mirror of
https://github.com/maride/pancap.git
synced 2024-12-22 12:27:28 +00:00
Get rid of LinkType-style branching: different LinkTypes may use the same Protocol modules.
This commit is contained in:
parent
c2aa435a6d
commit
f0b5ab140e
@ -1,11 +1,8 @@
|
||||
package ethernet
|
||||
package analyze
|
||||
|
||||
import (
|
||||
"git.darknebu.la/maride/pancap/ethernet/arp"
|
||||
"git.darknebu.la/maride/pancap/ethernet/dhcpv4"
|
||||
"git.darknebu.la/maride/pancap/ethernet/dns"
|
||||
"git.darknebu.la/maride/pancap/protocol"
|
||||
"github.com/google/gopacket"
|
||||
"github.com/google/gopacket/layers"
|
||||
"log"
|
||||
)
|
||||
|
||||
@ -22,33 +19,23 @@ func Analyze(source *gopacket.PacketSource) error {
|
||||
continue
|
||||
}
|
||||
|
||||
if packet.Layer(layers.LayerTypeDNS) != nil {
|
||||
// Handle DNS packet
|
||||
handleErr(dns.ProcessDNSPacket(packet))
|
||||
}
|
||||
|
||||
if packet.Layer(layers.LayerTypeARP) != nil {
|
||||
// Handle ARP packet
|
||||
handleErr(arp.ProcessARPPacket(packet))
|
||||
}
|
||||
|
||||
if packet.Layer(layers.LayerTypeDHCPv4) != nil {
|
||||
// Handle DHCP (v4) packet
|
||||
handleErr(dhcpv4.HandleDHCPv4Packet(packet))
|
||||
// Iterate over all possible protocols
|
||||
for _, p := range protocol.Protocols {
|
||||
// Check if this protocol can handle this packet
|
||||
if p.CanAnalyze(packet) {
|
||||
handleErr(p.Analyze(packet))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// After processing all packets, print summary
|
||||
printSummary()
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Prints all the summaries.
|
||||
func printSummary() {
|
||||
arp.PrintARPSummary()
|
||||
dns.PrintDNSSummary()
|
||||
dhcpv4.PrintDHCPv4Summary()
|
||||
func PrintSummary() {
|
||||
for _, p := range protocol.Protocols {
|
||||
p.PrintSummary()
|
||||
}
|
||||
}
|
||||
|
||||
// Handles an error, if err is not nil.
|
||||
@ -58,3 +45,4 @@ func handleErr(err error) {
|
||||
log.Printf("Encountered error while examining packets, continuing anyway. Error: %s", err.Error())
|
||||
}
|
||||
}
|
||||
|
23
analyzer.go
23
analyzer.go
@ -1,23 +0,0 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"git.darknebu.la/maride/pancap/ethernet"
|
||||
"github.com/google/gopacket"
|
||||
"github.com/google/gopacket/layers"
|
||||
)
|
||||
|
||||
// Analyzes the given packet source
|
||||
func analyzePCAP(source *gopacket.PacketSource, linkType layers.LinkType) error {
|
||||
// Switch over link type to determine correct module to ask for analysis
|
||||
switch linkType {
|
||||
case layers.LinkTypeEthernet:
|
||||
// Ethernet
|
||||
return ethernet.Analyze(source)
|
||||
}
|
||||
|
||||
// if we reach this point, the given PCAP contains a link type we can't handle (yet).
|
||||
errorMsg := fmt.Sprintf("Asked for link type %s (ID %d), but not supported by pancap. :( sorry!", linkType.String(), linkType)
|
||||
return errors.New(errorMsg)
|
||||
}
|
@ -1,21 +0,0 @@
|
||||
package dhcpv4
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"git.darknebu.la/maride/pancap/common"
|
||||
"github.com/google/gopacket/layers"
|
||||
)
|
||||
|
||||
var (
|
||||
requestMAC []string
|
||||
)
|
||||
|
||||
// Processes the DHCP request packet handed over
|
||||
func processRequestPacket(dhcppacket layers.DHCPv4) {
|
||||
requestMAC = common.AppendIfUnique(dhcppacket.ClientHWAddr.String(), requestMAC)
|
||||
}
|
||||
|
||||
// Generates the summary of all DHCP request packets
|
||||
func generateRequestSummary() string {
|
||||
return fmt.Sprintf("%d unique DHCP requests\n%s", len(requestMAC), common.GenerateTree(requestMAC))
|
||||
}
|
8
main.go
8
main.go
@ -3,6 +3,7 @@ package main
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"git.darknebu.la/maride/pancap/analyze"
|
||||
"git.darknebu.la/maride/pancap/output"
|
||||
"log"
|
||||
"math/rand"
|
||||
@ -19,19 +20,22 @@ func main() {
|
||||
flag.Parse()
|
||||
|
||||
// Open the given PCAP
|
||||
packetSource, linkType, fileErr := openPCAP()
|
||||
packetSource, _, fileErr := openPCAP()
|
||||
if fileErr != nil {
|
||||
// Encountered problems with the PCAP - permission and/or existance error
|
||||
log.Fatalf("Error occured while opeining specified file: %s", fileErr.Error())
|
||||
}
|
||||
|
||||
// Start analyzing
|
||||
analyzeErr := analyzePCAP(packetSource, linkType)
|
||||
analyzeErr := analyze.Analyze(packetSource)
|
||||
if analyzeErr != nil {
|
||||
// Mh, encountered some problems while analyzing file
|
||||
log.Fatalf("Error occurred while analyzing: %s", analyzeErr.Error())
|
||||
}
|
||||
|
||||
// Show user analysis
|
||||
analyze.PrintSummary()
|
||||
|
||||
// Finalize output
|
||||
output.Finalize()
|
||||
}
|
||||
|
@ -15,8 +15,15 @@ var (
|
||||
devices []arpDevice
|
||||
)
|
||||
|
||||
// Called on every ARP packet
|
||||
func ProcessARPPacket(packet gopacket.Packet) error {
|
||||
type Protocol struct {}
|
||||
|
||||
// Checks if the given packet is an ARP packet we can process
|
||||
func (p *Protocol) CanAnalyze(packet gopacket.Packet) bool {
|
||||
return packet.Layer(layers.LayerTypeARP) != nil
|
||||
}
|
||||
|
||||
// Analyzes the given ARP packet
|
||||
func (p *Protocol) Analyze(packet gopacket.Packet) error {
|
||||
var arppacket layers.ARP
|
||||
|
||||
// Decode raw packet into ARP
|
||||
@ -28,7 +35,7 @@ func ProcessARPPacket(packet gopacket.Packet) error {
|
||||
|
||||
// Convert MAC address byte array to string
|
||||
sourceAddr := net.HardwareAddr(arppacket.SourceHwAddress).String()
|
||||
participant := getStatOrCreate(sourceAddr)
|
||||
participant := p.getStatOrCreate(sourceAddr)
|
||||
|
||||
// Raise stats
|
||||
if arppacket.Operation == layers.ARPRequest {
|
||||
@ -37,27 +44,27 @@ func ProcessARPPacket(packet gopacket.Packet) error {
|
||||
participant.askedList = common.AppendIfUnique(net.IP(arppacket.DstProtAddress).String(), participant.askedList)
|
||||
|
||||
// Add device entry
|
||||
addDeviceEntry(sourceAddr, net.IP(arppacket.SourceProtAddress).String())
|
||||
p.addDeviceEntry(sourceAddr, net.IP(arppacket.SourceProtAddress).String())
|
||||
} else {
|
||||
// Response packet
|
||||
participant.answered++
|
||||
participant.answeredList = common.AppendIfUnique(net.IP(arppacket.SourceProtAddress).String(), participant.answeredList)
|
||||
|
||||
// Add device entry
|
||||
addDeviceEntry(sourceAddr, net.IP(arppacket.SourceProtAddress).String())
|
||||
p.addDeviceEntry(sourceAddr, net.IP(arppacket.SourceProtAddress).String())
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Print a summary after all packets are processed
|
||||
func PrintARPSummary() {
|
||||
output.PrintBlock("ARP traffic summary", generateTrafficStats())
|
||||
output.PrintBlock("ARP LAN overview", generateLANOverview())
|
||||
func (p *Protocol) PrintSummary() {
|
||||
output.PrintBlock("ARP traffic summary", p.generateTrafficStats())
|
||||
output.PrintBlock("ARP LAN overview", p.generateLANOverview())
|
||||
}
|
||||
|
||||
// Generates an answer regarding the ARP traffic
|
||||
func generateTrafficStats() string {
|
||||
func (p *Protocol) generateTrafficStats() string {
|
||||
var tmparr []string
|
||||
|
||||
// Iterate over all participants
