#!/usr/bin/perl -w
#
# Copyright (C) 2001 by USC/ISI
# All rights reserved.
#
# Redistribution and use in source and binary forms are permitted
# provided that the above copyright notice and this paragraph are
# duplicated in all such forms and that any documentation, advertising
# materials, and other materials related to such distribution and use
# acknowledge that the software was developed by the University of
# Southern California, Information Sciences Institute. The name of the
# University may not be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
# An tcl script that extracts DATA/ACK packets from/to ISI domain,
# used by SAMAN ModelGen
#
# This work is supported by DARPA through SAMAN Project
# (http://www.isi.edu/saman/), administered by the Space and Naval
# Warfare System Center San Diego under Contract No. N66001-00-C-8066
#
sub usage {
print STDERR <<END;
usage: $0 [-r Filename] [-s DomainPrefix]
Options:
-r string file that contains a list of FTP clients, which
is output of getFTPclient.pl
-s string specify IP prefix to distinguish Inbound from
outbound traffic (eg. 192.1)
END
exit 1;
}
BEGIN {
$dblibdir = "./";
push(@INC, $dblibdir);
}
use DbGetopt;
require "dblib.pl";
my(@orig_argv) = @ARGV;
&usage if ($#ARGV < 0);
my($prog) = &progname;
my($dbopts) = new DbGetopt("r:s:?", \@ARGV);
my($ch);
while ($dbopts->getopt) {
$ch = $dbopts->opt;
if ($ch eq 'r') {
$infile = $dbopts->optarg;
} elsif ($ch eq 's') {
$prefix = $dbopts->optarg;
} else {
&usage;
};
};
($ip1,$ip2,$ip3,$ip4,$m1,$m2,$m3,$m4) = split(/[.\/ ]/,$prefix);
$ip3="";
$ip4="";
$m1="";
$m2="";
$m3="";
$m4="";
$isiPrefix=join(".",$ip1,$ip2);
open(OUT,"> outbound.seq") || die("cannot open outbound.seq\n");
open(IN,"> inbound.seq") || die("cannot open inbound.seq\n");
open(FIN,"< $infile") || die("cannot open $infile\n");
$num_ftp=0;
while (<FIN>) {
($host,$newline) = split(/[:() \n]/,$_);
$newline="";
$ftpC[$num_ftp]=$host;
$num_ftp++;
}
close(FIN);
while (<>) {
($time1,$time2,$ip11,$ip12,$ip13,$ip14,$srcPort,$dummy1,$ip21,$ip22,$ip23,$ip24,$dstPort,$dummy2,$flag,$seqb,$seqe,$size,$size1) = split(/[.:() ]/,$_);
# ($time1,$time2,$dummy0,$ip11,$ip12,$ip13,$ip14,$srcPort,$dummy1,$ip21,$ip22,$ip23,$ip24,$dstPort,$dummy2,$flag,$seqb,$seqe,$size,$size1) = split(/[.:() ]/,$_);
$sTime=join(".",$time1,$time2);
# $dummy0="";
$dummy1="";
$dummy2="";
$flag="";
if ( ($seqe ne "ack") && ($seqb eq "")) {
$seqb=$seqe;
$seqe=$size;
$size=$size1;
}
$prefixc=join(".",$ip11,$ip12);
$prefixs=join(".",$ip21,$ip22);
$src=join(".",$ip11,$ip12,$ip13,$ip14);
$dst=join(".",$ip21,$ip22,$ip23,$ip24);
$srcp=join(".",$ip11,$ip12,$ip13,$ip14,$srcPort);
$dstp=join(".",$ip21,$ip22,$ip23,$ip24,$dstPort);
$found=0;
foreach $j (0 .. $#ftpC) {
if ($src eq $ftpC[$j]) {
$found=1;
$client=$srcp;
$server=$dstp;
}
if ($dst eq $ftpC[$j]) {
$found=1;
$client=$dstp;
$server=$srcp;
}
}
if ($found eq 0) {
print "ERROR in BW-seq-ftp.pl: $src $dst\n";
}
#capture 3 types of packaets
# 1. data packet to the server
# 2. data packet from the server
# 3. ack packet to the server
#data packet from ISI server
if ( $prefixc eq $isiPrefix) {
# if ($srcp eq $server) {
if ( $seqe ne "ack" ) {
# if ( $size eq 1460 ) {
if ( $size > 1000 ) {
print OUT "$client $server $seqe $sTime data\n"
}
}
}
#ACK packet to ISI
if ($prefixs eq $isiPrefix) {
if ($seqe eq "ack") {
print OUT "$client $server $size $sTime ack\n"
}
else {
# if ( $size eq 1460 ) {
if ( $size > 1000 ) {
print IN "$client $server $sTime $seqe\n";
}
}
}
}
close(OUT);
close(IN);
syntax highlighted by Code2HTML, v. 0.9.1