Add support for linking up tcpConnection with hosts and packets
This commit is contained in:
parent
b529731388
commit
cec929a5f2
|
@ -17,7 +17,7 @@ public class Main {
|
|||
public static void main(String[] args) {
|
||||
// TODO: Make this configurable or easy to exchange.
|
||||
String filename = "/home/jpt/Temp/tcpdump_2";
|
||||
OrientDbHelperService odhs = new OrientDbHelperService("192.168.0.110", "hshtest", "root", "root");
|
||||
OrientDbHelperService odhs = new OrientDbHelperService("127.0.0.1", "hshtest", "root", "root");
|
||||
|
||||
// Clean up existing database and set up schema from scratch
|
||||
odhs.cleanUpServer();
|
||||
|
|
|
@ -1,7 +1,12 @@
|
|||
package de.hsh.inform.orientdb_project.model;
|
||||
|
||||
import java.util.LinkedList;
|
||||
|
||||
import org.pcap4j.packet.TcpPacket;
|
||||
|
||||
import com.tinkerpop.blueprints.Vertex;
|
||||
|
||||
|
||||
public class TcpConnection {
|
||||
|
||||
public long startTs;
|
||||
|
@ -19,6 +24,8 @@ public class TcpConnection {
|
|||
public long volumeSourceToTarget;
|
||||
public long volumeTargetToSource;
|
||||
|
||||
public LinkedList<Vertex> knownTcpPacketVertices;
|
||||
|
||||
|
||||
public TcpConnection(TcpPacket tcp, String sourceIp, String targetIp, long ts, int ms) {
|
||||
this.setStart(ts, ms);
|
||||
|
@ -27,6 +34,7 @@ public class TcpConnection {
|
|||
this.sourcePort = tcp.getHeader().getSrcPort().valueAsInt();
|
||||
this.targetIp = targetIp;
|
||||
this.targetPort = tcp.getHeader().getDstPort().valueAsInt();
|
||||
this.knownTcpPacketVertices = new LinkedList<Vertex>();
|
||||
}
|
||||
|
||||
public void setStart(long ts, int ms) {
|
||||
|
@ -70,4 +78,25 @@ public class TcpConnection {
|
|||
return sb.toString();
|
||||
}
|
||||
|
||||
public void addKnownTcpPacketVertex(Vertex tcpPacketVertex) {
|
||||
this.knownTcpPacketVertices.add(tcpPacketVertex);
|
||||
}
|
||||
|
||||
public Object[] getArguments() {
|
||||
Object[] arguments = {
|
||||
"startTs", this.startTs,
|
||||
"startMs", this.startMs,
|
||||
"endTs", this.endTs,
|
||||
"endMs", this.endMs,
|
||||
"sourceIp", this.sourceIp,
|
||||
"sourcePort", this.sourcePort,
|
||||
"targetIp", this.targetIp,
|
||||
"targetPort", this.targetPort,
|
||||
"volumeSourceToTarget", this.volumeSourceToTarget,
|
||||
"volumeTargetToSource", this.volumeTargetToSource,
|
||||
"totalVolume", this.getTotalVolume(),
|
||||
};
|
||||
return arguments;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -120,8 +120,10 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe
|
|||
Edge isContainedInEdge = this.og.addEdge("class:isContainedIn", this.tcpPacket, this.ipPacket, "isContainedIn");
|
||||
// Track tcp connections
|
||||
TcpConnection tcpConnection = this.getTcpConnectionFor(tcp);
|
||||
// If connection exists and still "up to date" aka time difference < 1s
|
||||
if(tcpConnection != null && (ts - tcpConnection.endTs <= 1)) {
|
||||
// If connection exists ...
|
||||
if(tcpConnection != null) {
|
||||
// ... and still "up to date" aka time difference < 2s
|
||||
if(ts - tcpConnection.endTs < 2) {
|
||||
// Update tcpConnection data
|
||||
if(tcpConnection.sourceIp.equals(this.ipPacket.getProperty("sourceIp"))) {
|
||||
// SourceIp -> TargetIp
|
||||
|
@ -131,6 +133,7 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe
|
|||
tcpConnection.addVolumeTargetToSource(tcp.getRawData().length - tcp.getHeader().length());
|
||||
}
|
||||
tcpConnection.setEnd(ts, ms);
|
||||
}
|
||||
} else {
|
||||
// Else create a new one and add it to the list.
|
||||
String sourceIp = this.ipPacket.getProperty("sourceIp");
|
||||
|
@ -138,7 +141,8 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe
|
|||
tcpConnection = new TcpConnection(tcp, sourceIp, targetIp, ts, ms);
|
||||
this.addKnownTcpConnectionFor(tcpConnection, tcp);
|
||||
}
|
||||
|
||||
// Remember tcpPacketVertex in tcpConnection for later edges
|
||||
tcpConnection.addKnownTcpPacketVertex(this.tcpPacket);
|
||||
}
|
||||
|
||||
public void handleIcmpPacket(IcmpV4CommonPacket icmp, long ts, int ms) {
|
||||
|
@ -228,15 +232,30 @@ public class HighPerformanceKappaOrientDbNetdataImportService extends AbstractNe
|
|||
}
|
||||
|
||||
public void afterImport() {
|
||||
// TODO: Insert all TcpConnections!
