📄 tcpdump49bitbip.java
字号:
/*================= * Copyright (C) 2001 Todd Kaplan * * Lisys is a program that monitors TCP SYN packets to detect network * traffic anomalies. * * Licensed under the GNU General Public License (GPL), version 2 or * higher. Please see the COPYING and PATENT files included with the * Lisys distribution, which can be found at: * * http://www.cs.unm.edu/~judd/lisys/ * * Also, the current text of the GPL can be found at: * * http://www.gnu.org/copyleft/gpl.html * * Note that Lisys has NO WARRANTY! *=================*/package edu.unm.cs.lisys.detection.bip;import edu.unm.cs.lisys.debug.*;import edu.unm.cs.lisys.util.*;import java.io.*;import java.util.*;import java.net.*;/**========== * TCPDump49BitBIP.java * The basic BIP implementation consists of boiling * a connection down to 49 bits: * - local 8 bits * - remote 32 bits * - incoming/outgoing 1 bit * - port 8 bits * * Here are the people who have worked on this code in the order they * have worked on it: * @author Todd Kaplan <kaplan@cs.unm.edu> * @author Justin Balthrop <judd@cs.unm.edu> *==========*/public class TCPDump49BitBIP extends BinaryInputPattern implements Serializable{ private static final int NUMBER_OF_BITS = 49; private static final int NUM_PACKED_BYTES = 6; private byte[] localIPMask; private byte[] packedBytes = new byte[NUM_PACKED_BYTES]; private boolean serverFlag; private String tcpDumpString; // Properties read from the constructorString. private String constructorString = new String(); private String timestamp; public TCPDump49BitBIP() { } public TCPDump49BitBIP(BitSet bits) { super(bits); } /**========== * constructBinaryString: * Creates a random binary string. *==========*/ public BinaryInputPattern constructBinaryString(KnuthRandom random) { BitSet bits = new BitSet(NUMBER_OF_BITS); for (int i = 0; i < NUMBER_OF_BITS; i++) { int value = random.intRange(2); if (value == 1) bits.set(i); } binaryString = bits; return this; } /**========== * constructBinaryString: * Constructs binary string from data. * * A typical string looks like: * 192.12.12: 19:38:19.868920 192.12.12.60.35108 > 204.202.129.230.80: * S 2366857996:2366857996(0) win 8760 <mss 1460> (DF) *==========*/ public BinaryInputPattern constructBinaryString(String s) { constructorString = s; // strip off the local ip mask StringTokenizer st = new StringTokenizer(s, " "); localIPMask = getLocalIPMask(st.nextToken()); // second token is timestamp and tcpDumpString -- separate them timestamp = st.nextToken(); String source = st.nextToken(); st.nextToken(); // throw away ">" String destination = st.nextToken(); //strip off the trailing ':' destination = destination.substring(0, destination.length() - 1); tcpDumpString = new String(source + " > " + destination); try { packBytes(IPtoBytes(source), IPtoBytes(destination)); } catch (InvalidTCPConnectionException e) { Debug.exception(this, e); } binaryString = packBinaryString(); return this; } public int getLength() { return NUMBER_OF_BITS; } /**========== * packBinaryString: * Packs the bytes into a BitSet *==========*/ private BitSet packBinaryString () { BitSet bs = new BitSet(NUMBER_OF_BITS); bs = BitSetUtils.mergeBytes(packedBytes); if (serverFlag) bs.set(NUMBER_OF_BITS - 1); return bs; } /**========== * packBytes: * Packs the bytes by determining whether the connection is * internal or external. *==========*/ private void packBytes(byte[] source, byte[] destination) throws InvalidTCPConnectionException { if (isLocalIP(destination)) { packedBytes[0] = destination[3]; packedBytes[1] = source[0]; packedBytes[2] = source[1]; packedBytes[3] = source[2]; packedBytes[4] = source[3]; packedBytes[5] = destination[4]; serverFlag = true; } else if (isLocalIP(source)) { packedBytes[0] = source[3]; packedBytes[1] = destination[0]; packedBytes[2] = destination[1]; packedBytes[3] = destination[2]; packedBytes[4] = destination[3]; packedBytes[5] = destination[4]; serverFlag = false; } else throw new InvalidTCPConnectionException("Neither IP is internal."); } /**========== * isLocalIP: * Determines whether the IP is in the local network *==========*/ private boolean isLocalIP(byte[] ip) { if ((localIPMask[0] == ip[0]) && (localIPMask[1] == ip[1]) && (localIPMask[2] == ip[2])) return true; return false; } /**========== * IPtoBytes: * Maps an ip address to a byte array (of 4, naturally). *==========*/ private byte[] IPtoBytes(String ipAddress) { StringTokenizer st = new StringTokenizer(ipAddress, ".: "); byte[] array = new byte[5]; for (int i = 0; i < 5; i++) { int it = Integer.parseInt(st.nextToken()); byte b = (byte) it; if (i == 4) b = TCPDump49BitServiceMap.get(it); array[i] = b; } return array; } /**========== * getLocalIPMask: * Returns the first 3 bytes of the local IP network. *==========*/ private byte[] getLocalIPMask(String s) { StringTokenizer st = new StringTokenizer(s, "."); byte[] bytes = new byte[3]; for (int i = 0; i < 3; i++) { String tok = st.nextToken(); int tokInt = Integer.parseInt(tok); if (tokInt < 128) bytes[i] = (byte) tokInt; else bytes[i] = (byte) (tokInt - 256); } return bytes; } public String toString() { StringBuffer sb = new StringBuffer(); if (tcpDumpString != null) sb.append(tcpDumpString + " "); sb.append("["); for (int i = 0; i < NUMBER_OF_BITS; i++) { if (binaryString.get(i)) sb.append("1"); else sb.append("0"); if (((i+ 1) % 8) == 0) sb.append("."); } sb.append("]"); return sb.toString(); } public String getConstructorString() { return constructorString; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -