dm secu

2024-06-21 04:03:34 +02:00 · 2024-06-21 04:03:34 +02:00 · fbe4f314f9
commit fbe4f314f9
parent 2dd5eedd00
2 changed files with 47 additions and 2 deletions
--- a/securite/dm/pcap_analyzer/src/main.rs
+++ b/securite/dm/pcap_analyzer/src/main.rs
@ -1,4 +1,9 @@
-use std::{collections::HashMap, error::Error, ops::AddAssign, path::PathBuf};
+use std::{
+	collections::{HashMap, HashSet},
+	error::Error,
+	ops::AddAssign,
+	path::PathBuf,
+};

 use clap::{Parser, Subcommand};
 use etherparse::{NetSlice, SlicedPacket};
@ -24,6 +29,8 @@ fn main() -> Result<(), Box<dyn Error>> {
 			let mut first_timestamp = None;
 			let mut last_timestamp = None;
 			let mut protocols = HashMap::new();
+			let mut sources = HashMap::new();
+			let mut destinations = HashSet::new();

 			while let Ok(packet) = pcap.next_packet() {
 				total += 1;
@ -39,9 +46,15 @@ fn main() -> Result<(), Box<dyn Error>> {
 				};

 				if let Some(NetSlice::Ipv4(ipv4)) = packet.net {
+					total_ipv4 += 1;
+
 					let protocol = ipv4.header().protocol();
 					protocols.entry(protocol).or_insert(0).add_assign(1);
-					total_ipv4 += 1;
+
+					let entry = sources.entry(ipv4.header().source()).or_insert((0, 0));
+					entry.0 += 1;
+					entry.1 += ipv4.payload().payload.len();
+					destinations.insert(ipv4.header().destination());
 				}
 			}

@ -56,6 +69,7 @@ fn main() -> Result<(), Box<dyn Error>> {
 			let avg_packet = (last_timestamp - first_timestamp) / total as f64;
 			println!("Avg packet rate: {avg_packet: >14.4}");
 			println!("Errors:          {errs: >14}");
+			println!();

 			let mut protocols: Vec<_> = protocols.into_iter().collect();
 			protocols.sort_by_key(|(_, count)| *count);
@ -64,6 +78,16 @@ fn main() -> Result<(), Box<dyn Error>> {
 				let contrib = (count as f64 / total as f64) * 100.;
 				println!("- {num:?} {count: >14} ({contrib:>6.2}%)");
 			}
+			println!();
+
+			let unique_sources = sources.len();
+			println!("Unique sources:           {unique_sources: >14.4}");
+			let unique_dests = destinations.len();
+			println!("Unique destinations:      {unique_dests: >14.4}");
+			let most_bytes = sources.iter().max_by_key(|(_, (_, bytes))| bytes).map(|(addr, _)| addr);
+			println!("Source with most bytes:   {most_bytes:?}");
+			let most_packets = sources.iter().max_by_key(|(_, (packs, _))| packs).map(|(addr, _)| addr);
+			println!("Source with most packets: {most_packets:?}");
 		}
 	}