|
||||
// TODO: Link TcpConnections up with their tcpPackets!
|
||||
System.out.println("All done. Processing collected TcpConnections ...");
|
||||
for(LinkedList<TcpConnection> connList : this.knownTcpConnections.values()) {
|
||||
for(TcpConnection conn : connList) {
|
||||
// TODO
|
||||
System.out.println(conn.toString());
|
||||
Vertex currentTcpConnection = this.og.addVertex("class:TcpConnection", conn.getArguments());
|
||||
// Look up already created source and target host vertices
|
||||
Vertex sourceHost = this.knownHosts.get(conn.sourceIp);
|
||||
Vertex targetHost = this.knownHosts.get(conn.targetIp);
|
||||
// Link them up with the tcpConnection
|
||||
// class, from, to, label
|
||||
Edge hasSourceHost = this.og.addEdge("class:hasSourceHost", currentTcpConnection, sourceHost, "hasSourceHost");
|
||||
Edge hasTargetHost = this.og.addEdge("class:hasTargetHost", currentTcpConnection, targetHost, "hasTargetHost");
|
||||
|
||||
Edge isSourceHostFor = this.og.addEdge("class:isSourceHostFor", sourceHost, currentTcpConnection, "isSourceHostFor");
|
||||
Edge isTargetHostFor = this.og.addEdge("class:isTargetHostFor", targetHost, currentTcpConnection, "isTargetHostFor");
|
||||
// Now link it up to all related tcpPackets
|
||||
for(Vertex tcpPacketVertex : conn.knownTcpPacketVertices) {
|
||||
Edge hasRelatedTcpPacket = this.og.addEdge("class:hasRelatedTcpPacket", currentTcpConnection, tcpPacketVertex, "hasRelatedTcpPacket");
|
||||
Edge belongsToTcpConnection = this.og.addEdge("class:belongsToTcpConnection", tcpPacketVertex, currentTcpConnection, "belongsToTcpConnection");
|
||||
}
|
||||
}
|
||||
}
|
||||
System.out.println("Done importing TcpConnections. End of afterImport() routine.");
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -158,8 +158,10 @@ public class OrientDbHelperService {
|
|||
hostType.createProperty("internal", OType.BOOLEAN);
|
||||
|
||||
OrientVertexType tcpConnectionType = og.createVertexType("TcpConnection", "V");
|
||||
tcpConnectionType.createProperty("start", OType.DATETIME);
|
||||
tcpConnectionType.createProperty("end", OType.DATETIME);
|
||||
tcpConnectionType.createProperty("startTs", OType.LONG);
|
||||
tcpConnectionType.createProperty("startMs", OType.INTEGER);
|
||||
tcpConnectionType.createProperty("endTs", OType.LONG);
|
||||
tcpConnectionType.createProperty("endMs", OType.INTEGER);
|
||||
tcpConnectionType.createProperty("sourcePort", OType.INTEGER);
|
||||
tcpConnectionType.createProperty("targetPort", OType.INTEGER);
|
||||
tcpConnectionType.createProperty("volumeSourceToTarget", OType.LONG);
|
||||
|
@ -171,6 +173,22 @@ public class OrientDbHelperService {
|
|||
OrientEdgeType containsType = og.createEdgeType("contains", "E");
|
||||
containsType.setDescription("contains");
|
||||
|
||||
OrientEdgeType hasSourceHostType = og.createEdgeType("hasSourceHost", "E");
|
||||
hasSourceHostType.setDescription("hasSourceHost");
|
||||
OrientEdgeType hasTargetHostType = og.createEdgeType("hasTargetHost", "E");
|
||||
hasTargetHostType.setDescription("hasTargetHost");
|
||||
|
||||
OrientEdgeType isSourceHostForType = og.createEdgeType("isSourceHostFor", "E");
|
||||
isSourceHostForType.setDescription("isSourceHostFor");
|
||||
OrientEdgeType isTargetHostForType = og.createEdgeType("isTargetHostFor", "E");
|
||||
isTargetHostForType.setDescription("isTargetHostFor");
|
||||
|
||||
OrientEdgeType belongsToTcpConnectionType = og.createEdgeType("belongsToTcpConnection", "E");
|
||||
belongsToTcpConnectionType.setDescription("belongsToTcpConnection");
|
||||
|
||||
OrientEdgeType hasRelatedTcpPacketType = og.createEdgeType("hasRelatedTcpPacket", "E");
|
||||
hasRelatedTcpPacketType.setDescription("hasRelatedTcpPacket");
|
||||
|
||||
og.shutdown();
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue