Compare commits
2 commits
6efb3c39bd
...
241c52a051
| Author | SHA1 | Date | |
|---|---|---|---|
241c52a051
|
|||
|
8b05a42e6b
|
12 changed files with 40 additions and 9 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
/target
|
||||||
BIN
pcaps/NTP_sync.pcap
Normal file
BIN
pcaps/NTP_sync.pcap
Normal file
Binary file not shown.
BIN
pcaps/SSHv2.cap
Normal file
BIN
pcaps/SSHv2.cap
Normal file
Binary file not shown.
BIN
pcaps/http.cap
Normal file
BIN
pcaps/http.cap
Normal file
Binary file not shown.
BIN
pcaps/http_image.cap
Normal file
BIN
pcaps/http_image.cap
Normal file
Binary file not shown.
BIN
pcaps/http_redirects.pcapng
Normal file
BIN
pcaps/http_redirects.pcapng
Normal file
Binary file not shown.
BIN
pcaps/telnet-cooked.pcap
Normal file
BIN
pcaps/telnet-cooked.pcap
Normal file
Binary file not shown.
|
|
@ -31,8 +31,8 @@ fn main() {
|
||||||
Some(pf) => Capture::from_file(pf).expect("Invalid pcap file provided"),
|
Some(pf) => Capture::from_file(pf).expect("Invalid pcap file provided"),
|
||||||
None => {
|
None => {
|
||||||
warn!("Using example.pcap as no pcap was provided");
|
warn!("Using example.pcap as no pcap was provided");
|
||||||
Capture::from_file(PathBuf::from("./pcaps/ssh_test.pcap"))
|
Capture::from_file(PathBuf::from("./pcaps/dns.cap"))
|
||||||
.expect("./pcaps/ssh_test.pcap does not exist")
|
.expect("./pcaps/dns.cap does not exist")
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
info!("Pcap loaded");
|
info!("Pcap loaded");
|
||||||
|
|
@ -57,6 +57,9 @@ fn main() {
|
||||||
stats.known_packets += 1;
|
stats.known_packets += 1;
|
||||||
trace!("Known packet type found: {:?}", x);
|
trace!("Known packet type found: {:?}", x);
|
||||||
let extracted = extract_info(x, sliced.payload.to_vec());
|
let extracted = extract_info(x, sliced.payload.to_vec());
|
||||||
|
if extracted.is_some() {
|
||||||
|
stats.analyzed += 1;
|
||||||
|
}
|
||||||
if opt.print_analysis {
|
if opt.print_analysis {
|
||||||
info!("{:?}", extracted);
|
info!("{:?}", extracted);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
use crate::util::*;
|
use crate::{util::*, ExtractedInfo, KnownProtocol, ProtocolType};
|
||||||
use nom::{
|
use nom::{
|
||||||
bytes::complete::{tag, take},
|
bytes::complete::{tag, take},
|
||||||
combinator::map,
|
combinator::map,
|
||||||
|
|
@ -15,6 +15,22 @@ pub enum DNSType {
|
||||||
Response,
|
Response,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl KnownProtocol for DNSType {
|
||||||
|
fn extract_info(&self, payload: Vec<u8>) -> ExtractedInfo {
|
||||||
|
ExtractedInfo::DNSQuery(analyse_dns_query(payload))
|
||||||
|
}
|
||||||
|
|
||||||
|
fn classify_proto(payload: Vec<u8>) -> Result<ProtocolType, ()> {
|
||||||
|
if is_dns_query(&payload) {
|
||||||
|
return Ok(ProtocolType::DNS(DNSType::Query));
|
||||||
|
}
|
||||||
|
if is_dns_response(&payload) {
|
||||||
|
return Ok(ProtocolType::DNS(DNSType::Response));
|
||||||
|
}
|
||||||
|
Err(())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Debug, PartialEq, Eq)]
|
#[derive(Debug, PartialEq, Eq)]
|
||||||
pub struct DNSValue {
|
pub struct DNSValue {
|
||||||
pub txid: u16,
|
pub txid: u16,
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,12 @@
|
||||||
use dns::{DNSType, DNSValue};
|
use dns::{DNSType, DNSValue};
|
||||||
|
|
||||||
mod dns;
|
mod dns;
|
||||||
|
mod ssh;
|
||||||
|
|
||||||
|
pub trait KnownProtocol {
|
||||||
|
fn classify_proto(payload: Vec<u8>) -> Result<ProtocolType, ()>;
|
||||||
|
fn extract_info(&self, payload: Vec<u8>) -> ExtractedInfo;
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub enum ProtocolType {
|
pub enum ProtocolType {
|
||||||
|
|
@ -24,9 +30,8 @@ pub fn extract_info(ptype: ProtocolType, payload: Vec<u8>) -> Option<ExtractedIn
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn match_protocol(payload: Vec<u8>) -> Result<ProtocolType, ()> {
|
pub fn match_protocol(payload: Vec<u8>) -> Result<ProtocolType, ()> {
|
||||||
match dns::is_dns(payload) {
|
if let Ok(x) = dns::is_dns(payload) {
|
||||||
Ok(x) => return Ok(ProtocolType::DNS(x)),
|
return Ok(ProtocolType::DNS(x));
|
||||||
Err(_) => {}
|
|
||||||
};
|
};
|
||||||
return Err(());
|
Err(())
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1 +1,4 @@
|
||||||
|
pub fn is_ssh(payload: Vec<u8>) -> bool {
|
||||||
|
// Check for ASCII "SSH"
|
||||||
|
payload[0] == 0x53 && payload[1] == 0x53 && payload[2] == 0x48
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ pub struct Stats {
|
||||||
pub unknown_packets: usize,
|
pub unknown_packets: usize,
|
||||||
pub errored_packets: usize,
|
pub errored_packets: usize,
|
||||||
pub empty_payload: usize,
|
pub empty_payload: usize,
|
||||||
|
pub analyzed: usize,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Stats {
|
impl Stats {
|
||||||
|
|
@ -21,6 +22,7 @@ impl Stats {
|
||||||
unknown_packets: 0,
|
unknown_packets: 0,
|
||||||
errored_packets: 0,
|
errored_packets: 0,
|
||||||
empty_payload: 0,
|
empty_payload: 0,
|
||||||
|
analyzed: 0,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -37,9 +39,10 @@ impl Display for Stats {
|
||||||
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
||||||
write!(
|
write!(
|
||||||
f,
|
f,
|
||||||
"Total: {}\nKnown: {}\nUnknown: {}\nErrored: {}\nEmpty: {}",
|
"Total: {}\nKnown/Analyzed: {}({})\nUnknown: {}\nErrored: {}\nEmpty: {}",
|
||||||
self.total_packets,
|
self.total_packets,
|
||||||
self.known_packets,
|
self.known_packets,
|
||||||
|
self.analyzed,
|
||||||
self.unknown_packets,
|
self.unknown_packets,
|
||||||
self.errored_packets,
|
self.errored_packets,
|
||||||
self.empty_payload
|
self.empty_payload
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue