pingpong.git
4 years agoUpdate pipeline: graph now maps IoT devices' MACs to hostnames or other MACs (if...
Janus Varmarken [Mon, 6 Nov 2017 07:45:31 +0000 (23:45 -0800)]
Update pipeline: graph now maps IoT devices' MACs to hostnames or other MACs (if local communication), and device-specific DNS queries are taken into account.
Changes:
- base_gefx_generator.py updated such that it considers MAC addresses instead of IPs and considers device-specific DNS queries for the IoT devices during graph construction.
- extract_from_tshark.py: updated to also include eth.src and eth.dst.
- parse_dns.py: corrected return value of hostname_for_ip_at_time such that the method simply returns the hostname instead of a tuple of timestamp and hostname.
- updated example json generated by extract_from_tshark.py
- added example gephi file generated by base_gefx_generator.py

4 years agoUpdate parse_dns.py with new datastructure that captures all dns requests per device...
Janus Varmarken [Sat, 4 Nov 2017 02:08:58 +0000 (19:08 -0700)]
Update parse_dns.py with new datastructure that captures all dns requests per device [NOTE: needs testing!]

4 years agoDefine DeviceDNSMap: class the stores a specific device's DNS mappings.
Janus Varmarken [Sat, 4 Nov 2017 00:22:33 +0000 (17:22 -0700)]
Define DeviceDNSMap: class the stores a specific device's DNS mappings.

4 years agoInitial experimentation with simple pipeline setup: Call parse_json_dns from parse_dn...
Janus Varmarken [Fri, 3 Nov 2017 19:07:13 +0000 (12:07 -0700)]
Initial experimentation with simple pipeline setup: Call parse_json_dns from parse_dns.py in base_gefx_generator.py
Add simple gitignore.
Add example wireshark DNS extract for testing.
Add example wireshark HTTP extract for testing.

4 years agoFixing indentation and results display
rtrimana [Fri, 3 Nov 2017 15:44:44 +0000 (08:44 -0700)]
Fixing indentation and results display

4 years agoA simple script to analyze the distribution of packet frequencies against time
rtrimana [Fri, 3 Nov 2017 15:33:55 +0000 (08:33 -0700)]
A simple script to analyze the distribution of packet frequencies against time

4 years agoUpdate DNS parser to also construct IP-> hostname map [NOTE: This is the SIMPLEST...
Janus Varmarken [Wed, 1 Nov 2017 20:46:37 +0000 (13:46 -0700)]
Update DNS parser to also construct IP-> hostname map [NOTE: This is the SIMPLEST SOLUTION and does not consider cases where one IP maps to multiple hostnames nor does it consider timing of the mappings -- serves only as a starting point]

4 years agoAdd parse_dns.py: reads DNS traffic from a file (JSON formatted by tshark) and constr...
Janus Varmarken [Fri, 27 Oct 2017 02:46:16 +0000 (19:46 -0700)]
Add parse_dns.py: reads DNS traffic from a file (JSON formatted by tshark) and constructs a map in which a hostname points to a set of IPs associated with that hostname.

4 years agoextract_from_tshark.py:
Janus Varmarken [Thu, 26 Oct 2017 05:00:04 +0000 (22:00 -0700)]
extract_from_tshark.py:
- apply Shuba's fix: do not skip packets that do not have a comment.
- include src ip and src port in output

4 years agoAdd base_gefx_generator.py: script that constructs a .gefx file from JSON generated...
Janus Varmarken [Thu, 26 Oct 2017 04:52:08 +0000 (21:52 -0700)]
Add base_gefx_generator.py: script that constructs a .gefx file from JSON generated by extract_from_tshark.py. The script generates a graph in which nodes are hosts and edges indicate that there is communication between the hosts. The script label/identify hosts by their IPs. It should serve as a starting point when we want to include more information in the graphs (e.g. host name).

4 years agoFirst version of scripts for traffic analysis
Rahmadi Trimananda [Wed, 25 Oct 2017 16:17:04 +0000 (09:17 -0700)]
First version of scripts for traffic analysis

4 years agoInitial commit
Rahmadi Trimananda [Wed, 25 Oct 2017 16:13:36 +0000 (09:13 -0700)]
Initial commit