Add support for linking up tcpConnection with hosts and packets
This commit is contained in:
parent
b529731388
commit
cec929a5f2
|
@ -17,7 +17,7 @@ public class Main {
|
||||||
public static void main(String[] args) {
|
public static void main(String[] args) {
|
||||||
// TODO: Make this configurable or easy to exchange.
|
// TODO: Make this configurable or easy to exchange.
|
||||||
String filename = "/home/jpt/Temp/tcpdump_2";
|
String filename = "/home/jpt/Temp/tcpdump_2";
|
||||||
OrientDbHelperService odhs = new OrientDbHelperService("192.168.0.110", "hshtest", "root", "root");
|
OrientDbHelperService odhs = new OrientDbHelperService("127.0.0.1", "hshtest", "root", "root");
|
||||||
|
|
||||||
// Clean up existing database and set up schema from scratch
|
// Clean up existing database and set up schema from scratch
|
||||||
odhs.cleanUpServer();
|
odhs.cleanUpServer();
|
||||||
|
|
|
@ -1,7 +1,12 @@
|
||||||
package de.hsh.inform.orientdb_project.model;
|
package de.hsh.inform.orientdb_project.model;
|
||||||
|
|
||||||
|
import java.util.LinkedList;
|
||||||
|
|
||||||
import org.pcap4j.packet.TcpPacket;
|
import org.pcap4j.packet.TcpPacket;
|
||||||
|
|
||||||
|
import com.tinkerpop.blueprints.Vertex;
|
||||||
|
|
||||||
|
|
||||||
public class TcpConnection {
|
public class TcpConnection {
|
||||||
|
|
||||||
public long startTs;
|
public long startTs;
|
||||||
|
@ -19,6 +24,8 @@ public class TcpConnection {
|
||||||
public long volumeSourceToTarget;
|
public long volumeSourceToTarget;
|
||||||
public long volumeTargetToSource;
|
public long volumeTargetToSource;
|
||||||
|
|
||||||
|
public LinkedList<Vertex> knownTcpPacketVertices;
|
||||||
|
|
||||||
|
|
||||||
public TcpConnection(TcpPacket tcp, String sourceIp, String targetIp, long ts, int ms) {
|
public TcpConnection(TcpPacket tcp, String sourceIp, String targetIp, long ts, int ms) {
|
||||||
this.setStart(ts, ms);
|
this.setStart(ts, ms);
|
||||||
|
@ -27,6 +34,7 @@ public class TcpConnection {
|
||||||
this.sourcePort = tcp.getHeader().getSrcPort().valueAsInt();
|
this.sourcePort = tcp.getHeader().getSrcPort().valueAsInt();
|
||||||
this.targetIp = targetIp;
|
this.targetIp = targetIp;
|
||||||
this.targetPort = tcp.getHeader().getDstPort().valueAsInt();
|
this.targetPort = tcp.getHeader().getDstPort().valueAsInt();
|
||||||
|
this.knownTcpPacketVertices = new LinkedList<Vertex>();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setStart(long ts, int ms) {
|
public void setStart(long ts, int ms) {
|
||||||
|
@ -70,4 +78,25 @@ public class TcpConnection {
|
||||||
return sb.toString();
|
return sb.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void addKnownTcpPacketVertex(Vertex tcpPacketVertex) {
|
||||||
|
this.knownTcpPacketVertices.add(tcpPacketVertex);
|
||||||
|
}
|
||||||
|
|
||||||
|
public Object[] getArguments() {
|
||||||
|
Object[] arguments = {
|
||||||
|
"startTs", this.startTs,
|
||||||
|
"startMs", this.startMs,
|
||||||
|
"endTs", this.endTs,
|
||||||
|
"endMs", this.endMs,
|
||||||
|
"sourceIp", this.sourceIp,
|
||||||
|
"sourcePort", this.sourcePort,
|
||||||
|
"targetIp", this.targetIp,
|
||||||
|
"targetPort", this.targetPort,
|
||||||
|
"volumeSourceToTarget", this.volumeSourceToTarget,
|
||||||
|
"volumeTargetToSource", this.volumeTargetToSource,
|
||||||
|
"totalVolume", this.getTotalVolume(),
|
||||||
|
};
|
||||||
|
return arguments;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -120,17 +120,20 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe
|
||||||
Edge isContainedInEdge = this.og.addEdge("class:isContainedIn", this.tcpPacket, this.ipPacket, "isContainedIn");
|
Edge isContainedInEdge = this.og.addEdge("class:isContainedIn", this.tcpPacket, this.ipPacket, "isContainedIn");
|
||||||
// Track tcp connections
|
// Track tcp connections
|
||||||
TcpConnection tcpConnection = this.getTcpConnectionFor(tcp);
|
TcpConnection tcpConnection = this.getTcpConnectionFor(tcp);
|
||||||
// If connection exists and still "up to date" aka time difference < 1s
|
// If connection exists ...
|
||||||
if(tcpConnection != null && (ts - tcpConnection.endTs <= 1)) {
|
if(tcpConnection != null) {
|
||||||
// Update tcpConnection data
|
// ... and still "up to date" aka time difference < 2s
|
||||||
if(tcpConnection.sourceIp.equals(this.ipPacket.getProperty("sourceIp"))) {
|
if(ts - tcpConnection.endTs < 2) {
|
||||||
// SourceIp -> TargetIp
|
// Update tcpConnection data
|
||||||
tcpConnection.addVolumeSourceToTarget(tcp.getRawData().length - tcp.getHeader().length());
|
if(tcpConnection.sourceIp.equals(this.ipPacket.getProperty("sourceIp"))) {
|
||||||
} else {
|
// SourceIp -> TargetIp
|
||||||
// TargetIp -> SourceIp
|
tcpConnection.addVolumeSourceToTarget(tcp.getRawData().length - tcp.getHeader().length());
|
||||||
tcpConnection.addVolumeTargetToSource(tcp.getRawData().length - tcp.getHeader().length());
|
} else {
|
||||||
|
// TargetIp -> SourceIp
|
||||||
|
tcpConnection.addVolumeTargetToSource(tcp.getRawData().length - tcp.getHeader().length());
|
||||||
|
}
|
||||||
|
tcpConnection.setEnd(ts, ms);
|
||||||
}
|
}
|
||||||
tcpConnection.setEnd(ts, ms);
|
|
||||||
} else {
|
} else {
|
||||||
// Else create a new one and add it to the list.
|
// Else create a new one and add it to the list.
|
||||||
String sourceIp = this.ipPacket.getProperty("sourceIp");
|
String sourceIp = this.ipPacket.getProperty("sourceIp");
|
||||||
|
@ -138,7 +141,8 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe
|
||||||
tcpConnection = new TcpConnection(tcp, sourceIp, targetIp, ts, ms);
|
tcpConnection = new TcpConnection(tcp, sourceIp, targetIp, ts, ms);
|
||||||
this.addKnownTcpConnectionFor(tcpConnection, tcp);
|
this.addKnownTcpConnectionFor(tcpConnection, tcp);
|
||||||
}
|
}
|
||||||
|
// Remember tcpPacketVertex in tcpConnection for later edges
|
||||||
|
tcpConnection.addKnownTcpPacketVertex(this.tcpPacket);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void handleIcmpPacket(IcmpV4CommonPacket icmp, long ts, int ms) {
|
public void handleIcmpPacket(IcmpV4CommonPacket icmp, long ts, int ms) {
|
||||||
|
@ -228,14 +232,29 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe
|
||||||
}
|
}
|
||||||
|
|
||||||
public void afterImport() {
|
public void afterImport() {
|
||||||
// TODO: Insert all TcpConnections!
|
// TODO: Link TcpConnections up with their tcpPackets!
|
||||||
System.out.println("All done. Processing collected TcpConnections ...");
|
System.out.println("All done. Processing collected TcpConnections ...");
|
||||||
for(LinkedList<TcpConnection> connList : this.knownTcpConnections.values()) {
|
for(LinkedList<TcpConnection> connList : this.knownTcpConnections.values()) {
|
||||||
for(TcpConnection conn : connList) {
|
for(TcpConnection conn : connList) {
|
||||||
// TODO
|
Vertex currentTcpConnection = this.og.addVertex("class:TcpConnection", conn.getArguments());
|
||||||
System.out.println(conn.toString());
|
// Look up already created source and target host vertices
|
||||||
|
Vertex sourceHost = this.knownHosts.get(conn.sourceIp);
|
||||||
|
Vertex targetHost = this.knownHosts.get(conn.targetIp);
|
||||||
|
// Link them up with the tcpConnection
|
||||||
|
// class, from, to, label
|
||||||
|
Edge hasSourceHost = this.og.addEdge("class:hasSourceHost", currentTcpConnection, sourceHost, "hasSourceHost");
|
||||||
|
Edge hasTargetHost = this.og.addEdge("class:hasTargetHost", currentTcpConnection, targetHost, "hasTargetHost");
|
||||||
|
|
||||||
|
Edge isSourceHostFor = this.og.addEdge("class:isSourceHostFor", sourceHost, currentTcpConnection, "isSourceHostFor");
|
||||||
|
Edge isTargetHostFor = this.og.addEdge("class:isTargetHostFor", targetHost, currentTcpConnection, "isTargetHostFor");
|
||||||
|
// Now link it up to all related tcpPackets
|
||||||
|
for(Vertex tcpPacketVertex : conn.knownTcpPacketVertices) {
|
||||||
|
Edge hasRelatedTcpPacket = this.og.addEdge("class:hasRelatedTcpPacket", currentTcpConnection, tcpPacketVertex, "hasRelatedTcpPacket");
|
||||||
|
Edge belongsToTcpConnection = this.og.addEdge("class:belongsToTcpConnection", tcpPacketVertex, currentTcpConnection, "belongsToTcpConnection");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
System.out.println("Done importing TcpConnections. End of afterImport() routine.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -158,8 +158,10 @@ public class OrientDbHelperService {
|
||||||
hostType.createProperty("internal", OType.BOOLEAN);
|
hostType.createProperty("internal", OType.BOOLEAN);
|
||||||
|
|
||||||
OrientVertexType tcpConnectionType = og.createVertexType("TcpConnection", "V");
|
OrientVertexType tcpConnectionType = og.createVertexType("TcpConnection", "V");
|
||||||
tcpConnectionType.createProperty("start", OType.DATETIME);
|
tcpConnectionType.createProperty("startTs", OType.LONG);
|
||||||
tcpConnectionType.createProperty("end", OType.DATETIME);
|
tcpConnectionType.createProperty("startMs", OType.INTEGER);
|
||||||
|
tcpConnectionType.createProperty("endTs", OType.LONG);
|
||||||
|
tcpConnectionType.createProperty("endMs", OType.INTEGER);
|
||||||
tcpConnectionType.createProperty("sourcePort", OType.INTEGER);
|
tcpConnectionType.createProperty("sourcePort", OType.INTEGER);
|
||||||
tcpConnectionType.createProperty("targetPort", OType.INTEGER);
|
tcpConnectionType.createProperty("targetPort", OType.INTEGER);
|
||||||
tcpConnectionType.createProperty("volumeSourceToTarget", OType.LONG);
|
tcpConnectionType.createProperty("volumeSourceToTarget", OType.LONG);
|
||||||
|
@ -171,6 +173,22 @@ public class OrientDbHelperService {
|
||||||
OrientEdgeType containsType = og.createEdgeType("contains", "E");
|
OrientEdgeType containsType = og.createEdgeType("contains", "E");
|
||||||
containsType.setDescription("contains");
|
containsType.setDescription("contains");
|
||||||
|
|
||||||
|
OrientEdgeType hasSourceHostType = og.createEdgeType("hasSourceHost", "E");
|
||||||
|
hasSourceHostType.setDescription("hasSourceHost");
|
||||||
|
OrientEdgeType hasTargetHostType = og.createEdgeType("hasTargetHost", "E");
|
||||||
|
hasTargetHostType.setDescription("hasTargetHost");
|
||||||
|
|
||||||
|
OrientEdgeType isSourceHostForType = og.createEdgeType("isSourceHostFor", "E");
|
||||||
|
isSourceHostForType.setDescription("isSourceHostFor");
|
||||||
|
OrientEdgeType isTargetHostForType = og.createEdgeType("isTargetHostFor", "E");
|
||||||
|
isTargetHostForType.setDescription("isTargetHostFor");
|
||||||
|
|
||||||
|
OrientEdgeType belongsToTcpConnectionType = og.createEdgeType("belongsToTcpConnection", "E");
|
||||||
|
belongsToTcpConnectionType.setDescription("belongsToTcpConnection");
|
||||||
|
|
||||||
|
OrientEdgeType hasRelatedTcpPacketType = og.createEdgeType("hasRelatedTcpPacket", "E");
|
||||||
|
hasRelatedTcpPacketType.setDescription("hasRelatedTcpPacket");
|
||||||
|
|
||||||
og.shutdown();
|
og.shutdown();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue