epita/notes-ing2
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

dm secu

Browse source
This commit is contained in:
JOLIMAITRE Matthieu 2024-06-21 03:28:58 +02:00
parent e5959fe81f
commit b4499d3702
4 changed files with 43 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
securite/dm/pcap_analyzer/Cargo.lock generated
View file

@ -215,6 +215,7 @@ version = "0.1.0"
dependencies = [ dependencies = [
"clap", "clap",
"etherparse", "etherparse",
"libc",
"pcap", "pcap",
] ]

1
securite/dm/pcap_analyzer/Cargo.toml
View file

@ -6,4 +6,5 @@ edition = "2021"
[dependencies] [dependencies]
clap = { version = "4.5.7", features = ["derive"] } clap = { version = "4.5.7", features = ["derive"] }
etherparse = "0.15.0" etherparse = "0.15.0"
libc = "0.2"
pcap = "2.0.0" pcap = "2.0.0"

27
securite/dm/pcap_analyzer/src/main.rs
View file

@ -21,9 +21,16 @@ fn main() -> Result<(), Box<dyn Error>> {
let mut total = 0; let mut total = 0;
let mut total_ipv4 = 0; let mut total_ipv4 = 0;
let mut errs = 0; let mut errs = 0;
let mut first_timestamp = None;
let mut last_timestamp = None;
while let Ok(packet) = pcap.next_packet() { while let Ok(packet) = pcap.next_packet() {
total += 1; total += 1;
last_timestamp = Some(packet.header.ts);
if first_timestamp.is_none() {
first_timestamp = last_timestamp;
}
let Ok(packet) = SlicedPacket::from_ethernet(packet.data) else { let Ok(packet) = SlicedPacket::from_ethernet(packet.data) else {
errs += 1; errs += 1;
continue; continue;
@ -33,9 +40,17 @@ fn main() -> Result<(), Box<dyn Error>> {
total_ipv4 += 1; total_ipv4 += 1;
} }
} }
println!("Count: {total: >9}"); println!("Count: {total: >20}");
println!("Count IPv4: {total_ipv4: >9}"); println!("Count IPv4: {total_ipv4: >20}");
println!("Errors: {errs: >9}"); let non_ipv4 = total - total_ipv4;
println!("non-IPv4 count: {non_ipv4: >20}");
let first_timestamp = first_timestamp.map(tv_to_sec).unwrap_or_default();
println!("First timestamp: {first_timestamp: >20.2}");
let last_timestamp = last_timestamp.map(tv_to_sec).unwrap_or_default();
println!("Last timestamp: {last_timestamp: >20.2}");
let avg_packet = (last_timestamp - first_timestamp) / total as f64;
println!("Avg packet rate: {avg_packet: >20.2}");
println!("Errors: {errs: >20}");
} }
} }
@ -55,3 +70,9 @@ enum Cmd {
Links, Links,
Stats, Stats,
} }
fn tv_to_sec(tv: libc::timeval) -> f64 {
let usec_per_sec = 1_000_000;
let usecs = tv.tv_usec + (tv.tv_sec * usec_per_sec);
usecs as f64 / usec_per_sec as f64
}

17
securite/dm/rapport.md
View file

@ -156,3 +156,20 @@ Le PcapNg introduit les fonctionnalités suivantes :
- Un seul fichier peut contenir plusieurs liens. - Un seul fichier peut contenir plusieurs liens.
- Des annotations peuvent être ajoutés aux trammes. - Des annotations peuvent être ajoutés aux trammes.
- Des structures spécialisés permettent de compacter les données réccurentes (addresses, clés). - Des structures spécialisés permettent de compacter les données réccurentes (addresses, clés).
### Basic traffic stats
#### How many IPv4 packets does the trace contain (as IPv4 count:)?
```sh
pcap_analyzer ./trace2.pcap stats
# Count: 30611000
# Count IPv4: 28893393
# non-IPv4 count: 1717607
```
La trace contient 28 893 393 paquets IPv4.
#### How many non-IPv4 packets does the trace contain (as non-IPv4 count:)?
La trace contient 1 717 607 paquets non-IPv4.