andreabont/Project-Riddle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Optimization of the structure

Browse source
This commit is contained in:
Andrea Bontempi 2012-05-30 14:56:36 +02:00
commit 7e075814ee
31 changed files with 1648 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

29
CMakeLists.txt
View file

@ -1,31 +1,46 @@
cmake_minimum_required(VERSION 2.6)
project(SNIFFER)
set(RIDDLE_SRCS libRiddle.cpp libRiddle.h Riddle.cpp)
add_executable(riddle ${RIDDLE_SRCS})
add_subdirectory(commons)
add_subdirectory(libraries)
set(CIGARETTE_SRCS libAddress.cpp libAddress.h libPacket.cpp libPacket.h libCigarette.cpp libCigarette.h Cigarette.cpp)
add_executable(cigarette ${CIGARETTE_SRCS})
set(LIBRARIES_DIR libraries)
set(RIDDLE_SRCS ${LIBRARIES_DIR}/libRiddle.cpp ${LIBRARIES_DIR}/libRiddle.h Riddle.cpp)
set(CIGARETTE_SRCS ${LIBRARIES_DIR}/libCigarette.cpp ${LIBRARIES_DIR}/libCigarette.h Cigarette.cpp)
set(RANGING_SRCS ${LIBRARIES_DIR}/libRanging.h ${LIBRARIES_DIR}/libRanging.cpp Ranging.cpp)
set(PURSUER_SRCS ${LIBRARIES_DIR}/libPursuer.h ${LIBRARIES_DIR}/libPursuer.cpp Pursuer.cpp)
set(RANGING_SRCS libAddress.h libAddress.cpp libPacket.h libPacket.cpp libRanging.h libRanging.cpp Ranging.cpp)
add_executable(ranging ${RANGING_SRCS})
set(PURSUER_SRCS libAddress.h libAddress.cpp libPacket.h libPacket.cpp libPursuer.h libPursuer.cpp Pursuer.cpp)
add_executable(cigarette ${CIGARETTE_SRCS})
add_executable(riddle ${RIDDLE_SRCS})
add_executable(pursuer ${PURSUER_SRCS})
set(BOOST_LIBS program_options system)
find_package(Boost COMPONENTS ${BOOST_LIBS} REQUIRED)
find_library(LIBPCAP pcap)
find_package (Threads)
SET(CURSES_NEED_NCURSES TRUE)
find_package(Curses)
target_link_libraries(riddle ${Boost_LIBRARIES})
target_link_libraries(riddle ${LIBPCAP})
target_link_libraries(cigarette ${Boost_LIBRARIES})
target_link_libraries(cigarette ${CMAKE_THREAD_LIBS_INIT})
target_link_libraries(cigarette libAddress)
target_link_libraries(cigarette libPacket)
target_link_libraries(ranging ${Boost_LIBRARIES})
target_link_libraries(ranging ${CMAKE_THREAD_LIBS_INIT})
target_link_libraries(ranging ${CURSES_LIBRARY})
target_link_libraries(ranging libAddress)
target_link_libraries(ranging libPacket)
target_link_libraries(pursuer ${Boost_LIBRARIES})
target_link_libraries(pursuer ${CMAKE_THREAD_LIBS_INIT})
target_link_libraries(pursuer libAddress)
target_link_libraries(pursuer libPacket)

6
Cigarette.cpp
View file

@ -16,9 +16,9 @@
#include <iomanip>
#include <boost/asio.hpp>
#include <boost/program_options.hpp>
#include "libCigarette.h"
#include "libAddress.h"
#include "libPacket.h"
#include "./libraries/libCigarette.h"
#include "./commons/libAddress.h"
#include "./commons/libPacket.h"
using namespace std;
using namespace boost;

8
Pursuer.cpp
View file

@ -17,10 +17,10 @@
#include <iomanip>
#include <boost/asio.hpp>
#include <boost/program_options.hpp>
#include "libCigarette.h"
#include "libAddress.h"
#include "libPacket.h"
#include "libPursuer.h"
#include "./libraries/libCigarette.h"
#include "./commons/libAddress.h"
#include "./commons/libPacket.h"
#include "./libraries/libPursuer.h"
using namespace std;
using namespace boost;

6
Ranging.cpp
View file

@ -19,9 +19,9 @@
#include <boost/program_options.hpp>
#include <curses.h>
#include "libAddress.h"
#include "libPacket.h"
#include "libRanging.h"
#include "./commons/libAddress.h"
#include "./commons/libPacket.h"
#include "./libraries/libRanging.h"
#define TIMETOLIVE 50
#define THRESHOLD 1

2
Riddle.cpp
View file

@ -16,7 +16,7 @@
#include <limits>
#include <pcap.h>
#include <boost/program_options.hpp>
#include "libRiddle.h"
#include "./libraries/libRiddle.h"
#ifdef __linux__
#include <unistd.h>

7
commons/CMakeLists.txt Normal file
View file

@ -0,0 +1,7 @@
project (commons)
add_library (libAddress STATIC libAddress.h libAddress.cpp)
add_library (libPacket STATIC libPacket.h libPacket.cpp)
target_link_libraries (libAddress)
target_link_libraries (libPacket)

