diff --git a/src/main/java/de/hsh/inform/orientdb_project/Main.java b/src/main/java/de/hsh/inform/orientdb_project/Main.java index fb78031..d13d0e5 100644 --- a/src/main/java/de/hsh/inform/orientdb_project/Main.java +++ b/src/main/java/de/hsh/inform/orientdb_project/Main.java @@ -17,7 +17,7 @@ public class Main { public static void main(String[] args) { // TODO: Make this configurable or easy to exchange. String filename = "/home/jpt/Temp/tcpdump_2"; - OrientDbHelperService odhs = new OrientDbHelperService("192.168.0.110", "hshtest", "root", "root"); + OrientDbHelperService odhs = new OrientDbHelperService("127.0.0.1", "hshtest", "root", "root"); // Clean up existing database and set up schema from scratch odhs.cleanUpServer(); diff --git a/src/main/java/de/hsh/inform/orientdb_project/model/TcpConnection.java b/src/main/java/de/hsh/inform/orientdb_project/model/TcpConnection.java index 5685a29..b12d07e 100644 --- a/src/main/java/de/hsh/inform/orientdb_project/model/TcpConnection.java +++ b/src/main/java/de/hsh/inform/orientdb_project/model/TcpConnection.java @@ -1,7 +1,12 @@ package de.hsh.inform.orientdb_project.model; +import java.util.LinkedList; + import org.pcap4j.packet.TcpPacket; +import com.tinkerpop.blueprints.Vertex; + + public class TcpConnection { public long startTs; @@ -19,6 +24,8 @@ public class TcpConnection { public long volumeSourceToTarget; public long volumeTargetToSource; + public LinkedList knownTcpPacketVertices; + public TcpConnection(TcpPacket tcp, String sourceIp, String targetIp, long ts, int ms) { this.setStart(ts, ms); @@ -27,6 +34,7 @@ public class TcpConnection { this.sourcePort = tcp.getHeader().getSrcPort().valueAsInt(); this.targetIp = targetIp; this.targetPort = tcp.getHeader().getDstPort().valueAsInt(); + this.knownTcpPacketVertices = new LinkedList(); } public void setStart(long ts, int ms) { @@ -69,5 +77,26 @@ public class TcpConnection { sb.append(this.getTotalVolume()); return sb.toString(); } + + public void addKnownTcpPacketVertex(Vertex tcpPacketVertex) { + this.knownTcpPacketVertices.add(tcpPacketVertex); + } + + public Object[] getArguments() { + Object[] arguments = { + "startTs", this.startTs, + "startMs", this.startMs, + "endTs", this.endTs, + "endMs", this.endMs, + "sourceIp", this.sourceIp, + "sourcePort", this.sourcePort, + "targetIp", this.targetIp, + "targetPort", this.targetPort, + "volumeSourceToTarget", this.volumeSourceToTarget, + "volumeTargetToSource", this.volumeTargetToSource, + "totalVolume", this.getTotalVolume(), + }; + return arguments; + } } diff --git a/src/main/java/de/hsh/inform/orientdb_project/orientdb/HighPerformanceKappaOrientDbNetdataImportService.java b/src/main/java/de/hsh/inform/orientdb_project/orientdb/HighPerformanceKappaOrientDbNetdataImportService.java index 24b31ff..056ef69 100644 --- a/src/main/java/de/hsh/inform/orientdb_project/orientdb/HighPerformanceKappaOrientDbNetdataImportService.java +++ b/src/main/java/de/hsh/inform/orientdb_project/orientdb/HighPerformanceKappaOrientDbNetdataImportService.java @@ -120,17 +120,20 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe Edge isContainedInEdge = this.og.addEdge("class:isContainedIn", this.tcpPacket, this.ipPacket, "isContainedIn"); // Track tcp connections TcpConnection tcpConnection = this.getTcpConnectionFor(tcp); - // If connection exists and still "up to date" aka time difference < 1s - if(tcpConnection != null && (ts - tcpConnection.endTs <= 1)) { - // Update tcpConnection data - if(tcpConnection.sourceIp.equals(this.ipPacket.getProperty("sourceIp"))) { - // SourceIp -> TargetIp - tcpConnection.addVolumeSourceToTarget(tcp.getRawData().length - tcp.getHeader().length()); - } else { - // TargetIp -> SourceIp - tcpConnection.addVolumeTargetToSource(tcp.getRawData().length - tcp.getHeader().length()); + // If connection exists ... + if(tcpConnection != null) { + // ... and still "up to date" aka time difference < 2s + if(ts - tcpConnection.endTs < 2) { + // Update tcpConnection data + if(tcpConnection.sourceIp.equals(this.ipPacket.getProperty("sourceIp"))) { + // SourceIp -> TargetIp + tcpConnection.addVolumeSourceToTarget(tcp.getRawData().length - tcp.getHeader().length()); + } else { + // TargetIp -> SourceIp + tcpConnection.addVolumeTargetToSource(tcp.getRawData().length - tcp.getHeader().length()); + } + tcpConnection.setEnd(ts, ms); } - tcpConnection.setEnd(ts, ms); } else { // Else create a new one and add it to the list. String sourceIp = this.ipPacket.getProperty("sourceIp"); @@ -138,7 +141,8 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe tcpConnection = new TcpConnection(tcp, sourceIp, targetIp, ts, ms); this.addKnownTcpConnectionFor(tcpConnection, tcp); } - + // Remember tcpPacketVertex in tcpConnection for later edges + tcpConnection.addKnownTcpPacketVertex(this.tcpPacket); } public void handleIcmpPacket(IcmpV4CommonPacket icmp, long ts, int ms) { @@ -228,14 +232,29 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe } public void afterImport() { - // TODO: Insert all TcpConnections! + // TODO: Link TcpConnections up with their tcpPackets! System.out.println("All done. Processing collected TcpConnections ..."); for(LinkedList connList : this.knownTcpConnections.values()) { for(TcpConnection conn : connList) { - // TODO - System.out.println(conn.toString()); + Vertex currentTcpConnection = this.og.addVertex("class:TcpConnection", conn.getArguments()); + // Look up already created source and target host vertices + Vertex sourceHost = this.knownHosts.get(conn.sourceIp); + Vertex targetHost = this.knownHosts.get(conn.targetIp); + // Link them up with the tcpConnection + // class, from, to, label + Edge hasSourceHost = this.og.addEdge("class:hasSourceHost", currentTcpConnection, sourceHost, "hasSourceHost"); + Edge hasTargetHost = this.og.addEdge("class:hasTargetHost", currentTcpConnection, targetHost, "hasTargetHost"); + + Edge isSourceHostFor = this.og.addEdge("class:isSourceHostFor", sourceHost, currentTcpConnection, "isSourceHostFor"); + Edge isTargetHostFor = this.og.addEdge("class:isTargetHostFor", targetHost, currentTcpConnection, "isTargetHostFor"); + // Now link it up to all related tcpPackets + for(Vertex tcpPacketVertex : conn.knownTcpPacketVertices) { + Edge hasRelatedTcpPacket = this.og.addEdge("class:hasRelatedTcpPacket", currentTcpConnection, tcpPacketVertex, "hasRelatedTcpPacket"); + Edge belongsToTcpConnection = this.og.addEdge("class:belongsToTcpConnection", tcpPacketVertex, currentTcpConnection, "belongsToTcpConnection"); + } } } + System.out.println("Done importing TcpConnections. End of afterImport() routine."); } diff --git a/src/main/java/de/hsh/inform/orientdb_project/orientdb/OrientDbHelperService.java b/src/main/java/de/hsh/inform/orientdb_project/orientdb/OrientDbHelperService.java index 1b8329f..b426226 100644 --- a/src/main/java/de/hsh/inform/orientdb_project/orientdb/OrientDbHelperService.java +++ b/src/main/java/de/hsh/inform/orientdb_project/orientdb/OrientDbHelperService.java @@ -158,8 +158,10 @@ public class OrientDbHelperService { hostType.createProperty("internal", OType.BOOLEAN); OrientVertexType tcpConnectionType = og.createVertexType("TcpConnection", "V"); - tcpConnectionType.createProperty("start", OType.DATETIME); - tcpConnectionType.createProperty("end", OType.DATETIME); + tcpConnectionType.createProperty("startTs", OType.LONG); + tcpConnectionType.createProperty("startMs", OType.INTEGER); + tcpConnectionType.createProperty("endTs", OType.LONG); + tcpConnectionType.createProperty("endMs", OType.INTEGER); tcpConnectionType.createProperty("sourcePort", OType.INTEGER); tcpConnectionType.createProperty("targetPort", OType.INTEGER); tcpConnectionType.createProperty("volumeSourceToTarget", OType.LONG); @@ -171,6 +173,22 @@ public class OrientDbHelperService { OrientEdgeType containsType = og.createEdgeType("contains", "E"); containsType.setDescription("contains"); + OrientEdgeType hasSourceHostType = og.createEdgeType("hasSourceHost", "E"); + hasSourceHostType.setDescription("hasSourceHost"); + OrientEdgeType hasTargetHostType = og.createEdgeType("hasTargetHost", "E"); + hasTargetHostType.setDescription("hasTargetHost"); + + OrientEdgeType isSourceHostForType = og.createEdgeType("isSourceHostFor", "E"); + isSourceHostForType.setDescription("isSourceHostFor"); + OrientEdgeType isTargetHostForType = og.createEdgeType("isTargetHostFor", "E"); + isTargetHostForType.setDescription("isTargetHostFor"); + + OrientEdgeType belongsToTcpConnectionType = og.createEdgeType("belongsToTcpConnection", "E"); + belongsToTcpConnectionType.setDescription("belongsToTcpConnection"); + + OrientEdgeType hasRelatedTcpPacketType = og.createEdgeType("hasRelatedTcpPacket", "E"); + hasRelatedTcpPacketType.setDescription("hasRelatedTcpPacket"); + og.shutdown(); }