Move code out of src/ folder to comply to Golang standards (although it looks dirty)

2026-04-13 18:45:46 +00:00 · 2019-11-28 13:43:22 +01:00
parent 76a51dac52
commit 313e443741
12 changed files with 0 additions and 0 deletions
--- a/ethernet/arp/arp.go
+++ b/ethernet/arp/arp.go
@@ -0,0 +1,126 @@
+package arp
+
+import (
+	"fmt"
+	"github.com/fatih/color"
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+	"log"
+	"net"
+)
+
+var (
+	arpStatsList []arpStats
+	devices []arpDevice
+)
+
+// Called on every ARP packet
+func ProcessARPPacket(packet gopacket.Packet) error {
+	var arppacket layers.ARP
+
+	// Decode raw packet into ARP
+	decodeErr := arppacket.DecodeFromBytes(packet.Layer(layers.LayerTypeARP).LayerContents(), gopacket.NilDecodeFeedback)
+	if decodeErr != nil {
+		// Encountered an error during decoding, most likely a broken packet
+		return decodeErr
+	}
+
+	// Convert MAC address byte array to string
+	sourceAddr := net.HardwareAddr(arppacket.SourceHwAddress).String()
+	participant := getStatOrCreate(sourceAddr)
+
+	// Raise stats
+	if arppacket.Operation == layers.ARPRequest {
+		// Request packet
+		participant.asked++
+		appendIfUnique(net.IP(arppacket.DstProtAddress).String(), participant.askedList)
+	} else {
+		// Response packet
+		participant.answered++
+		appendIfUnique(net.IP(arppacket.SourceProtAddress).String(), participant.answeredList)
+
+		// Add device entry
+		addDeviceEntry(sourceAddr, net.IP(arppacket.SourceProtAddress).String())
+	}
+
+	return nil
+}
+
+// Print a summary after all packets are processed
+func PrintARPSummary() {
+	headline := color.New(color.FgRed, color.Bold)
+	headline.Println("ARP traffic summary")
+	printTrafficStats()
+	headline.Println("ARP LAN overview")
+	printLANOverview()
+}
+
+// Constructs an answer regarding the ARP traffic
+func printTrafficStats() {
+	var tmparr []string
+
+	// Iterate over all participants
+	for _, p := range arpStatsList {
+		tmparr = append(tmparr, fmt.Sprintf("%s asked for %d addresses and answered %d requests", p.macaddr, p.asked, p.answered))
+	}
+
+	// And print it as a tree
+	printTree(tmparr)
+}
+
+// Prints an overview over all connected devices in the LAN
+func printLANOverview() {
+	var tmparr []string
+
+	// iterate over all devices
+	for _, d := range devices {
+		tmparr = append(tmparr, fmt.Sprintf("%s got address %s", d.macaddr, d.ipaddr))
+	}
+
+	// And print it as a tree
+	printTree(tmparr)
+}
+
+// Returns the arpStats object for the given MAC address, or creates a new one
+func getStatOrCreate(macaddr string) *arpStats {
+	// Try to find the given macaddr
+	for i := 0; i < len(arpStatsList); i++ {
+		if arpStatsList[i].macaddr == macaddr {
+			// Found, return it
+			return &arpStatsList[i]
+		}
+	}
+
+	// None found yet, we need to create a new one
+	arpStatsList = append(arpStatsList, arpStats{
+		macaddr:  macaddr,
+	})
+
+	// And return it
+	return &arpStatsList[len(arpStatsList)-1]
+}
+
+// Adds a new entry to the devices array, checking if there may be a collision (=ARP Spoofing)
+func addDeviceEntry(macaddr string, ipaddr string) {
+	for i := 0; i < len(devices); i++ {
+		// check if we found a collision (possible ARP spoofing)
+		if (devices[i].macaddr == macaddr) != (devices[i].ipaddr == ipaddr) {
+			// this operation is practically XOR (which golang doesn't provide e.g. with ^)