0
libAddress.cpp → commons/libAddress.cpp
View file

0
libAddress.h → commons/libAddress.h
View file

0
libPacket.cpp → commons/libPacket.cpp
View file

306
commons/libPacket.h Normal file
View file

@ -0,0 +1,306 @@
//============================================================================
// Name : Riddle
// Author : Andrea Bontempi
// Version : 0.1
// Copyright : GNU GPL3
// Description : Network Sniffer
//
// Special Thanks to fede.tft for the big help :-)
//
//============================================================================
#ifndef LIBHEADER_H
#define LIBHEADER_H
/* EtherType */
#define ETHER_V2_CODE 0x0600 /** Più alto è ethertype, più basso è dimensione */
#define ETHER_TYPE_IPV4 0x0800 /** EtherType IPv4 */
#define ETHER_TYPE_ARP 0x0806 /** EtherType ARP */
#define ETHER_TYPE_IEEE802 0x8100 /** EtherType IEEE 802 */
#define ETHER_TYPE_IPV6 0x86DD /** EtherType IPv6 */
#define ETHER_TYPE_PPP 0x880B /** EtherType PPP */
/* ARP */
#define ARP_OFFSET 14 /** Punto dove inizia l'header ARP */
/* IPv4 */
#define IPv4_OFFSET 14 /** Punto dove inizia l'header IPv4 */
#define IPV4_TYPE_ICMP 0x01 /** IPv4 Type ICMP */
#define IPV4_TYPE_TCP 0x06 /** IPv4 Type TCP */
#define IPV4_TYPE_UDP 0x11 /** IPv4 Type UDP */
/* TCP */
#define TCP_OFFSET 34 /** Punto dove inizia l'header TCP */
#define TCP_STANDARD 20 /** Standard header lenght (byte) */
/* UDP */
#define UDP_OFFSET 34 /** Punto dove inizia l'header UDP */
/* ICMP */
#define ICMPV4_OFFSET 34 /** Punto dove inizia l'header ICMP */
#define ICMPV4_ECHO_REP 0 /** ICMP Type - Echo Reply (PING) */
#define ICMPV4_UNREACH 3 /** ICMP Type - Unreach */
#define ICMPV4_REDIRECT 5 /** ICMP Type - Redirect */
#define ICMPV4_ECHO_REQ 8 /** ICMP Type - Echo Request (PING) */
#define ICMPV4_TRACERT 30 /** ICMP Type - Tracert */
/* INCLUDE */
#include <string>
#include <boost/asio.hpp>
#include <stdint.h>
#include "libAddress.h"
/** Class for managing packets */
class packet
{
protected:
uint64_t timeEpoch; /** Timestamp */
uint32_t timeMillis; /** Millisecond from timestamp */
uint32_t pkgLength; /** Packet length */
std::string rawData; /** Raw packet recived from riddle */
public:
/** Overflow management */
class Overflow {};
/** Class constructor with delayed instantiation*/
static packet* factory(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
/** Class constructor with delayed instantiation, auto-split mode*/
static packet* factory(std::string packetLine);
/** Virtual destructor */
virtual ~packet() {}
/* GENERAL FUNCTIONS */
/** Returns the packet length in bytes. */
uint32_t getPacketLength();
/** Returns packet epoch */
uint64_t getEpoch();
/** Returns milliseconds passed from epoch */
uint32_t getMillis();
/** Legge n byte a partire dal byte voluto e li restituisce in stringa. */
std::string getHexString(int string_cursor, int read_byte);
/** Legge IPv4 dal byte voluto e restituisce in formato decimale. */
std::string getDecimalIP(int string_cursor);
/** Salva MAC address a partire da un punto (n° del byte) della stringa rawData */
mac_address getMacAddress(int string_cursor);
/** Salva IPv4 address a partire da un punto (n° del byte) della stringa rawData */
boost::asio::ip::address getIPv4Address(int string_cursor);
/** True se e' un pacchetto ARP */
bool isArp();
/** True se e' un pacchetto IPv4 */
bool isIPv4();
/** True se e' un pacchetto IPv6*/
bool isIPv6();
/* ETHERNET FUNCTIONS */
/** Restituisce MAC della scheda di rete che ha inviato la trama*/
mac_address getSenderMac();
/** Restituisce MAC del destinatario della trama*/
mac_address getTargetMac();
/** Restituisce ethertype */
uint16_t getEtherType();
};
/** Class for managing ARP packets */
class ARPpacket : public packet
{
public:
/** Costruttore finale */
ARPpacket(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
/** Ritorna OpCode */
uint16_t getOpCode();
/** Ritorna indirizzo IP del mittente */
boost::asio::ip::address getSenderIp();
/** Ritorna indirizzo IP del destinatario */
boost::asio::ip::address getTargetIp();
};
/** Class for managing IPv4 packets */
class IPv4packet : public packet
{
public:
/** Class constructor with delayed instantiation */
static packet* factory(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
/** Ritorna indirizzo IP del mittente */
boost::asio::ip::address getSenderIp();
/** Ritorna indirizzo IP del destinatario */
boost::asio::ip::address getTargetIp();
/** Ritorna identificatore **/
uint16_t getIdentity();
/** Ritorna il Time To Live **/
uint16_t getTTL();
/** Ritorna il tipo di protocollo incapsulato */
uint16_t getProtocolType();
/** Ritorna checksum */
uint16_t getIPChecksum();
/** Verify checksum **/
bool verifyIPChecksum();
/** True se incapsula un pacchetto TCP */
bool isTCP();
/** True se incapsula un pacchetto UDP */
bool isUDP();
/** True se incapsula un pacchetto ICMP */
bool isICMP();
};
/** Class for managing TCPv4 packets */
class TCPv4packet : public IPv4packet
{
public:
/** Flag pubblica usabile per marcare uno specifico oggetto TCPv4packet **/
bool public_flag;
/** Costruttore finale */
TCPv4packet(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
/** Restituisce porta TCP del mittente */
uint16_t getSenderPort();
/** Restituisce porta TCP del destinatario */
uint16_t getTargetPort();
/** Restituisce il numero di sequenza */
uint32_t getSequenceNumber();
/** Restituisce il numero di acknowledgment */
uint32_t getAcknowledgmentNumber();
/** Ritorna dimensione dell'header TCP in byte */
unsigned int getHeaderLength();
/** Ritorna dimensione del payload TCP in byte */
unsigned int getPayloadLength();
/** Ritorna i flag TCP in formato raw, da processare */
int getFlags();
/** Ritorna dimensione della finestra di ricezione */
unsigned int getWindowSize();
/** Ritorna checksum */
unsigned int getTCPChecksum();
/** Verify checksum **/
bool verifyTCPChecksum();
/** Ritorna l'urgent pointer */
unsigned int getUrgentPointer();
/** Ritorna le opzioni TCP in formato raw, da processare */
std::string getOptionRaw();
/** Ritorna le opzioni TCP in una std::map */
std::map<int, std::string> getOptionMap();
/** Ritorna i dati trasportati dal pacchetto TCP */
std::string getPayLoad();
/** True se ha flag ACK */
bool isACK();
/** True se ha flag SYN */
bool isSYN();
/** True se ha flag FIN */
bool isFIN();
/** True se ha flag RST */
bool isRST();
/** True se ha flag PSH */
bool isPSH();
/** True se ha flag URG */
bool isURG();
/** True se ha flag ECE */
bool isECE();
/** True se ha flag CWR */
bool isCWR();
/** True se sono presenti delle opzioni aggiuntive */
bool isOption();
};
/** Class for managing UDPv4 packets */
class UDPv4packet : public IPv4packet
{
public:
/** Costruttore finale */
UDPv4packet(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
/** Ritorna porta UDP del mittente */
unsigned int getSenderPort();
/** Ritorna porta UDP del destinatario */
unsigned int getTargetPort();
};
/** Class for managing ICMPv4 packets */
class ICMPv4packet : public IPv4packet
{
public:
/** Costruttore finale */
ICMPv4packet(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
/** Ritorna il tipo di messaggio ICMP */
uint16_t getMessageType();
/** Ritorna il MessageCode */
uint16_t getMessageCode();
};
/** Class for managing unknown packets */
class UnknownPacket : public packet
{
public:
/** Costruttore finale */
UnknownPacket(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i);
};
#endif //LIBHEADER_H

68
lib/libAddress.cpp Normal file
View file

@ -0,0 +1,68 @@
//============================================================================
// Name : Riddle
// Author : Andrea Bontempi
// Version : 0.1
// Copyright : GNU GPL3
// Description : Network Sniffer
//
// Special Thanks to fede.tft for the big help :-)
//
//============================================================================
#include <string>
#include <sstream>
#include <iomanip>
#include "libAddress.h"
/** Costruttore */
mac_address::mac_address(const std::string& rawData)
{
int l = 0;
std::string temp;
temp.reserve(2);
for (int i=0; i<=11; i++)
{
temp += rawData[i];
if (i%2 != 0)
{
std::stringstream convert(temp);
convert>>std::hex>>byte[l];
l++;
temp = "";
}
}
return;
}
/** Restituisce indirizzo stampabile */
std::string mac_address::to_string()
{
std::string stamp;
std::stringstream temp;
for (int i=0; i<=5; i++)
{
temp<<std::setfill('0')<<std::setw(2)<<std::hex<<(int) byte[i];
stamp += temp.str();
temp.str("");
if (i != 5) stamp += ':';
}
return stamp;
}
/** Overload, definisco confronto tra indirizzi */
bool mac_address::operator==(const mac_address& otherMac)
{
for(int i=0; i<=5; i++)
{
if(byte[i] != otherMac.byte[i])
{
return false;
}
}
return true;
}

40
lib/libAddress.h Normal file
View file

@ -0,0 +1,40 @@
//============================================================================
// Name : Riddle
// Author : Andrea Bontempi
// Version : 0.1
// Copyright : GNU GPL3
// Description : Network Sniffer
//
// Special Thanks to fede.tft for the big help :-)
//
//============================================================================
#ifndef LIBADDRESS_H
#define LIBADDRESS_H
#include <string>
#include <cstring>
#include <stdint.h>
/* Class for managing MAC address */
class mac_address
{
private:
uint16_t byte[6];
public:
/** Costruttore: riceve indirizzo in stringa codifica esadecimale. */
mac_address() {
std::memset(byte,0,6);
}
mac_address(const std::string&);
bool operator==(const mac_address& otherMac);
/** Restituisce stringa stampabile a schermo. */
std::string to_string();
};
#endif //LIBADDRESS_H

