├── .gitignore ├── .gitmodules ├── CICFlowMeters ├── CICFlowMeter-3.0 │ ├── LICENSE.txt │ ├── README.md │ ├── bin │ │ ├── CICFlowMeter │ │ └── CICFlowMeter.bat │ └── lib │ │ ├── CICFlowMeter-3.0.jar │ │ ├── animal-sniffer-annotations-1.14.jar │ │ ├── checker-compat-qual-2.0.0.jar │ │ ├── commons-io-2.5.jar │ │ ├── commons-lang3-3.6.jar │ │ ├── commons-math3-3.5.jar │ │ ├── error_prone_annotations-2.1.3.jar │ │ ├── guava-23.6-jre.jar │ │ ├── hamcrest-core-1.3.jar │ │ ├── j2objc-annotations-1.1.jar │ │ ├── java-cup-0.11a.jar │ │ ├── jfreechart-1.5.0.jar │ │ ├── jnetpcap-1.4.r1425-1g.jar │ │ ├── jsr305-1.3.9.jar │ │ ├── junit-4.12.jar │ │ ├── log4j-1.2.17.jar │ │ ├── native │ │ ├── jnetpcap-pcap100.dll │ │ ├── jnetpcap.dll │ │ ├── libjnetpcap-pcap100.so │ │ └── libjnetpcap.so │ │ ├── slf4j-api-1.7.25.jar │ │ ├── slf4j-log4j12-1.7.25.jar │ │ ├── tika-core-1.17.jar │ │ └── weka-stable-3.6.14.jar ├── CICFlowMeter-4.0 │ ├── LICENSE.txt │ ├── README.md │ ├── bin │ │ ├── CICFlowMeter │ │ ├── CICFlowMeter.bat │ │ ├── cfm │ │ └── cfm.bat │ └── lib │ │ ├── CICFlowMeter-4.0.jar │ │ ├── animal-sniffer-annotations-1.14.jar │ │ ├── checker-compat-qual-2.0.0.jar │ │ ├── commons-io-2.5.jar │ │ ├── commons-lang3-3.6.jar │ │ ├── commons-math3-3.5.jar │ │ ├── error_prone_annotations-2.1.3.jar │ │ ├── guava-23.6-jre.jar │ │ ├── hamcrest-core-1.3.jar │ │ ├── j2objc-annotations-1.1.jar │ │ ├── java-cup-0.11a.jar │ │ ├── jfreechart-1.5.0.jar │ │ ├── jnetpcap-1.4.r1425-1g.jar │ │ ├── jsr305-1.3.9.jar │ │ ├── junit-4.12.jar │ │ ├── log4j-1.2.17.jar │ │ ├── log4j-api-2.11.0.jar │ │ ├── log4j-core-2.11.0.jar │ │ ├── native │ │ ├── jnetpcap-pcap100.dll │ │ ├── jnetpcap.dll │ │ ├── libjnetpcap-pcap100.so │ │ └── libjnetpcap.so │ │ ├── slf4j-api-1.7.25.jar │ │ ├── slf4j-log4j12-1.7.25.jar │ │ ├── tika-core-1.17.jar │ │ └── weka-stable-3.6.14.jar ├── CICFlowMeter.revised ├── CICFlowMeterV2 │ ├── CHANGE_LOG.txt │ ├── CICFlowMeter.jar │ ├── COPYING │ ├── COPYING.LESSER │ ├── LICENSE.txt │ ├── README.md │ ├── RELEASE_NOTES.txt │ ├── analysis.h │ ├── export.h │ ├── jnetpcap.jar │ ├── jnetpcap_bpf.h │ ├── jnetpcap_dumper.h │ ├── jnetpcap_ids.h │ ├── jnetpcap_utils.h │ ├── libjnetpcap.so │ ├── nio_jbuffer.h │ ├── nio_jmemory.h │ ├── packet_flow.h │ ├── packet_jscanner.h │ ├── packet_protocol.h │ ├── util_crc16.h │ ├── util_crc32.h │ ├── util_debug.h │ ├── util_in_cksum.h │ ├── winpcap_ext.h │ ├── winpcap_ids.h │ └── winpcap_stat_ex.h ├── CICFlowMeterV3-jnetpcap-1.3 │ ├── CHANGE_LOG.txt │ ├── CICFlowMeterV3.jar │ ├── COPYING │ ├── COPYING.LESSER │ ├── LICENSE.txt │ ├── README.md │ ├── RELEASE_NOTES.txt │ ├── analysis.h │ ├── export.h │ ├── jnetpcap.dll │ ├── jnetpcap.jar │ ├── jnetpcap_bpf.h │ ├── jnetpcap_dumper.h │ ├── jnetpcap_ids.h │ ├── jnetpcap_utils.h │ ├── libjnetpcap.so │ ├── nio_jbuffer.h │ ├── nio_jmemory.h │ ├── packet_flow.h │ ├── packet_jscanner.h │ ├── packet_protocol.h │ ├── util_crc16.h │ ├── util_crc32.h │ ├── util_debug.h │ ├── util_in_cksum.h │ ├── winpcap_ext.h │ ├── winpcap_ids.h │ └── winpcap_stat_ex.h ├── CICFlowMeterV3-jnetpcap-1.4 │ ├── CHANGE_LOG.txt │ ├── CICFlowMeterV3.jar │ ├── COPYING │ ├── COPYING.LESSER │ ├── LICENSE.txt │ ├── README.md │ ├── RELEASE_NOTES.txt │ ├── analysis.h │ ├── export.h │ ├── jnetpcap-pcap100.dll │ ├── jnetpcap.dll │ ├── jnetpcap.jar │ ├── jnetpcap_bpf.h │ ├── jnetpcap_dumper.h │ ├── jnetpcap_ids.h │ ├── jnetpcap_utils.h │ ├── libjnetpcap-pcap100.so │ ├── libjnetpcap.so │ ├── mac_addr.h │ ├── nio_jbuffer.h │ ├── nio_jmemory.h │ ├── packet_flow.h │ ├── packet_jscanner.h │ ├── packet_protocol.h │ ├── util_crc16.h │ ├── util_crc32.h │ ├── util_debug.h │ ├── util_in_cksum.h │ ├── winpcap_ext.h │ ├── winpcap_ids.h │ └── winpcap_stat_ex.h ├── CICFlowMeters.original.tar.gz ├── install_new_cicflowmeter-3.0.sh ├── install_new_cicflowmeter-4.0.sh └── install_new_cicflowmeter.sh ├── README.md ├── apt_ipv4.sh ├── capture_interface_pcap.sh ├── clean_pcap_csv.sh ├── convert_pcap_csv.sh ├── csv ├── 2 │ └── .keepme ├── .keepme ├── 3.1.3 │ └── .keepme └── 3.1.4 │ └── .keepme ├── pcap └── .keepme ├── pcap2ciclog.service ├── pcap2ciclog.sh ├── tmp └── .keepme ├── try_me.sh └── watch_files.sh /.gitignore: -------------------------------------------------------------------------------- 1 | /logs/ 2 | pcap/ 3 | csv/ 4 | CICFlowMeters/CICFlowMeter_repo/ 5 | CICFlowMeters/CICFlowMeter_iPAS/ 6 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/.gitmodules -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017 Canadian Institute for Cybersecurity (CIC) 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (CICFlowMeter), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | 21 | For citation in your works and also understanding CICFloeMeter (formerly ISCXFlowMeter) completely, you can find below published papers: 22 | 23 | Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017 24 | 25 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 26 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/README.md: -------------------------------------------------------------------------------- 1 | # Intro 2 | The CICFlowMeter is an open source tool that generates Biflows from pcap files, and extracts features from these flows. 3 | 4 | CICFlowMeter is a network traffic flow generator available from here . It can be used to generate bidirectional flows, where the first packet determines the forward (source to destination) and backward (destination to source) directions, hence the statistical time-related features can be calculated separately in the forward and backward directions. Additional functionalities include, selecting features from the list of existing features, adding new features, and controlling the duration of flow timeout. 5 | 6 | NOTE: TCP flows are usually terminated upon connection teardown (by FIN packet) while UDP flows are terminated by a flow timeout. The flow timeout value can be assigned arbitrarily by the individual scheme e.g., 600 seconds for both TCP and UDP. 7 | 8 | For citation in your works and also understanding CICFlowMeter (formerly ISCXFlowMeter) completely, you can find below published paper: 9 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 10 | 11 | 12 | ---------------------------------------- 13 | 14 | # Installation and executing: 15 | 16 | Extract CICFlowMeterV3.zip 17 | 18 | ___Note: The only prerequisite is that "libpcap" library or WinPcap on windows systems, be pre-installed___ 19 | 20 | 21 | For Linux 22 | 23 | > $ sudo apt-get install libpcap-dev 24 | 25 | 26 | For windows 27 | > download [winpcap]() 28 | 29 | ## executing 30 | Go to the extracted directory,enter the 'bin' folder 31 | 32 | ### linux 33 | Open a terminal and run this command 34 | ``` 35 | sudo ./CICFlowMeter 36 | ``` 37 | ### windows 38 | Lanunch the Comand Prompt and run this command 39 | ``` 40 | CICFlowMeter.bat 41 | ``` 42 | 43 | ## Get started 44 | for offline 45 | ``` 46 | 1.Select the folder that include your PCAP files 47 | 2.Select the folder that you would like to save you CSV files 48 | 3.Click OK button 49 | ``` 50 | 51 | for realtime 52 | ``` 53 | 1 CLick Load button to find the list of network interfaces 54 | 2 Select the interface you would like to monitor 55 | 3 Click start button and wait for a while 56 | 4 Click stop button to stop the process and save the csv in same applcation folder/data/daily 57 | ``` 58 | 59 | -------------------------------------------------------------- 60 | 61 | Contact us at A.Habibi.L@unb.ca if there are any problems. 62 | 63 | 64 | For citation in your works and also understanding CICFlowMeter (formerly ISCXFlowMeter) completely, you can find below published papers: 65 | 66 | Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017 67 | 68 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 69 | 70 | # Development 71 | ## Install jnetpcap local repo 72 | 73 | for linux, sudo is a prerequisite 74 | ``` 75 | //linux :at the pathtoproject/jnetpcap/linux/jnetpcap-1.4.r1425 76 | //windows: at the pathtoproject/jnetpcap/win/jnetpcap-1.4.r1425 77 | mvn install:install-file -Dfile=jnetpcap.jar -DgroupId=org.jnetpcap -DartifactId=jnetpcap -Dversion=1.4.1 -Dpackaging=jar 78 | ``` 79 | 80 | ## Run 81 | ### IntelliJ IDEA 82 | open a Terminal in the IDE 83 | ``` 84 | //linux: 85 | $ sudo bash 86 | $ gradle execute 87 | 88 | //windows: 89 | $ gradlew execute 90 | ``` 91 | ### Eclipse 92 | 93 | Run eclipse with sudo 94 | ``` 95 | 1. Right click App.java -> Run As -> Run Configurations -> Arguments -> VM arguments: 96 | -Djava.library.path="pathtoproject/jnetpcap/linux/jnetpcap-1.4.r1425" -> Run 97 | 98 | 2. Right click App.java -> Run As -> Java Application 99 | 100 | ``` 101 | 102 | ## Make package 103 | 104 | ### IntelliJ IDEA 105 | open a Terminal in the IDE 106 | ``` 107 | //linux: 108 | $ gradle distZip 109 | http://www.scitepress.org/DigitalLibrary/PublicationsDetail.aspx?ID=g4gLnPa/2OM=&t=1 110 | //window 111 | $ gradlew distZip 112 | ``` 113 | the zip file will be in the pathtoproject/CICFlowMeter/build/distributions 114 | 115 | ### Eclipse 116 | At the project root 117 | ``` 118 | mvn package 119 | ``` 120 | the jar file will be in the pathtoproject/CICFlowMeter/target 121 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/bin/CICFlowMeter: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #!/usr/bin/env sh 4 | 5 | ############################################################################## 6 | ## 7 | ## CICFlowMeter start up script for UN*X 8 | ## 9 | ############################################################################## 10 | 11 | # Attempt to set APP_HOME 12 | # Resolve links: $0 may be a link 13 | PRG="$0" 14 | # Need this for relative symlinks. 15 | while [ -h "$PRG" ] ; do 16 | ls=`ls -ld "$PRG"` 17 | link=`expr "$ls" : '.*-> \(.*\)$'` 18 | if expr "$link" : '/.*' > /dev/null; then 19 | PRG="$link" 20 | else 21 | PRG=`dirname "$PRG"`"/$link" 22 | fi 23 | done 24 | echo "run at: `pwd`" 25 | SAVED="`pwd`" 26 | cd "`dirname \"$PRG\"`/.." >/dev/null 27 | 28 | echo "app at: `pwd`" 29 | APP_HOME="`pwd -P`" 30 | cd "$SAVED" >/dev/null 31 | 32 | echo "SAVED: $SAVED" 33 | echo "APP_HOME: $APP_HOME" 34 | 35 | APP_NAME="CICFlowMeter" 36 | APP_BASE_NAME=`basename "$0"` 37 | 38 | # Add default JVM options here. You can also use JAVA_OPTS and CIC_FLOW_METER_OPTS to pass JVM options to this script. 39 | # DEFAULT_JVM_OPTS='"-Djava.library.path=../lib/native"' 40 | # DEFAULT_JVM_OPTS='"-Djava.library.path='"\\\"$APP_HOME/lib/native\\\""'"' 41 | DEFAULT_JVM_OPTS='"-Djava.library.path='$APP_HOME/lib/native'"' 42 | 43 | 44 | # Use the maximum available, or set MAX_FD != -1 to use that value. 45 | MAX_FD="maximum" 46 | 47 | warn () { 48 | echo "$*" 49 | } 50 | 51 | die () { 52 | echo 53 | echo "$*" 54 | echo 55 | exit 1 56 | } 57 | 58 | # OS specific support (must be 'true' or 'false'). 59 | cygwin=false 60 | msys=false 61 | darwin=false 62 | nonstop=false 63 | case "`uname`" in 64 | CYGWIN* ) 65 | cygwin=true 66 | ;; 67 | Darwin* ) 68 | darwin=true 69 | ;; 70 | MINGW* ) 71 | msys=true 72 | ;; 73 | NONSTOP* ) 74 | nonstop=true 75 | ;; 76 | esac 77 | 78 | for jar in $APP_HOME/lib/*.jar; do 79 | CLASSPATH=$CLASSPATH:$jar 80 | done 81 | CLASSPATH=${CLASSPATH:1} 82 | echo "CLASSPATH: $CLASSPATH" 83 | 84 | # Determine the Java command to use to start the JVM. 85 | if [ -n "$JAVA_HOME" ] ; then 86 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 87 | # IBM's JDK on AIX uses strange locations for the executables 88 | JAVACMD="$JAVA_HOME/jre/sh/java" 89 | else 90 | JAVACMD="$JAVA_HOME/bin/java" 91 | fi 92 | if [ ! -x "$JAVACMD" ] ; then 93 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 94 | 95 | Please set the JAVA_HOME variable in your environment to match the 96 | location of your Java installation." 97 | fi 98 | else 99 | JAVACMD="java" 100 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 101 | 102 | Please set the JAVA_HOME variable in your environment to match the 103 | location of your Java installation." 104 | fi 105 | 106 | # Increase the maximum file descriptors if we can. 107 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 108 | MAX_FD_LIMIT=`ulimit -H -n` 109 | if [ $? -eq 0 ] ; then 110 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 111 | MAX_FD="$MAX_FD_LIMIT" 112 | fi 113 | ulimit -n $MAX_FD 114 | if [ $? -ne 0 ] ; then 115 | warn "Could not set maximum file descriptor limit: $MAX_FD" 116 | fi 117 | else 118 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 119 | fi 120 | fi 121 | 122 | # For Darwin, add options to specify how the application appears in the dock 123 | if $darwin; then 124 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 125 | fi 126 | 127 | # For Cygwin, switch paths to Windows format before running java 128 | if $cygwin ; then 129 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 130 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 131 | JAVACMD=`cygpath --unix "$JAVACMD"` 132 | 133 | # We build the pattern for arguments to be converted via cygpath 134 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 135 | SEP="" 136 | for dir in $ROOTDIRSRAW ; do 137 | ROOTDIRS="$ROOTDIRS$SEP$dir" 138 | SEP="|" 139 | done 140 | OURCYGPATTERN="(^($ROOTDIRS))" 141 | # Add a user-defined pattern to the cygpath arguments 142 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 143 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 144 | fi 145 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 146 | i=0 147 | for arg in "$@" ; do 148 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 149 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 150 | 151 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 152 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 153 | else 154 | eval `echo args$i`="\"$arg\"" 155 | fi 156 | i=$((i+1)) 157 | done 158 | case $i in 159 | (0) set -- ;; 160 | (1) set -- "$args0" ;; 161 | (2) set -- "$args0" "$args1" ;; 162 | (3) set -- "$args0" "$args1" "$args2" ;; 163 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 164 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 165 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 166 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 167 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 168 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 169 | esac 170 | fi 171 | 172 | # Escape application args 173 | save () { 174 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 175 | echo " " 176 | } 177 | APP_ARGS=$(save "$@") 178 | 179 | # Collect all arguments for the java command, following the shell quoting and substitution rules 180 | #eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $CIC_FLOW_METER_OPTS -classpath "\"$CLASSPATH\"" cic.cs.unb.ca.ifm.App "$APP_ARGS" 181 | # Without GUI 182 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $CIC_FLOW_METER_OPTS -classpath "\"$CLASSPATH\"" cic.cs.unb.ca.ifm.CICFlowMeter "$APP_ARGS" 183 | # The -- is the standard "don't treat anything following this as an option" 184 | 185 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 186 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 187 | cd "$(dirname "$0")" 188 | fi 189 | 190 | #echo "java args: $@" 191 | 192 | exec "$JAVACMD" "$@" 193 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/bin/CICFlowMeter.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem CICFlowMeter startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME%.. 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and CIC_FLOW_METER_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS="-Djava.library.path=../lib/native" 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\lib\CICFlowMeter-3.0.jar;%APP_HOME%\lib\slf4j-log4j12-1.7.25.jar;%APP_HOME%\lib\log4j-1.2.17.jar;%APP_HOME%\lib\jnetpcap-1.4.r1425-1g.jar;%APP_HOME%\lib\junit-4.12.jar;%APP_HOME%\lib\commons-lang3-3.6.jar;%APP_HOME%\lib\commons-math3-3.5.jar;%APP_HOME%\lib\commons-io-2.5.jar;%APP_HOME%\lib\weka-stable-3.6.14.jar;%APP_HOME%\lib\jfreechart-1.5.0.jar;%APP_HOME%\lib\guava-23.6-jre.jar;%APP_HOME%\lib\tika-core-1.17.jar;%APP_HOME%\lib\slf4j-api-1.7.25.jar;%APP_HOME%\lib\hamcrest-core-1.3.jar;%APP_HOME%\lib\java-cup-0.11a.jar;%APP_HOME%\lib\jsr305-1.3.9.jar;%APP_HOME%\lib\checker-compat-qual-2.0.0.jar;%APP_HOME%\lib\error_prone_annotations-2.1.3.jar;%APP_HOME%\lib\j2objc-annotations-1.1.jar;%APP_HOME%\lib\animal-sniffer-annotations-1.14.jar 67 | 68 | @rem Execute CICFlowMeter 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %CIC_FLOW_METER_OPTS% -classpath "%CLASSPATH%" cic.cs.unb.ca.ifm.CICFlowMeter %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable CIC_FLOW_METER_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%CIC_FLOW_METER_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/CICFlowMeter-3.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/CICFlowMeter-3.0.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/animal-sniffer-annotations-1.14.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/animal-sniffer-annotations-1.14.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/checker-compat-qual-2.0.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/checker-compat-qual-2.0.0.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/commons-io-2.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/commons-io-2.5.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/commons-lang3-3.6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/commons-lang3-3.6.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/commons-math3-3.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/commons-math3-3.5.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/error_prone_annotations-2.1.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/error_prone_annotations-2.1.3.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/guava-23.6-jre.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/guava-23.6-jre.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/hamcrest-core-1.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/hamcrest-core-1.3.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/j2objc-annotations-1.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/j2objc-annotations-1.1.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/java-cup-0.11a.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/java-cup-0.11a.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/jfreechart-1.5.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/jfreechart-1.5.0.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/jnetpcap-1.4.r1425-1g.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/jnetpcap-1.4.r1425-1g.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/jsr305-1.3.9.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/jsr305-1.3.9.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/junit-4.12.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/junit-4.12.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/log4j-1.2.17.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/log4j-1.2.17.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/native/jnetpcap-pcap100.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/native/jnetpcap-pcap100.dll -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/native/jnetpcap.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/native/jnetpcap.dll -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/native/libjnetpcap-pcap100.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/native/libjnetpcap-pcap100.so -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/native/libjnetpcap.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/native/libjnetpcap.so -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/slf4j-api-1.7.25.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/slf4j-api-1.7.25.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/slf4j-log4j12-1.7.25.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/slf4j-log4j12-1.7.25.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/tika-core-1.17.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/tika-core-1.17.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-3.0/lib/weka-stable-3.6.14.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-3.0/lib/weka-stable-3.6.14.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016 Canadian Institute for Cybersecurity (CIC) 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (CICFlowMeter), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | 21 | For citation in your works and also understanding CICFlowMeter (formerly ISCXFlowMeter) completely, you can find below published papers: 22 | 23 | Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017 24 | 25 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 26 | 27 | Contributors: 28 | Arash Habibi Lashkari: Researcher and Developer (Founder) 29 | 30 | Gerard Drapper: Researcher and Developer (Co-funder) 31 | 32 | muhammad saiful islam: Researcher and Developer (Co-funder) 33 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/README.md: -------------------------------------------------------------------------------- 1 | The CICFlowMeter is an open source tool that generates Biflows from pcap files, and extracts features from these flows. 2 | 3 | CICFlowMeter is a network traffic flow generator available from here . It can be used to generate bidirectional flows, where the first packet determines the forward (source to destination) and backward (destination to source) directions, hence the statistical time-related features can be calculated separately in the forward and backward directions. Additional functionalities include, selecting features from the list of existing features, adding new features, and controlling the duration of flow timeout. 4 | 5 | NOTE: TCP flows are usually terminated upon connection teardown (by FIN packet) while UDP flows are terminated by a flow timeout. The flow timeout value can be assigned arbitrarily by the individual scheme e.g., 600 seconds for both TCP and UDP. 6 | 7 | For citation in your works and also understanding CICFlowMeter (formerly ISCXFlowMeter) completely, you can find below published papers: 8 | 9 | Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017 10 | 11 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 12 | 13 | -------------------------------------------------------------- 14 | List of extracted features and descriptions: 15 | Feature Name Description 16 | Flow duration Duration of the flow in Microsecond 17 | total Fwd Packet Total packets in the forward direction 18 | total Bwd packets Total packets in the backward direction 19 | total Length of Fwd Packet Total size of packet in forward direction 20 | total Length of Bwd Packet Total size of packet in backward direction 21 | Fwd Packet Length Min Minimum size of packet in forward direction 22 | Fwd Packet Length Max Maximum size of packet in forward direction 23 | Fwd Packet Length Mean Mean size of packet in forward direction 24 | Fwd Packet Length Std Standard deviation size of packet in forward direction 25 | Bwd Packet Length Min Minimum size of packet in backward direction 26 | Bwd Packet Length Max Maximum size of packet in backward direction 27 | Bwd Packet Length Mean Mean size of packet in backward direction 28 | Bwd Packet Length Std Standard deviation size of packet in backward direction 29 | Flow Bytes/s Number of flow bytes per second 30 | Flow Packets/s Number of flow packets per second 31 | Flow IAT Mean Mean time between two packets sent in the flow 32 | Flow IAT Std Standard deviation time between two packets sent in the flow 33 | Flow IAT Max Maximum time between two packets sent in the flow 34 | Flow IAT Min Minimum time between two packets sent in the flow 35 | Fwd IAT Min Minimum time between two packets sent in the forward direction 36 | Fwd IAT Max Maximum time between two packets sent in the forward direction 37 | Fwd IAT Mean Mean time between two packets sent in the forward direction 38 | Fwd IAT Std Standard deviation time between two packets sent in the forward direction 39 | Fwd IAT Total Total time between two packets sent in the forward direction 40 | Bwd IAT Min Minimum time between two packets sent in the backward direction 41 | Bwd IAT Max Maximum time between two packets sent in the backward direction 42 | Bwd IAT Mean Mean time between two packets sent in the backward direction 43 | Bwd IAT Std Standard deviation time between two packets sent in the backward direction 44 | Bwd IAT Total Total time between two packets sent in the backward direction 45 | Fwd PSH flags Number of times the PSH flag was set in packets travelling in the forward direction (0 for UDP) 46 | Bwd PSH Flags Number of times the PSH flag was set in packets travelling in the backward direction (0 for UDP) 47 | Fwd URG Flags Number of times the URG flag was set in packets travelling in the forward direction (0 for UDP) 48 | Bwd URG Flags Number of times the URG flag was set in packets travelling in the backward direction (0 for UDP) 49 | Fwd Header Length Total bytes used for headers in the forward direction 50 | Bwd Header Length Total bytes used for headers in the backward direction 51 | FWD Packets/s Number of forward packets per second 52 | Bwd Packets/s Number of backward packets per second 53 | Packet Length Min Minimum length of a packet 54 | Packet Length Max Maximum length of a packet 55 | Packet Length Mean Mean length of a packet 56 | Packet Length Std Standard deviation length of a packet 57 | Packet Length Variance Variance length of a packet 58 | FIN Flag Count Number of packets with FIN 59 | SYN Flag Count Number of packets with SYN 60 | RST Flag Count Number of packets with RST 61 | PSH Flag Count Number of packets with PUSH 62 | ACK Flag Count Number of packets with ACK 63 | URG Flag Count Number of packets with URG 64 | CWR Flag Count Number of packets with CWR 65 | ECE Flag Count Number of packets with ECE 66 | down/Up Ratio Download and upload ratio 67 | Average Packet Size Average size of packet 68 | Fwd Segment Size Avg Average size observed in the forward direction 69 | Bwd Segment Size Avg Average number of bytes bulk rate in the backward direction 70 | Fwd Bytes/Bulk Avg Average number of bytes bulk rate in the forward direction 71 | Fwd Packet/Bulk Avg Average number of packets bulk rate in the forward direction 72 | Fwd Bulk Rate Avg Average number of bulk rate in the forward direction 73 | Bwd Bytes/Bulk Avg Average number of bytes bulk rate in the backward direction 74 | Bwd Packet/Bulk Avg Average number of packets bulk rate in the backward direction 75 | Bwd Bulk Rate Avg Average number of bulk rate in the backward direction 76 | Subflow Fwd Packets The average number of packets in a sub flow in the forward direction 77 | Subflow Fwd Bytes The average number of bytes in a sub flow in the forward direction 78 | Subflow Bwd Packets The average number of packets in a sub flow in the backward direction 79 | Subflow Bwd Bytes The average number of bytes in a sub flow in the backward direction 80 | Fwd Init Win bytes The total number of bytes sent in initial window in the forward direction 81 | Bwd Init Win bytes The total number of bytes sent in initial window in the backward direction 82 | Fwd Act Data Pkts Count of packets with at least 1 byte of TCP data payload in the forward direction 83 | Fwd Seg Size Min Minimum segment size observed in the forward direction 84 | Active Min Minimum time a flow was active before becoming idle 85 | Active Mean Mean time a flow was active before becoming idle 86 | Active Max Maximum time a flow was active before becoming idle 87 | Active Std Standard deviation time a flow was active before becoming idle 88 | Idle Min Minimum time a flow was idle before becoming active 89 | Idle Mean Mean time a flow was idle before becoming active 90 | Idle Max Maximum time a flow was idle before becoming active 91 | Idle Std Standard deviation time a flow was idle before becoming active 92 | 93 | -------------------------------------------------------------------------------------- 94 | 95 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/bin/CICFlowMeter: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #!/usr/bin/env sh 4 | 5 | ############################################################################## 6 | ## 7 | ## CICFlowMeter start up script for UN*X 8 | ## 9 | ############################################################################## 10 | 11 | # Attempt to set APP_HOME 12 | # Resolve links: $0 may be a link 13 | PRG="$0" 14 | # Need this for relative symlinks. 15 | while [ -h "$PRG" ] ; do 16 | ls=`ls -ld "$PRG"` 17 | link=`expr "$ls" : '.*-> \(.*\)$'` 18 | if expr "$link" : '/.*' > /dev/null; then 19 | PRG="$link" 20 | else 21 | PRG=`dirname "$PRG"`"/$link" 22 | fi 23 | done 24 | echo "run at: `pwd`" 25 | SAVED="`pwd`" 26 | cd "`dirname \"$PRG\"`/.." >/dev/null 27 | 28 | echo "app at: `pwd`" 29 | APP_HOME="`pwd -P`" 30 | cd "$SAVED" >/dev/null 31 | 32 | echo "SAVED: $SAVED" 33 | echo "APP_HOME: $APP_HOME" 34 | 35 | APP_NAME="CICFlowMeter" 36 | APP_BASE_NAME=`basename "$0"` 37 | 38 | # Add default JVM options here. You can also use JAVA_OPTS and CIC_FLOW_METER_OPTS to pass JVM options to this script. 39 | # DEFAULT_JVM_OPTS='"-Djava.library.path=../lib/native"' 40 | # DEFAULT_JVM_OPTS='"-Djava.library.path='"\\\"$APP_HOME/lib/native\\\""'"' 41 | DEFAULT_JVM_OPTS='"-Djava.library.path='$APP_HOME/lib/native'"' 42 | 43 | 44 | # Use the maximum available, or set MAX_FD != -1 to use that value. 45 | MAX_FD="maximum" 46 | 47 | warn () { 48 | echo "$*" 49 | } 50 | 51 | die () { 52 | echo 53 | echo "$*" 54 | echo 55 | exit 1 56 | } 57 | 58 | # OS specific support (must be 'true' or 'false'). 59 | cygwin=false 60 | msys=false 61 | darwin=false 62 | nonstop=false 63 | case "`uname`" in 64 | CYGWIN* ) 65 | cygwin=true 66 | ;; 67 | Darwin* ) 68 | darwin=true 69 | ;; 70 | MINGW* ) 71 | msys=true 72 | ;; 73 | NONSTOP* ) 74 | nonstop=true 75 | ;; 76 | esac 77 | 78 | for jar in $APP_HOME/lib/*.jar; do 79 | CLASSPATH=$CLASSPATH:$jar 80 | done 81 | CLASSPATH=${CLASSPATH:1} 82 | echo "CLASSPATH: $CLASSPATH" 83 | 84 | # Determine the Java command to use to start the JVM. 85 | if [ -n "$JAVA_HOME" ] ; then 86 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 87 | # IBM's JDK on AIX uses strange locations for the executables 88 | JAVACMD="$JAVA_HOME/jre/sh/java" 89 | else 90 | JAVACMD="$JAVA_HOME/bin/java" 91 | fi 92 | if [ ! -x "$JAVACMD" ] ; then 93 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 94 | 95 | Please set the JAVA_HOME variable in your environment to match the 96 | location of your Java installation." 97 | fi 98 | else 99 | JAVACMD="java" 100 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 101 | 102 | Please set the JAVA_HOME variable in your environment to match the 103 | location of your Java installation." 104 | fi 105 | 106 | # Increase the maximum file descriptors if we can. 107 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 108 | MAX_FD_LIMIT=`ulimit -H -n` 109 | if [ $? -eq 0 ] ; then 110 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 111 | MAX_FD="$MAX_FD_LIMIT" 112 | fi 113 | ulimit -n $MAX_FD 114 | if [ $? -ne 0 ] ; then 115 | warn "Could not set maximum file descriptor limit: $MAX_FD" 116 | fi 117 | else 118 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 119 | fi 120 | fi 121 | 122 | # For Darwin, add options to specify how the application appears in the dock 123 | if $darwin; then 124 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 125 | fi 126 | 127 | # For Cygwin, switch paths to Windows format before running java 128 | if $cygwin ; then 129 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 130 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 131 | JAVACMD=`cygpath --unix "$JAVACMD"` 132 | 133 | # We build the pattern for arguments to be converted via cygpath 134 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 135 | SEP="" 136 | for dir in $ROOTDIRSRAW ; do 137 | ROOTDIRS="$ROOTDIRS$SEP$dir" 138 | SEP="|" 139 | done 140 | OURCYGPATTERN="(^($ROOTDIRS))" 141 | # Add a user-defined pattern to the cygpath arguments 142 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 143 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 144 | fi 145 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 146 | i=0 147 | for arg in "$@" ; do 148 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 149 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 150 | 151 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 152 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 153 | else 154 | eval `echo args$i`="\"$arg\"" 155 | fi 156 | i=$((i+1)) 157 | done 158 | case $i in 159 | (0) set -- ;; 160 | (1) set -- "$args0" ;; 161 | (2) set -- "$args0" "$args1" ;; 162 | (3) set -- "$args0" "$args1" "$args2" ;; 163 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 164 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 165 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 166 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 167 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 168 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 169 | esac 170 | fi 171 | 172 | # Escape application args 173 | save () { 174 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 175 | echo " " 176 | } 177 | APP_ARGS=$(save "$@") 178 | 179 | # Collect all arguments for the java command, following the shell quoting and substitution rules 180 | #eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $CIC_FLOW_METER_OPTS -classpath "\"$CLASSPATH\"" cic.cs.unb.ca.ifm.App "$APP_ARGS" 181 | # Without GUI 182 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $CIC_FLOW_METER_OPTS -classpath "\"$CLASSPATH\"" cic.cs.unb.ca.ifm.CICFlowMeter "$APP_ARGS" 183 | # The -- is the standard "don't treat anything following this as an option" 184 | 185 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 186 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 187 | cd "$(dirname "$0")" 188 | fi 189 | 190 | #echo "java args: $@" 191 | 192 | exec "$JAVACMD" "$@" 193 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/bin/CICFlowMeter.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem CICFlowMeter startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME%.. 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and CIC_FLOW_METER_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS="-Djava.library.path=../lib/native" 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\lib\CICFlowMeter-4.0.jar;%APP_HOME%\lib\log4j-core-2.11.0.jar;%APP_HOME%\lib\slf4j-log4j12-1.7.25.jar;%APP_HOME%\lib\jnetpcap-1.4.r1425-1g.jar;%APP_HOME%\lib\junit-4.12.jar;%APP_HOME%\lib\commons-lang3-3.6.jar;%APP_HOME%\lib\commons-math3-3.5.jar;%APP_HOME%\lib\commons-io-2.5.jar;%APP_HOME%\lib\weka-stable-3.6.14.jar;%APP_HOME%\lib\jfreechart-1.5.0.jar;%APP_HOME%\lib\guava-23.6-jre.jar;%APP_HOME%\lib\tika-core-1.17.jar;%APP_HOME%\lib\log4j-api-2.11.0.jar;%APP_HOME%\lib\slf4j-api-1.7.25.jar;%APP_HOME%\lib\log4j-1.2.17.jar;%APP_HOME%\lib\hamcrest-core-1.3.jar;%APP_HOME%\lib\java-cup-0.11a.jar;%APP_HOME%\lib\jsr305-1.3.9.jar;%APP_HOME%\lib\checker-compat-qual-2.0.0.jar;%APP_HOME%\lib\error_prone_annotations-2.1.3.jar;%APP_HOME%\lib\j2objc-annotations-1.1.jar;%APP_HOME%\lib\animal-sniffer-annotations-1.14.jar 67 | 68 | @rem Execute CICFlowMeter 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %CIC_FLOW_METER_OPTS% -classpath "%CLASSPATH%" cic.cs.unb.ca.ifm.CICFlowMeter %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable CIC_FLOW_METER_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%CIC_FLOW_METER_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/bin/cfm: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## cfm start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/.." >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="cfm" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and CFM_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS='"-Djava.library.path=../lib/native"' 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn () { 37 | echo "$*" 38 | } 39 | 40 | die () { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/lib/CICFlowMeter-4.0.jar:$APP_HOME/lib/log4j-core-2.11.0.jar:$APP_HOME/lib/slf4j-log4j12-1.7.25.jar:$APP_HOME/lib/jnetpcap-1.4.r1425-1g.jar:$APP_HOME/lib/junit-4.12.jar:$APP_HOME/lib/commons-lang3-3.6.jar:$APP_HOME/lib/commons-math3-3.5.jar:$APP_HOME/lib/commons-io-2.5.jar:$APP_HOME/lib/weka-stable-3.6.14.jar:$APP_HOME/lib/jfreechart-1.5.0.jar:$APP_HOME/lib/guava-23.6-jre.jar:$APP_HOME/lib/tika-core-1.17.jar:$APP_HOME/lib/log4j-api-2.11.0.jar:$APP_HOME/lib/slf4j-api-1.7.25.jar:$APP_HOME/lib/log4j-1.2.17.jar:$APP_HOME/lib/hamcrest-core-1.3.jar:$APP_HOME/lib/java-cup-0.11a.jar:$APP_HOME/lib/jsr305-1.3.9.jar:$APP_HOME/lib/checker-compat-qual-2.0.0.jar:$APP_HOME/lib/error_prone_annotations-2.1.3.jar:$APP_HOME/lib/j2objc-annotations-1.1.jar:$APP_HOME/lib/animal-sniffer-annotations-1.14.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save () { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $CFM_OPTS -classpath "\"$CLASSPATH\"" cic.cs.unb.ca.ifm.Cmd "$APP_ARGS" 166 | 167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 169 | cd "$(dirname "$0")" 170 | fi 171 | 172 | exec "$JAVACMD" "$@" 173 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/bin/cfm.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem cfm startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME%.. 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and CFM_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS="-Djava.library.path=../lib/native" 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\lib\CICFlowMeter-4.0.jar;%APP_HOME%\lib\log4j-core-2.11.0.jar;%APP_HOME%\lib\slf4j-log4j12-1.7.25.jar;%APP_HOME%\lib\jnetpcap-1.4.r1425-1g.jar;%APP_HOME%\lib\junit-4.12.jar;%APP_HOME%\lib\commons-lang3-3.6.jar;%APP_HOME%\lib\commons-math3-3.5.jar;%APP_HOME%\lib\commons-io-2.5.jar;%APP_HOME%\lib\weka-stable-3.6.14.jar;%APP_HOME%\lib\jfreechart-1.5.0.jar;%APP_HOME%\lib\guava-23.6-jre.jar;%APP_HOME%\lib\tika-core-1.17.jar;%APP_HOME%\lib\log4j-api-2.11.0.jar;%APP_HOME%\lib\slf4j-api-1.7.25.jar;%APP_HOME%\lib\log4j-1.2.17.jar;%APP_HOME%\lib\hamcrest-core-1.3.jar;%APP_HOME%\lib\java-cup-0.11a.jar;%APP_HOME%\lib\jsr305-1.3.9.jar;%APP_HOME%\lib\checker-compat-qual-2.0.0.jar;%APP_HOME%\lib\error_prone_annotations-2.1.3.jar;%APP_HOME%\lib\j2objc-annotations-1.1.jar;%APP_HOME%\lib\animal-sniffer-annotations-1.14.jar 67 | 68 | @rem Execute cfm 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %CFM_OPTS% -classpath "%CLASSPATH%" cic.cs.unb.ca.ifm.Cmd %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable CFM_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%CFM_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/CICFlowMeter-4.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/CICFlowMeter-4.0.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/animal-sniffer-annotations-1.14.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/animal-sniffer-annotations-1.14.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/checker-compat-qual-2.0.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/checker-compat-qual-2.0.0.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/commons-io-2.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/commons-io-2.5.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/commons-lang3-3.6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/commons-lang3-3.6.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/commons-math3-3.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/commons-math3-3.5.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/error_prone_annotations-2.1.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/error_prone_annotations-2.1.3.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/guava-23.6-jre.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/guava-23.6-jre.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/hamcrest-core-1.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/hamcrest-core-1.3.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/j2objc-annotations-1.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/j2objc-annotations-1.1.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/java-cup-0.11a.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/java-cup-0.11a.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/jfreechart-1.5.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/jfreechart-1.5.0.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/jnetpcap-1.4.r1425-1g.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/jnetpcap-1.4.r1425-1g.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/jsr305-1.3.9.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/jsr305-1.3.9.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/junit-4.12.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/junit-4.12.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/log4j-1.2.17.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/log4j-1.2.17.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/log4j-api-2.11.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/log4j-api-2.11.0.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/log4j-core-2.11.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/log4j-core-2.11.0.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/native/jnetpcap-pcap100.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/native/jnetpcap-pcap100.dll -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/native/jnetpcap.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/native/jnetpcap.dll -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/native/libjnetpcap-pcap100.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/native/libjnetpcap-pcap100.so -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/native/libjnetpcap.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/native/libjnetpcap.so -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/slf4j-api-1.7.25.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/slf4j-api-1.7.25.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/slf4j-log4j12-1.7.25.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/slf4j-log4j12-1.7.25.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/tika-core-1.17.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/tika-core-1.17.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter-4.0/lib/weka-stable-3.6.14.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeter-4.0/lib/weka-stable-3.6.14.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeter.revised: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #!/usr/bin/env sh 4 | 5 | ############################################################################## 6 | ## 7 | ## CICFlowMeter start up script for UN*X 8 | ## 9 | ############################################################################## 10 | 11 | # Attempt to set APP_HOME 12 | # Resolve links: $0 may be a link 13 | PRG="$0" 14 | # Need this for relative symlinks. 15 | while [ -h "$PRG" ] ; do 16 | ls=`ls -ld "$PRG"` 17 | link=`expr "$ls" : '.*-> \(.*\)$'` 18 | if expr "$link" : '/.*' > /dev/null; then 19 | PRG="$link" 20 | else 21 | PRG=`dirname "$PRG"`"/$link" 22 | fi 23 | done 24 | echo "run at: `pwd`" 25 | SAVED="`pwd`" 26 | cd "`dirname \"$PRG\"`/.." >/dev/null 27 | 28 | echo "app at: `pwd`" 29 | APP_HOME="`pwd -P`" 30 | cd "$SAVED" >/dev/null 31 | 32 | echo "SAVED: $SAVED" 33 | echo "APP_HOME: $APP_HOME" 34 | 35 | APP_NAME="CICFlowMeter" 36 | APP_BASE_NAME=`basename "$0"` 37 | 38 | # Add default JVM options here. You can also use JAVA_OPTS and CIC_FLOW_METER_OPTS to pass JVM options to this script. 39 | # DEFAULT_JVM_OPTS='"-Djava.library.path=../lib/native"' 40 | # DEFAULT_JVM_OPTS='"-Djava.library.path='"\\\"$APP_HOME/lib/native\\\""'"' 41 | DEFAULT_JVM_OPTS='"-Djava.library.path='$APP_HOME/lib/native'"' 42 | 43 | 44 | # Use the maximum available, or set MAX_FD != -1 to use that value. 45 | MAX_FD="maximum" 46 | 47 | warn () { 48 | echo "$*" 49 | } 50 | 51 | die () { 52 | echo 53 | echo "$*" 54 | echo 55 | exit 1 56 | } 57 | 58 | # OS specific support (must be 'true' or 'false'). 59 | cygwin=false 60 | msys=false 61 | darwin=false 62 | nonstop=false 63 | case "`uname`" in 64 | CYGWIN* ) 65 | cygwin=true 66 | ;; 67 | Darwin* ) 68 | darwin=true 69 | ;; 70 | MINGW* ) 71 | msys=true 72 | ;; 73 | NONSTOP* ) 74 | nonstop=true 75 | ;; 76 | esac 77 | 78 | for jar in $APP_HOME/lib/*.jar; do 79 | CLASSPATH=$CLASSPATH:$jar 80 | done 81 | CLASSPATH=${CLASSPATH:1} 82 | #echo "CLASSPATH: $CLASSPATH" 83 | 84 | # Determine the Java command to use to start the JVM. 85 | if [ -n "$JAVA_HOME" ] ; then 86 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 87 | # IBM's JDK on AIX uses strange locations for the executables 88 | JAVACMD="$JAVA_HOME/jre/sh/java" 89 | else 90 | JAVACMD="$JAVA_HOME/bin/java" 91 | fi 92 | if [ ! -x "$JAVACMD" ] ; then 93 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 94 | 95 | Please set the JAVA_HOME variable in your environment to match the 96 | location of your Java installation." 97 | fi 98 | else 99 | JAVACMD="java" 100 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 101 | 102 | Please set the JAVA_HOME variable in your environment to match the 103 | location of your Java installation." 104 | fi 105 | 106 | # Increase the maximum file descriptors if we can. 107 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 108 | MAX_FD_LIMIT=`ulimit -H -n` 109 | if [ $? -eq 0 ] ; then 110 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 111 | MAX_FD="$MAX_FD_LIMIT" 112 | fi 113 | ulimit -n $MAX_FD 114 | if [ $? -ne 0 ] ; then 115 | warn "Could not set maximum file descriptor limit: $MAX_FD" 116 | fi 117 | else 118 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 119 | fi 120 | fi 121 | 122 | # For Darwin, add options to specify how the application appears in the dock 123 | if $darwin; then 124 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 125 | fi 126 | 127 | # For Cygwin, switch paths to Windows format before running java 128 | if $cygwin ; then 129 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 130 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 131 | JAVACMD=`cygpath --unix "$JAVACMD"` 132 | 133 | # We build the pattern for arguments to be converted via cygpath 134 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 135 | SEP="" 136 | for dir in $ROOTDIRSRAW ; do 137 | ROOTDIRS="$ROOTDIRS$SEP$dir" 138 | SEP="|" 139 | done 140 | OURCYGPATTERN="(^($ROOTDIRS))" 141 | # Add a user-defined pattern to the cygpath arguments 142 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 143 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 144 | fi 145 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 146 | i=0 147 | for arg in "$@" ; do 148 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 149 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 150 | 151 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 152 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 153 | else 154 | eval `echo args$i`="\"$arg\"" 155 | fi 156 | i=$((i+1)) 157 | done 158 | case $i in 159 | (0) set -- ;; 160 | (1) set -- "$args0" ;; 161 | (2) set -- "$args0" "$args1" ;; 162 | (3) set -- "$args0" "$args1" "$args2" ;; 163 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 164 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 165 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 166 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 167 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 168 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 169 | esac 170 | fi 171 | 172 | # Escape application args 173 | save () { 174 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 175 | echo " " 176 | } 177 | APP_ARGS=$(save "$@") 178 | 179 | # Collect all arguments for the java command, following the shell quoting and substitution rules 180 | #eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $CIC_FLOW_METER_OPTS -classpath "\"$CLASSPATH\"" cic.cs.unb.ca.ifm.App "$APP_ARGS" 181 | # Without GUI 182 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $CIC_FLOW_METER_OPTS -classpath "\"$CLASSPATH\"" cic.cs.unb.ca.ifm.CICFlowMeter "$APP_ARGS" 183 | # The -- is the standard "don't treat anything following this as an option" 184 | 185 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 186 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 187 | cd "$(dirname "$0")" 188 | fi 189 | 190 | #echo "java args: $@" 191 | 192 | exec "$JAVACMD" "$@" 193 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/CICFlowMeter.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV2/CICFlowMeter.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/COPYING.LESSER: -------------------------------------------------------------------------------- 1 | GNU LESSER GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | 9 | This version of the GNU Lesser General Public License incorporates 10 | the terms and conditions of version 3 of the GNU General Public 11 | License, supplemented by the additional permissions listed below. 12 | 13 | 0. Additional Definitions. 14 | 15 | As used herein, "this License" refers to version 3 of the GNU Lesser 16 | General Public License, and the "GNU GPL" refers to version 3 of the GNU 17 | General Public License. 18 | 19 | "The Library" refers to a covered work governed by this License, 20 | other than an Application or a Combined Work as defined below. 21 | 22 | An "Application" is any work that makes use of an interface provided 23 | by the Library, but which is not otherwise based on the Library. 24 | Defining a subclass of a class defined by the Library is deemed a mode 25 | of using an interface provided by the Library. 26 | 27 | A "Combined Work" is a work produced by combining or linking an 28 | Application with the Library. The particular version of the Library 29 | with which the Combined Work was made is also called the "Linked 30 | Version". 31 | 32 | The "Minimal Corresponding Source" for a Combined Work means the 33 | Corresponding Source for the Combined Work, excluding any source code 34 | for portions of the Combined Work that, considered in isolation, are 35 | based on the Application, and not on the Linked Version. 36 | 37 | The "Corresponding Application Code" for a Combined Work means the 38 | object code and/or source code for the Application, including any data 39 | and utility programs needed for reproducing the Combined Work from the 40 | Application, but excluding the System Libraries of the Combined Work. 41 | 42 | 1. Exception to Section 3 of the GNU GPL. 43 | 44 | You may convey a covered work under sections 3 and 4 of this License 45 | without being bound by section 3 of the GNU GPL. 46 | 47 | 2. Conveying Modified Versions. 48 | 49 | If you modify a copy of the Library, and, in your modifications, a 50 | facility refers to a function or data to be supplied by an Application 51 | that uses the facility (other than as an argument passed when the 52 | facility is invoked), then you may convey a copy of the modified 53 | version: 54 | 55 | a) under this License, provided that you make a good faith effort to 56 | ensure that, in the event an Application does not supply the 57 | function or data, the facility still operates, and performs 58 | whatever part of its purpose remains meaningful, or 59 | 60 | b) under the GNU GPL, with none of the additional permissions of 61 | this License applicable to that copy. 62 | 63 | 3. Object Code Incorporating Material from Library Header Files. 64 | 65 | The object code form of an Application may incorporate material from 66 | a header file that is part of the Library. You may convey such object 67 | code under terms of your choice, provided that, if the incorporated 68 | material is not limited to numerical parameters, data structure 69 | layouts and accessors, or small macros, inline functions and templates 70 | (ten or fewer lines in length), you do both of the following: 71 | 72 | a) Give prominent notice with each copy of the object code that the 73 | Library is used in it and that the Library and its use are 74 | covered by this License. 75 | 76 | b) Accompany the object code with a copy of the GNU GPL and this license 77 | document. 78 | 79 | 4. Combined Works. 80 | 81 | You may convey a Combined Work under terms of your choice that, 82 | taken together, effectively do not restrict modification of the 83 | portions of the Library contained in the Combined Work and reverse 84 | engineering for debugging such modifications, if you also do each of 85 | the following: 86 | 87 | a) Give prominent notice with each copy of the Combined Work that 88 | the Library is used in it and that the Library and its use are 89 | covered by this License. 90 | 91 | b) Accompany the Combined Work with a copy of the GNU GPL and this license 92 | document. 93 | 94 | c) For a Combined Work that displays copyright notices during 95 | execution, include the copyright notice for the Library among 96 | these notices, as well as a reference directing the user to the 97 | copies of the GNU GPL and this license document. 98 | 99 | d) Do one of the following: 100 | 101 | 0) Convey the Minimal Corresponding Source under the terms of this 102 | License, and the Corresponding Application Code in a form 103 | suitable for, and under terms that permit, the user to 104 | recombine or relink the Application with a modified version of 105 | the Linked Version to produce a modified Combined Work, in the 106 | manner specified by section 6 of the GNU GPL for conveying 107 | Corresponding Source. 108 | 109 | 1) Use a suitable shared library mechanism for linking with the 110 | Library. A suitable mechanism is one that (a) uses at run time 111 | a copy of the Library already present on the user's computer 112 | system, and (b) will operate properly with a modified version 113 | of the Library that is interface-compatible with the Linked 114 | Version. 115 | 116 | e) Provide Installation Information, but only if you would otherwise 117 | be required to provide such information under section 6 of the 118 | GNU GPL, and only to the extent that such information is 119 | necessary to install and execute a modified version of the 120 | Combined Work produced by recombining or relinking the 121 | Application with a modified version of the Linked Version. (If 122 | you use option 4d0, the Installation Information must accompany 123 | the Minimal Corresponding Source and Corresponding Application 124 | Code. If you use option 4d1, you must provide the Installation 125 | Information in the manner specified by section 6 of the GNU GPL 126 | for conveying Corresponding Source.) 127 | 128 | 5. Combined Libraries. 129 | 130 | You may place library facilities that are a work based on the 131 | Library side by side in a single library together with other library 132 | facilities that are not Applications and are not covered by this 133 | License, and convey such a combined library under terms of your 134 | choice, if you do both of the following: 135 | 136 | a) Accompany the combined library with a copy of the same work based 137 | on the Library, uncombined with any other library facilities, 138 | conveyed under the terms of this License. 139 | 140 | b) Give prominent notice with the combined library that part of it 141 | is a work based on the Library, and explaining where to find the 142 | accompanying uncombined form of the same work. 143 | 144 | 6. Revised Versions of the GNU Lesser General Public License. 145 | 146 | The Free Software Foundation may publish revised and/or new versions 147 | of the GNU Lesser General Public License from time to time. Such new 148 | versions will be similar in spirit to the present version, but may 149 | differ in detail to address new problems or concerns. 