|
||||
@ -83,7 +90,7 @@ func generateTrafficStats() string {
|
||||
}
|
||||
|
||||
// Generates an overview over all connected devices in the LAN
|
||||
func generateLANOverview() string {
|
||||
func (p *Protocol) generateLANOverview() string {
|
||||
var tmparr []string
|
||||
|
||||
// iterate over all devices
|
||||
@ -96,7 +103,7 @@ func generateLANOverview() string {
|
||||
}
|
||||
|
||||
// Returns the arpStats object for the given MAC address, or creates a new one
|
||||
func getStatOrCreate(macaddr string) *arpStats {
|
||||
func (p *Protocol) getStatOrCreate(macaddr string) *arpStats {
|
||||
// Try to find the given macaddr
|
||||
for i := 0; i < len(arpStatsList); i++ {
|
||||
if arpStatsList[i].macaddr == macaddr {
|
||||
@ -115,7 +122,7 @@ func getStatOrCreate(macaddr string) *arpStats {
|
||||
}
|
||||
|
||||
// Adds a new entry to the devices array, checking if there may be a collision (=ARP Spoofing)
|
||||
func addDeviceEntry(macaddr string, ipaddr string) {
|
||||
func (p *Protocol) addDeviceEntry(macaddr string, ipaddr string) {
|
||||
if ipaddr == "0.0.0.0" {
|
||||
// Possible ARP request if sender doesn't have an IP address yet. Ignore.
|
||||
return
|
@ -6,11 +6,28 @@ import (
|
||||
"github.com/google/gopacket/layers"
|
||||
)
|
||||
|
||||
// Called on every DHCP (v4) packet
|
||||
func HandleDHCPv4Packet(packet gopacket.Packet) error {
|
||||
type Protocol struct {
|
||||
hostnames []hostname
|
||||
networkSetup map[layers.DHCPOpt][]byte
|
||||
requestMAC []string
|
||||
responses []dhcpResponse
|
||||
}
|
||||
|
||||
// Checks if the given packet is a DHCP packet we can process
|
||||
func (p *Protocol) CanAnalyze(packet gopacket.Packet) bool {
|
||||
return packet.Layer(layers.LayerTypeDHCPv4) != nil && packet.Layer(layers.LayerTypeEthernet) != nil && packet.Layers()[2].LayerPayload() != nil
|
||||
}
|
||||
|
||||
// Analyzes the given DHCP packet
|
||||
func (p *Protocol) Analyze(packet gopacket.Packet) error {
|
||||
var dhcppacket layers.DHCPv4
|
||||
var ethernetpacket layers.Ethernet
|
||||
|
||||
// Check if it's the first run - init networkSetup map then
|
||||
if p.networkSetup == nil {
|
||||
p.networkSetup = make(map[layers.DHCPOpt][]byte)
|
||||
}
|
||||
|
||||
// For some reason I can't find an explanation for,
|
||||
// packet.Layer(layers.LayerTypeDHCPv4).LayerContents(), which effectively is
|
||||
// packet.Layers()[3].layerContents(), is empty, but
|
||||
@ -35,23 +52,23 @@ func HandleDHCPv4Packet(packet gopacket.Packet) error {
|
||||
// Examine packet further
|
||||
if dhcppacket.Operation == layers.DHCPOpRequest {
|
||||
// Request packet
|
||||
processRequestPacket(dhcppacket)
|
||||
p.processRequestPacket(dhcppacket)
|
||||
} else {
|
||||
// Response/Offer packet
|
||||
processResponsePacket(dhcppacket, ethernetpacket)
|
||||
p.processResponsePacket(dhcppacket, ethernetpacket)
|
||||
}
|
||||
|
||||
// Check for Hostname DHCP option (12)
|
||||
checkForHostname(dhcppacket)
|
||||
checkForNetworkInfos(dhcppacket)
|
||||
p.checkForHostname(dhcppacket)
|
||||
p.checkForNetworkInfos(dhcppacket)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Print summary after all packets are processed
|
||||
func PrintDHCPv4Summary() {
|
||||
output.PrintBlock("DHCP Network Overview", generateNetworkSummary())
|
||||
output.PrintBlock("DHCP Requests", generateRequestSummary())
|
||||
output.PrintBlock("DHCP Responses/Offers", generateResponseSummary())
|
||||
output.PrintBlock("DHCP Hostnames", generateHostnamesSummary())
|
||||
func (p *Protocol) PrintSummary() {
|
||||
output.PrintBlock("DHCP Network Overview", p.generateNetworkSummary())
|
||||
output.PrintBlock("DHCP Requests", p.generateRequestSummary())
|
||||
output.PrintBlock("DHCP Responses/Offers", p.generateResponseSummary())
|
||||
output.PrintBlock("DHCP Hostnames", p.generateHostnamesSummary())
|
||||
}
|
@ -7,25 +7,21 @@ import (
|
||||
"log"
|
||||
)
|
||||
|
||||
var (
|
||||
hostnames []hostname
|
||||
)
|
||||
|
||||
func checkForHostname(dhcppacket layers.DHCPv4) {
|
||||
func (p *Protocol) checkForHostname(dhcppacket layers.DHCPv4) {
|
||||
// Search for "Hostname" option (ID 12) in DHCP Packet Options
|
||||
for _, o := range dhcppacket.Options {
|
||||
if o.Type == layers.DHCPOptHostname {
|
||||
// found it. Let's see if it's a request or response
|
||||
if dhcppacket.Operation == layers.DHCPOpRequest {
|
||||
// request, not granted yet.
|
||||
addHostname(hostname{
|
||||
p.addHostname(hostname{
|
||||
hostname: string(o.Data),
|
||||
requestedByMAC: dhcppacket.ClientHWAddr.String(),
|
||||
granted: false,
|
||||
})
|
||||
} else {
|
||||
// Response, DHCP issued this hostname
|
||||
addHostname(hostname{
|
||||
p.addHostname(hostname{
|
||||
hostname: string(o.Data),
|
||||
requestedByMAC: "",
|
||||
granted: true,
|
||||
@ -40,11 +36,11 @@ func checkForHostname(dhcppacket layers.DHCPv4) {
|
||||
}
|
||||
|
||||
// Generates the list of all hostnames encountered.
|
||||
func generateHostnamesSummary() string {
|
||||
func (p *Protocol) generateHostnamesSummary() string {
|
||||
var tmparr []string
|
||||
|
||||
// Construct meaningful text
|
||||
for _, h := range hostnames {
|
||||
for _, h := range p.hostnames {
|
||||
answer := ""
|
||||
|
||||
// check what kind of answer we need to construct
|
||||
@ -76,11 +72,11 @@ func generateHostnamesSummary() string {
|
||||
}
|
||||
|
||||
// Adds the given hostname to the hostname array, or patches an existing entry if found
|
||||
func addHostname(tmph hostname) {
|
||||
func (p *Protocol) addHostname(tmph hostname) {
|
||||
// see if we have an existing entry for this hostname
|
||||
for i := 0; i < len(hostnames); i++ {
|
||||
for i := 0; i < len(p.hostnames); i++ {
|
||||
// get ith hostname in the list
|
||||
h := hostnames[i]
|
||||
h := p.hostnames[i]
|
||||
|
||||
// ... and check if it's the one requested
|
||||
if h.hostname == tmph.hostname {
|
||||
@ -97,13 +93,13 @@ func addHostname(tmph hostname) {
|
||||
// Received a response for this hostname, check if it was granted
|
||||
if h.hostname == tmph.hostname {
|
||||
// granted, everything is fine.
|
||||
hostnames[i].granted = true
|
||||
p.hostnames[i].granted = true
|
||||
} else {
|
||||
// Received a different hostname than the one requested by the MAC. Report that.
|
||||
log.Printf("Client %s asked for hostname '%s' but was given '%s' by DHCP server", h.requestedByMAC, tmph.hostname, h.hostname)
|
||||
hostnames[i].deniedHostname = hostnames[i].hostname
|
||||
hostnames[i].hostname = tmph.hostname
|
||||
hostnames[i].granted = false
|
||||
p.hostnames[i].deniedHostname = p.hostnames[i].hostname
|
||||
p.hostnames[i].hostname = tmph.hostname
|
||||
p.hostnames[i].granted = false
|
||||
}
|
||||
// in either case, it's a response by the DHCP server - hostname is granted in this context
|
||||
|
||||
@ -114,5 +110,5 @@ func addHostname(tmph hostname) {
|
||||
}
|
||||
|
||||
// We didn't find the desired hostname, append given object to the list
|
||||
hostnames = append(hostnames, tmph)
|
||||
p.hostnames = append(p.hostnames, tmph)
|
||||
}
|
@ -11,7 +11,6 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
networkSetup = make(map[layers.DHCPOpt][]byte)
|
||||
watchedOpts = []layers.DHCPOpt{
|
||||
layers.DHCPOptSubnetMask, // Option 1
|
||||
layers.DHCPOptRouter, // Option 3
|
||||
@ -23,6 +22,19 @@ var (
|
||||
}
|
||||
)
|
||||
|
||||
// Generates the summary of relevant DHCP options
|
||||
func (p *Protocol) generateNetworkSummary() string {
|
||||
// It's also possible to use strings.Builder here, but it produces code which is longer than this solution :shrug:
|
||||
summary := fmt.Sprintf("Subnet Mask: %s\n", formatIP(p.networkSetup[layers.DHCPOptSubnetMask]))
|
||||
summary = fmt.Sprintf("%sBroadcast: %s\n", summary, formatIP(p.networkSetup[layers.DHCPOptBroadcastAddr]))
|
||||
summary = fmt.Sprintf("%sRouter: %s\n", summary, formatIP(p.networkSetup[layers.DHCPOptRouter]))
|
||||
summary = fmt.Sprintf("%sDNS Server: %s\n", summary, formatIP(p.networkSetup[layers.DHCPOptDNS]))
|
||||
summary = fmt.Sprintf("%sNTP Server: %s\n", summary, formatIP(p.networkSetup[layers.DHCPOptNTPServers]))
|
||||
summary = fmt.Sprintf( "%sLease Time: %s\n", summary, formatDate(p.networkSetup[layers.DHCPOptLeaseTime]))
|
||||
summary = fmt.Sprintf("%sRenewal Time: %s\n", summary, formatDate(p.networkSetup[layers.DHCPOptT1]))
|
||||
return summary
|
||||
}
|
||||
|
||||
// Looks for information specifying the setup of the network. This includes
|
||||
// - Option 1: Subnet Mask
|
||||
// - Option 3: Router address
|
||||
@ -31,7 +43,7 @@ var (
|
||||
// - Option 42: NTP Server address
|
||||
// - Option 51: IP Address Lease time
|
||||
// - Option 58: IP Renewal time
|
||||
func checkForNetworkInfos(dhcppacket layers.DHCPv4) {
|
||||
func (p *Protocol) checkForNetworkInfos(dhcppacket layers.DHCPv4) {
|
||||
// Check if it is a DHCP request
|
||||
if dhcppacket.Operation == layers.DHCPOpRequest {
|
||||
// We can ignore requests, they won't help us here
|
||||
@ -42,12 +54,29 @@ func checkForNetworkInfos(dhcppacket layers.DHCPv4) {
|
||||
for _, o := range dhcppacket.Options {
|
||||
if isRelevantOption(o) {
|
||||
// Found DHCP option to be watched, let's watch it
|
||||
saveOption(o)
|
||||
p.saveOption(o)
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Saves the given option in the networkSetup map, and informs the user if the value changes
|
||||
func (p *Protocol) saveOption(opt layers.DHCPOption) {
|
||||
// check if we already stored this value
|
||||
if p.networkSetup[opt.Type] != nil {
|
||||
// We already stored a value, let's check if it's the same as the new one
|
||||
if !bytes.Equal(p.networkSetup[opt.Type], opt.Data) {
|
||||
// Already stored a value and it's different from our new value - inform user and overwrite value later
|
||||
log.Printf("Received different values for DHCP Option %s (ID %d). (Old: %s, New. %s)", opt.Type.String(), opt.Type, p.networkSetup[opt.Type], opt.Data)
|
||||
} else {
|
||||
// Exactly this value was already stored, no need to overwrite it
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
p.networkSetup[opt.Type] = opt.Data
|
||||
}
|
||||
|
||||
// Checks if the given DHCPOption is part of the watchlist
|
||||
func isRelevantOption(opt layers.DHCPOption) bool {
|
||||
// Iterate over all DHCP options in our watchlist
|
||||
@ -62,23 +91,6 @@ func isRelevantOption(opt layers.DHCPOption) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
// Saves the given option in the networkSetup map, and informs the user if the value changes
|
||||
func saveOption(opt layers.DHCPOption) {
|
||||
// check if we already stored this value
|
||||
if networkSetup[opt.Type] != nil {
|
||||
// We already stored a value, let's check if it's the same as the new one
|
||||
if !bytes.Equal(networkSetup[opt.Type], opt.Data) {
|
||||
// Already stored a value and it's different from our new value - inform user and overwrite value later
|
||||
log.Printf("Received different values for DHCP Option %s (ID %d). (Old: %s, New. %s)", opt.Type.String(), opt.Type, networkSetup[opt.Type], opt.Data)
|
||||
} else {
|
||||
// Exactly this value was already stored, no need to overwrite it
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
networkSetup[opt.Type] = opt.Data
|
||||
}
|
||||
|
||||
// Formats the given byte array as string representing the IP address, or returns an error (as string)
|
||||
func formatIP(rawIP []byte) string {
|
||||
// Check if we even have an IP
|
||||
@ -139,17 +151,3 @@ func formatDate(rawDate []byte) string {
|
||||
|
||||
return formattedDate
|
||||
}
|
||||
|
||||
// Generates the summary of relevant DHCP options
|
||||
func generateNetworkSummary() string {
|
||||
// It's also possible to use strings.Builder here, but it produces code which is longer than this solution :shrug:
|
||||
summary := fmt.Sprintf("Subnet Mask: %s\n", formatIP(networkSetup[layers.DHCPOptSubnetMask]))
|
||||
summary = fmt.Sprintf("%sBroadcast: %s\n", summary, formatIP(networkSetup[layers.DHCPOptBroadcastAddr]))
|
||||
summary = fmt.Sprintf("%sRouter: %s\n", summary, formatIP(networkSetup[layers.DHCPOptRouter]))
|
||||
summary = fmt.Sprintf("%sDNS Server: %s\n", summary, formatIP(networkSetup[layers.DHCPOptDNS]))
|
||||
summary = fmt.Sprintf("%sNTP Server: %s\n", summary, formatIP(networkSetup[layers.DHCPOptNTPServers]))
|
||||
summary = fmt.Sprintf("%sLease Time: %s\n", summary, formatDate(networkSetup[layers.DHCPOptLeaseTime]))
|
||||
summary = fmt.Sprintf("%sRenewal Time: %s\n", summary, formatDate(networkSetup[layers.DHCPOptT1]))
|
||||
return summary
|
||||
}
|
||||
|
17
protocol/dhcpv4/request.go
Normal file
17
protocol/dhcpv4/request.go
Normal file
@ -0,0 +1,17 @@
|
||||
package dhcpv4
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"git.darknebu.la/maride/pancap/common"
|
||||
"github.com/google/gopacket/layers"
|
||||
)
|
||||
|
||||
// Processes the DHCP request packet handed over
|
||||
func (p *Protocol) processRequestPacket(dhcppacket layers.DHCPv4) {
|
||||
p.requestMAC = common.AppendIfUnique(dhcppacket.ClientHWAddr.String(), p.requestMAC)
|
||||
}
|
||||
|
||||
// Generates the summary of all DHCP request packets
|
||||
func (p *Protocol) generateRequestSummary() string {
|
||||
return fmt.Sprintf("%d unique DHCP requests\n%s", len(p.requestMAC), common.GenerateTree(p.requestMAC))
|
||||
}
|
@ -7,20 +7,16 @@ import (
|
||||
"log"
|
||||
)
|
||||
|
||||
var (
|
||||
responses []dhcpResponse
|
||||
)
|
||||
|
||||
func processResponsePacket(dhcppacket layers.DHCPv4, ethernetpacket layers.Ethernet) {
|
||||
addResponseEntry(dhcppacket.ClientIP.String(), dhcppacket.YourClientIP.String(), dhcppacket.ClientHWAddr.String(), ethernetpacket.SrcMAC.String())
|
||||
func (p *Protocol) processResponsePacket(dhcppacket layers.DHCPv4, ethernetpacket layers.Ethernet) {
|
||||
p.addResponseEntry(dhcppacket.ClientIP.String(), dhcppacket.YourClientIP.String(), dhcppacket.ClientHWAddr.String(), ethernetpacket.SrcMAC.String())
|
||||
}
|
||||
|
||||
// Generates the summary of all DHCP offer packets
|
||||
func generateResponseSummary() string {
|
||||
func (p *Protocol) generateResponseSummary() string {
|
||||
var tmpaddr []string
|
||||
|
||||
// Iterate over all responses
|
||||
for _, r := range responses {
|
||||
for _, r := range p.responses {
|
||||
addition := ""
|
||||
|
||||
if r.askedFor {
|
||||
@ -35,7 +31,7 @@ func generateResponseSummary() string {
|
||||
}
|
||||
|
||||
// Adds a new response entry. If an IP address was already issued or a MAC asks multiple times for DNS, the case is examined further
|
||||
func addResponseEntry(newIP string, yourIP string, destMAC string, serverMAC string) {
|
||||
func (p *Protocol) addResponseEntry(newIP string, yourIP string, destMAC string, serverMAC string) {
|
||||
// Check if client asked for a specific address (which was granted by the DHCP server)
|
||||
askedFor := false
|
||||
if newIP == "0.0.0.0" {
|
||||
@ -44,7 +40,7 @@ func addResponseEntry(newIP string, yourIP string, destMAC string, serverMAC str
|
||||
askedFor = true
|
||||
}
|
||||
|
||||
for _, r := range responses {
|
||||
for _, r := range p.responses {
|
||||
// Check for interesting cases
|
||||
if r.destMACAddr == destMAC {
|
||||
// The same client device received multiple IP addresses, let's examine further
|
||||
@ -71,7 +67,7 @@ func addResponseEntry(newIP string, yourIP string, destMAC string, serverMAC str
|
||||
}
|
||||
|
||||
// Add a response entry - even if we found some "strange" behavior before.
|
||||
responses = append(responses, dhcpResponse{
|
||||
p.responses = append(p.responses, dhcpResponse{
|
||||
destMACAddr: destMAC,
|
||||
newIPAddr: newIP,
|
||||
serverMACAddr: serverMAC,
|
@ -19,7 +19,7 @@ var (
|
||||
)
|
||||
|
||||
// Called on every DNS packet to process response(s)
|
||||
func processDNSAnswer(answers []layers.DNSResourceRecord) {
|
||||
func (p *Protocol) processDNSAnswer(answers []layers.DNSResourceRecord) {
|
||||
for _, answer := range answers {
|
||||
// Raise stats
|
||||
numAnswers++
|
||||
@ -35,7 +35,7 @@ func processDNSAnswer(answers []layers.DNSResourceRecord) {
|
||||
}
|
||||
|
||||
// Process type answers
|
||||
processType(answerType, answer.Type)
|
||||
p.processType(answerType, answer.Type)
|
||||
|
||||
// Append full domain and base domain
|
||||
answerDomains = common.AppendIfUnique(name, answerDomains)
|
||||
@ -63,12 +63,12 @@ func processDNSAnswer(answers []layers.DNSResourceRecord) {
|
||||
}
|
||||
|
||||
// Generates a summary of all DNS answers
|
||||
func generateDNSAnswerSummary() string {
|
||||
func (p *Protocol) generateDNSAnswerSummary() string {
|
||||
summary := ""
|
||||
|
||||
// Overall question stats
|
||||
summary = fmt.Sprintf("%s%d DNS answers in total\n", summary, numAnswers)
|
||||
summary = fmt.Sprintf("%s%s records\n", summary, generateDNSTypeSummary(answerType))
|
||||
summary = fmt.Sprintf("%s%s records\n", summary, p.generateDNSTypeSummary(answerType))
|
||||
summary = fmt.Sprintf("%s%d unique domains of %d base domains, of which are %d private (non-ICANN) TLDs.\n", summary, len(answerDomains), len(answerBaseDomains), len(answerPrivateDomains))
|
||||
|
||||
// Output base domains answered with
|
@ -17,7 +17,7 @@ var (
|
||||
)
|
||||
|
||||
// Processes the given dnstype and raises its stats in the given array
|
||||
func processType(typearr map[layers.DNSType]int, dnstype layers.DNSType) {
|
||||
func (p *Protocol) processType(typearr map[layers.DNSType]int, dnstype layers.DNSType) {
|
||||
typearr[dnstype]++
|
||||
}
|
||||
|
||||
@ -36,7 +36,7 @@ func ipIsPrivate(ip net.IP) bool {
|
||||
}
|
||||
|
||||
// Generates a summary string for DNS types in the given array
|
||||
func generateDNSTypeSummary(typearr map[layers.DNSType]int) string {
|
||||
func (p *Protocol) generateDNSTypeSummary(typearr map[layers.DNSType]int) string {
|
||||
var answerarr []string
|
||||
|
||||
// Iterate over all possible DNS types
|
@ -6,8 +6,14 @@ import (
|
||||
"github.com/google/gopacket/layers"
|
||||
)
|
||||
|
||||
// Called on every DNS packet
|
||||
func ProcessDNSPacket(packet gopacket.Packet) error {
|
||||
type Protocol struct {}
|
||||
|
||||
func (p *Protocol) CanAnalyze(packet gopacket.Packet) bool {
|
||||
return packet.Layer(layers.LayerTypeDNS) != nil
|
||||
}
|
||||
|
||||
// Analyzes the given DHCP packet
|
||||
func (p *Protocol) Analyze(packet gopacket.Packet) error {
|
||||
var dnspacket layers.DNS
|
||||
|
||||
// Decode raw packet into DNS
|
||||
@ -18,15 +24,15 @@ func ProcessDNSPacket(packet gopacket.Packet) error {
|
||||
}
|
||||
|
||||
// Further process the packet
|
||||
processDNSQuestion(dnspacket.Questions)
|
||||
processDNSAnswer(dnspacket.Answers)
|
||||
p.processDNSQuestion(dnspacket.Questions)
|
||||
p.processDNSAnswer(dnspacket.Answers)
|
||||
|
||||
// No error encountered, return clean
|
||||
return nil
|
||||
}
|
||||
|
||||
// Print a summary after all DNS packets were processed
|
||||
func PrintDNSSummary() {
|
||||
output.PrintBlock("DNS Request Summary", generateDNSQuestionSummary())
|
||||
output.PrintBlock("DNS Response Summary", generateDNSAnswerSummary())
|
||||
func (p *Protocol) PrintSummary() {
|
||||
output.PrintBlock("DNS Request Summary", p.generateDNSQuestionSummary())
|
||||
output.PrintBlock("DNS Response Summary", p.generateDNSAnswerSummary())
|
||||
}
|
@ -17,7 +17,7 @@ var (
|
||||
)
|
||||
|
||||
// Called on every DNS packet to process questions
|
||||
func processDNSQuestion(questions []layers.DNSQuestion) {
|
||||
func (p *Protocol) processDNSQuestion(questions []layers.DNSQuestion) {
|
||||
// Iterate over all questions
|
||||
for _, question := range questions {
|
||||
// Raise stats
|
||||
@ -34,7 +34,7 @@ func processDNSQuestion(questions []layers.DNSQuestion) {
|
||||
}
|
||||
|
||||
// Process type questions
|
||||
processType(questionType, question.Type)
|
||||
p.processType(questionType, question.Type)
|
||||
|
||||
// Append full domain and base domain
|
||||
questionDomains = common.AppendIfUnique(name, questionDomains)
|
||||
@ -52,12 +52,12 @@ func processDNSQuestion(questions []layers.DNSQuestion) {
|
||||
}
|
||||
|
||||
// Generates a summary of all DNS questions
|
||||
func generateDNSQuestionSummary() string {
|
||||
func (p *Protocol) generateDNSQuestionSummary() string {
|
||||
summary := ""
|
||||
|
||||
// Overall question stats
|
||||
summary = fmt.Sprintf("%s%d DNS questions in total\n", summary, numQuestions)
|
||||
summary = fmt.Sprintf("%s%s records\n", summary, generateDNSTypeSummary(questionType))
|
||||
summary = fmt.Sprintf("%s%s records\n", summary, p.generateDNSTypeSummary(questionType))
|
||||
summary = fmt.Sprintf("%s%d unique domains of %d base domains, of which are %d private (non-ICANN) TLDs.\n", summary, len(questionDomains), len(questionBaseDomains), len(questionPrivateDomains))
|
||||
|
||||
// Output base domains asked for
|
15
protocol/index.go
Normal file
15
protocol/index.go
Normal file
@ -0,0 +1,15 @@
|
||||
package protocol
|
||||
|
||||
import (
|
||||
"git.darknebu.la/maride/pancap/protocol/arp"
|
||||
"git.darknebu.la/maride/pancap/protocol/dhcpv4"
|
||||
"git.darknebu.la/maride/pancap/protocol/dns"
|
||||
)
|
||||
|
||||
var (
|
||||
Protocols = []Protocol{
|
||||
&arp.Protocol{},
|
||||
&dhcpv4.Protocol{},
|
||||
&dns.Protocol{},
|
||||
}
|
||||
)
|
9
protocol/protocol.go
Normal file
9
protocol/protocol.go
Normal file
@ -0,0 +1,9 @@
|
||||
package protocol
|
||||
|
||||
import "github.com/google/gopacket"
|
||||
|
||||
type Protocol interface {
|
||||
CanAnalyze(gopacket.Packet) bool
|
||||
Analyze(gopacket.Packet) error
|
||||
PrintSummary()
|
||||
}
|
Loading…
Reference in New Issue
Block a user