0
libCigarette.cpp → lib/libCigarette.cpp
View file

0
libCigarette.h → lib/libCigarette.h
View file

575
lib/libPacket.cpp Normal file
View file

@ -0,0 +1,575 @@
//============================================================================
// Name : Riddle
// Author : Andrea Bontempi
// Version : 0.1
// Copyright : GNU GPL3
// Description : Network Sniffer
//
// Special Thanks to fede.tft for the big help :-)
//
//============================================================================
#include <cstdio>
#include <iostream>
#include <cstdlib>
#include <sstream>
#include <stdexcept>
#include <string>
#include <ios>
#include <map>
#include <boost/lexical_cast.hpp>
#include <boost/algorithm/string/split.hpp>
#include <boost/algorithm/string/classification.hpp>
#include "libPacket.h"
#include "libAddress.h"
/* PACKET */
using namespace boost;
packet* packet::factory(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
uint16_t protocol_type;
std::string temp;
temp.reserve(4);
for (int i = 24; i <= 27; i++)
{
temp += rawData_i[i];
}
std::stringstream convert ( temp );
convert>>std::hex>>protocol_type;
packet *p;
if (protocol_type == ETHER_TYPE_ARP)
{
p = new ARPpacket(timeEpoch_i, timeMillis_i, rawData_i);
} else if (protocol_type == ETHER_TYPE_IPV4)
{
p = IPv4packet::factory(timeEpoch_i, timeMillis_i, rawData_i);
} else {
p = new UnknownPacket(timeEpoch_i, timeMillis_i, rawData_i);
}
return p;
}
packet* packet::factory(std::string packetLine)
{
std::vector< std::string > section;
boost::algorithm::split(section, packetLine, boost::algorithm::is_any_of("!"));
packet* pkg = packet::factory(lexical_cast<int>(section[0]), lexical_cast<int>(section[1]), section[2]);
return pkg;
}
uint32_t packet::getPacketLength()
{
return pkgLength;
}
uint64_t packet::getEpoch()
{
return timeEpoch;
}
uint32_t packet::getMillis()
{
return timeMillis;
}
std::string packet::getHexString(int string_cursor, int read_byte)
{
std::string temp;
temp.reserve(read_byte * 2);
if (string_cursor + read_byte > this->getPacketLength()) throw Overflow();
for (int i = string_cursor * 2; i < (string_cursor * 2) + (read_byte * 2); i++)
{
temp += rawData[i];
}
return temp;
}
std::string packet::getDecimalIP(int string_cursor)
{
std::string temp;
std::string stamp;
temp.reserve(2);
for (int i=0; i <= 7; i++)
{
temp += rawData[(string_cursor*2)+i];
if (i%2 != 0)
{
std::stringstream convert(temp);
int a;
convert>>std::hex>>a;
stamp += lexical_cast<std::string>(a);
if (i != 7) stamp += ".";
temp = "";
}
}
return stamp;
}
mac_address packet::getMacAddress(int string_cursor)
{
mac_address mac_temp(this->getHexString(string_cursor, 6));
return mac_temp;
}
bool packet::isArp()
{
return (this->getEtherType() == ETHER_TYPE_ARP);
}
bool packet::isIPv4()
{
return (this->getEtherType() == ETHER_TYPE_IPV4);
}
bool packet::isIPv6()
{
return (this->getEtherType() == ETHER_TYPE_IPV6);
}
mac_address packet::getSenderMac()
{
return this->getMacAddress(6);
}
mac_address packet::getTargetMac()
{
return this->getMacAddress(0);
}
uint16_t packet::getEtherType()
{
uint16_t protocol_type;
std::stringstream convert (this->getHexString(12, 2));
convert>>std::hex>>protocol_type;
return protocol_type;
}
/* ARP */
ARPpacket::ARPpacket(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
return;
}
uint16_t ARPpacket::getOpCode()
{
uint16_t opcode;
std::stringstream convert (this->getHexString(ARP_OFFSET+6, 2));
convert>>std::hex>>opcode;
return opcode;
}
boost::asio::ip::address ARPpacket::getSenderIp()
{
boost::asio::ip::address newaddr = boost::asio::ip::address::from_string(this->getDecimalIP(ARP_OFFSET+14));
return newaddr;
}
boost::asio::ip::address ARPpacket::getTargetIp()
{
boost::asio::ip::address newaddr = boost::asio::ip::address::from_string(this->getDecimalIP(ARP_OFFSET+24));
return newaddr;
}
/* IPV4 */
packet* IPv4packet::factory(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
uint16_t protocol_type;
std::string temp;
temp.reserve(2);
for (int i = 46; i <= 47; i++)
{
temp += rawData_i[i];
}
std::stringstream convert ( temp );
convert>>std::hex>>protocol_type;
packet *p;
if (protocol_type == IPV4_TYPE_TCP)
{
p = new TCPv4packet(timeEpoch_i, timeMillis_i, rawData_i);
} else if (protocol_type == IPV4_TYPE_UDP)
{
p = new UDPv4packet(timeEpoch_i, timeMillis_i, rawData_i);
} else if (protocol_type == IPV4_TYPE_ICMP)
{
p = new ICMPv4packet(timeEpoch_i, timeMillis_i, rawData_i);
} else {
p = new UnknownPacket(timeEpoch_i, timeMillis_i, rawData_i);
}
return p;
}
asio::ip::address IPv4packet::getSenderIp()
{
boost::asio::ip::address newaddr = boost::asio::ip::address::from_string(this->getDecimalIP(IPv4_OFFSET+12));
return newaddr;
}
asio::ip::address IPv4packet::getTargetIp()
{
boost::asio::ip::address newaddr = boost::asio::ip::address::from_string(this->getDecimalIP(IPv4_OFFSET+16));
return newaddr;
}
uint16_t IPv4packet::getIdentity()
{
uint16_t id;
std::stringstream convert (this->getHexString(IPv4_OFFSET+4, 2));
convert>>std::hex>>id;
return id;
}
uint16_t IPv4packet::getTTL()
{
uint16_t ttl;
std::stringstream convert (this->getHexString(IPv4_OFFSET+8, 1));
convert>>std::hex>>ttl;
return ttl;
}
uint16_t IPv4packet::getProtocolType()
{
uint16_t protocol_type;
std::stringstream convert (this->getHexString(IPv4_OFFSET+9, 1));
