].remove(*it);
isFound = true;
break;
}
}
} while (isFound);
}
void stream::flushFirstBuffer()
{
flushBuffer(0);
}
void stream::flushSecondBuffer()
{
flushBuffer(1);
}
std::string stream::exportFlow()
{
std::stringstream stdstring;
stdstring << timeEpoch << "!" << timeMillis << "!";
stdstring << macAddress[0].to_string() << "!" << macAddress[1].to_string() << "!";
stdstring << ipAddress[0].to_string() << "!" << ipAddress[1].to_string() << "!";
stdstring << port[0] << "!" << port[1] << "!";
stdstring << flow[0] << "!" << flow[1];
return stdstring.str();;
}
std::string stream::exportRawFlow()
{
std::stringstream stdstring;
stdstring << ">> Two-way flow between " << ipAddress[0].to_string() << ":" << port[0] << " and " << ipAddress[1].to_string() << ":" << port[1] << std::endl;
stdstring << ">> " << ipAddress[0].to_string() << ":" << port[0] << " -> " << ipAddress[1].to_string() << ":" << port[1] << std::endl;
stdstring << decodeHexText(flow[0]) << std::endl;
stdstring << ">> " << ipAddress[1].to_string() << ":" << port[1] << " -> " << ipAddress[0].to_string() << ":" << port[0] << std::endl;
stdstring << decodeHexText(flow[1]) << std::endl;
stdstring << ">> Two-way flow between " << stream->getFirstIpAddress().to_string() << ":" << first_port << " and " << stream->getSecondIpAddress().to_string() << ":" << second_port << std::endl;
stdstring << ">> " << stream->getFirstIpAddress().to_string() << ":" << first_port << " -> " << stream->getSecondIpAddress().to_string() << ":" << second_port << std::endl;
stdstring << decodeHexText ( stream->getFirstBuffer() ) << std::endl;
stdstring << ">> " << stream->getSecondIpAddress().to_string() << ":" << second_port << " -> " << stream->getFirstIpAddress().to_string() << ":" << first_port << std::endl;
stdstring << decodeHexText ( stream->getSecondBuffer() ) << std::endl;
return stdstring.str();
}
uint64_t stream::getBufferLength()
{
uint64_t bufferlenght = 0;
for(int i = 0; i <= 1; i++)
{
for (std::list<libNetwork::TCPv4packet*>::iterator it = buffer[i].begin(); it != buffer[i].end(); it++)
{
bufferlenght += (*it)->getPayloadLength();
}
}
return bufferlenght;
}
uint64_t stream::getFlowLength()
{
return (flow[0].length() + flow[1].length())/2;
}
uint64_t stream::getTimeEpoch()
{
return timeEpoch;
}
uint32_t stream::getTimeMillis()
{
return timeMillis;
}
libNetwork::mac_address stream::getFirstMacAddress()
{
return macAddress[0];
}
libNetwork::mac_address stream::getSecondMacAddress()
{
return macAddress[1];
}
boost::asio::ip::address stream::getFirstIpAddress()
{
return ipAddress[0];
}
boost::asio::ip::address stream::getSecondIpAddress()
{
return ipAddress[1];
}
uint16_t stream::getFirstPort()
{
return port[0];
}
uint16_t stream::getSecondPort()
{
return port[1];
}
uint32_t stream::getFirstSN()
{
return sequenceNumber[0];
}
uint32_t stream::getSecondSN()
{
return sequenceNumber[1];
}
bool stream::isFIN()
{
return flagFirstFIN && flagSecondFIN;
}

282
libraries/libPursuer.cpp~
View file

@ -33,292 +33,58 @@
#include <stdexcept>
#include <fstream>
#include <string>
#include <list>
#include <ios>
#include <boost/asio.hpp>
#include <list>
#include "../commons/libPacket.h"
#include "../commons/libAddress.h"
#include "../commons/classPacket.h"
#include "../commons/classMacAddress.h"
#include "../commons/classFlow.h"
#include "libPursuer.h"
std::string decodeHexText(std::string raw)
{
std::string decodeHexText ( std::string raw ) {
std::string text;
for(int i = 0; i <= raw.size(); i += 2)
{
for ( int i = 0; i <= raw.size(); i += 2 ) {
std::string comp;
comp += (char)raw[i];
comp += (char)raw[i+1];
std::stringstream convert(comp);
comp += ( char ) raw[i];
comp += ( char ) raw[i+1];
std::stringstream convert ( comp );
int temp;
convert >> std::hex >> temp;
text += (char)temp;
text += ( char ) temp;
}
return text;
}
void writeout(stream* stream, bool tofile)
{
if(tofile)
{
void writeout ( libNetwork::stream* stream, bool tofile ) {
if ( tofile ) {
std::stringstream filename;
char buffer[10];
char buffer[10];
filename << "flow_";
filename << stream->getTimeEpoch();
filename << ".txt";
std::ofstream myfile;
myfile.open(filename.str().c_str());
if (myfile.is_open())
{
myfile << stream->exportRawFlow();
myfile.open ( filename.str().c_str() );
if ( myfile.is_open() ) {
myfile << exportFormattedRawFlow ( stream );
myfile.close();
}
} else {
std::cout << stream->exportFlow() << std::endl;
std::cout << exportFormattedRawFlow ( stream ) << std::endl;
}
}
bool stream::factory(libNetwork::TCPv4packet *packet)
{
std::string exportFormattedRawFlow ( libNetwork::stream* stream ) {
if(packet->isSYN())
{
uint16_t first_port = stream->getFirstPort();
uint16_t second_port = stream->getSecondPort();
if(!packet->isACK())
{
timeEpoch = packet->getEpoch();
timeMillis = packet->getMillis();
macAddress[0] = packet->getSenderMac();
macAddress[1] = packet->getTargetMac();
ipAddress[0] = packet->getSenderIp();
ipAddress[1] = packet->getTargetIp();
port[0] = packet->getSenderPort();
port[1] = packet->getTargetPort();
sequenceNumber[0] = packet->getSequenceNumber();
sequenceNumber[1] = 0;
flagFirstFIN = false;
flagSecondFIN = false;
delete packet;
return true;
}
else
{
if(sequenceNumber[0] + 1 == packet->getAcknowledgmentNumber())
{
sequenceNumber[1] = packet->getSequenceNumber();
delete packet;
return true;
}
}
}
delete packet;
return false;
}
bool stream::addPacket(libNetwork::TCPv4packet *newPacket)
{
using namespace std;
int a,b;
if(!newPacket->isSYN())
{
if(newPacket->getSenderPort() == port[0])
{
// Siamo nel primo buffer
a = 1;
b = 0;
}
else if(newPacket->getSenderPort() == port[1])
{
// Siamo nel secondo buffer
a = 0;
b = 1;
}
else return false; // Buffer non identificato.
if(newPacket->isACK()) // Se c'è ACK setto il flag sul pacchetto corrispondente, se c'è.
{
for (list<libNetwork::TCPv4packet*>::iterator it = buffer[a].begin(); it != buffer[a].end(); it++)
{
if( (*it)->getSequenceNumber() == newPacket->getAcknowledgmentNumber() - ((*it)->getPayLoad().size()/2))
{
(*it)->public_flag = true;
break;
}
}
}
if(newPacket->getPayLoad().size() != 0) // Salvo il pacchetto solo se ha del payload.
{
buffer[b].push_back(newPacket);
}
return true;
}
return false;
}
void stream::flushBuffer(int number)
{
bool isFound;
do {
isFound = false;
for (std::list<libNetwork::TCPv4packet*>::iterator it = buffer[number].begin(); it != buffer[number].end(); it++)
{
if(sequenceNumber[number] + 1 == (*it)->getSequenceNumber() && (*it)->public_flag)
{
std::string payload = (*it)->getPayLoad();
flow[number] += payload;
sequenceNumber[number] += payload.size()/2; // unsigned, si azzera come avviene nel tcp.
buffer[number].remove(*it);
isFound = true;
break;
}
}
} while (isFound);
}
void stream::flushFirstBuffer()
{
flushBuffer(0);
}
void stream::flushSecondBuffer()
{
flushBuffer(1);
}
std::string stream::exportFlow()
{
std::stringstream stdstring;
stdstring << timeEpoch << "!" << timeMillis << "!";
stdstring << macAddress[0].to_string() << "!" << macAddress[1].to_string() << "!";
stdstring << ipAddress[0].to_string() << "!" << ipAddress[1].to_string() << "!";
stdstring << port[0] << "!" << port[1] << "!";
stdstring << flow[0] << "!" << flow[1];
return stdstring.str();;
}
std::string stream::exportRawFlow()
{
std::stringstream stdstring;
stdstring << ">> Two-way flow between " << ipAddress[0].to_string() << ":" << port[0] << " and " << ipAddress[1].to_string() << ":" << port[1] << std::endl;
stdstring << ">> " << ipAddress[0].to_string() << ":" << port[0] << " -> " << ipAddress[1].to_string() << ":" << port[1] << std::endl;
stdstring << decodeHexText(flow[0]) << std::endl;
stdstring << ">> " << ipAddress[1].to_string() << ":" << port[1] << " -> " << ipAddress[0].to_string() << ":" << port[0] << std::endl;
stdstring << decodeHexText(flow[1]) << std::endl;
stdstring << ">> Two-way flow between " << stream->getFirstIpAddress().to_string() << ":" << first_port << " and " << stream->getSecondIpAddress().to_string() << ":" << second_port << std::endl;
stdstring << ">> " << stream->getFirstIpAddress().to_string() << ":" << first_port << " -> " << stream->getSecondIpAddress().to_string() << ":" << second_port << std::endl;
stdstring << decodeHexText ( stream->getFirstPort() ) << std::endl;
stdstring << ">> " << stream->getSecondIpAddress().to_string() << ":" << second_port << " -> " << stream->getFirstIpAddress().to_string() << ":" << first_port << std::endl;
stdstring << decodeHexText ( stream->getSecondPort() ) << std::endl;
return stdstring.str();
}
uint64_t stream::getBufferLength()
{
uint64_t bufferlenght = 0;
for(int i = 0; i <= 1; i++)
{
for (std::list<libNetwork::TCPv4packet*>::iterator it = buffer[i].begin(); it != buffer[i].end(); it++)
{
bufferlenght += (*it)->getPayloadLength();
}
}
return bufferlenght;
}
uint64_t stream::getFlowLength()
{
return (flow[0].length() + flow[1].length())/2;
}
uint64_t stream::getTimeEpoch()
{
return timeEpoch;
}
uint32_t stream::getTimeMillis()
{
return timeMillis;
}
libNetwork::mac_address stream::getFirstMacAddress()
{
return macAddress[0];
}
libNetwork::mac_address stream::getSecondMacAddress()
{
return macAddress[1];
}
boost::asio::ip::address stream::getFirstIpAddress()
{
return ipAddress[0];
}
boost::asio::ip::address stream::getSecondIpAddress()
{
return ipAddress[1];
}
uint16_t stream::getFirstPort()
{
return port[0];
}
uint16_t stream::getSecondPort()
{
return port[1];
}
uint32_t stream::getFirstSN()
{
return sequenceNumber[0];
}
uint32_t stream::getSecondSN()
{
return sequenceNumber[1];
}
bool stream::isFIN()
{
return flagFirstFIN && flagSecondFIN;
}

