Add further domain name analysis

2024-10-18 12:06:32 +00:00 · 2019-11-27 01:26:27 +01:00 · 2019-11-27 01:26:27 +01:00 · 37c8b0b73c
commit 37c8b0b73c
parent 23afe01d76
1 changed files with 181 additions and 7 deletions
--- a/src/ethernet/dns.go
+++ b/src/ethernet/dns.go
@ -1,14 +1,25 @@
 package ethernet

 import (
+	"fmt"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
+	publicsuffix2 "golang.org/x/net/publicsuffix"
 	"log"
 )

 var (
 	numQuestions int
+	questionDomains []string
+	questionBaseDomains []string
+	questionPrivateDomains []string
+	questionType = make(map[layers.DNSType]int)
+
 	numAnswers int
+	answerDomains []string
+	answerBaseDomains []string
+	answerPrivateDomains []string
+	answerType = make(map[layers.DNSType]int)
 )

 // Called on every DNS packet
@ -24,7 +35,7 @@ func processDNSPacket(packet gopacket.Packet) error {

 	// Further process the packet
 	processDNSQuestion(dnspacket.Questions)
-	processDNSAnswers(dnspacket.Answers)
+	processDNSAnswer(dnspacket.Answers)

 	// No error encountered, return clean
 	return nil
@ -32,19 +43,182 @@ func processDNSPacket(packet gopacket.Packet) error {

 // Called on every DNS packet to process questions
 func processDNSQuestion(questions []layers.DNSQuestion) {
-	for _, _ = range questions {
+	// Iterate over all questions
+	for _, question := range questions {
+		// Raise stats
 		numQuestions++
+
+		// Add question to questions array
+		name := string(question.Name)
+		basename, basenameErr := publicsuffix2.EffectiveTLDPlusOne(name)
+
+		if basenameErr != nil {
+			// Encountered error while checking for the basename
+			log.Printf("Encountered error while checking '%s' domain for its basename: %s", name, basenameErr.Error())
+			continue
+		}
+
+		// Process type questions
+		processType(questionType, question.Type)
+
+		// Append full domain and base domain
+		questionDomains = appendIfUnique(name, questionDomains)
+
+		// Check if we need to add the base name to the private list
+		_, icannManaged := publicsuffix2.PublicSuffix(name)
+		if icannManaged {
+			// TLD is managed by ICANN, add to the base list
+			questionBaseDomains = appendIfUnique(basename, questionBaseDomains)
+		} else {
+			// it's not managed by ICANN, so it's private - add it to the private list
+			questionPrivateDomains = appendIfUnique(name, questionPrivateDomains)
+		}
 	}
 }

 // Called on every DNS packet to process response(s)
-func processDNSAnswers(answers []layers.DNSResourceRecord) {
-	for _, _ = range answers {
+func processDNSAnswer(answers []layers.DNSResourceRecord) {
+	for _, answer := range answers {
+		// Raise stats
 		numAnswers++
+
+		// Add answer to answers array
+		name := string(answer.Name)
+		basename, basenameErr := publicsuffix2.EffectiveTLDPlusOne(name)
+
+		if basenameErr != nil {
+			// Encountered error while checking for the basename
+			log.Printf("Encountered error while checking '%s' domain for its basename: %s", name, basenameErr.Error())
+			continue
+		}
+
+		// Process type answers
+		processType(answerType, answer.Type)
+
+		// Append full domain and base domain
+		answerDomains = appendIfUnique(name, answerDomains)
+
+		// Check if we need to add the base name to the private list
+		_, icannManaged := publicsuffix2.PublicSuffix(name)
+		if icannManaged {
+			// TLD is managed by ICANN, add to the base list
+			answerBaseDomains = appendIfUnique(basename, answerBaseDomains)
+		} else {
+			// it's not managed by ICANN, so it's private - add it to the private list
+			answerPrivateDomains = appendIfUnique(name, answerPrivateDomains)
+		}
 	}
 }

-// Print a summary after all packets were processed
+// Processes the given dnstype and raises its stats in the given array
+func processType(typearr map[layers.DNSType]int, dnstype layers.DNSType) {
+	typearr[dnstype]++
+}
+
+// Appends the appendee to the array if it does not contain appendee yet
+func appendIfUnique(appendee string, array []string) []string {
+	// Iterate over all elements and check values
+	for _, elem := range array {
+		if elem == appendee {
+			// ... found. Stop here
+			return array
+		}
+	}
+
+	// None found, append
+	return append(array, appendee)
+}
+
+// Print a summary after all DNS packets were processed
 func printDNSSummary() {
-	log.Printf("%d DNS Questions, %d DNS Answers in total", numQuestions, numAnswers)
-}
+	printDNSQuestionSummary()
+	printDNSAnswerSummary()
+}
+
+// Prints a summary of all DNS questions
+func printDNSQuestionSummary() {
+	// Overall question stats
+	log.Printf("%d DNS questions in total", numQuestions)
+	log.Printf("%s records", generateDNSTypeSummary(questionType))
+	log.Printf("%d unique domains of %d base domains, of which are %d private (non-ICANN) TLDs.", len(questionDomains), len(questionBaseDomains), len(questionPrivateDomains))
+
+	// Output base domains asked for
+	if len(questionBaseDomains) > 0 {
+		log.Println("Asked for these base domains:")
+		printTree(questionBaseDomains)
+	}
+
+	// Output private domains
+	if len(questionPrivateDomains) > 0 {
+		log.Println("Asked for these private (non-ICANN managed) domains:")
+		printTree(questionPrivateDomains)
+	}
+}
+
+// Prints a summary of all DNS answers
+func printDNSAnswerSummary() {
+	// Overall question stats
+	log.Printf("%d DNS answers in total", numAnswers)
+	log.Printf("%s records", generateDNSTypeSummary(answerType))
+	log.Printf("%d unique domains of %d base domains, of which are %d private (non-ICANN) TLDs.", len(answerDomains), len(answerBaseDomains), len(answerPrivateDomains))
+
+	// Output base domains answered with
+	if len(answerBaseDomains) > 0 {
+		log.Println("Answered with these base domains:")
+		printTree(answerBaseDomains)
+	}
+
+	// Output private domains
+	if len(answerPrivateDomains) > 0 {
+		log.Println("Answered with these private (non-ICANN managed) domains:")
+		printTree(answerPrivateDomains)
+	}
+}
+
+// Prints each element, along with a small ASCII tree
+func printTree(strarr []string) {
+	// iterate over each element
+	for iter, elem := range strarr {
+		// check if we got the last element
+		if iter < len(strarr) - 1 {
+			log.Printf("|- %s", elem)
+		} else {
+			log.Printf("'- %s\n\n", elem)
+		}
+	}
+}
+
+// Generates a summary string for DNS types in the given array
+func generateDNSTypeSummary(typearr map[layers.DNSType]int) string {
+	var answerarr []string
+
+	// Iterate over all possible DNS types
+	for iter, typeelem := range typearr {
+		// Read amount of type hits for this type
+		answerarr = append(answerarr, fmt.Sprintf("%d %s", typeelem, iter.String()))
+	}
+
+	// Check if we even processed a single type
+	if len(answerarr) == 0 {
+		// we didn't, strange.
+		return "(no types encountered)"
+	}
+
+	// now, glue all array elements together
+	answerstr := ""
+	for iter, elem := range answerarr {
+		// Check if we need to apply to proper sentence rules
+		if iter == 0 {
+			// We don't need to append yet
+			answerstr = elem
+		} else if iter == len(answerarr) - 1 {
+			// Last element, use "and" instead of a comma
+			answerstr = fmt.Sprintf("%s and %s", answerstr, elem)
+		} else {
+			// Some entry, just add it with a comma
+			answerstr = fmt.Sprintf("%s, %s", answerstr, elem)
+		}
+	}
+
+	return answerstr
+}