+			log.Printf("Found possible ARP spoofing! Old: (MAC=%s, IP=%s), New: (MAC=%s, IP=%s). Overriding...", devices[i].macaddr, devices[i].ipaddr, macaddr, ipaddr)
+			devices[i].macaddr = macaddr
+			devices[i].ipaddr = ipaddr
+			return
+		}
+
+		if devices[i].macaddr == macaddr && devices[i].ipaddr == ipaddr {
+			// Found collision, but no ARP spoofing (both values are identical)
+			return
+		}
+	}
+
+	// No device found, add a new entry
+	devices = append(devices, arpDevice{
+		macaddr: macaddr,
+		ipaddr:  ipaddr,
+	})
+}
--- a/ethernet/arp/arpDevice.go
+++ b/ethernet/arp/arpDevice.go
@@ -0,0 +1,6 @@
+package arp
+
+type arpDevice struct {
+	macaddr string
+	ipaddr string
+}
--- a/ethernet/arp/arpStats.go
+++ b/ethernet/arp/arpStats.go
@@ -0,0 +1,9 @@
+package arp
+
+type arpStats struct {
+	macaddr string
+	asked int
+	answered int
+	askedList []string
+	answeredList []string
+}
--- a/ethernet/arp/common.go
+++ b/ethernet/arp/common.go
@@ -0,0 +1,30 @@
+package arp
+
+import "fmt"
+
+// Appends the appendee to the array if it does not contain appendee yet
+func appendIfUnique(appendee string, array []string) []string {
+	// Iterate over all elements and check values
+	for _, elem := range array {
+		if elem == appendee {
+			// ... found. Stop here
+			return array
+		}
+	}
+
+	// None found, append
+	return append(array, appendee)
+}
+
+// Prints each element, along with a small ASCII tree
+func printTree(strarr []string) {
+	// iterate over each element
+	for iter, elem := range strarr {
+		// check if we got the last element
+		if iter < len(strarr) - 1 {
+			fmt.Printf("|- %s\n", elem)
+		} else {
+			fmt.Printf("'- %s\n\n", elem)
+		}
+	}
+}
--- a/ethernet/dns/answer.go
+++ b/ethernet/dns/answer.go
@@ -0,0 +1,89 @@
+package dns
+
+import (
+	"fmt"
+	"github.com/google/gopacket/layers"
+	"golang.org/x/net/publicsuffix"
+	"log"
+)
+
+var (
+	numAnswers int
+	answerDomains []string
+	answerBaseDomains []string
+	answerPrivateDomains []string
+	answerType = make(map[layers.DNSType]int)
+	answerPublicIPv4 []string
+	answerPrivateIPv4 []string
+)
+
+// Called on every DNS packet to process response(s)
+func processDNSAnswer(answers []layers.DNSResourceRecord) {
+	for _, answer := range answers {
+		// Raise stats
+		numAnswers++
+
+		// Add answer to answers array
+		name := string(answer.Name)
+		basename, basenameErr := publicsuffix.EffectiveTLDPlusOne(name)
+
+		if basenameErr != nil {
+			// Encountered error while checking for the basename
+			log.Printf("Encountered error while checking '%s' domain for its basename: %s", name, basenameErr.Error())
+			continue
+		}
+
+		// Process type answers
+		processType(answerType, answer.Type)
+
+		// Append full domain and base domain
+		answerDomains = appendIfUnique(name, answerDomains)
+
+		// Check if we need to add the base name to the private list
+		_, icannManaged := publicsuffix.PublicSuffix(name)
+		if icannManaged {
+			// TLD is managed by ICANN, add to the base list
+			answerBaseDomains = appendIfUnique(basename, answerBaseDomains)
+		} else {
+			// it's not managed by ICANN, so it's private - add it to the private list
+			answerPrivateDomains = appendIfUnique(name, answerPrivateDomains)
+		}
+
+		// Check if we got an A record answer
+		if answer.Type == layers.DNSTypeA {
+			// A record, check IP for being private
+			if ipIsPrivate(answer.IP) {
+				answerPrivateIPv4 = append(answerPrivateIPv4, answer.IP.String())
+			} else {
+				answerPublicIPv4 = append(answerPublicIPv4, answer.IP.String())
+			}
+		}
+	}
+}
+
+// Prints a summary of all DNS answers
+func printDNSAnswerSummary() {
+	// Overall question stats
+	fmt.Printf("%d DNS answers in total\n", numAnswers)
+	fmt.Printf("%s records\n", generateDNSTypeSummary(answerType))
+	fmt.Printf("%d unique domains of %d base domains, of which are %d private (non-ICANN) TLDs.\n", len(answerDomains), len(answerBaseDomains), len(answerPrivateDomains))
+
+	// Output base domains answered with
+	if len(answerBaseDomains) > 0 {
+		fmt.Println("Answered with these base domains:")
+		printTree(answerBaseDomains)
+	}
+
+	// Output private domains
+	if len(answerPrivateDomains) > 0 {
+		fmt.Println("Answered with these private (non-ICANN managed) domains:")
+		printTree(answerPrivateDomains)
+	}
+
+	// Check for public and private IPs
+	fmt.Printf("Answered with %d public IP addresses and %d private IP addresses\n", len(answerPublicIPv4), len(answerPrivateIPv4))
+	if len(answerPrivateIPv4) > 0 {
+		fmt.Println("Private IP addresses in answer:")
+		printTree(answerPrivateIPv4)
+	}
+}
--- a/ethernet/dns/common.go
+++ b/ethernet/dns/common.go
@@ -0,0 +1,98 @@
+package dns
+
+import (
+	"fmt"
+	"github.com/google/gopacket/layers"
+	"net"
+)
+
+var (
+	privateBlocks = []net.IPNet{
+		{net.IPv4(10, 0, 0, 0), net.IPv4Mask(255, 0, 0, 0)}, 	  // 10.0.0.0/8
+		{net.IPv4(172, 16, 0, 0), net.IPv4Mask(255, 240, 0, 0)},  // 172.16.0.0/12
+		{net.IPv4(192, 168, 0, 0), net.IPv4Mask(255, 255, 0, 0)}, // 192.168.0.0/24
+		{net.IPv4(100, 64, 0, 0), net.IPv4Mask(255, 192, 0, 0)},  // 100.64.0.0/10
+		{net.IPv4(169, 254, 0, 0), net.IPv4Mask(255, 255, 0, 0)}, // 169.254.0.0/16
+	}
+)
+
+// Processes the given dnstype and raises its stats in the given array
+func processType(typearr map[layers.DNSType]int, dnstype layers.DNSType) {
+	typearr[dnstype]++
+}
+
+// Appends the appendee to the array if it does not contain appendee yet
+func appendIfUnique(appendee string, array []string) []string {
+	// Iterate over all elements and check values
+	for _, elem := range array {
+		if elem == appendee {
+			// ... found. Stop here
+			return array
+		}
+	}
+
+	// None found, append
+	return append(array, appendee)
+}
+
+// Checks if the given IP is in a private range or not
+func ipIsPrivate(ip net.IP) bool {
+	// check every private IP block for our IP
+	for _, block := range privateBlocks {
+		if block.Contains(ip) {
+			// found, is a private IP
+			return true
+		}
+	}
+
+	// Not in any of the private blocks, not private
+	return false
+}
+
+// Prints each element, along with a small ASCII tree
+func printTree(strarr []string) {
+	// iterate over each element
+	for iter, elem := range strarr {
+		// check if we got the last element
+		if iter < len(strarr) - 1 {
+			fmt.Printf("|- %s\n", elem)
+		} else {
+			fmt.Printf("'- %s\n\n", elem)
+		}
+	}
+}
+
+// Generates a summary string for DNS types in the given array
+func generateDNSTypeSummary(typearr map[layers.DNSType]int) string {
+	var answerarr []string
+
+	// Iterate over all possible DNS types
+	for iter, typeelem := range typearr {
+		// Read amount of type hits for this type
+		answerarr = append(answerarr, fmt.Sprintf("%d %s", typeelem, iter.String()))
+	}
+
+	// Check if we even processed a single type
+	if len(answerarr) == 0 {
+		// we didn't, strange.
