diff --git a/securite/dm/pcap_analyzer/src/main.rs b/securite/dm/pcap_analyzer/src/main.rs index 44e91b7..71f26d3 100644 --- a/securite/dm/pcap_analyzer/src/main.rs +++ b/securite/dm/pcap_analyzer/src/main.rs @@ -5,16 +5,30 @@ use pcap::Capture; fn main() -> Result<(), Box> { let Args { file, cmd } = Args::parse(); - let pcap = Capture::from_file(file)?; + let mut pcap = Capture::from_file(file)?; match cmd { Cmd::Links => { for record in pcap.list_datalinks()? { let name = record.get_name().unwrap_or_else(|_| "".into()); let description = record.get_description().unwrap_or_default(); - println!("link {name} {description}") + println!("link {name} {description}") } } + + Cmd::Stats => { + let mut total_ipv4 = 0; + let mut total = 0; + while let Ok(packet) = pcap.next_packet() { + total += 1; + let ether_type = &packet.data[20..][..2]; + if ether_type == [0x08, 0x00] { + total_ipv4 += 1; + } + } + println!("Count: {total: >9}"); + println!("Count IPv4: {total_ipv4: >9}"); + } } Ok(()) @@ -31,4 +45,5 @@ struct Args { #[derive(Subcommand)] enum Cmd { Links, + Stats, } diff --git a/securite/dm/rapport.md b/securite/dm/rapport.md index 6d55c6c..13408bb 100644 --- a/securite/dm/rapport.md +++ b/securite/dm/rapport.md @@ -139,5 +139,20 @@ Dès la troisième tentative, nous cherchons deux hachages spécifiques, il est #### What link-layer is included in the trace? +```sh +pcap_analyzer ./trace2.pcap links +# link EN10MB Ethernet +``` + +La trace contient un échantillon de trafic Ethernet. + #### What is the snap length and what is the significance of the snapshot length? The link type defined in the packet trace header is important as we must skip over the correct amount of data to reach the IP packet (which is what were really interested in). Note that while pcap is the most popular and widely accepted packet capture format, it has several limitations, which have led to development of alternatives. For example, PcapNg, or next-generation pcap, is now the default format in Wireshark. +La « snap length » est un paramètre des accesseurs d'un paquet, il sert à limiter la taille des données lues dans un paquet. + +#### Find the documentation for PcapNg online. Briefly (no more than 2 or 3 sentences) describe the differences between pcap and PcapNg. + +Le PcapNg introduit les fonctionnalités suivantes : +- Un seul fichier peut contenir plusieurs liens. +- Des annotations peuvent être ajoutés aux trammes. +- Des structures spécialisés permettent de compacter les données réccurentes (addresses, clés). diff --git a/securite/dm/sujet.pdf b/securite/dm/sujet.pdf new file mode 100644 index 0000000..b7a6fd2 Binary files /dev/null and b/securite/dm/sujet.pdf differ