73
libraries/libPursuer.h
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,7 +22,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
@ -31,65 +31,12 @@
#include <list>
#include <string>
#include <boost/asio.hpp>
#include <boost/concept_check.hpp>
#include "../commons/libAddress.h"
#include "../commons/libPacket.h"
#include "../commons/classMacAddress.h"
#include "../commons/classPacket.h"
#include "../commons/classFlow.h"
/** Class for managing TCP flow. */
class stream
{
private:
uint64_t timeEpoch;
uint32_t timeMillis;
bool flagFirstFIN;
bool flagSecondFIN;
libNetwork::mac_address macAddress[2];
boost::asio::ip::address ipAddress[2];
uint16_t port[2];
std::list<libNetwork::TCPv4packet*> buffer[2];
uint32_t sequenceNumber[2];
std::string flow[2];
void flushBuffer(int number);
public:
bool factory(libNetwork::TCPv4packet *packet);
void factory(std::string packet);
bool addPacket(libNetwork::TCPv4packet *newPacket);
void flushFirstBuffer();
void flushSecondBuffer();
uint64_t getTimeEpoch();
uint32_t getTimeMillis();
libNetwork::mac_address getFirstMacAddress();
libNetwork::mac_address getSecondMacAddress();
boost::asio::ip::address getFirstIpAddress();
boost::asio::ip::address getSecondIpAddress();
uint16_t getFirstPort();
uint16_t getSecondPort();
uint32_t getFirstSN();
uint32_t getSecondSN();
/* Ritorna in byte la somma dei payload dei pachetti nel buffer */
uint64_t getBufferLength();
/* Ritorna lunghezza in byte dei due flussi in uscita */
uint64_t getFlowLength();
std::string exportFlow();
std::string exportRawFlow();
bool isFIN();
};
std::string decodeHexText(std::string raw);
void writeout(stream* stream, bool tofile);
std::string decodeHexText ( std::string raw );
void writeout ( libNetwork::stream* stream, bool tofile );
std::string exportFormattedRawFlow ( libNetwork::stream* stream );
#endif //LIBPURSUER_H

72
libraries/libPursuer.h~
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,7 +22,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
@ -31,64 +31,12 @@
#include <list>
#include <string>
#include <boost/asio.hpp>
#include <boost/concept_check.hpp>
#include "../commons/libAddress.h"
#include "../commons/libPacket.h"
#include "../commons/classMacAddress.h"
#include "../commons/classPacket.h"
#include "../commons/classFlow.h"
/** Class for managing TCP flow. */
class stream
{
private:
uint64_t timeEpoch;
uint32_t timeMillis;
bool flagFirstFIN;
bool flagSecondFIN;
libNetwork::mac_address macAddress[2];
boost::asio::ip::address ipAddress[2];
uint16_t port[2];
std::list<libNetwork::TCPv4packet*> buffer[2];
uint32_t sequenceNumber[2];
std::string flow[2];
void flushBuffer(int number);
public:
bool factory(libNetwork::TCPv4packet *packet);
bool addPacket(libNetwork::TCPv4packet *newPacket);
void flushFirstBuffer();
void flushSecondBuffer();
uint64_t getTimeEpoch();
uint32_t getTimeMillis();
libNetwork::mac_address getFirstMacAddress();
libNetwork::mac_address getSecondMacAddress();
boost::asio::ip::address getFirstIpAddress();
boost::asio::ip::address getSecondIpAddress();
uint16_t getFirstPort();
uint16_t getSecondPort();
uint32_t getFirstSN();
uint32_t getSecondSN();
/* Ritorna in byte la somma dei payload dei pachetti nel buffer */
uint64_t getBufferLength();
/* Ritorna lunghezza in byte dei due flussi in uscita */
uint64_t getFlowLength();
std::string exportFlow();
std::string exportRawFlow();
bool isFIN();
};
std::string decodeHexText(std::string raw);
void writeout(stream* stream, bool tofile);
std::string decodeHexText ( std::string raw );
void writeout ( libNetwork::stream* stream, bool tofile );
std::string exportFormattedRawFlow ( libNetwork::stream* stream );
#endif //LIBPURSUER_H

23
libraries/libRanging.cpp
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,37 +22,32 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
#include "libRanging.h"
device::device(libNetwork::mac_address newMac, boost::asio::ip::address newIp, long int newEpoch)
{
device::device ( libNetwork::mac_address newMac, boost::asio::ip::address newIp, long int newEpoch ) {
mac = newMac;
ip = newIp;
timeEpoch = newEpoch;
return;
}
boost::asio::ip::address device::getIpAddress()
{
boost::asio::ip::address device::getIpAddress() {
return ip;
}
libNetwork::mac_address device::getMacAddress()
{
libNetwork::mac_address device::getMacAddress() {
return mac;
}
long int device::getEpoch()
{
long int device::getEpoch() {
return timeEpoch;
}
void device::setEpoch(long int newEpoch)
{
void device::setEpoch ( long int newEpoch ) {
timeEpoch = newEpoch;
return;
}

21
libraries/libRanging.h
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,7 +22,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
@ -30,20 +30,19 @@
#define LIBRANGING_H
#include <boost/asio.hpp>
#include "../commons/libAddress.h"
#include "../commons/classMacAddress.h"
class device
{
private:
class device {
private:
libNetwork::mac_address mac;
boost::asio::ip::address ip;
long int timeEpoch;
public:
device(libNetwork::mac_address newMac, boost::asio::ip::address newIp, long int newEpoch);
public:
device ( libNetwork::mac_address newMac, boost::asio::ip::address newIp, long int newEpoch );
libNetwork::mac_address getMacAddress();
boost::asio::ip::address getIpAddress();
long int getEpoch();
void setEpoch(long int newEpoch);
void setEpoch ( long int newEpoch );
};
#endif //LIBRANGING_H