convert>>std::hex>>protocol_type;
return protocol_type;
}
uint16_t IPv4packet::getIPChecksum()
{
uint16_t cs;
std::stringstream convert (this->getHexString(IPv4_OFFSET+10, 2));
convert>>std::hex>>cs;
return cs;
}
bool IPv4packet::verifyIPChecksum()
{
int sum = 0;
for(int i = 0; i < 20; i += 2)
{
short unsigned int temp;
std::stringstream convert (this->getHexString(IPv4_OFFSET+i,2));
convert >> std::hex >> temp;
sum += temp;
}
return ((sum & 0xFFFF) + (sum >>= 16) == 0xFFFF);
}
bool IPv4packet::isTCP()
{
return (this->getProtocolType() == IPV4_TYPE_TCP);
}
bool IPv4packet::isUDP()
{
return (this->getProtocolType() == IPV4_TYPE_UDP);
}
bool IPv4packet::isICMP()
{
return (this->getProtocolType() == IPV4_TYPE_ICMP);
}
/* ICMP */
ICMPv4packet::ICMPv4packet(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
return;
}
uint16_t ICMPv4packet::getMessageType()
{
uint16_t message_type;
std::stringstream convert (this->getHexString(ICMPV4_OFFSET, 1));
convert>>std::hex>>message_type;
return message_type;
}
uint16_t ICMPv4packet::getMessageCode()
{
uint16_t message_code;
std::stringstream convert (this->getHexString(ICMPV4_OFFSET+1, 1));
convert>>std::hex>>message_code;
return message_code;
}
/* TCP */
TCPv4packet::TCPv4packet(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
public_flag = false;
return;
}
uint16_t TCPv4packet::getSenderPort()
{
uint16_t port;
std::stringstream convert (this->getHexString(TCP_OFFSET, 2));
convert>>std::hex>>port;
return port;
}
uint16_t TCPv4packet::getTargetPort()
{
uint16_t port;
std::stringstream convert (this->getHexString(TCP_OFFSET+2, 2));
convert>>std::hex>>port;
return port;
}
uint32_t TCPv4packet::getSequenceNumber()
{
uint32_t sn;
std::stringstream convert (this->getHexString(TCP_OFFSET+4, 4));
convert>>std::hex>>sn;
return sn;
}
uint32_t TCPv4packet::getAcknowledgmentNumber()
{
uint32_t an;
std::stringstream convert (this->getHexString(TCP_OFFSET+8, 4));
convert>>std::hex>>an;
return an;
}
unsigned int TCPv4packet::getHeaderLength()
{
/*
* Sono utilizzati solo i primi 8 bit del byte, necessita traslazione.
* Indica i gruppi da 32 bit contenuti, necessita conversione.
*/
unsigned int hl;
std::stringstream convert (this->getHexString(TCP_OFFSET+12, 1));
convert>>std::hex>>hl;
hl >>= 4;
hl = (hl * 32) / 8;
return hl;
}
unsigned int TCPv4packet::getPayloadLength()
{
return (this->getPayLoad().length())/2;
}
int TCPv4packet::getFlags()
{
int flag;
std::stringstream convert (this->getHexString(TCP_OFFSET+13, 1));
convert>>std::hex>>flag;
return flag;
}
unsigned int TCPv4packet::getWindowSize()
{
unsigned int ws;
std::stringstream convert (this->getHexString(TCP_OFFSET+14, 2));
convert>>std::hex>>ws;
return ws;
}
unsigned int TCPv4packet::getTCPChecksum()
{
unsigned int cs;
std::stringstream convert (this->getHexString(TCP_OFFSET+16, 2));
convert>>std::hex>>cs;
return cs;
}
bool TCPv4packet::verifyTCPChecksum()
{
// TODO - Checksum TCP non viene usato???
}
unsigned int TCPv4packet::getUrgentPointer()
{
unsigned int up;
std::stringstream convert (this->getHexString(TCP_OFFSET+18, 2));
convert>>std::hex>>up;
return up;
}
std::string TCPv4packet::getOptionRaw()
{
return this->getHexString(TCP_OFFSET + TCP_STANDARD, this->getHeaderLength() - TCP_STANDARD);
}
std::map< int, std::string > TCPv4packet::getOptionMap()
{
std::map<int, std::string> tempMap;
if(this->isOption() && !this->isSYN()) // FIXME - SYN usa altro protocollo???
{
for(int i=0; i < (this->getHeaderLength() - TCP_STANDARD); i++)
{
int read;
std::stringstream convert ( this->getHexString(TCP_OFFSET+TCP_STANDARD+i, 1) );
convert >> std::hex >> read;
if(read != 1)
{
std::stringstream convert2 ( this->getHexString(TCP_OFFSET+TCP_STANDARD+i+1, 1) );
int optionLength;
convert2 >> std::hex >> optionLength;
tempMap[read] = this->getHexString(TCP_OFFSET+TCP_STANDARD+i+2, optionLength-2);
i += optionLength;
}
}
}
return tempMap;
}
std::string TCPv4packet::getPayLoad()
{
int start = TCP_OFFSET + this->getHeaderLength();
return this->getHexString(start, this->getPacketLength() - start);
}
bool TCPv4packet::isCWR()
{
return (this->getFlags() & 128);
}
bool TCPv4packet::isECE()
{
return (this->getFlags() & 64);
}
bool TCPv4packet::isURG()
{
return (this->getFlags() & 32);
}
bool TCPv4packet::isACK()
{
return (this->getFlags() & 16);
}
bool TCPv4packet::isPSH()
{
return (this->getFlags() & 8);
}
bool TCPv4packet::isRST()
{
return (this->getFlags() & 4);
}
bool TCPv4packet::isSYN()
{
return (this->getFlags() & 2);
}
bool TCPv4packet::isFIN()
{
return (this->getFlags() & 1);
}
bool TCPv4packet::isOption()
{
return (this->getHeaderLength() > TCP_STANDARD);
}
/* UDP */
UDPv4packet::UDPv4packet(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
return;
}
unsigned int UDPv4packet::getSenderPort()
{
unsigned int port;
std::stringstream convert (this->getHexString(UDP_OFFSET, 2));
convert>>std::hex>>port;
return port;
}
unsigned int UDPv4packet::getTargetPort()
{
unsigned int port;
std::stringstream convert (this->getHexString(UDP_OFFSET+2, 2));
convert>>std::hex>>port;
return port;
}
/* UNKNOWN */
UnknownPacket::UnknownPacket(uint64_t timeEpoch_i, uint32_t timeMillis_i, std::string rawData_i)
{
timeEpoch = timeEpoch_i;
timeMillis = timeMillis_i;
rawData = rawData_i;
pkgLength = rawData_i.length() / 2;
return;
}

