diff --git a/securite/dm/pcap_analyzer/src/main.rs b/securite/dm/pcap_analyzer/src/main.rs index a4ce6eb..db40d8d 100644 --- a/securite/dm/pcap_analyzer/src/main.rs +++ b/securite/dm/pcap_analyzer/src/main.rs @@ -1,4 +1,9 @@ -use std::{collections::HashMap, error::Error, ops::AddAssign, path::PathBuf}; +use std::{ + collections::{HashMap, HashSet}, + error::Error, + ops::AddAssign, + path::PathBuf, +}; use clap::{Parser, Subcommand}; use etherparse::{NetSlice, SlicedPacket}; @@ -24,6 +29,8 @@ fn main() -> Result<(), Box> { let mut first_timestamp = None; let mut last_timestamp = None; let mut protocols = HashMap::new(); + let mut sources = HashMap::new(); + let mut destinations = HashSet::new(); while let Ok(packet) = pcap.next_packet() { total += 1; @@ -39,9 +46,15 @@ fn main() -> Result<(), Box> { }; if let Some(NetSlice::Ipv4(ipv4)) = packet.net { + total_ipv4 += 1; + let protocol = ipv4.header().protocol(); protocols.entry(protocol).or_insert(0).add_assign(1); - total_ipv4 += 1; + + let entry = sources.entry(ipv4.header().source()).or_insert((0, 0)); + entry.0 += 1; + entry.1 += ipv4.payload().payload.len(); + destinations.insert(ipv4.header().destination()); } } @@ -56,6 +69,7 @@ fn main() -> Result<(), Box> { let avg_packet = (last_timestamp - first_timestamp) / total as f64; println!("Avg packet rate: {avg_packet: >14.4}"); println!("Errors: {errs: >14}"); + println!(); let mut protocols: Vec<_> = protocols.into_iter().collect(); protocols.sort_by_key(|(_, count)| *count); @@ -64,6 +78,16 @@ fn main() -> Result<(), Box> { let contrib = (count as f64 / total as f64) * 100.; println!("- {num:?} {count: >14} ({contrib:>6.2}%)"); } + println!(); + + let unique_sources = sources.len(); + println!("Unique sources: {unique_sources: >14.4}"); + let unique_dests = destinations.len(); + println!("Unique destinations: {unique_dests: >14.4}"); + let most_bytes = sources.iter().max_by_key(|(_, (_, bytes))| bytes).map(|(addr, _)| addr); + println!("Source with most bytes: {most_bytes:?}"); + let most_packets = sources.iter().max_by_key(|(_, (packs, _))| packs).map(|(addr, _)| addr); + println!("Source with most packets: {most_packets:?}"); } } diff --git a/securite/dm/rapport.md b/securite/dm/rapport.md index 2989c29..d7bcaa3 100644 --- a/securite/dm/rapport.md +++ b/securite/dm/rapport.md @@ -170,6 +170,8 @@ pcap_analyzer ./trace2.pcap stats # Last timestamp: 1474309098.10 # Avg packet rate: 0.0014 # Errors: 1717607 +# Main Protocols: +# - 6 (TCP - Transmission Control) 28893393 ( 94.39%) ``` La trace contient 28 893 393 paquets IPv4. @@ -185,3 +187,22 @@ Le timestamp du premier paquet de la trace est 1 474 265 898.92 secondes. #### What is the average packet rate (in packets per second to two decimal places) of the trace (as Avg packet rate:)? Le taux de paquets de la trace est 0.0014 paquet par seconde. + +#### What is the packet protocol distribution? (A table showing the 5 top protocols and their respective contributions is fine.) + +94.39% des paquets sont des paquets TCP. Les autres paquets n'ont pas d'entĂȘte IPv4. + +#### Plot a histogram of the packet size distribution (the Python numpy and matplot packages are installed on the Labtainer). + +... + +#### How many unique IPv4 source addresses are present in the trace (as Unique sources:)? +#### How many unique IPv4 destination addresses are present in the trace (as Unique destinations:)? +#### Create a cumulative distribution function (CDF) plot. The x-axis is the number of bytes sent and the y-axis is the cumulative fraction of sources. + +... + +#### Which source sent the most bytes (as Source with most bytes:)? +#### Which source sent the most packets (as Source with most packets:)? Based on your analysis of the trace: +#### List 3 characteristics of the traffic that seem unusual to you. +#### Provide a reasonable explanation for what traffic the trace represents, taking into account the unusual characteristics you have identified. \ No newline at end of file