50
libraries/libRiddle.cpp
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,7 +22,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
@ -36,49 +36,43 @@
// Non mettere using namespace generali in header file.
void pcap_fatal(const char *error_in, const char *error_buffer)
{
void pcap_fatal ( const char *error_in, const char *error_buffer ) {
std::stringstream ss;
ss<<"Fatal Error in "<<error_in<<": "<<error_buffer;
throw(std::runtime_error(ss.str()));
throw ( std::runtime_error ( ss.str() ) );
}
static void memPrint(const unsigned char *start, char len, int index)
{
printf("0x%08x | ",index);
static void memPrint ( const unsigned char *start, char len, int index ) {
printf ( "0x%08x | ",index );
int i;
for (i=0;i<len;i++) printf("%02x ",start[i]);
for (i=0;i<(16-len);i++) printf(" ");
printf("| ");
for (i=0;i<len;i++)
{
if ((start[i]>32)&&(start[i]<128)) printf("%c",start[i]);
else printf(".");
for ( i=0; i<len; i++ ) printf ( "%02x ",start[i] );
for ( i=0; i< ( 16-len ); i++ ) printf ( " " );
printf ( "| " );
for ( i=0; i<len; i++ ) {
if ( ( start[i]>32 ) && ( start[i]<128 ) ) printf ( "%c",start[i] );
else printf ( "." );
}
printf("\n");
printf ( "\n" );
}
void hexDump(const unsigned char *start, struct pcap_pkthdr header)
{
void hexDump ( const unsigned char *start, struct pcap_pkthdr header ) {
std::cout<<std::endl<<"[TS: "<<header.ts.tv_sec;
std::cout<<" uS: "<<header.ts.tv_usec;
std::cout<<"] Received "<<header.len<<" byte:"<<std::endl;
int index=0;
while (header.len>16)
{
memPrint(start,16,index);
while ( header.len>16 ) {
memPrint ( start,16,index );
header.len-=16;
start+=16;
index+=16;
}
if (header.len>0) memPrint(start,header.len,index);
if ( header.len>0 ) memPrint ( start,header.len,index );
}
void rawDump(const unsigned char *start, struct pcap_pkthdr header)
{
void rawDump ( const unsigned char *start, struct pcap_pkthdr header ) {
std::cout<<header.ts.tv_sec<<"!";
std::cout<<header.ts.tv_usec<<"!";
for (int i=0;i<header.len;i++) printf("%02x",start[i]);
for ( int i=0; i<header.len; i++ ) printf ( "%02x",start[i] );
std::cout<<std::endl;
}

8
libraries/libRiddle.cpp~
View file

@ -64,12 +64,6 @@ void hexDump(const unsigned char *start, struct pcap_pkthdr header)
std::cout<<" uS: "<<header.ts.tv_usec;
std::cout<<"] Received "<<header.len<<" byte:"<<std::endl;
int index=0;
std::string meta(start);
std::cout << libDump::classicDump(meta);
/*
while (header.len>16)
{
memPrint(start,16,index);
@ -78,7 +72,7 @@ void hexDump(const unsigned char *start, struct pcap_pkthdr header)
index+=16;
}
if (header.len>0) memPrint(start,header.len,index);
*/
}
void rawDump(const unsigned char *start, struct pcap_pkthdr header)

14
libraries/libRiddle.h
View file

@ -1,13 +1,13 @@
/**
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* Name : Project Riddle
* Author : Andrea Bontempi
* Version : 0.1 aplha
* Description : Modular Network Sniffer
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*
*
* This file is part of the project Riddle.
*
* The project Riddle is free software: you can redistribute it and/or modify
@ -22,7 +22,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this project. If not, see <http://www.gnu.org/licenses/>.
*
*
* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -
*/
@ -38,10 +38,10 @@
} *
*/
void pcap_fatal(const char *error_in, const char *error_buffer);
void pcap_fatal ( const char *error_in, const char *error_buffer );
/* Funzioni per la stampa su schermo dei dati in formato esadecimale */
void hexDump(const unsigned char *start, struct pcap_pkthdr header);
void rawDump(const unsigned char *start, struct pcap_pkthdr header);
void hexDump ( const unsigned char *start, struct pcap_pkthdr header );
void rawDump ( const unsigned char *start, struct pcap_pkthdr header );
#endif //LIBRIDDLE_H