0
libPacket.h → lib/libPacket.h
View file

0
libPursuer.cpp → lib/libPursuer.cpp
View file

0
libPursuer.h → lib/libPursuer.h
View file

0
libRanging.cpp → lib/libRanging.cpp
View file

0
libRanging.h → lib/libRanging.h
View file

0
libRiddle.cpp → lib/libRiddle.cpp
View file

0
libRiddle.h → lib/libRiddle.h
View file

0
libraries/CMakeLists.txt Normal file
View file

68
libraries/libCigarette.cpp Normal file
View file

@ -0,0 +1,68 @@
//============================================================================
// Name : Riddle
// Author : Andrea Bontempi
// Version : 0.1
// Copyright : GNU GPL3
// Description : Network Sniffer
//
// Special Thanks to fede.tft for the big help :-)
//
//============================================================================
#include <cstdio>
#include <cstdlib>
#include <string>
#include "libCigarette.h"
std::string ether_type_decode(uint16_t start)
{
// Maggiore o uguale di 1536(0x0600) per Ethernet v2, minore per versione
if (start >= ETHER_V2_CODE)
{
switch (start)
{
case (ETHER_TYPE_IPV4):
return "IPv4";
case (ETHER_TYPE_ARP):
return "ARP";
case (ETHER_TYPE_IPV6):
return "IPv6";
case (ETHER_TYPE_PPP):
return "PPP";
case (ETHER_TYPE_IEEE802):
return "IEEE 802.1Q";
default:
return "UNDEFINED";
}
}
else return "Ethernet IEEE 802.3";
}
std::string ipv4_type_decode(uint16_t start)
{
switch (start)
{
case (IPV4_TYPE_TCP):
return "TCP";
case (IPV4_TYPE_UDP):
return "UDP";
case (IPV4_TYPE_ICMP):
return "ICMP";
default:
return "UNDEFINED";
}
}
std::string icmpv4_type_decode(uint16_t start)
{
switch (start)
{
case (ICMPV4_ECHO_REQ):
return "ECHO Request";
case (ICMPV4_ECHO_REP):
return "ECHO Reply";
default:
return "UNDEFINED";
}
}

22
libraries/libCigarette.h Normal file
View file

@ -0,0 +1,22 @@
//============================================================================
// Name : Riddle
// Author : Andrea Bontempi
// Version : 0.1
// Copyright : GNU GPL3
// Description : Network Sniffer
//
// Special Thanks to fede.tft for the big help :-)
//
//============================================================================
#ifndef LIBCIGARETTE_H
#define LIBCIGARETTE_H
#include <string>
#include "../commons/libPacket.h"
std::string ether_type_decode(uint16_t start);
std::string ipv4_type_decode(uint16_t start);
std::string icmpv4_type_decode(uint16_t start);
#endif //LIBCIGARETTE_H