+		return "(no types encountered)"
+	}
+
+	// now, glue all array elements together
+	answerstr := ""
+	for iter, elem := range answerarr {
+		// Check if we need to apply to proper sentence rules
+		if iter == 0 {
+			// We don't need to append yet
+			answerstr = elem
+		} else if iter == len(answerarr) - 1 {
+			// Last element, use "and" instead of a comma
+			answerstr = fmt.Sprintf("%s and %s", answerstr, elem)
+		} else {
+			// Some entry, just add it with a comma
+			answerstr = fmt.Sprintf("%s, %s", answerstr, elem)
+		}
+	}
+
+	return answerstr
+}
--- a/ethernet/dns/dns.go
+++ b/ethernet/dns/dns.go
@@ -0,0 +1,35 @@
+package dns
+
+import (
+	"github.com/fatih/color"
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+)
+
+// Called on every DNS packet
+func ProcessDNSPacket(packet gopacket.Packet) error {
+	var dnspacket layers.DNS
+
+	// Decode raw packet into DNS
+	decodeErr := dnspacket.DecodeFromBytes(packet.ApplicationLayer().LayerContents(), gopacket.NilDecodeFeedback)
+	if decodeErr != nil {
+		// Encountered an error during decoding, most likely a broken packet
+		return decodeErr
+	}
+
+	// Further process the packet
+	processDNSQuestion(dnspacket.Questions)
+	processDNSAnswer(dnspacket.Answers)
+
+	// No error encountered, return clean
+	return nil
+}
+
+// Print a summary after all DNS packets were processed
+func PrintDNSSummary() {
+	headline := color.New(color.FgRed, color.Bold)
+	headline.Println("DNS Request Summary")
+	printDNSQuestionSummary()
+	headline.Println("DNS Response Summary")
+	printDNSAnswerSummary()
+}
--- a/ethernet/dns/question.go
+++ b/ethernet/dns/question.go
@@ -0,0 +1,71 @@
+package dns
+
+import (
+	"fmt"
+	"github.com/google/gopacket/layers"
+	"golang.org/x/net/publicsuffix"
+	"log"
+)
+
+var (
+	numQuestions int
+	questionDomains []string
+	questionBaseDomains []string
+	questionPrivateDomains []string
+	questionType = make(map[layers.DNSType]int)
+)
+
+// Called on every DNS packet to process questions
+func processDNSQuestion(questions []layers.DNSQuestion) {
+	// Iterate over all questions
+	for _, question := range questions {
+		// Raise stats
+		numQuestions++
+
+		// Add question to questions array
+		name := string(question.Name)
+		basename, basenameErr := publicsuffix.EffectiveTLDPlusOne(name)
+
+		if basenameErr != nil {
+			// Encountered error while checking for the basename
+			log.Printf("Encountered error while checking '%s' domain for its basename: %s", name, basenameErr.Error())
+			continue
+		}
+
+		// Process type questions
+		processType(questionType, question.Type)
+
+		// Append full domain and base domain
+		questionDomains = appendIfUnique(name, questionDomains)
+
+		// Check if we need to add the base name to the private list
+		_, icannManaged := publicsuffix.PublicSuffix(name)
+		if icannManaged {
+			// TLD is managed by ICANN, add to the base list
+			questionBaseDomains = appendIfUnique(basename, questionBaseDomains)
+		} else {
+			// it's not managed by ICANN, so it's private - add it to the private list
+			questionPrivateDomains = appendIfUnique(name, questionPrivateDomains)
+		}
+	}
+}
+
+// Prints a summary of all DNS questions
+func printDNSQuestionSummary() {
+	// Overall question stats
+	fmt.Printf("%d DNS questions in total\n", numQuestions)
+	fmt.Printf("%s records\n", generateDNSTypeSummary(questionType))
+	fmt.Printf("%d unique domains of %d base domains, of which are %d private (non-ICANN) TLDs.\n", len(questionDomains), len(questionBaseDomains), len(questionPrivateDomains))
+
+	// Output base domains asked for
+	if len(questionBaseDomains) > 0 {
+		fmt.Println("Asked for these base domains:")
+		printTree(questionBaseDomains)
+	}
+
+	// Output private domains
+	if len(questionPrivateDomains) > 0 {
+		fmt.Println("Asked for these private (non-ICANN managed) domains:")
+		printTree(questionPrivateDomains)
+	}
+}
--- a/ethernet/ethernet.go
+++ b/ethernet/ethernet.go
@@ -0,0 +1,45 @@
+package ethernet
+
+import (
+	"git.darknebu.la/maride/pancap/src/ethernet/arp"
+	"git.darknebu.la/maride/pancap/src/ethernet/dns"
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+	"log"
+)
+
+func Analyze(source *gopacket.PacketSource) error {
+	// Loop over all packets now
+	for {
+		packet, packetErr := source.NextPacket()
+		if packet == nil {
+			// We iterated over all packets, we're done here
+			break
+		} else if packetErr != nil {
+			// encountered some problem, report it
+			log.Printf("Encountered a problem with a packet: %s", packetErr.Error())
+			continue
+		}
+
+		if packet.Layer(layers.LayerTypeDNS) != nil {
+			// Handle DNS packet
+			dns.ProcessDNSPacket(packet)
+		}
+
+		if packet.Layer(layers.LayerTypeARP) != nil {
+			// Handle ARP packet
+			arp.ProcessARPPacket(packet)
+		}
+	}
+
+	// After processing all packets, print summary
+	printSummary()
+
+	return nil
+}
+
+// Prints all the summaries.
+func printSummary() {
+	arp.PrintARPSummary()
+	dns.PrintDNSSummary()
+}