285
libraries/libPursuer.cpp Normal file
View file

@ -0,0 +1,285 @@
//============================================================================
// Name : Riddle
// Author : Andrea Bontempi
// Version : 0.1
// Copyright : GNU GPL3
// Description : Network Sniffer
//
// Special Thanks to fede.tft for the big help :-)
//
//============================================================================
#include <cstdio>
#include <iostream>
#include <cstdlib>
#include <sstream>
#include <stdexcept>
#include <string>
#include <list>
#include <ios>
#include <boost/asio.hpp>
#include <list>
#include "../commons/libPacket.h"
#include "../commons/libAddress.h"
#include "libPursuer.h"
std::string decodeHexText(std::string raw)
{
std::string text;
for(int i = 0; i <= raw.size(); i += 2)
{
std::string comp;
comp += (char)raw[i];
comp += (char)raw[i+1];
std::stringstream convert(comp);
int temp;
convert >> std::hex >> temp;
text += (char)temp;
}
return text;
}
bool stream::factory(TCPv4packet *packet)
{
if(packet->isSYN())
{
if(!packet->isACK())
{
timeEpoch = packet->getEpoch();
timeMillis = packet->getMillis();
macAddress[0] = packet->getSenderMac();
macAddress[1] = packet->getTargetMac();
ipAddress[0] = packet->getSenderIp();
ipAddress[1] = packet->getTargetIp();
port[0] = packet->getSenderPort();
port[1] = packet->getTargetPort();
sequenceNumber[0] = packet->getSequenceNumber();
sequenceNumber[1] = 0;
flagFirstFIN = false;
flagSecondFIN = false;
delete packet;
return true;
}
else
{
if(sequenceNumber[0] + 1 == packet->getAcknowledgmentNumber())
{
sequenceNumber[1] = packet->getSequenceNumber();
delete packet;
return true;
}
}
}
delete packet;
return false;
}
bool stream::addPacket(TCPv4packet *newPacket)
{
using namespace std;
int a,b;
if(!newPacket->isSYN())
{
if(newPacket->getSenderPort() == port[0])
{
// Siamo nel primo buffer
a = 1;
b = 0;
}
else if(newPacket->getSenderPort() == port[1])
{
// Siamo nel secondo buffer
a = 0;
b = 1;
}
else return false; // Buffer non identificato.
if(newPacket->isACK()) // Se c'è ACK setto il flag sul pacchetto corrispondente, se c'è.
{
for (list<TCPv4packet*>::iterator it = buffer[a].begin(); it != buffer[a].end(); it++)
{
if( (*it)->getSequenceNumber() == newPacket->getAcknowledgmentNumber() - ((*it)->getPayLoad().size()/2))
{
(*it)->public_flag = true;
break;
}
}
}
if(newPacket->getPayLoad().size() != 0) // Salvo il pacchetto solo se ha del payload.
{
buffer[b].push_back(newPacket);
}
return true;
}
return false;
}
void stream::flushBuffer(int number)
{
bool isFound;
do {
isFound = false;
for (std::list<TCPv4packet*>::iterator it = buffer[number].begin(); it != buffer[number].end(); it++)
{
if(sequenceNumber[number] + 1 == (*it)->getSequenceNumber() && (*it)->public_flag)
{
std::string payload = (*it)->getPayLoad();
flow[number] += payload;
sequenceNumber[number] += payload.size()/2; // unsigned, si azzera come avviene nel tcp.
buffer[number].remove(*it);
isFound = true;
break;
}
}
} while (isFound);
}
void stream::flushFirstBuffer()
{
flushBuffer(0);
}
void stream::flushSecondBuffer()
{
flushBuffer(1);
}
std::string stream::exportFlow()
{
std::stringstream stdstring;
stdstring << timeEpoch << "!" << timeMillis << "!";
stdstring << macAddress[0].to_string() << "!" << macAddress[1].to_string() << "!";
stdstring << ipAddress[0].to_string() << "!" << ipAddress[1].to_string() << "!";
stdstring << port[0] << "!" << port[1] << "!";
stdstring << flow[0] << "!" << flow[1];
return stdstring.str();;
}
std::string stream::exportRawFlow()
{
std::stringstream stdstring;
stdstring << ">> Nuovo flusso:" << std::endl;
stdstring << ">> A -> B:" << std::endl;
stdstring << decodeHexText(flow[0]) << std::endl;
stdstring << ">> B -> A:" << std::endl;
stdstring << decodeHexText(flow[1]) << std::endl;
return stdstring.str();
}
uint64_t stream::getBufferLength()
{
uint64_t bufferlenght = 0;
for(int i = 0; i <= 1; i++)
{
for (std::list<TCPv4packet*>::iterator it = buffer[i].begin(); it != buffer[i].end(); it++)
{
bufferlenght += (*it)->getPayloadLength();
}
}
return bufferlenght;
}
uint64_t stream::getFlowLength()
{
return (flow[0].length() + flow[1].length())/2;
}
uint64_t stream::getTimeEpoch()
{
return timeEpoch;
}
uint32_t stream::getTimeMillis()
{
return timeMillis;
}
mac_address stream::getFirstMacAddress()
{
return macAddress[0];
}
mac_address stream::getSecondMacAddress()
{
return macAddress[1];
}
boost::asio::ip::address stream::getFirstIpAddress()
{
return ipAddress[0];
}
boost::asio::ip::address stream::getSecondIpAddress()
{
return ipAddress[1];
}
uint16_t stream::getFirstPort()
{
return port[0];
}
uint16_t stream::getSecondPort()
{
return port[1];
}
uint32_t stream::getFirstSN()
{
return sequenceNumber[0];
}
uint32_t stream::getSecondSN()
{
return sequenceNumber[1];
}
bool stream::isFIN()
{
return flagFirstFIN && flagSecondFIN;
}

76
libraries/libPursuer.h Normal file
View file

@ -0,0 +1,76 @@
//============================================================================
// Name : Riddle
// Author : Andrea Bontempi
// Version : 0.1
// Copyright : GNU GPL3
// Description : Network Sniffer
//
// Special Thanks to fede.tft for the big help :-)
//
//============================================================================
#ifndef LIBPURSUER_H
#define LIBPURSUER_H
#include <list>
#include <string>
#include <boost/asio.hpp>
#include <boost/concept_check.hpp>
#include "../commons/libAddress.h"
#include "../commons/libPacket.h"
std::string decodeHexText(std::string raw);
/** Class for managing TCP flow. */
class stream
{
private:
uint64_t timeEpoch;
uint32_t timeMillis;
bool flagFirstFIN;
bool flagSecondFIN;
mac_address macAddress[2];
boost::asio::ip::address ipAddress[2];
uint16_t port[2];
std::list<TCPv4packet*> buffer[2];
uint32_t sequenceNumber[2];
std::string flow[2];
void flushBuffer(int number);
public:
bool factory(TCPv4packet *packet);
bool addPacket(TCPv4packet *newPacket);
void flushFirstBuffer();
void flushSecondBuffer();
uint64_t getTimeEpoch();
uint32_t getTimeMillis();
mac_address getFirstMacAddress();
mac_address getSecondMacAddress();
boost::asio::ip::address getFirstIpAddress();
boost::asio::ip::address getSecondIpAddress();
uint16_t getFirstPort();
uint16_t getSecondPort();
uint32_t getFirstSN();
uint32_t getSecondSN();
/* Ritorna in byte la somma dei payload dei pachetti nel buffer */
uint64_t getBufferLength();
/* Ritorna lunghezza in byte dei due flussi in uscita */
uint64_t getFlowLength();
std::string exportFlow();
std::string exportRawFlow();
bool isFIN();
};
#endif //LIBPURSUER_H

41
libraries/libRanging.cpp Normal file
View file

@ -0,0 +1,41 @@
//============================================================================
// Name : Riddle
// Author : Andrea Bontempi
// Version : 0.1
// Copyright : GNU GPL3
// Description : Network Sniffer
//
// Special Thanks to fede.tft for the big help :-)
//
//============================================================================
#include "libRanging.h"
device::device(mac_address newMac, boost::asio::ip::address newIp, long int newEpoch)
{
mac = newMac;
ip = newIp;
timeEpoch = newEpoch;
return;
}
boost::asio::ip::address device::getIpAddress()
{
return ip;
}
mac_address device::getMacAddress()
{
return mac;
}
long int device::getEpoch()
{
return timeEpoch;
}
void device::setEpoch(long int newEpoch)
{
timeEpoch = newEpoch;
return;
}

32
libraries/libRanging.h Normal file
View file

@ -0,0 +1,32 @@
//============================================================================
// Name : Riddle
// Author : Andrea Bontempi
// Version : 0.1
// Copyright : GNU GPL3
// Description : Network Sniffer
//
// Special Thanks to fede.tft for the big help :-)
//
//============================================================================
#ifndef LIBRANGING_H
#define LIBRANGING_H
#include <boost/asio.hpp>
#include "../commons/libAddress.h"
class device
{
private:
mac_address mac;
boost::asio::ip::address ip;
long int timeEpoch;
public:
device(mac_address newMac, boost::asio::ip::address newIp, long int newEpoch);
mac_address getMacAddress();
boost::asio::ip::address getIpAddress();
long int getEpoch();
void setEpoch(long int newEpoch);
};
#endif //LIBRANGING_H

65
libraries/libRiddle.cpp Normal file
View file

@ -0,0 +1,65 @@
//============================================================================
// Name : Riddle
// Author : Andrea Bontempi
// Version : 0.1
// Copyright : GNU GPL3
// Description : Network Sniffer
//
// Special Thanks to fede.tft for the big help :-)
//
//============================================================================
#include <cstdio>
#include <iostream>
#include <cstdlib>
#include <sstream>
#include <stdexcept>
#include "libRiddle.h"
// Non mettere using namespace generali in header file.
void pcap_fatal(const char *error_in, const char *error_buffer)
{
std::stringstream ss;
ss<<"Fatal Error in "<<error_in<<": "<<error_buffer;
throw(std::runtime_error(ss.str()));
}
static void memPrint(const unsigned char *start, char len, int index)
{
printf("0x%08x | ",index);
int i;
for (i=0;i<len;i++) printf("%02x ",start[i]);
for (i=0;i<(16-len);i++) printf(" ");
printf("| ");
for (i=0;i<len;i++)
{
if ((start[i]>32)&&(start[i]<128)) printf("%c",start[i]);
else printf(".");
}
printf("\n");
}
void hexDump(const unsigned char *start, struct pcap_pkthdr header)
{
std::cout<<std::endl<<"[TS: "<<header.ts.tv_sec;
std::cout<<" uS: "<<header.ts.tv_usec;
std::cout<<"] Received "<<header.len<<" byte:"<<std::endl;
int index=0;
while (header.len>16)
{
memPrint(start,16,index);
header.len-=16;
start+=16;
index+=16;
}
if (header.len>0) memPrint(start,header.len,index);
}
void rawDump(const unsigned char *start, struct pcap_pkthdr header)
{
std::cout<<header.ts.tv_sec<<"!";
std::cout<<header.ts.tv_usec<<"!";
for (int i=0;i<header.len;i++) printf("%02x",start[i]);
std::cout<<std::endl;
}

30
libraries/libRiddle.h Normal file
View file

@ -0,0 +1,30 @@
//============================================================================
// Name : Riddle
// Author : Andrea Bontempi
// Version : 0.1
// Copyright : GNU GPL3
// Description : Network Sniffer
//
// Special Thanks to fede.tft for the big help :-)
//
//============================================================================
#ifndef LIBRIDDLE_H
#define LIBRIDDLE_H
#include <pcap.h>
/* struct pcap_pkthdr {
* struct timeval ts; time stamp
* bpf_u_int32 caplen; length of portion present
* bpf_u_int32; lebgth this packet (off wire)
} *
*/
void pcap_fatal(const char *error_in, const char *error_buffer);
/* Funzioni per la stampa su schermo dei dati in formato esadecimale */
void hexDump(const unsigned char *start, struct pcap_pkthdr header);
void rawDump(const unsigned char *start, struct pcap_pkthdr header);
#endif //LIBRIDDLE_H