150 | 151 | Each version is given a distinguishing version number. If the 152 | Library as you received it specifies that a certain numbered version 153 | of the GNU Lesser General Public License "or any later version" 154 | applies to it, you have the option of following the terms and 155 | conditions either of that published version or of any later version 156 | published by the Free Software Foundation. If the Library as you 157 | received it does not specify a version number of the GNU Lesser 158 | General Public License, you may choose any version of the GNU Lesser 159 | General Public License ever published by the Free Software Foundation. 160 | 161 | If the Library as you received it specifies that a proxy can decide 162 | whether future versions of the GNU Lesser General Public License shall 163 | apply, that proxy's public statement of acceptance of any version is 164 | permanent authorization for you to choose that version for the 165 | Library. -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017 Canadian Institute for Cybersecurity (CIC) 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (CICFlowMeter), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | 21 | For citation in your works and also understanding CICFloeMeter (formerly ISCXFlowMeter) completely, you can find below published paper: 22 | 23 | Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017 24 | 25 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 26 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/README.md: -------------------------------------------------------------------------------- 1 | CICFlowMeter (formerly ISCXFlowMeter) is a network traffic flow generator available from here . It can be used to generate bidirectional flows, where the first packet determines the forward (source to destination) and backward (destination to source) directions, hence the statistical time-related features can be calculated separately in the forward and backward directions. Additional functionalities include, selecting features from the list of existing features, adding new features, and controlling the duration of flow timeout. 2 | 3 | NOTE: TCP flows are usually terminated upon connection teardown (by FIN packet) while UDP flows are terminated by a flow timeout. The flow timeout value can be assigned arbitrarily by the individual scheme e.g., 600 seconds for both TCP and UDP. 4 | 5 | -------------------------------------------------------------- 6 | Installation and executing: 7 | 8 | Copy CICFlowMeter.jar file and jnetpcap folder in any path on your computer. 9 | Create a folder and add all your PCAP files there as input folder. 10 | Create a folder as output folder for saving your CSV files there. 11 | Run this command: 12 | java -Djava.library.path="Your jnetpcap folder path" -jar CICFlowMeter.jar "yout pcap files path as input" "your output folder for CSV generated files" 13 | 14 | Example: 15 | java -Djava.library.path=/home/CIC/Desktop/jnetpcap -jar CICFlowMeter.jar /home/CIC/Desktop/1/ /home/CIC/Desktop/2/ 16 | 17 | 18 | -------------------------------------------------------------- 19 | 20 | Contact us at A.Habibi.L@unb.ca if there are any problems. 21 | 22 | 23 | For citation in your works and also understanding CICFlowMeter (formerly ISCXFlowMeter) completely, you can find below published papers: 24 | 25 | Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017 26 | 27 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 28 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/analysis.h: -------------------------------------------------------------------------------- 1 | /* Header for analysis_flow utility methods */ 2 | 3 | #ifndef _Included_analysis_h 4 | #define _Included_analysis_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include 11 | #include 12 | #include "export.h" 13 | 14 | #include 15 | #include "org_jnetpcap_packet_analysis_Analysis.h" 16 | #include "org_jnetpcap_packet_analysis_AnalysisUtils.h" 17 | 18 | #define ROOT_TYPE org_jnetpcap_analysis_AnalysisUtils_ROOT_TYPE 19 | 20 | /* 21 | * A header for every analysis object 22 | */ 23 | typedef struct analysis_t { 24 | uint16_t type; 25 | uint16_t len; // length so we can walk unknown analysis types 26 | } analysis_t; 27 | 28 | /* 29 | * Roots are embeded in packet_state_t and header_state_t objects 30 | */ 31 | typedef struct root_analysis_t { 32 | uint16_t type; // == ROOT_TYPE 33 | uint16_t len; // length so we can walk unknown analysis types 34 | 35 | analysis_t *child; 36 | }; 37 | 38 | 39 | typedef void (*native_analyzer_func_t)(packet_state_t *packet); 40 | extern native_analyzer_func_t native_analyzers[]; 41 | 42 | typedef struct analyzer_t { 43 | 44 | native_analyzer_func_t analyzers[64][4]; 45 | 46 | } analyzer_t; 47 | 48 | #ifdef __cplusplus 49 | } 50 | #endif 51 | #endif 52 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/export.h: -------------------------------------------------------------------------------- 1 | 2 | // Include this file after jni.h is included. It undefines MS compiler, def for 3 | // gcc specific one. 4 | // 5 | #ifndef Include_export_h 6 | #define Include_export_h 7 | 8 | // JNIEXPORT is designed for microsoft compilers, we're using gcc to compile 9 | #ifdef JNIEXPORT 10 | #undef JNIEXPORT 11 | #endif 12 | #undef JNIEXPORT 13 | #define JNIEXPORT extern "C" 14 | 15 | #undef __declspec 16 | #define __declspec(a) extern "C" 17 | 18 | #ifndef FALSE 19 | #define TRUE 1 20 | #define FALSE !TRUE 21 | #endif 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/jnetpcap.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV2/jnetpcap.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/jnetpcap_bpf.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_jnetpcap_bpf_h 4 | #define _Included_jnetpcap_bpf_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include "export.h" 11 | 12 | #include 13 | 14 | extern jclass bpfProgramClass; 15 | 16 | extern jfieldID bpfProgramPhysicalFID; 17 | 18 | // Prototypes 19 | bpf_program *getBpfProgram(JNIEnv *env, jobject obj); 20 | void setBpfProgramPhysical(JNIEnv *env, jobject obj, jlong value); 21 | 22 | #ifdef __cplusplus 23 | } 24 | #endif 25 | #endif 26 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/jnetpcap_dumper.h: -------------------------------------------------------------------------------- 1 | #include 2 | /* Header for jnetpcap_dumper methods */ 3 | 4 | #ifndef _Included_org_jnetpcap_PcapDumper 5 | #define _Included_org_jnetpcap_PcapDumper 6 | #ifdef __cplusplus 7 | extern "C" { 8 | #define EXTERN extern "C" 9 | #endif 10 | 11 | extern jclass pcapDumperClass; 12 | 13 | extern jclass pcapDumperClass; 14 | 15 | extern jmethodID pcapDumperConstructorMID; 16 | 17 | extern jfieldID pcapDumperPhysicalFID; 18 | 19 | // Prototypes 20 | void setPcapDumper(JNIEnv *env, jobject obj, pcap_dumper_t *dumper); 21 | pcap_dumper_t *getPcapDumper(JNIEnv *env, jobject obj); 22 | jobject newPcapDumper(JNIEnv *env, pcap_dumper_t *dumper); 23 | 24 | #ifdef __cplusplus 25 | } 26 | #endif 27 | #endif 28 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/jnetpcap_ids.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_jnetpcap_ids_h 4 | #define _Included_jnetpcap_ids_h 5 | 6 | #include "export.h" 7 | 8 | #include 9 | 10 | #ifdef __cplusplus 11 | extern "C" { 12 | #define EXTERN extern "C" 13 | #endif 14 | 15 | extern jclass pcapClass; 16 | extern jclass byteBufferClass; 17 | extern jclass stringBuilderClass; 18 | extern jclass pcapIfClass; 19 | extern jclass pcapAddrClass; 20 | extern jclass PcapSockAddrClass; 21 | extern jclass pcapIntegerClass; 22 | extern jclass JBufferHandlerClass; 23 | extern jclass ByteBufferHandlerClass; 24 | extern jclass JPacketHandlerClass; 25 | extern jclass PcapPacketHandlerClass; 26 | 27 | extern jmethodID byteBufferIsDirectMID; 28 | extern jmethodID bufferGetPositionMID; 29 | extern jmethodID bufferGetLimitMID; 30 | extern jmethodID bufferSetLimitMID; 31 | extern jmethodID bufferSetPositionMID; 32 | extern jmethodID bufferGetPositionMID; 33 | extern jmethodID bufferGetCapacityMID; 34 | extern jmethodID JBufferHandlerNextPacketMID; 35 | extern jmethodID ByteBufferHandlerNextPacketMID; 36 | extern jmethodID JPacketHandlerNextPacketMID; 37 | extern jmethodID PcapPacketHandlerNextPacketMID; 38 | 39 | 40 | extern jclass msIpAdapterIndexMapClass; 41 | 42 | extern jfieldID pcapPhysicalFID; 43 | extern jfieldID pcapIntegerValueFID; 44 | 45 | 46 | extern jfieldID PcapPktHdrSecondsFID; 47 | extern jfieldID PcapPktHdrUSecondsFID; 48 | extern jfieldID PcapPktHdrCaplenFID; 49 | extern jfieldID PcapPktHdrLenFID; 50 | 51 | extern jfieldID PcapPktBufferFID; 52 | 53 | extern jfieldID pcapIfNextFID; 54 | extern jfieldID pcapIfNameFID; 55 | extern jfieldID pcapIfDescriptionFID; 56 | extern jfieldID pcapIfAddressesFID; 57 | extern jfieldID pcapIfFlagsFID; 58 | 59 | extern jfieldID pcapAddrNextFID; 60 | extern jfieldID pcapAddrAddrFID; 61 | extern jfieldID pcapAddrNetmaskFID; 62 | extern jfieldID pcapAddrBroadaddrFID; 63 | extern jfieldID pcapAddrDstaddrFID; 64 | 65 | extern jfieldID PcapSockAddrFamilyFID; 66 | extern jfieldID PcapSockAddrDataFID; 67 | 68 | extern jmethodID pcapConstructorMID; 69 | extern jmethodID pcapIfConstructorMID; 70 | extern jmethodID PcapSockAddrConstructorMID; 71 | extern jmethodID pcapAddrConstructorMID; 72 | extern jmethodID msIpAdapterIndexMapMID; 73 | 74 | extern jmethodID appendMID; 75 | extern jmethodID setLengthMID; 76 | 77 | extern jclass pcapStatClass; 78 | 79 | extern jfieldID pcapStatRecvFID; 80 | extern jfieldID pcapStatDropFID; 81 | extern jfieldID pcapStatIfDropFID; 82 | extern jfieldID pcapStatCaptFID; 83 | extern jfieldID pcapStatSentFID; 84 | extern jfieldID pcapStatNetdropFID; 85 | 86 | #ifdef __cplusplus 87 | } 88 | #endif 89 | #endif 90 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/jnetpcap_utils.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_org_jnetpcap_Pcap_utils 4 | #define _Included_org_jnetpcap_Pcap_utils 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include "export.h" 11 | 12 | #include 13 | #include "packet_jscanner.h" 14 | 15 | /* 16 | * LIBPCAP versions that specify when each feature or function was first 17 | * introduced. The format of the value is a collapsed version number. That is 18 | * Actual libpcap version number 0.9.3 is first collapsed to 093 and then a 19 | * 0x prefixed otherwise compiler complains that its a out-of-range octal value. 20 | * So 0.9.3 becomes 0x093 and for our comparison purposes is sufficient to ensure 21 | * correct libpcap version level. 22 | */ 23 | #define LIBPCAP_PCAP_SENDPACKET 0x093 24 | #define LIBPCAP_PCAP_INJECT 0x097 25 | 26 | 27 | #define ILLEGAL_STATE_EXCEPTION "java/lang/IllegalStateException" 28 | #define ILLEGAL_ARGUMENT_EXCEPTION "java/lang/IllegalArgumentException" 29 | #define CLASS_NOT_FOUND_EXCEPTION "java/lang/ClassNotFoundException" 30 | #define NO_SUCH_METHOD_EXCEPTION "java/lang/NoSuchMethodException" 31 | #define NO_SUCH_FIELD_EXCEPTION "java/lang/NoSuchFieldException" 32 | #define INDEX_OUT_OF_BOUNDS_EXCEPTION "java/lang/IndexOutOfBoundsException" 33 | #define NULL_PTR_EXCEPTION "java/lang/NullPointerException" 34 | #define UNSUPPORTED_OPERATION_EXCEPTION "java/lang/UnsupportedOperationException" 35 | #define PCAP_CLOSED_EXCEPTION "org/jnetpcap/PcapClosedException" 36 | #define PCAP_EXTENSION_NOT_AVAILABLE_EXCEPTION "org/jnetpcap/PcapExtensionNotAvailableException" 37 | #define OUT_OF_MEMORY_ERROR "java/lang/OutOfMemoryError" 38 | #define BUFFER_OVERFLOW_EXCEPTION "java/nio/BufferOverflowException" 39 | #define BUFFER_UNDERFLOW_EXCEPTION "java/nio/BufferUnderflowException" 40 | #define READ_ONLY_BUFFER_EXCETPION "java/nio/ReadOnlyBufferException" 41 | #define UNREGISTERED_SCANNER_EXCEPTION "org/jnetpcap/packet/UnregisteredHeaderException" 42 | #define IO_EXCEPTION "java/io/IOException" 43 | 44 | extern jclass pcapClass; 45 | extern jclass pcapHandlerClass; 46 | extern jclass stringBuilderClass; 47 | 48 | extern jfieldID pcapPhysicalFID; 49 | extern jfieldID pcapIfNextFID; 50 | 51 | extern jmethodID pcapConstructorMID; 52 | extern jmethodID pcapHandlerMID; 53 | extern jmethodID appendMID; 54 | extern jmethodID setLengthMID; 55 | 56 | /* IDs for packet_jpacket.cpp file */ 57 | extern jclass pcapPacketClass; 58 | extern jmethodID pcapPacketConstructorMID; 59 | extern jfieldID pcapStateFID; 60 | extern jfieldID pcapHeaderFID; 61 | 62 | 63 | // GENERIC utilities 64 | const char *toCharArray(JNIEnv *env, jstring jstr, char *buf); 65 | jstring toJavaString(JNIEnv *env, const char *buf); 66 | jlong toLong(void *ptr); 67 | void *toPtr(jlong lp); 68 | 69 | jclass getClass(JNIEnv *env, char *clazz); 70 | 71 | 72 | /* 73 | * PCAP class related utilities 74 | */ 75 | 76 | /* 77 | * Structure which holds information for a callback from dispatch and loop. 78 | * Holds enough information so we can callback to Java handler and still return 79 | * the original generic user data object. 80 | */ 81 | typedef struct pcap_user_data_t { 82 | JNIEnv *env; 83 | jobject obj; 84 | jobject pcap; 85 | jobject user; 86 | jclass clazz; 87 | jthrowable exception; // Any exceptions to rethrow 88 | jmethodID mid; 89 | pcap_t *p; 90 | 91 | } pcap_user_data_t; 92 | 93 | typedef struct cb_byte_buffer_t { 94 | pcap_t *p; 95 | jmethodID mid; 96 | JNIEnv *env; // thread 97 | jobject obj; // ByteBufferHandler 98 | jobject pcap; 99 | jthrowable exception; // Any exceptions to rethrow 100 | jobject user; 101 | jobject header; // PcapHeader 102 | } cb_byte_buffer_t; 103 | 104 | typedef struct cb_jbuffer_t { 105 | pcap_t *p; 106 | jmethodID mid; 107 | JNIEnv *env; // thread 108 | jobject obj; // JBufferHandler 109 | jobject pcap; 110 | jthrowable exception; // Any exceptions to rethrow 111 | jobject user; 112 | jobject header; // PcapHeader 113 | jobject buffer; // JBuffer 114 | } cb_jbuffer_t; 115 | 116 | #define DEBUG_INJECT_PACKET_BREAK_LOOP 1 117 | typedef struct cb_packet_t { 118 | pcap_t *p; 119 | jmethodID mid; 120 | JNIEnv *env; // thread 121 | jobject obj; // JPacketHandler 122 | jobject pcap; 123 | jthrowable exception; // Any exceptions to rethrow 124 | jobject user; 125 | jobject header; // PcapHeader 126 | jobject packet; // JPacket 127 | jobject state; // JPacket.State 128 | jint id; // Header ID 129 | jobject scanner; // JScanner 130 | int flags; // Flags used when inject packet is used 131 | 132 | } cb_jpacket_t; 133 | 134 | 135 | 136 | extern "C" 137 | void pcap_callback(u_char*, const pcap_pkthdr*, const u_char*); 138 | void cb_byte_buffer_dispatch(u_char*, const pcap_pkthdr*, const u_char*); 139 | void cb_jbuffer_dispatch(u_char*, const pcap_pkthdr*, const u_char*); 140 | void cb_pcap_packet_dispatch(u_char*, const pcap_pkthdr*, const u_char*); 141 | void cb_pcap_dumper_handler(u_char*, const pcap_pkthdr*, const u_char*); 142 | 143 | pcap_t *getPcap(JNIEnv *env, jobject obj); 144 | jmethodID getPcapHandlerMID(JNIEnv *env); 145 | jfieldID getPcapPhysicalFID(JNIEnv *env, jclass clazz); 146 | jlong getPhysical(JNIEnv *, jobject); 147 | void setPhysical(JNIEnv *, jobject, jlong); 148 | void setString(JNIEnv *env, jobject buffer, const char *); 149 | jmethodID getPcapConstructorMID(JNIEnv *env, jclass clazz); 150 | pcap_pkthdr *getPktHeader(JNIEnv *env, jobject jpkt_header, pcap_pkthdr *pkt_header); 151 | void setPktHeader(JNIEnv *env, jobject jpkt_header, pcap_pkthdr *pkt_header); 152 | void setPktBuffer(JNIEnv *env, jobject jpkt_buffer, jobject jbuffer); 153 | jclass findClass(JNIEnv *env, const char *name); 154 | jmethodID findMethod(JNIEnv *env, jobject obj, const char *name, const char *signature); 155 | 156 | jobject newPcapAddr(JNIEnv *env, jobject jlist, jmethodID MID_add, pcap_addr *addr); 157 | jobject newPcapIf(JNIEnv *env, jobject jlist, jmethodID MID_add, pcap_if_t *ifp); 158 | jobject newPcapSockAddr(JNIEnv *env, sockaddr *a); 159 | 160 | void setPcapStat(JNIEnv *env, jobject jstats, pcap_stat *stats); 161 | 162 | void throwException(JNIEnv *env, const char *exception, const char *message); 163 | void throwVoidException(JNIEnv *env, const char *exception); 164 | 165 | /* 166 | * Creates a new PcapPacket object, allocates a new memory block and copies 167 | * header, state and packet data into the buffer. Then peers all the packet 168 | * structures to point at the buffer. 169 | */ 170 | jobject transferToNewBuffer( 171 | JNIEnv *env, 172 | const pcap_pkthdr *pkt_header, 173 | const u_char *pkt_data, 174 | jobject state); 175 | 176 | #ifdef __cplusplus 177 | } 178 | #endif 179 | #endif 180 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/libjnetpcap.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV2/libjnetpcap.so -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/nio_jbuffer.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_nio_jbuffer_h 4 | #define _Included_nio_jbuffer_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include "export.h" 11 | 12 | #include 13 | 14 | /**************************************************************** 15 | * ************************************************************** 16 | * 17 | * JNI IDs 18 | * 19 | * ************************************************************** 20 | ****************************************************************/ 21 | extern jfieldID jbufferOrderFID; 22 | extern jfieldID jbufferReadonlyFID; 23 | 24 | /**************************************************************** 25 | * ************************************************************** 26 | * 27 | * ENDIAN MACROS - swap bytes for proper endianess 28 | * 29 | * ************************************************************** 30 | ****************************************************************/ 31 | #define ENDIAN16_ATOM_SWAP(data) (\ 32 | ((((uint16_t)data) >> 8) & 0x00FF) | ((((uint16_t)data) << 8) & 0xFF00)) 33 | 34 | #define ENDIAN32_ATOM_SWAP(data) (\ 35 | ( (((uint32_t)data) >> 24) & 0x000000FF) | ((((uint32_t)data) >> 8) & 0x0000FF00) |\ 36 | ( (((uint32_t)data) << 8) & 0x00FF0000) | ((((uint32_t)data) << 24) & 0xFF000000)) 37 | 38 | #define ENDIAN64_ATOM_SWAP(data) (\ 39 | ( (((uint64_t)data) >> 56) & 0x00000000000000FFLLU) | ((((uint64_t)data) >> 40) & 0x000000000000FF00LLU) |\ 40 | ( (((uint64_t)data) >> 24) & 0x0000000000FF0000LLU) | ((((uint64_t)data) >> 8) & 0x00000000FF000000LLU) |\ 41 | ( (((uint64_t)data) << 8) & 0x000000FF00000000LLU) | ((((uint64_t)data) << 24) & 0x0000FF0000000000LLU) |\ 42 | ( (((uint64_t)data) << 40) & 0x00FF000000000000LLU) | ((((uint64_t)data) << 56) & 0xFF00000000000000LLU) \ 43 | ) 44 | 45 | #define ENDIAN16_PTR_SWAP(data) \ 46 | ((uint16_t)*(data + 0) << 8) | ((uint16_t)*(data + 1)) 47 | 48 | #define ENDIAN32_PTR_SWAP(data) \ 49 | ((uint32_t)*(data + 0) << 24) | ((uint32_t)*(data + 3) ) |\ 50 | ((uint32_t)*(data + 1) << 16) | ((uint32_t)*(data + 2) << 8) 51 | 52 | #define ENDIAN64_PTR_SWAP(data) \ 53 | ((uint64_t)*(data + 0) << 56) | ((uint64_t)*(data + 7) ) |\ 54 | ((uint64_t)*(data + 1) << 48) | ((uint64_t)*(data + 6) << 8) |\ 55 | ((uint64_t)*(data + 2) << 40) | ((uint64_t)*(data + 5) << 16) |\ 56 | ((uint64_t)*(data + 3) << 32) | ((uint64_t)*(data + 4) << 24) 57 | 58 | /* 59 | * These macros test for requested BIG ENDIAN condition and appropriately define 60 | * the correct byte swap macro for various CPU ENDIAN platforms. 61 | * 62 | * Usage - if cond is TRUE will ensure that BIG_ENDIAN is returned on both 63 | * LITTLE AND BIG platforms. If cond is FALSE then LITTLE_ENDIAN will be 64 | * returned. 65 | */ 66 | #if __BYTE_ORDER == __LITTLE_ENDIAN 67 | #define ENDIAN16_GET(big, data) ((big == JNI_TRUE)?ENDIAN16_ATOM_SWAP(data):data) 68 | #define ENDIAN32_GET(big, data) ((big == JNI_TRUE)?ENDIAN32_ATOM_SWAP(data):data) 69 | #define ENDIAN64_GET(big, data) ((big == JNI_TRUE)?ENDIAN64_ATOM_SWAP(data):data) 70 | 71 | #define BIG_ENDIAN16(data) ENDIAN16_ATOM_SWAP(data) 72 | #define BIG_ENDIAN32(data) ENDIAN32_ATOM_SWAP(data) 73 | #define BIG_ENDIAN64(data) ENDIAN64_ATOM_SWAP(data) 74 | 75 | #define LITTLE_ENDIAN16(data) data 76 | #define LITTLE_ENDIAN32(data) data 77 | #define LITTLE_ENDIAN64(data) data 78 | 79 | #elif __BYTE_ORDER == __BIG_ENDIAN 80 | #define ENDIAN16_GET(big, data) ((big == JNI_TRUE)?data:ENDIAN16_ATOM_SWAP(data)) 81 | #define ENDIAN32_GET(big, data) ((big == JNI_TRUE)?data:ENDIAN32_ATOM_SWAP(data)) 82 | #define ENDIAN64_GET(big, data) ((big == JNI_TRUE)?data:ENDIAN64_ATOM_SWAP(data)) 83 | 84 | #define BIG_ENDIAN16(data) data 85 | #define BIG_ENDIAN32(data) data 86 | #define BIG_ENDIAN64(data) data 87 | 88 | #define LITTLE_ENDIAN16(data) ENDIAN16_ATOM_SWAP(data) 89 | #define LITTLE_ENDIAN32(data) ENDIAN32_ATOM_SWAP(data) 90 | #define LITTLE_ENDIAN64(data) ENDIAN64_ATOM_SWAP(data) 91 | 92 | #else 93 | # error "ENDIAN MACROS NOT DEFINED :(" 94 | #endif 95 | 96 | 97 | 98 | #ifdef __cplusplus 99 | } 100 | #endif 101 | #endif 102 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/nio_jmemory.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_nio_jmemory_h 4 | #define _Included_nio_jmemory_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include 11 | #include "export.h" 12 | 13 | #include 14 | 15 | typedef struct memory_usage_t { 16 | uint64_t total_allocated; 17 | uint64_t total_deallocated; 18 | 19 | uint64_t total_allocate_calls; 20 | uint64_t total_deallocate_calls; 21 | 22 | uint64_t seg_0_255_bytes; 23 | uint64_t seg_256_or_above_bytes; 24 | 25 | uint64_t max_direct; 26 | uint64_t soft_direct; 27 | uint64_t reserved_direct; 28 | uint64_t available_direct; 29 | 30 | } memory_usage_t; 31 | 32 | typedef struct jni_global_ref_t { 33 | int count; // Number of references held 34 | jobject reference[]; // array of references held 35 | } jni_global_ref_t; 36 | 37 | 38 | extern jclass jmemoryClass; 39 | extern jclass jmemoryPoolClass; 40 | extern jclass jmemoryReferenceClass; 41 | 42 | extern jmethodID jmemoryToDebugStringMID; 43 | extern jmethodID jmemoryMaxDirectMemoryBreachMID; 44 | extern jmethodID jmemorySoftDirectMemoryBreachMID; 45 | extern jmethodID jmemoryCleanupMID; 46 | extern jmethodID jmemoryPeer0MID; 47 | extern jmethodID jmemoryAllocateMID; 48 | extern jmethodID jmemorySetSize0MID; 49 | 50 | extern jfieldID jmemoryPhysicalFID; 51 | extern jfieldID jmemorySizeFID; 52 | extern jfieldID jmemoryOwnerFID; 53 | extern jfieldID jmemoryKeeperFID; 54 | extern jfieldID jmemoryRefFID; 55 | extern jfieldID jmemoryRefAddressFID; 56 | extern jobject jmemoryPOINTER_CONST; // JMemory.POINTER constant reference 57 | 58 | extern jmethodID jmemoryPoolAllocateExclusiveMID; 59 | extern jmethodID jmemoryPoolDefaultMemoryPoolMID; 60 | 61 | extern jobject defaultMemoryPool; 62 | 63 | extern memory_usage_t memory_usage; 64 | 65 | // Prototypes 66 | void init_jmemory(JNIEnv *env); 67 | void *getJMemoryPhysical(JNIEnv *env, jobject obj); 68 | void setJMemoryPhysical(JNIEnv *env, jobject obj, jlong value); 69 | void jmemoryCleanup(JNIEnv *env, jobject obj); 70 | 71 | jint jmemoryPeer(JNIEnv *env, jobject obj, const void *ptr, size_t length, jobject owner); 72 | 73 | char *jmemoryPoolAllocate(JNIEnv *env, size_t size, jobject *obj_ref); 74 | void jmemoryResize(JNIEnv *env, jobject obj, size_t size); 75 | char *jmemoryAllocate(JNIEnv *env, size_t size, jobject obj); 76 | char *jmemoryToDebugString(JNIEnv *env, jobject obj, char *buf); 77 | 78 | 79 | #ifdef __cplusplus 80 | } 81 | #endif 82 | #endif 83 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/packet_flow.h: -------------------------------------------------------------------------------- 1 | /* Header for analysis_flow utility methods */ 2 | 3 | #ifndef _Included_packet_flow_h 4 | #define _Included_packet_flow_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include 11 | #include 12 | #include "export.h" 13 | 14 | #include 15 | #include "org_jnetpcap_packet_JFlowKey.h" 16 | 17 | #define FLOW_KEY_PAIR_COUNT org_jnetpcap_packet_JFlowKey_FLOW_KEY_PAIR_COUNT 18 | 19 | struct scan_t; // Forward reference 20 | 21 | /* 22 | * Flow key is made up of several key pairs. In order for a flow key to be 23 | * equal to another flow key, all the pair values must match. The flow pairs 24 | * can be bi-directional. If uni directional flag is not set, it means that the 25 | * second array of pairs is also in use and the values there are exact pair 26 | * reversal of the first array of pairs. 27 | */ 28 | typedef struct flow_key_t { 29 | uint64_t header_map; // bitmap of header IDs part of this flowkey 30 | uint32_t hash; // Hashcode 31 | #define FLOW_KEY_FLAG_REVERSABLE_PAIRS org_jnetpcap_packet_JFlowKey_FLAG_REVERSABLE 32 | uint16_t flags; // flags 33 | uint16_t pair_count; // number of pairs upto FLOW_KEY_PAIR_COUNT 34 | uint8_t id[FLOW_KEY_PAIR_COUNT]; 35 | uint32_t forward_pair[FLOW_KEY_PAIR_COUNT][2]; 36 | uint32_t reverse_pair[FLOW_KEY_PAIR_COUNT][2]; 37 | } flow_key_t; 38 | 39 | /** 40 | * Based on the first part of the key, it sets the second part of the key 41 | * using reversed direction values for each pair. flow_key_t->pair[2] is a 42 | * multi-dimensional array that has 2 sets of key pairs. [0] for forward keys 43 | * and [1] for reverse direction keys. 44 | */ 45 | void flow_key_init(flow_key_t *key, int id); 46 | 47 | void process_flow_key(scan_t *scan); 48 | 49 | 50 | #ifdef __cplusplus 51 | } 52 | #endif 53 | #endif 54 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/util_crc16.h: -------------------------------------------------------------------------------- 1 | /* crc16.h 2 | * Declaration of CRC-16 routines and table 3 | * 4 | * 2004 Richard van der Hoff 5 | * 6 | * $Id: crc16.h 20485 2007-01-18 18:43:30Z guy $ 7 | * 8 | * Wireshark - Network traffic analyzer 9 | * By Gerald Combs 10 | * Copyright 1998 Gerald Combs 11 | * 12 | * Copied from README.developer 13 | * 14 | * This program is free software; you can redistribute it and/or 15 | * modify it under the terms of the GNU General Public License 16 | * as published by the Free Software Foundation; either version 2 17 | * of the License, or (at your option) any later version. 18 | * 19 | * This program is distributed in the hope that it will be useful, 20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 | * GNU General Public License for more details. 23 | * 24 | * You should have received a copy of the GNU General Public License 25 | * along with this program; if not, write to the Free Software 26 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 27 | */ 28 | 29 | #ifndef __CRC16_H_ 30 | #define __CRC16_H_ 31 | 32 | #ifdef __cplusplus 33 | extern "C" { 34 | #endif /* __cplusplus */ 35 | 36 | #include 37 | 38 | /* Calculate the CCITT/ITU/CRC-16 16-bit CRC 39 | 40 | (parameters for this CRC are: 41 | Polynomial: x^16 + x^12 + x^5 + 1 (0x1021); 42 | Start value 0xFFFF; 43 | XOR result with 0xFFFF; 44 | First bit is LSB) 45 | */ 46 | 47 | /** Compute CRC16 CCITT checksum of a buffer of data. 48 | @param buf The buffer containing the data. 49 | @param len The number of bytes to include in the computation. 50 | @return The CRC16 CCITT checksum. */ 51 | extern uint16_t crc16_ccitt(const uint8_t *buf, uint32_t len); 52 | 53 | /** Compute CRC16 X.25 CCITT checksum of a buffer of data. 54 | @param buf The buffer containing the data. 55 | @param len The number of bytes to include in the computation. 56 | @return The CRC16 X.25 CCITT checksum. */ 57 | extern uint16_t crc16_x25_ccitt(const uint8_t *buf, uint32_t len); 58 | 59 | /** Compute CRC16 CCITT checksum of a buffer of data. If computing the 60 | * checksum over multiple buffers and you want to feed the partial CRC16 61 | * back in, remember to take the 1's complement of the partial CRC16 first. 62 | @param buf The buffer containing the data. 63 | @param len The number of bytes to include in the computation. 64 | @param seed The seed to use. 65 | @return The CRC16 CCITT checksum (using the given seed). */ 66 | extern uint16_t crc16_ccitt_seed(const uint8_t *buf, uint32_t len, uint16_t seed); 67 | 68 | #ifdef __cplusplus 69 | } 70 | #endif /* __cplusplus */ 71 | 72 | #endif /* crc16.h */ 73 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/util_crc32.h: -------------------------------------------------------------------------------- 1 | /* crc32.h 2 | * Declaration of CRC-32 routine and table 3 | * 4 | * $Id: crc32.h 24930 2008-04-12 12:31:53Z stig $ 5 | * 6 | * Wireshark - Network traffic analyzer 7 | * By Gerald Combs 8 | * Copyright 1998 Gerald Combs 9 | * 10 | * Copied from README.developer 11 | * 12 | * This program is free software; you can redistribute it and/or 13 | * modify it under the terms of the GNU General Public License 14 | * as published by the Free Software Foundation; either version 2 15 | * of the License, or (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 25 | */ 26 | 27 | #ifndef __UTIL_CRC32_H_ 28 | #define __UTIL_CRC32_H_ 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif /* __cplusplus */ 33 | 34 | #include 35 | 36 | #define CRC32C_PRELOAD 0xffffffff 37 | 38 | /* 39 | * Byte swap fix contributed by Dave Wysochanski . 40 | */ 41 | #define CRC32C_SWAP(crc32c_value) \ 42 | (((crc32c_value & 0xff000000) >> 24) | \ 43 | ((crc32c_value & 0x00ff0000) >> 8) | \ 44 | ((crc32c_value & 0x0000ff00) << 8) | \ 45 | ((crc32c_value & 0x000000ff) << 24)) 46 | 47 | #define CRC32C(c,d) (c=(c>>8)^crc32c_table[(c^(d))&0xFF]) 48 | 49 | extern const uint32_t crc32c_table[256]; 50 | 51 | /** Compute CRC32C checksum of a buffer of data. 52 | @param buf The buffer containing the data. 53 | @param len The number of bytes to include in the computation. 54 | @param crc The preload value for the CRC32C computation. 55 | @return The CRC32C checksum. */ 56 | extern uint32_t calculate_crc32c(const void *buf, int len, uint32_t crc); 57 | 58 | extern const uint32_t crc32_ccitt_table[256]; 59 | 60 | /** Compute CRC32 CCITT checksum of a buffer of data. 61 | @param buf The buffer containing the data. 62 | @param len The number of bytes to include in the computation. 63 | @return The CRC32 CCITT checksum. */ 64 | extern uint32_t crc32_ccitt(const uint8_t *buf, uint32_t len); 65 | 66 | /** Compute CRC32 CCITT checksum of a buffer of data. If computing the 67 | * checksum over multiple buffers and you want to feed the partial CRC32 68 | * back in, remember to take the 1's complement of the partial CRC32 first. 69 | @param buf The buffer containing the data. 70 | @param len The number of bytes to include in the computation. 71 | @param seed The seed to use. 72 | @return The CRC32 CCITT checksum (using the given seed). */ 73 | extern uint32_t crc32_ccitt_seed(const uint8_t *buf, uint32_t len, uint32_t seed); 74 | 75 | 76 | #ifdef __cplusplus 77 | } 78 | #endif /* __cplusplus */ 79 | 80 | #endif /* util_crc32.h */ 81 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/util_debug.h: -------------------------------------------------------------------------------- 1 | 2 | // Include this file after jni.h is included. It undefines MS compiler, def for 3 | // gcc specific one. 4 | // 5 | #ifndef Include_util_debug_h 6 | #define Include_util_debug_h 7 | 8 | #define JNIEXPORT extern "C" 9 | 10 | #undef __declspec 11 | #define __declspec(a) extern "C" 12 | 13 | #include 14 | 15 | #define DEBUG_MAX_LEVEL 10 16 | 17 | #define DEBUG_TRACE 10 18 | #define DEBUG_INFO 8 19 | #define DEBUG_WARN 6 20 | #define DEBUG_ERROR 4 21 | 22 | #define DEFAULT_LEVEL DEBUG_TRACE 23 | #define DEFAULT_INDENT_CHAR '.' 24 | 25 | extern int debug_get_level(); 26 | extern void debug_set_level(int level); 27 | extern void debug_inc(); 28 | extern void debug_dec(); 29 | extern void debug_reset(); 30 | extern void debug_vmsg(const char *type, const char *msg, const char *fmt, va_list ap); 31 | extern void debug_msg(const char *type, const char *msg, const char *fmt, ...); 32 | extern void debug_trace(const char *msg, const char *fmt, ...); 33 | extern void debug_warn(const char *msg, const char *fmt, ...); 34 | extern void debug_error(const char *msg, const char *fmt, ...); 35 | extern void debug_info(const char *msg, const char *fmt, ...); 36 | extern void debug_enter(const char *method); 37 | extern void debug_exit(const char *method); 38 | 39 | #define DEBUG_MAX_NAME 256 40 | #define DEBUG_DEFAULT_LEVEL TRACE 41 | 42 | /*** 43 | ******** Temporarily backedout 44 | class Debug { 45 | public: 46 | enum Level { 47 | ALL, 48 | TRACE, 49 | INFO, 50 | WARN, 51 | ERR, 52 | NONE, 53 | UNDEFINED 54 | }; 55 | 56 | private: 57 | Level level; 58 | int indentation; 59 | char indentBuffer[DEBUG_MAX_LEVEL + 2]; 60 | char indentChar; 61 | Debug *parent; 62 | char name[DEBUG_MAX_NAME]; 63 | 64 | public: 65 | Debug(const char *name, Debug *parent); 66 | Debug(const char *name); 67 | Debug(const char *name, Level defaultLevel); 68 | ~Debug() { } 69 | void setLevel(Level level); 70 | Level getLevel(); 71 | void inc(); 72 | void dec(); 73 | void reset(); 74 | 75 | void msg(Level type, char *msg, char *fmt, ...); 76 | void trace(char *msg, char *fmt, ...); 77 | void info(char *msg, char *fmt, ...); 78 | void warn(char *msg, char *fmt, ...); 79 | void error(char *msg, char *fmt, ...); 80 | 81 | void enter(char *method); 82 | void exit(char *method); 83 | 84 | 85 | private: 86 | void vmsg(Level type, char *msg, char *fgm, va_list ap); 87 | char *indent(); 88 | char *getLevelName(Level level); 89 | static char *levelNames[ERR + 1]; 90 | static Debug global_logger; 91 | static Debug null_logger; 92 | }; 93 | 94 | ****************/ 95 | 96 | #endif 97 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/util_in_cksum.h: -------------------------------------------------------------------------------- 1 | /* in_cksum.h 2 | * Declaration of Internet checksum routine. 3 | * 4 | * $Id: in_cksum.h 12117 2004-09-28 00:06:32Z guy $ 5 | */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif /* __cplusplus */ 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | typedef struct { 16 | const uint8_t *ptr; 17 | int len; 18 | } vec_t; 19 | 20 | extern uint16_t in_cksum(const vec_t *vec, int veclen); 21 | extern uint16_t in_cksum_shouldbe(uint16_t sum, uint16_t computed_sum); 22 | 23 | typedef union { 24 | uint8_t c[2]; 25 | uint16_t s; 26 | } pad_t; 27 | 28 | extern int in_checksum_pad_to_even( 29 | vec_t *vec, 30 | int veclen, 31 | pad_t *pad); 32 | 33 | extern int in_checksum_skip_crc16_field( 34 | const uint8_t *buf, // Buffer ptr 35 | vec_t *vec, 36 | int len, 37 | int crc_offset); 38 | 39 | extern int in_checksum_add_ip_pseudo_header( 40 | const uint8_t *buf, 41 | vec_t *vec, 42 | int type, 43 | int len, 44 | uint32_t phdr[2]); 45 | 46 | extern uint16_t psuedo_ip4_tcp( 47 | JNIEnv *env, 48 | const uint8_t *mem, 49 | size_t size, 50 | jint ip4, 51 | jint tcp); 52 | 53 | uint16_t psuedo_ip6_tcp( 54 | JNIEnv *env, 55 | const uint8_t *mem, 56 | size_t size, 57 | jint ip6, 58 | jint tcp); 59 | 60 | 61 | #ifdef __cplusplus 62 | } 63 | #endif /* __cplusplus */ 64 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/winpcap_ext.h: -------------------------------------------------------------------------------- 1 | #include 2 | /* Header for jnetpcap_utils utility methods */ 3 | 4 | #ifndef _Included_org_jnetpcap_WinPcapExtensions 5 | #define _Included_org_jnetpcap_WinPcapExtensions 6 | #ifdef __cplusplus 7 | extern "C" { 8 | #define EXTERN extern "C" 9 | #endif 10 | 11 | extern jclass winPcapClass; 12 | 13 | // Prototypes 14 | 15 | #ifdef __cplusplus 16 | } 17 | #endif 18 | #endif 19 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/winpcap_ids.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_winpcap_ids_h 4 | #define _Included_winpcap_ids_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include "export.h" 11 | 12 | #include 13 | 14 | // WinPcapSamp 15 | extern jclass winPcapSampClass; 16 | extern jfieldID winPcapSampPhysicalFID; 17 | extern jmethodID winPcapSampConstructorMID; 18 | 19 | // WinPcapStat 20 | extern jclass WinPcapStatClass; 21 | extern jmethodID WinPcapStatConstructorMID; 22 | 23 | // WinPcapRmtAuth 24 | extern jclass winPcapRmtAuthClass; 25 | extern jfieldID winPcapRmtAuthTypeFID; 26 | extern jfieldID winPcapRmtAuthUsernameFID; 27 | extern jfieldID winPcapRmtAuthPasswordFID; 28 | 29 | #ifdef __cplusplus 30 | } 31 | #endif 32 | #endif 33 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV2/winpcap_stat_ex.h: -------------------------------------------------------------------------------- 1 | #include 2 | /* Header for jnetpcap_utils utility methods */ 3 | 4 | #ifndef _Included_org_jnetpcap_WinWinPcapStat 5 | #define _Included_org_jnetpcap_WinWinPcapStat 6 | #ifdef __cplusplus 7 | extern "C" { 8 | #define EXTERN extern "C" 9 | #endif 10 | 11 | extern jclass winWinPcapStatClass; 12 | 13 | // Prototypes 14 | jobject newWinPcapStat(JNIEnv *env); 15 | void setWinPcapStat(JNIEnv *env, jobject jstats, struct pcap_stat *stats, 16 | int size); 17 | 18 | 19 | #ifdef __cplusplus 20 | } 21 | #endif 22 | #endif 23 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/CICFlowMeterV3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/CICFlowMeterV3.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/COPYING.LESSER: -------------------------------------------------------------------------------- 1 | GNU LESSER GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | 9 | This version of the GNU Lesser General Public License incorporates 10 | the terms and conditions of version 3 of the GNU General Public 11 | License, supplemented by the additional permissions listed below. 12 | 13 | 0. Additional Definitions. 14 | 15 | As used herein, "this License" refers to version 3 of the GNU Lesser 16 | General Public License, and the "GNU GPL" refers to version 3 of the GNU 17 | General Public License. 18 | 19 | "The Library" refers to a covered work governed by this License, 20 | other than an Application or a Combined Work as defined below. 21 | 22 | An "Application" is any work that makes use of an interface provided 23 | by the Library, but which is not otherwise based on the Library. 24 | Defining a subclass of a class defined by the Library is deemed a mode 25 | of using an interface provided by the Library. 26 | 27 | A "Combined Work" is a work produced by combining or linking an 28 | Application with the Library. The particular version of the Library 29 | with which the Combined Work was made is also called the "Linked 30 | Version". 31 | 32 | The "Minimal Corresponding Source" for a Combined Work means the 33 | Corresponding Source for the Combined Work, excluding any source code 34 | for portions of the Combined Work that, considered in isolation, are 35 | based on the Application, and not on the Linked Version. 36 | 37 | The "Corresponding Application Code" for a Combined Work means the 38 | object code and/or source code for the Application, including any data 39 | and utility programs needed for reproducing the Combined Work from the 40 | Application, but excluding the System Libraries of the Combined Work. 41 | 42 | 1. Exception to Section 3 of the GNU GPL. 43 | 44 | You may convey a covered work under sections 3 and 4 of this License 45 | without being bound by section 3 of the GNU GPL. 46 | 47 | 2. Conveying Modified Versions. 48 | 49 | If you modify a copy of the Library, and, in your modifications, a 50 | facility refers to a function or data to be supplied by an Application 51 | that uses the facility (other than as an argument passed when the 52 | facility is invoked), then you may convey a copy of the modified 53 | version: 54 | 55 | a) under this License, provided that you make a good faith effort to 56 | ensure that, in the event an Application does not supply the 57 | function or data, the facility still operates, and performs 58 | whatever part of its purpose remains meaningful, or 59 | 60 | b) under the GNU GPL, with none of the additional permissions of 61 | this License applicable to that copy. 62 | 63 | 3. Object Code Incorporating Material from Library Header Files. 64 | 65 | The object code form of an Application may incorporate material from 66 | a header file that is part of the Library. You may convey such object 67 | code under terms of your choice, provided that, if the incorporated 68 | material is not limited to numerical parameters, data structure 69 | layouts and accessors, or small macros, inline functions and templates 70 | (ten or fewer lines in length), you do both of the following: 71 | 72 | a) Give prominent notice with each copy of the object code that the 73 | Library is used in it and that the Library and its use are 74 | covered by this License. 75 | 76 | b) Accompany the object code with a copy of the GNU GPL and this license 77 | document. 78 | 79 | 4. Combined Works. 80 | 81 | You may convey a Combined Work under terms of your choice that, 82 | taken together, effectively do not restrict modification of the 83 | portions of the Library contained in the Combined Work and reverse 84 | engineering for debugging such modifications, if you also do each of 85 | the following: 86 | 87 | a) Give prominent notice with each copy of the Combined Work that 88 | the Library is used in it and that the Library and its use are 89 | covered by this License. 90 | 91 | b) Accompany the Combined Work with a copy of the GNU GPL and this license 92 | document. 93 | 94 | c) For a Combined Work that displays copyright notices during 95 | execution, include the copyright notice for the Library among 96 | these notices, as well as a reference directing the user to the 97 | copies of the GNU GPL and this license document. 98 | 99 | d) Do one of the following: 100 | 101 | 0) Convey the Minimal Corresponding Source under the terms of this 102 | License, and the Corresponding Application Code in a form 103 | suitable for, and under terms that permit, the user to 104 | recombine or relink the Application with a modified version of 105 | the Linked Version to produce a modified Combined Work, in the 106 | manner specified by section 6 of the GNU GPL for conveying 107 | Corresponding Source. 108 | 109 | 1) Use a suitable shared library mechanism for linking with the 110 | Library. A suitable mechanism is one that (a) uses at run time 111 | a copy of the Library already present on the user's computer 112 | system, and (b) will operate properly with a modified version 113 | of the Library that is interface-compatible with the Linked 114 | Version. 115 | 116 | e) Provide Installation Information, but only if you would otherwise 117 | be required to provide such information under section 6 of the 118 | GNU GPL, and only to the extent that such information is 119 | necessary to install and execute a modified version of the 120 | Combined Work produced by recombining or relinking the 121 | Application with a modified version of the Linked Version. (If 122 | you use option 4d0, the Installation Information must accompany 123 | the Minimal Corresponding Source and Corresponding Application 124 | Code. If you use option 4d1, you must provide the Installation 125 | Information in the manner specified by section 6 of the GNU GPL 126 | for conveying Corresponding Source.) 127 | 128 | 5. Combined Libraries. 129 | 130 | You may place library facilities that are a work based on the 131 | Library side by side in a single library together with other library 132 | facilities that are not Applications and are not covered by this 133 | License, and convey such a combined library under terms of your 134 | choice, if you do both of the following: 135 | 136 | a) Accompany the combined library with a copy of the same work based 137 | on the Library, uncombined with any other library facilities, 138 | conveyed under the terms of this License. 139 | 140 | b) Give prominent notice with the combined library that part of it 141 | is a work based on the Library, and explaining where to find the 142 | accompanying uncombined form of the same work. 143 | 144 | 6. Revised Versions of the GNU Lesser General Public License. 145 | 146 | The Free Software Foundation may publish revised and/or new versions 147 | of the GNU Lesser General Public License from time to time. Such new 148 | versions will be similar in spirit to the present version, but may 149 | differ in detail to address new problems or concerns. 150 | 151 | Each version is given a distinguishing version number. If the 152 | Library as you received it specifies that a certain numbered version 153 | of the GNU Lesser General Public License "or any later version" 154 | applies to it, you have the option of following the terms and 155 | conditions either of that published version or of any later version 156 | published by the Free Software Foundation. If the Library as you 157 | received it does not specify a version number of the GNU Lesser 158 | General Public License, you may choose any version of the GNU Lesser 159 | General Public License ever published by the Free Software Foundation. 160 | 161 | If the Library as you received it specifies that a proxy can decide 162 | whether future versions of the GNU Lesser General Public License shall 163 | apply, that proxy's public statement of acceptance of any version is 164 | permanent authorization for you to choose that version for the 165 | Library. -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017 Canadian Institute for Cybersecurity (CIC) 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (CICFlowMeter), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | 21 | For citation in your works and also understanding CICFloeMeter (formerly ISCXFlowMeter) completely, you can find below published paper: 22 | 23 | Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017 24 | 25 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 26 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/README.md: -------------------------------------------------------------------------------- 1 | # Intro 2 | NetWorkTrafficApp is a network traffic flow generator available from here . It can be used to generate bidirectional flows, where the first packet determines the forward (source to destination) and backward (destination to source) directions, hence the statistical time-related features can be calculated separately in the forward and backward directions. Additional functionalities include, selecting features from the list of existing features, adding new features, and controlling the duration of flow timeout. 3 | 4 | NOTE: TCP flows are usually terminated upon connection teardown (by FIN packet) while UDP flows are terminated by a flow timeout. The flow timeout value can be assigned arbitrarily by the individual scheme e.g., 600 seconds for both TCP and UDP. 5 | 6 | -------------------------------------------------------------- 7 | # Installation and executing: 8 | 9 | Extract CICFlowMeterV3.zip 10 | 11 | ___Note: The only prerequisite is that "libpcap" library or WinPcap on windows systems, be pre-installed___ 12 | 13 | For Linux 14 | 15 | > $ sudo apt-get install libpcap-dev 16 | 17 | 18 | For windows 19 | > download [winpcap]() 20 | 21 | ## executing 22 | Go to the extracted folder and run this command: 23 | ``` 24 | //linux 25 | sudo java -Djava.library.path="Your jnetpcap-linux folder path" -jar CICFlowMeterV3.jar 26 | //windows 27 | java -Djava.library.path="Your jnetpcap-win folder path" -jar CICFlowMeterV3.jar 28 | ``` 29 | 30 | Example for linux: 31 | ``` 32 | sudo java -Djava.library.path="/home/CIC/Desktop/jnetpcap" -jar CICFlowMeterV3.jar 33 | ``` 34 | 35 | ## Get started 36 | for offline 37 | ``` 38 | 1.Select the folder that include your PCAP files 39 | 2.Select the folder that you would like to save you CSV files 40 | 3.Click OK button 41 | ``` 42 | 43 | for realtime 44 | ``` 45 | 1 CLick Load button to find the list of network interfaces 46 | 2 Select the interface you would like to monitor 47 | 3 Click start button and wait for a while 48 | 4 Click stop button to stop the process and save the csv in same applcation folder/data/daily 49 | ``` 50 | 51 | -------------------------------------------------------------- 52 | 53 | Contact us at A.Habibi.L@unb.ca if there are any problems. 54 | 55 | 56 | For citation in your works and also understanding CICFlowMeter (formerly ISCXFlowMeter) completely, you can find below published papers: 57 | 58 | Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017 59 | 60 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 61 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/analysis.h: -------------------------------------------------------------------------------- 1 | /* Header for analysis_flow utility methods */ 2 | 3 | #ifndef _Included_analysis_h 4 | #define _Included_analysis_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include 11 | #include 12 | #include "export.h" 13 | 14 | #include 15 | #include "org_jnetpcap_packet_analysis_Analysis.h" 16 | #include "org_jnetpcap_packet_analysis_AnalysisUtils.h" 17 | 18 | #define ROOT_TYPE org_jnetpcap_analysis_AnalysisUtils_ROOT_TYPE 19 | 20 | /* 21 | * A header for every analysis object 22 | */ 23 | typedef struct analysis_t { 24 | uint16_t type; 25 | uint16_t len; // length so we can walk unknown analysis types 26 | } analysis_t; 27 | 28 | /* 29 | * Roots are embeded in packet_state_t and header_state_t objects 30 | */ 31 | typedef struct root_analysis_t { 32 | uint16_t type; // == ROOT_TYPE 33 | uint16_t len; // length so we can walk unknown analysis types 34 | 35 | analysis_t *child; 36 | }; 37 | 38 | 39 | typedef void (*native_analyzer_func_t)(packet_state_t *packet); 40 | extern native_analyzer_func_t native_analyzers[]; 41 | 42 | typedef struct analyzer_t { 43 | 44 | native_analyzer_func_t analyzers[64][4]; 45 | 46 | } analyzer_t; 47 | 48 | #ifdef __cplusplus 49 | } 50 | #endif 51 | #endif 52 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/export.h: -------------------------------------------------------------------------------- 1 | 2 | // Include this file after jni.h is included. It undefines MS compiler, def for 3 | // gcc specific one. 4 | // 5 | #ifndef Include_export_h 6 | #define Include_export_h 7 | 8 | // JNIEXPORT is designed for microsoft compilers, we're using gcc to compile 9 | #ifdef JNIEXPORT 10 | #undef JNIEXPORT 11 | #endif 12 | #undef JNIEXPORT 13 | #define JNIEXPORT extern "C" 14 | 15 | #undef __declspec 16 | #define __declspec(a) extern "C" 17 | 18 | #ifndef FALSE 19 | #define TRUE 1 20 | #define FALSE !TRUE 21 | #endif 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/jnetpcap.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/jnetpcap.dll -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/jnetpcap.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/jnetpcap.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/jnetpcap_bpf.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_jnetpcap_bpf_h 4 | #define _Included_jnetpcap_bpf_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include "export.h" 11 | 12 | #include 13 | 14 | extern jclass bpfProgramClass; 15 | 16 | extern jfieldID bpfProgramPhysicalFID; 17 | 18 | // Prototypes 19 | bpf_program *getBpfProgram(JNIEnv *env, jobject obj); 20 | void setBpfProgramPhysical(JNIEnv *env, jobject obj, jlong value); 21 | 22 | #ifdef __cplusplus 23 | } 24 | #endif 25 | #endif 26 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/jnetpcap_dumper.h: -------------------------------------------------------------------------------- 1 | #include 2 | /* Header for jnetpcap_dumper methods */ 3 | 4 | #ifndef _Included_org_jnetpcap_PcapDumper 5 | #define _Included_org_jnetpcap_PcapDumper 6 | #ifdef __cplusplus 7 | extern "C" { 8 | #define EXTERN extern "C" 9 | #endif 10 | 11 | extern jclass pcapDumperClass; 12 | 13 | extern jclass pcapDumperClass; 14 | 15 | extern jmethodID pcapDumperConstructorMID; 16 | 17 | extern jfieldID pcapDumperPhysicalFID; 18 | 19 | // Prototypes 20 | void setPcapDumper(JNIEnv *env, jobject obj, pcap_dumper_t *dumper); 21 | pcap_dumper_t *getPcapDumper(JNIEnv *env, jobject obj); 22 | jobject newPcapDumper(JNIEnv *env, pcap_dumper_t *dumper); 23 | 24 | #ifdef __cplusplus 25 | } 26 | #endif 27 | #endif 28 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/jnetpcap_ids.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_jnetpcap_ids_h 4 | #define _Included_jnetpcap_ids_h 5 | 6 | #include "export.h" 7 | 8 | #include 9 | 10 | #ifdef __cplusplus 11 | extern "C" { 12 | #define EXTERN extern "C" 13 | #endif 14 | 15 | extern jclass pcapClass; 16 | extern jclass byteBufferClass; 17 | extern jclass stringBuilderClass; 18 | extern jclass pcapIfClass; 19 | extern jclass pcapAddrClass; 20 | extern jclass PcapSockAddrClass; 21 | extern jclass pcapIntegerClass; 22 | extern jclass JBufferHandlerClass; 23 | extern jclass ByteBufferHandlerClass; 24 | extern jclass JPacketHandlerClass; 25 | extern jclass PcapPacketHandlerClass; 26 | 27 | extern jmethodID byteBufferIsDirectMID; 28 | extern jmethodID bufferGetPositionMID; 29 | extern jmethodID bufferGetLimitMID; 30 | extern jmethodID bufferSetLimitMID; 31 | extern jmethodID bufferSetPositionMID; 32 | extern jmethodID bufferGetPositionMID; 33 | extern jmethodID bufferGetCapacityMID; 34 | extern jmethodID JBufferHandlerNextPacketMID; 35 | extern jmethodID ByteBufferHandlerNextPacketMID; 36 | extern jmethodID JPacketHandlerNextPacketMID; 37 | extern jmethodID PcapPacketHandlerNextPacketMID; 38 | 39 | 40 | extern jclass msIpAdapterIndexMapClass; 41 | 42 | extern jfieldID pcapPhysicalFID; 43 | extern jfieldID pcapIntegerValueFID; 44 | 45 | 46 | extern jfieldID PcapPktHdrSecondsFID; 47 | extern jfieldID PcapPktHdrUSecondsFID; 48 | extern jfieldID PcapPktHdrCaplenFID; 49 | extern jfieldID PcapPktHdrLenFID; 50 | 51 | extern jfieldID PcapPktBufferFID; 52 | 53 | extern jfieldID pcapIfNextFID; 54 | extern jfieldID pcapIfNameFID; 55 | extern jfieldID pcapIfDescriptionFID; 56 | extern jfieldID pcapIfAddressesFID; 57 | extern jfieldID pcapIfFlagsFID; 58 | 59 | extern jfieldID pcapAddrNextFID; 60 | extern jfieldID pcapAddrAddrFID; 61 | extern jfieldID pcapAddrNetmaskFID; 62 | extern jfieldID pcapAddrBroadaddrFID; 63 | extern jfieldID pcapAddrDstaddrFID; 64 | 65 | extern jfieldID PcapSockAddrFamilyFID; 66 | extern jfieldID PcapSockAddrDataFID; 67 | 68 | extern jmethodID pcapConstructorMID; 69 | extern jmethodID pcapIfConstructorMID; 70 | extern jmethodID PcapSockAddrConstructorMID; 71 | extern jmethodID pcapAddrConstructorMID; 72 | extern jmethodID msIpAdapterIndexMapMID; 73 | 74 | extern jmethodID appendMID; 75 | extern jmethodID setLengthMID; 76 | 77 | extern jclass pcapStatClass; 78 | 79 | extern jfieldID pcapStatRecvFID; 80 | extern jfieldID pcapStatDropFID; 81 | extern jfieldID pcapStatIfDropFID; 82 | extern jfieldID pcapStatCaptFID; 83 | extern jfieldID pcapStatSentFID; 84 | extern jfieldID pcapStatNetdropFID; 85 | 86 | #ifdef __cplusplus 87 | } 88 | #endif 89 | #endif 90 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/jnetpcap_utils.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_org_jnetpcap_Pcap_utils 4 | #define _Included_org_jnetpcap_Pcap_utils 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include "export.h" 11 | 12 | #include 13 | #include "packet_jscanner.h" 14 | 15 | /* 16 | * LIBPCAP versions that specify when each feature or function was first 17 | * introduced. The format of the value is a collapsed version number. That is 18 | * Actual libpcap version number 0.9.3 is first collapsed to 093 and then a 19 | * 0x prefixed otherwise compiler complains that its a out-of-range octal value. 20 | * So 0.9.3 becomes 0x093 and for our comparison purposes is sufficient to ensure 21 | * correct libpcap version level. 22 | */ 23 | #define LIBPCAP_PCAP_SENDPACKET 0x093 24 | #define LIBPCAP_PCAP_INJECT 0x097 25 | 26 | 27 | #define ILLEGAL_STATE_EXCEPTION "java/lang/IllegalStateException" 28 | #define ILLEGAL_ARGUMENT_EXCEPTION "java/lang/IllegalArgumentException" 29 | #define CLASS_NOT_FOUND_EXCEPTION "java/lang/ClassNotFoundException" 30 | #define NO_SUCH_METHOD_EXCEPTION "java/lang/NoSuchMethodException" 31 | #define NO_SUCH_FIELD_EXCEPTION "java/lang/NoSuchFieldException" 32 | #define INDEX_OUT_OF_BOUNDS_EXCEPTION "java/lang/IndexOutOfBoundsException" 33 | #define NULL_PTR_EXCEPTION "java/lang/NullPointerException" 34 | #define UNSUPPORTED_OPERATION_EXCEPTION "java/lang/UnsupportedOperationException" 35 | #define PCAP_CLOSED_EXCEPTION "org/jnetpcap/PcapClosedException" 36 | #define PCAP_EXTENSION_NOT_AVAILABLE_EXCEPTION "org/jnetpcap/PcapExtensionNotAvailableException" 37 | #define OUT_OF_MEMORY_ERROR "java/lang/OutOfMemoryError" 38 | #define BUFFER_OVERFLOW_EXCEPTION "java/nio/BufferOverflowException" 39 | #define BUFFER_UNDERFLOW_EXCEPTION "java/nio/BufferUnderflowException" 40 | #define READ_ONLY_BUFFER_EXCETPION "java/nio/ReadOnlyBufferException" 41 | #define UNREGISTERED_SCANNER_EXCEPTION "org/jnetpcap/packet/UnregisteredHeaderException" 42 | #define IO_EXCEPTION "java/io/IOException" 43 | 44 | extern jclass pcapClass; 45 | extern jclass pcapHandlerClass; 46 | extern jclass stringBuilderClass; 47 | 48 | extern jfieldID pcapPhysicalFID; 49 | extern jfieldID pcapIfNextFID; 50 | 51 | extern jmethodID pcapConstructorMID; 52 | extern jmethodID pcapHandlerMID; 53 | extern jmethodID appendMID; 54 | extern jmethodID setLengthMID; 55 | 56 | /* IDs for packet_jpacket.cpp file */ 57 | extern jclass pcapPacketClass; 58 | extern jmethodID pcapPacketConstructorMID; 59 | extern jfieldID pcapStateFID; 60 | extern jfieldID pcapHeaderFID; 61 | 62 | 63 | // GENERIC utilities 64 | const char *toCharArray(JNIEnv *env, jstring jstr, char *buf); 65 | jstring toJavaString(JNIEnv *env, const char *buf); 66 | jlong toLong(void *ptr); 67 | void *toPtr(jlong lp); 68 | 69 | jclass getClass(JNIEnv *env, char *clazz); 70 | 71 | 72 | /* 73 | * PCAP class related utilities 74 | */ 75 | 76 | /* 77 | * Structure which holds information for a callback from dispatch and loop. 78 | * Holds enough information so we can callback to Java handler and still return 79 | * the original generic user data object. 80 | */ 81 | typedef struct pcap_user_data_t { 82 | JNIEnv *env; 83 | jobject obj; 84 | jobject pcap; 85 | jobject user; 86 | jclass clazz; 87 | jthrowable exception; // Any exceptions to rethrow 88 | jmethodID mid; 89 | pcap_t *p; 90 | 91 | } pcap_user_data_t; 92 | 93 | typedef struct cb_byte_buffer_t { 94 | pcap_t *p; 95 | jmethodID mid; 96 | JNIEnv *env; // thread 97 | jobject obj; // ByteBufferHandler 98 | jobject pcap; 99 | jthrowable exception; // Any exceptions to rethrow 100 | jobject user; 101 | jobject header; // PcapHeader 102 | } cb_byte_buffer_t; 103 | 104 | typedef struct cb_jbuffer_t { 105 | pcap_t *p; 106 | jmethodID mid; 107 | JNIEnv *env; // thread 108 | jobject obj; // JBufferHandler 109 | jobject pcap; 110 | jthrowable exception; // Any exceptions to rethrow 111 | jobject user; 112 | jobject header; // PcapHeader 113 | jobject buffer; // JBuffer 114 | } cb_jbuffer_t; 115 | 116 | #define DEBUG_INJECT_PACKET_BREAK_LOOP 1 117 | typedef struct cb_packet_t { 118 | pcap_t *p; 119 | jmethodID mid; 120 | JNIEnv *env; // thread 121 | jobject obj; // JPacketHandler 122 | jobject pcap; 123 | jthrowable exception; // Any exceptions to rethrow 124 | jobject user; 125 | jobject header; // PcapHeader 126 | jobject packet; // JPacket 127 | jobject state; // JPacket.State 128 | jint id; // Header ID 129 | jobject scanner; // JScanner 130 | int flags; // Flags used when inject packet is used 131 | 132 | } cb_jpacket_t; 133 | 134 | 135 | 136 | extern "C" 137 | void pcap_callback(u_char*, const pcap_pkthdr*, const u_char*); 138 | void cb_byte_buffer_dispatch(u_char*, const pcap_pkthdr*, const u_char*); 139 | void cb_jbuffer_dispatch(u_char*, const pcap_pkthdr*, const u_char*); 140 | void cb_pcap_packet_dispatch(u_char*, const pcap_pkthdr*, const u_char*); 141 | void cb_pcap_dumper_handler(u_char*, const pcap_pkthdr*, const u_char*); 142 | 143 | pcap_t *getPcap(JNIEnv *env, jobject obj); 144 | jmethodID getPcapHandlerMID(JNIEnv *env); 145 | jfieldID getPcapPhysicalFID(JNIEnv *env, jclass clazz); 146 | jlong getPhysical(JNIEnv *, jobject); 147 | void setPhysical(JNIEnv *, jobject, jlong); 148 | void setString(JNIEnv *env, jobject buffer, const char *); 149 | jmethodID getPcapConstructorMID(JNIEnv *env, jclass clazz); 150 | pcap_pkthdr *getPktHeader(JNIEnv *env, jobject jpkt_header, pcap_pkthdr *pkt_header); 151 | void setPktHeader(JNIEnv *env, jobject jpkt_header, pcap_pkthdr *pkt_header); 152 | void setPktBuffer(JNIEnv *env, jobject jpkt_buffer, jobject jbuffer); 153 | jclass findClass(JNIEnv *env, const char *name); 154 | jmethodID findMethod(JNIEnv *env, jobject obj, const char *name, const char *signature); 155 | 156 | jobject newPcapAddr(JNIEnv *env, jobject jlist, jmethodID MID_add, pcap_addr *addr); 157 | jobject newPcapIf(JNIEnv *env, jobject jlist, jmethodID MID_add, pcap_if_t *ifp); 158 | jobject newPcapSockAddr(JNIEnv *env, sockaddr *a); 159 | 160 | void setPcapStat(JNIEnv *env, jobject jstats, pcap_stat *stats); 161 | 162 | void throwException(JNIEnv *env, const char *exception, const char *message); 163 | void throwVoidException(JNIEnv *env, const char *exception); 164 | 165 | /* 166 | * Creates a new PcapPacket object, allocates a new memory block and copies 167 | * header, state and packet data into the buffer. Then peers all the packet 168 | * structures to point at the buffer. 169 | */ 170 | jobject transferToNewBuffer( 171 | JNIEnv *env, 172 | const pcap_pkthdr *pkt_header, 173 | const u_char *pkt_data, 174 | jobject state); 175 | 176 | #ifdef __cplusplus 177 | } 178 | #endif 179 | #endif 180 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/libjnetpcap.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/libjnetpcap.so -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/nio_jbuffer.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_nio_jbuffer_h 4 | #define _Included_nio_jbuffer_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include "export.h" 11 | 12 | #include 13 | 14 | /**************************************************************** 15 | * ************************************************************** 16 | * 17 | * JNI IDs 18 | * 19 | * ************************************************************** 20 | ****************************************************************/ 21 | extern jfieldID jbufferOrderFID; 22 | extern jfieldID jbufferReadonlyFID; 23 | 24 | /**************************************************************** 25 | * ************************************************************** 26 | * 27 | * ENDIAN MACROS - swap bytes for proper endianess 28 | * 29 | * ************************************************************** 30 | ****************************************************************/ 31 | #define ENDIAN16_ATOM_SWAP(data) (\ 32 | ((((uint16_t)data) >> 8) & 0x00FF) | ((((uint16_t)data) << 8) & 0xFF00)) 33 | 34 | #define ENDIAN32_ATOM_SWAP(data) (\ 35 | ( (((uint32_t)data) >> 24) & 0x000000FF) | ((((uint32_t)data) >> 8) & 0x0000FF00) |\ 36 | ( (((uint32_t)data) << 8) & 0x00FF0000) | ((((uint32_t)data) << 24) & 0xFF000000)) 37 | 38 | #define ENDIAN64_ATOM_SWAP(data) (\ 39 | ( (((uint64_t)data) >> 56) & 0x00000000000000FFLLU) | ((((uint64_t)data) >> 40) & 0x000000000000FF00LLU) |\ 40 | ( (((uint64_t)data) >> 24) & 0x0000000000FF0000LLU) | ((((uint64_t)data) >> 8) & 0x00000000FF000000LLU) |\ 41 | ( (((uint64_t)data) << 8) & 0x000000FF00000000LLU) | ((((uint64_t)data) << 24) & 0x0000FF0000000000LLU) |\ 42 | ( (((uint64_t)data) << 40) & 0x00FF000000000000LLU) | ((((uint64_t)data) << 56) & 0xFF00000000000000LLU) \ 43 | ) 44 | 45 | #define ENDIAN16_PTR_SWAP(data) \ 46 | ((uint16_t)*(data + 0) << 8) | ((uint16_t)*(data + 1)) 47 | 48 | #define ENDIAN32_PTR_SWAP(data) \ 49 | ((uint32_t)*(data + 0) << 24) | ((uint32_t)*(data + 3) ) |\ 50 | ((uint32_t)*(data + 1) << 16) | ((uint32_t)*(data + 2) << 8) 51 | 52 | #define ENDIAN64_PTR_SWAP(data) \ 53 | ((uint64_t)*(data + 0) << 56) | ((uint64_t)*(data + 7) ) |\ 54 | ((uint64_t)*(data + 1) << 48) | ((uint64_t)*(data + 6) << 8) |\ 55 | ((uint64_t)*(data + 2) << 40) | ((uint64_t)*(data + 5) << 16) |\ 56 | ((uint64_t)*(data + 3) << 32) | ((uint64_t)*(data + 4) << 24) 57 | 58 | /* 59 | * These macros test for requested BIG ENDIAN condition and appropriately define 60 | * the correct byte swap macro for various CPU ENDIAN platforms. 61 | * 62 | * Usage - if cond is TRUE will ensure that BIG_ENDIAN is returned on both 63 | * LITTLE AND BIG platforms. If cond is FALSE then LITTLE_ENDIAN will be 64 | * returned. 65 | */ 66 | #if __BYTE_ORDER == __LITTLE_ENDIAN 67 | #define ENDIAN16_GET(big, data) ((big == JNI_TRUE)?ENDIAN16_ATOM_SWAP(data):data) 68 | #define ENDIAN32_GET(big, data) ((big == JNI_TRUE)?ENDIAN32_ATOM_SWAP(data):data) 69 | #define ENDIAN64_GET(big, data) ((big == JNI_TRUE)?ENDIAN64_ATOM_SWAP(data):data) 70 | 71 | #define BIG_ENDIAN16(data) ENDIAN16_ATOM_SWAP(data) 72 | #define BIG_ENDIAN32(data) ENDIAN32_ATOM_SWAP(data) 73 | #define BIG_ENDIAN64(data) ENDIAN64_ATOM_SWAP(data) 74 | 75 | #define LITTLE_ENDIAN16(data) data 76 | #define LITTLE_ENDIAN32(data) data 77 | #define LITTLE_ENDIAN64(data) data 78 | 79 | #elif __BYTE_ORDER == __BIG_ENDIAN 80 | #define ENDIAN16_GET(big, data) ((big == JNI_TRUE)?data:ENDIAN16_ATOM_SWAP(data)) 81 | #define ENDIAN32_GET(big, data) ((big == JNI_TRUE)?data:ENDIAN32_ATOM_SWAP(data)) 82 | #define ENDIAN64_GET(big, data) ((big == JNI_TRUE)?data:ENDIAN64_ATOM_SWAP(data)) 83 | 84 | #define BIG_ENDIAN16(data) data 85 | #define BIG_ENDIAN32(data) data 86 | #define BIG_ENDIAN64(data) data 87 | 88 | #define LITTLE_ENDIAN16(data) ENDIAN16_ATOM_SWAP(data) 89 | #define LITTLE_ENDIAN32(data) ENDIAN32_ATOM_SWAP(data) 90 | #define LITTLE_ENDIAN64(data) ENDIAN64_ATOM_SWAP(data) 91 | 92 | #else 93 | # error "ENDIAN MACROS NOT DEFINED :(" 94 | #endif 95 | 96 | 97 | 98 | #ifdef __cplusplus 99 | } 100 | #endif 101 | #endif 102 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/nio_jmemory.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_nio_jmemory_h 4 | #define _Included_nio_jmemory_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include 11 | #include "export.h" 12 | 13 | #include 14 | 15 | typedef struct memory_usage_t { 16 | uint64_t total_allocated; 17 | uint64_t total_deallocated; 18 | 19 | uint64_t total_allocate_calls; 20 | uint64_t total_deallocate_calls; 21 | 22 | uint64_t seg_0_255_bytes; 23 | uint64_t seg_256_or_above_bytes; 24 | 25 | uint64_t max_direct; 26 | uint64_t soft_direct; 27 | uint64_t reserved_direct; 28 | uint64_t available_direct; 29 | 30 | } memory_usage_t; 31 | 32 | typedef struct jni_global_ref_t { 33 | int count; // Number of references held 34 | jobject reference[]; // array of references held 35 | } jni_global_ref_t; 36 | 37 | 38 | extern jclass jmemoryClass; 39 | extern jclass jmemoryPoolClass; 40 | extern jclass jmemoryReferenceClass; 41 | 42 | extern jmethodID jmemoryToDebugStringMID; 43 | extern jmethodID jmemoryMaxDirectMemoryBreachMID; 44 | extern jmethodID jmemorySoftDirectMemoryBreachMID; 45 | extern jmethodID jmemoryCleanupMID; 46 | extern jmethodID jmemoryPeer0MID; 47 | extern jmethodID jmemoryAllocateMID; 48 | extern jmethodID jmemorySetSize0MID; 49 | 50 | extern jfieldID jmemoryPhysicalFID; 51 | extern jfieldID jmemorySizeFID; 52 | extern jfieldID jmemoryOwnerFID; 53 | extern jfieldID jmemoryKeeperFID; 54 | extern jfieldID jmemoryRefFID; 55 | extern jfieldID jmemoryRefAddressFID; 56 | extern jobject jmemoryPOINTER_CONST; // JMemory.POINTER constant reference 57 | 58 | extern jmethodID jmemoryPoolAllocateExclusiveMID; 59 | extern jmethodID jmemoryPoolDefaultMemoryPoolMID; 60 | 61 | extern jobject defaultMemoryPool; 62 | 63 | extern memory_usage_t memory_usage; 64 | 65 | // Prototypes 66 | void init_jmemory(JNIEnv *env); 67 | void *getJMemoryPhysical(JNIEnv *env, jobject obj); 68 | void setJMemoryPhysical(JNIEnv *env, jobject obj, jlong value); 69 | void jmemoryCleanup(JNIEnv *env, jobject obj); 70 | 71 | jint jmemoryPeer(JNIEnv *env, jobject obj, const void *ptr, size_t length, jobject owner); 72 | 73 | char *jmemoryPoolAllocate(JNIEnv *env, size_t size, jobject *obj_ref); 74 | void jmemoryResize(JNIEnv *env, jobject obj, size_t size); 75 | char *jmemoryAllocate(JNIEnv *env, size_t size, jobject obj); 76 | char *jmemoryToDebugString(JNIEnv *env, jobject obj, char *buf); 77 | 78 | 79 | #ifdef __cplusplus 80 | } 81 | #endif 82 | #endif 83 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/packet_flow.h: -------------------------------------------------------------------------------- 1 | /* Header for analysis_flow utility methods */ 2 | 3 | #ifndef _Included_packet_flow_h 4 | #define _Included_packet_flow_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include 11 | #include 12 | #include "export.h" 13 | 14 | #include 15 | #include "org_jnetpcap_packet_JFlowKey.h" 16 | 17 | #define FLOW_KEY_PAIR_COUNT org_jnetpcap_packet_JFlowKey_FLOW_KEY_PAIR_COUNT 18 | 19 | struct scan_t; // Forward reference 20 | 21 | /* 22 | * Flow key is made up of several key pairs. In order for a flow key to be 23 | * equal to another flow key, all the pair values must match. The flow pairs 24 | * can be bi-directional. If uni directional flag is not set, it means that the 25 | * second array of pairs is also in use and the values there are exact pair 26 | * reversal of the first array of pairs. 27 | */ 28 | typedef struct flow_key_t { 29 | uint64_t header_map; // bitmap of header IDs part of this flowkey 30 | uint32_t hash; // Hashcode 31 | #define FLOW_KEY_FLAG_REVERSABLE_PAIRS org_jnetpcap_packet_JFlowKey_FLAG_REVERSABLE 32 | uint16_t flags; // flags 33 | uint16_t pair_count; // number of pairs upto FLOW_KEY_PAIR_COUNT 34 | uint8_t id[FLOW_KEY_PAIR_COUNT]; 35 | uint32_t forward_pair[FLOW_KEY_PAIR_COUNT][2]; 36 | uint32_t reverse_pair[FLOW_KEY_PAIR_COUNT][2]; 37 | } flow_key_t; 38 | 39 | /** 40 | * Based on the first part of the key, it sets the second part of the key 41 | * using reversed direction values for each pair. flow_key_t->pair[2] is a 42 | * multi-dimensional array that has 2 sets of key pairs. [0] for forward keys 43 | * and [1] for reverse direction keys. 44 | */ 45 | void flow_key_init(flow_key_t *key, int id); 46 | 47 | void process_flow_key(scan_t *scan); 48 | 49 | 50 | #ifdef __cplusplus 51 | } 52 | #endif 53 | #endif 54 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/util_crc16.h: -------------------------------------------------------------------------------- 1 | /* crc16.h 2 | * Declaration of CRC-16 routines and table 3 | * 4 | * 2004 Richard van der Hoff 5 | * 6 | * $Id: crc16.h 20485 2007-01-18 18:43:30Z guy $ 7 | * 8 | * Wireshark - Network traffic analyzer 9 | * By Gerald Combs 10 | * Copyright 1998 Gerald Combs 11 | * 12 | * Copied from README.developer 13 | * 14 | * This program is free software; you can redistribute it and/or 15 | * modify it under the terms of the GNU General Public License 16 | * as published by the Free Software Foundation; either version 2 17 | * of the License, or (at your option) any later version. 18 | * 19 | * This program is distributed in the hope that it will be useful, 20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 | * GNU General Public License for more details. 23 | * 24 | * You should have received a copy of the GNU General Public License 25 | * along with this program; if not, write to the Free Software 26 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 27 | */ 28 | 29 | #ifndef __CRC16_H_ 30 | #define __CRC16_H_ 31 | 32 | #ifdef __cplusplus 33 | extern "C" { 34 | #endif /* __cplusplus */ 35 | 36 | #include 37 | 38 | /* Calculate the CCITT/ITU/CRC-16 16-bit CRC 39 | 40 | (parameters for this CRC are: 41 | Polynomial: x^16 + x^12 + x^5 + 1 (0x1021); 42 | Start value 0xFFFF; 43 | XOR result with 0xFFFF; 44 | First bit is LSB) 45 | */ 46 | 47 | /** Compute CRC16 CCITT checksum of a buffer of data. 48 | @param buf The buffer containing the data. 49 | @param len The number of bytes to include in the computation. 50 | @return The CRC16 CCITT checksum. */ 51 | extern uint16_t crc16_ccitt(const uint8_t *buf, uint32_t len); 52 | 53 | /** Compute CRC16 X.25 CCITT checksum of a buffer of data. 54 | @param buf The buffer containing the data. 55 | @param len The number of bytes to include in the computation. 56 | @return The CRC16 X.25 CCITT checksum. */ 57 | extern uint16_t crc16_x25_ccitt(const uint8_t *buf, uint32_t len); 58 | 59 | /** Compute CRC16 CCITT checksum of a buffer of data. If computing the 60 | * checksum over multiple buffers and you want to feed the partial CRC16 61 | * back in, remember to take the 1's complement of the partial CRC16 first. 62 | @param buf The buffer containing the data. 63 | @param len The number of bytes to include in the computation. 64 | @param seed The seed to use. 65 | @return The CRC16 CCITT checksum (using the given seed). */ 66 | extern uint16_t crc16_ccitt_seed(const uint8_t *buf, uint32_t len, uint16_t seed); 67 | 68 | #ifdef __cplusplus 69 | } 70 | #endif /* __cplusplus */ 71 | 72 | #endif /* crc16.h */ 73 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/util_crc32.h: -------------------------------------------------------------------------------- 1 | /* crc32.h 2 | * Declaration of CRC-32 routine and table 3 | * 4 | * $Id: crc32.h 24930 2008-04-12 12:31:53Z stig $ 5 | * 6 | * Wireshark - Network traffic analyzer 7 | * By Gerald Combs 8 | * Copyright 1998 Gerald Combs 9 | * 10 | * Copied from README.developer 11 | * 12 | * This program is free software; you can redistribute it and/or 13 | * modify it under the terms of the GNU General Public License 14 | * as published by the Free Software Foundation; either version 2 15 | * of the License, or (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 25 | */ 26 | 27 | #ifndef __UTIL_CRC32_H_ 28 | #define __UTIL_CRC32_H_ 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif /* __cplusplus */ 33 | 34 | #include 35 | 36 | #define CRC32C_PRELOAD 0xffffffff 37 | 38 | /* 39 | * Byte swap fix contributed by Dave Wysochanski . 40 | */ 41 | #define CRC32C_SWAP(crc32c_value) \ 42 | (((crc32c_value & 0xff000000) >> 24) | \ 43 | ((crc32c_value & 0x00ff0000) >> 8) | \ 44 | ((crc32c_value & 0x0000ff00) << 8) | \ 45 | ((crc32c_value & 0x000000ff) << 24)) 46 | 47 | #define CRC32C(c,d) (c=(c>>8)^crc32c_table[(c^(d))&0xFF]) 48 | 49 | extern const uint32_t crc32c_table[256]; 50 | 51 | /** Compute CRC32C checksum of a buffer of data. 52 | @param buf The buffer containing the data. 53 | @param len The number of bytes to include in the computation. 54 | @param crc The preload value for the CRC32C computation. 55 | @return The CRC32C checksum. */ 56 | extern uint32_t calculate_crc32c(const void *buf, int len, uint32_t crc); 57 | 58 | extern const uint32_t crc32_ccitt_table[256]; 59 | 60 | /** Compute CRC32 CCITT checksum of a buffer of data. 61 | @param buf The buffer containing the data. 62 | @param len The number of bytes to include in the computation. 63 | @return The CRC32 CCITT checksum. */ 64 | extern uint32_t crc32_ccitt(const uint8_t *buf, uint32_t len); 65 | 66 | /** Compute CRC32 CCITT checksum of a buffer of data. If computing the 67 | * checksum over multiple buffers and you want to feed the partial CRC32 68 | * back in, remember to take the 1's complement of the partial CRC32 first. 69 | @param buf The buffer containing the data. 70 | @param len The number of bytes to include in the computation. 71 | @param seed The seed to use. 72 | @return The CRC32 CCITT checksum (using the given seed). */ 73 | extern uint32_t crc32_ccitt_seed(const uint8_t *buf, uint32_t len, uint32_t seed); 74 | 75 | 76 | #ifdef __cplusplus 77 | } 78 | #endif /* __cplusplus */ 79 | 80 | #endif /* util_crc32.h */ 81 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/util_debug.h: -------------------------------------------------------------------------------- 1 | 2 | // Include this file after jni.h is included. It undefines MS compiler, def for 3 | // gcc specific one. 4 | // 5 | #ifndef Include_util_debug_h 6 | #define Include_util_debug_h 7 | 8 | #define JNIEXPORT extern "C" 9 | 10 | #undef __declspec 11 | #define __declspec(a) extern "C" 12 | 13 | #include 14 | 15 | #define DEBUG_MAX_LEVEL 10 16 | 17 | #define DEBUG_TRACE 10 18 | #define DEBUG_INFO 8 19 | #define DEBUG_WARN 6 20 | #define DEBUG_ERROR 4 21 | 22 | #define DEFAULT_LEVEL DEBUG_TRACE 23 | #define DEFAULT_INDENT_CHAR '.' 24 | 25 | extern int debug_get_level(); 26 | extern void debug_set_level(int level); 27 | extern void debug_inc(); 28 | extern void debug_dec(); 29 | extern void debug_reset(); 30 | extern void debug_vmsg(const char *type, const char *msg, const char *fmt, va_list ap); 31 | extern void debug_msg(const char *type, const char *msg, const char *fmt, ...); 32 | extern void debug_trace(const char *msg, const char *fmt, ...); 33 | extern void debug_warn(const char *msg, const char *fmt, ...); 34 | extern void debug_error(const char *msg, const char *fmt, ...); 35 | extern void debug_info(const char *msg, const char *fmt, ...); 36 | extern void debug_enter(const char *method); 37 | extern void debug_exit(const char *method); 38 | 39 | #define DEBUG_MAX_NAME 256 40 | #define DEBUG_DEFAULT_LEVEL TRACE 41 | 42 | /*** 43 | ******** Temporarily backedout 44 | class Debug { 45 | public: 46 | enum Level { 47 | ALL, 48 | TRACE, 49 | INFO, 50 | WARN, 51 | ERR, 52 | NONE, 53 | UNDEFINED 54 | }; 55 | 56 | private: 57 | Level level; 58 | int indentation; 59 | char indentBuffer[DEBUG_MAX_LEVEL + 2]; 60 | char indentChar; 61 | Debug *parent; 62 | char name[DEBUG_MAX_NAME]; 63 | 64 | public: 65 | Debug(const char *name, Debug *parent); 66 | Debug(const char *name); 67 | Debug(const char *name, Level defaultLevel); 68 | ~Debug() { } 69 | void setLevel(Level level); 70 | Level getLevel(); 71 | void inc(); 72 | void dec(); 73 | void reset(); 74 | 75 | void msg(Level type, char *msg, char *fmt, ...); 76 | void trace(char *msg, char *fmt, ...); 77 | void info(char *msg, char *fmt, ...); 78 | void warn(char *msg, char *fmt, ...); 79 | void error(char *msg, char *fmt, ...); 80 | 81 | void enter(char *method); 82 | void exit(char *method); 83 | 84 | 85 | private: 86 | void vmsg(Level type, char *msg, char *fgm, va_list ap); 87 | char *indent(); 88 | char *getLevelName(Level level); 89 | static char *levelNames[ERR + 1]; 90 | static Debug global_logger; 91 | static Debug null_logger; 92 | }; 93 | 94 | ****************/ 95 | 96 | #endif 97 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/util_in_cksum.h: -------------------------------------------------------------------------------- 1 | /* in_cksum.h 2 | * Declaration of Internet checksum routine. 3 | * 4 | * $Id: in_cksum.h 12117 2004-09-28 00:06:32Z guy $ 5 | */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif /* __cplusplus */ 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | typedef struct { 16 | const uint8_t *ptr; 17 | int len; 18 | } vec_t; 19 | 20 | extern uint16_t in_cksum(const vec_t *vec, int veclen); 21 | extern uint16_t in_cksum_shouldbe(uint16_t sum, uint16_t computed_sum); 22 | 23 | typedef union { 24 | uint8_t c[2]; 25 | uint16_t s; 26 | } pad_t; 27 | 28 | extern int in_checksum_pad_to_even( 29 | vec_t *vec, 30 | int veclen, 31 | pad_t *pad); 32 | 33 | extern int in_checksum_skip_crc16_field( 34 | const uint8_t *buf, // Buffer ptr 35 | vec_t *vec, 36 | int len, 37 | int crc_offset); 38 | 39 | extern int in_checksum_add_ip_pseudo_header( 40 | const uint8_t *buf, 41 | vec_t *vec, 42 | int type, 43 | int len, 44 | uint32_t phdr[2]); 45 | 46 | extern uint16_t psuedo_ip4_tcp( 47 | JNIEnv *env, 48 | const uint8_t *mem, 49 | size_t size, 50 | jint ip4, 51 | jint tcp); 52 | 53 | uint16_t psuedo_ip6_tcp( 54 | JNIEnv *env, 55 | const uint8_t *mem, 56 | size_t size, 57 | jint ip6, 58 | jint tcp); 59 | 60 | 61 | #ifdef __cplusplus 62 | } 63 | #endif /* __cplusplus */ 64 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/winpcap_ext.h: -------------------------------------------------------------------------------- 1 | #include 2 | /* Header for jnetpcap_utils utility methods */ 3 | 4 | #ifndef _Included_org_jnetpcap_WinPcapExtensions 5 | #define _Included_org_jnetpcap_WinPcapExtensions 6 | #ifdef __cplusplus 7 | extern "C" { 8 | #define EXTERN extern "C" 9 | #endif 10 | 11 | extern jclass winPcapClass; 12 | 13 | // Prototypes 14 | 15 | #ifdef __cplusplus 16 | } 17 | #endif 18 | #endif 19 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/winpcap_ids.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_winpcap_ids_h 4 | #define _Included_winpcap_ids_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include "export.h" 11 | 12 | #include 13 | 14 | // WinPcapSamp 15 | extern jclass winPcapSampClass; 16 | extern jfieldID winPcapSampPhysicalFID; 17 | extern jmethodID winPcapSampConstructorMID; 18 | 19 | // WinPcapStat 20 | extern jclass WinPcapStatClass; 21 | extern jmethodID WinPcapStatConstructorMID; 22 | 23 | // WinPcapRmtAuth 24 | extern jclass winPcapRmtAuthClass; 25 | extern jfieldID winPcapRmtAuthTypeFID; 26 | extern jfieldID winPcapRmtAuthUsernameFID; 27 | extern jfieldID winPcapRmtAuthPasswordFID; 28 | 29 | #ifdef __cplusplus 30 | } 31 | #endif 32 | #endif 33 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3/winpcap_stat_ex.h: -------------------------------------------------------------------------------- 1 | #include 2 | /* Header for jnetpcap_utils utility methods */ 3 | 4 | #ifndef _Included_org_jnetpcap_WinWinPcapStat 5 | #define _Included_org_jnetpcap_WinWinPcapStat 6 | #ifdef __cplusplus 7 | extern "C" { 8 | #define EXTERN extern "C" 9 | #endif 10 | 11 | extern jclass winWinPcapStatClass; 12 | 13 | // Prototypes 14 | jobject newWinPcapStat(JNIEnv *env); 15 | void setWinPcapStat(JNIEnv *env, jobject jstats, struct pcap_stat *stats, 16 | int size); 17 | 18 | 19 | #ifdef __cplusplus 20 | } 21 | #endif 22 | #endif 23 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/CICFlowMeterV3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/CICFlowMeterV3.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017 Canadian Institute for Cybersecurity (CIC) 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (CICFlowMeter), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | 21 | For citation in your works and also understanding CICFloeMeter (formerly ISCXFlowMeter) completely, you can find below published paper: 22 | 23 | Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017 24 | 25 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 26 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/README.md: -------------------------------------------------------------------------------- 1 | # Intro 2 | NetWorkTrafficApp is a network traffic flow generator available from here . It can be used to generate bidirectional flows, where the first packet determines the forward (source to destination) and backward (destination to source) directions, hence the statistical time-related features can be calculated separately in the forward and backward directions. Additional functionalities include, selecting features from the list of existing features, adding new features, and controlling the duration of flow timeout. 3 | 4 | NOTE: TCP flows are usually terminated upon connection teardown (by FIN packet) while UDP flows are terminated by a flow timeout. The flow timeout value can be assigned arbitrarily by the individual scheme e.g., 600 seconds for both TCP and UDP. In this version,we used jnetpcap1.4 to handle the memoery issue which is common on version 1.3. 5 | 6 | -------------------------------------------------------------- 7 | # Installation and executing: 8 | 9 | Extract CICFlowMeterV3.zip 10 | 11 | ___Note: The only prerequisite is that "libpcap" library or WinPcap on windows systems, be pre-installed___ 12 | 13 | For Linux 14 | 15 | > $ sudo apt-get install libpcap-dev 16 | 17 | 18 | For windows 19 | > download [winpcap]() 20 | 21 | ## executing 22 | Go to the extracted folder and run this command: 23 | ``` 24 | //linux 25 | sudo java -Djava.library.path="Your jnetpcap-linux folder path" -jar CICFlowMeterV3.jar 26 | //windows 27 | java -Djava.library.path="Your jnetpcap-win folder path" -jar CICFlowMeterV3.jar 28 | ``` 29 | 30 | Example for linux: 31 | ``` 32 | sudo java -Djava.library.path="/home/CIC/Desktop/jnetpcap" -jar CICFlowMeterV3.jar 33 | ``` 34 | 35 | ## Get started 36 | for offline 37 | ``` 38 | 1.Select the folder that include your PCAP files 39 | 2.Select the folder that you would like to save you CSV files 40 | 3.Click OK button 41 | ``` 42 | 43 | for realtime 44 | ``` 45 | 1 CLick Load button to find the list of network interfaces 46 | 2 Select the interface you would like to monitor 47 | 3 Click start button and wait for a while 48 | 4 Click stop button to stop the process and save the csv in same applcation folder/data/daily 49 | ``` 50 | 51 | -------------------------------------------------------------- 52 | 53 | Contact us at A.Habibi.L@unb.ca if there are any problems. 54 | 55 | 56 | For citation in your works and also understanding CICFlowMeter (formerly ISCXFlowMeter) completely, you can find below published papers: 57 | 58 | Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun and Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In the proceeding of the 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017 59 | 60 | Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome , Italy 61 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/analysis.h: -------------------------------------------------------------------------------- 1 | /* Header for analysis_flow utility methods */ 2 | 3 | #ifndef _Included_analysis_h 4 | #define _Included_analysis_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include 11 | #include 12 | #include "export.h" 13 | 14 | #include 15 | #include "org_jnetpcap_packet_analysis_Analysis.h" 16 | #include "org_jnetpcap_packet_analysis_AnalysisUtils.h" 17 | 18 | #define ROOT_TYPE org_jnetpcap_analysis_AnalysisUtils_ROOT_TYPE 19 | 20 | /* 21 | * A header for every analysis object 22 | */ 23 | typedef struct analysis_t { 24 | uint16_t type; 25 | uint16_t len; // length so we can walk unknown analysis types 26 | } analysis_t; 27 | 28 | /* 29 | * Roots are embeded in packet_state_t and header_state_t objects 30 | */ 31 | typedef struct root_analysis_t { 32 | uint16_t type; // == ROOT_TYPE 33 | uint16_t len; // length so we can walk unknown analysis types 34 | 35 | analysis_t *child; 36 | }; 37 | 38 | 39 | typedef void (*native_analyzer_func_t)(packet_state_t *packet); 40 | extern native_analyzer_func_t native_analyzers[]; 41 | 42 | typedef struct analyzer_t { 43 | 44 | native_analyzer_func_t analyzers[64][4]; 45 | 46 | } analyzer_t; 47 | 48 | #ifdef __cplusplus 49 | } 50 | #endif 51 | #endif 52 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/export.h: -------------------------------------------------------------------------------- 1 | 2 | // Include this file after jni.h is included. It undefines MS compiler, def for 3 | // gcc specific one. 4 | // 5 | #ifndef Include_export_h 6 | #define Include_export_h 7 | 8 | // JNIEXPORT is designed for microsoft compilers, we're using gcc to compile 9 | #ifdef JNIEXPORT 10 | #undef JNIEXPORT 11 | #endif 12 | #undef JNIEXPORT 13 | #define JNIEXPORT extern "C" 14 | 15 | #undef __declspec 16 | #define __declspec(a) extern "C" 17 | 18 | #ifndef FALSE 19 | #define TRUE 1 20 | #define FALSE !TRUE 21 | #endif 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/jnetpcap-pcap100.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/jnetpcap-pcap100.dll -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/jnetpcap.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/jnetpcap.dll -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/jnetpcap.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/jnetpcap.jar -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/jnetpcap_bpf.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_jnetpcap_bpf_h 4 | #define _Included_jnetpcap_bpf_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include "export.h" 11 | 12 | #include 13 | 14 | extern jclass bpfProgramClass; 15 | 16 | extern jfieldID bpfProgramPhysicalFID; 17 | 18 | // Prototypes 19 | bpf_program *getBpfProgram(JNIEnv *env, jobject obj); 20 | void setBpfProgramPhysical(JNIEnv *env, jobject obj, jlong value); 21 | 22 | #ifdef __cplusplus 23 | } 24 | #endif 25 | #endif 26 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/jnetpcap_dumper.h: -------------------------------------------------------------------------------- 1 | #include 2 | /* Header for jnetpcap_dumper methods */ 3 | 4 | #ifndef _Included_org_jnetpcap_PcapDumper 5 | #define _Included_org_jnetpcap_PcapDumper 6 | #ifdef __cplusplus 7 | extern "C" { 8 | #define EXTERN extern "C" 9 | #endif 10 | 11 | extern jclass pcapDumperClass; 12 | 13 | extern jclass pcapDumperClass; 14 | 15 | extern jmethodID pcapDumperConstructorMID; 16 | 17 | extern jfieldID pcapDumperPhysicalFID; 18 | 19 | // Prototypes 20 | void setPcapDumper(JNIEnv *env, jobject obj, pcap_dumper_t *dumper); 21 | pcap_dumper_t *getPcapDumper(JNIEnv *env, jobject obj); 22 | jobject newPcapDumper(JNIEnv *env, pcap_dumper_t *dumper); 23 | 24 | #ifdef __cplusplus 25 | } 26 | #endif 27 | #endif 28 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/jnetpcap_ids.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_jnetpcap_ids_h 4 | #define _Included_jnetpcap_ids_h 5 | 6 | #include "export.h" 7 | 8 | #include 9 | 10 | #ifdef __cplusplus 11 | extern "C" { 12 | #define EXTERN extern "C" 13 | #endif 14 | 15 | extern jclass pcapClass; 16 | extern jclass byteBufferClass; 17 | extern jclass stringBuilderClass; 18 | extern jclass pcapIfClass; 19 | extern jclass pcapAddrClass; 20 | extern jclass PcapSockAddrClass; 21 | extern jclass pcapIntegerClass; 22 | extern jclass JBufferHandlerClass; 23 | extern jclass ByteBufferHandlerClass; 24 | extern jclass JPacketHandlerClass; 25 | extern jclass PcapPacketHandlerClass; 26 | 27 | extern jmethodID byteBufferIsDirectMID; 28 | extern jmethodID bufferGetPositionMID; 29 | extern jmethodID bufferGetLimitMID; 30 | extern jmethodID bufferSetLimitMID; 31 | extern jmethodID bufferSetPositionMID; 32 | extern jmethodID bufferGetPositionMID; 33 | extern jmethodID bufferGetCapacityMID; 34 | extern jmethodID JBufferHandlerNextPacketMID; 35 | extern jmethodID ByteBufferHandlerNextPacketMID; 36 | extern jmethodID JPacketHandlerNextPacketMID; 37 | extern jmethodID PcapPacketHandlerNextPacketMID; 38 | 39 | 40 | extern jclass msIpAdapterIndexMapClass; 41 | 42 | extern jfieldID pcapPhysicalFID; 43 | extern jfieldID pcapIntegerValueFID; 44 | 45 | 46 | extern jfieldID PcapPktHdrSecondsFID; 47 | extern jfieldID PcapPktHdrUSecondsFID; 48 | extern jfieldID PcapPktHdrCaplenFID; 49 | extern jfieldID PcapPktHdrLenFID; 50 | 51 | extern jfieldID PcapPktBufferFID; 52 | 53 | extern jfieldID pcapIfNextFID; 54 | extern jfieldID pcapIfNameFID; 55 | extern jfieldID pcapIfDescriptionFID; 56 | extern jfieldID pcapIfAddressesFID; 57 | extern jfieldID pcapIfFlagsFID; 58 | 59 | extern jfieldID pcapAddrNextFID; 60 | extern jfieldID pcapAddrAddrFID; 61 | extern jfieldID pcapAddrNetmaskFID; 62 | extern jfieldID pcapAddrBroadaddrFID; 63 | extern jfieldID pcapAddrDstaddrFID; 64 | 65 | extern jfieldID PcapSockAddrFamilyFID; 66 | extern jfieldID PcapSockAddrDataFID; 67 | 68 | extern jmethodID pcapConstructorMID; 69 | extern jmethodID pcapIfConstructorMID; 70 | extern jmethodID PcapSockAddrConstructorMID; 71 | extern jmethodID pcapAddrConstructorMID; 72 | extern jmethodID msIpAdapterIndexMapMID; 73 | 74 | extern jmethodID appendMID; 75 | extern jmethodID setLengthMID; 76 | 77 | extern jclass pcapStatClass; 78 | 79 | extern jfieldID pcapStatRecvFID; 80 | extern jfieldID pcapStatDropFID; 81 | extern jfieldID pcapStatIfDropFID; 82 | extern jfieldID pcapStatCaptFID; 83 | extern jfieldID pcapStatSentFID; 84 | extern jfieldID pcapStatNetdropFID; 85 | 86 | #ifdef __cplusplus 87 | } 88 | #endif 89 | #endif 90 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/jnetpcap_utils.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_org_jnetpcap_Pcap_utils 4 | #define _Included_org_jnetpcap_Pcap_utils 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include "export.h" 11 | 12 | #include 13 | #include "packet_jscanner.h" 14 | 15 | /* 16 | * LIBPCAP versions that specify when each feature or function was first 17 | * introduced. The format of the value is a collapsed version number. That is 18 | * Actual libpcap version number 0.9.3 is first collapsed to 093 and then a 19 | * 0x prefixed otherwise compiler complains that its a out-of-range octal value. 20 | * So 0.9.3 becomes 0x093 and for our comparison purposes is sufficient to ensure 21 | * correct libpcap version level. 22 | */ 23 | #define LIBPCAP_PCAP_SENDPACKET 0x093 24 | #define LIBPCAP_PCAP_INJECT 0x097 25 | 26 | 27 | #define ILLEGAL_STATE_EXCEPTION "java/lang/IllegalStateException" 28 | #define ILLEGAL_ARGUMENT_EXCEPTION "java/lang/IllegalArgumentException" 29 | #define CLASS_NOT_FOUND_EXCEPTION "java/lang/ClassNotFoundException" 30 | #define NO_SUCH_METHOD_EXCEPTION "java/lang/NoSuchMethodException" 31 | #define NO_SUCH_FIELD_EXCEPTION "java/lang/NoSuchFieldException" 32 | #define INDEX_OUT_OF_BOUNDS_EXCEPTION "java/lang/IndexOutOfBoundsException" 33 | #define NULL_PTR_EXCEPTION "java/lang/NullPointerException" 34 | #define UNSUPPORTED_OPERATION_EXCEPTION "java/lang/UnsupportedOperationException" 35 | #define PCAP_CLOSED_EXCEPTION "org/jnetpcap/PcapClosedException" 36 | #define PCAP_EXTENSION_NOT_AVAILABLE_EXCEPTION "org/jnetpcap/PcapExtensionNotAvailableException" 37 | #define OUT_OF_MEMORY_ERROR "java/lang/OutOfMemoryError" 38 | #define BUFFER_OVERFLOW_EXCEPTION "java/nio/BufferOverflowException" 39 | #define BUFFER_UNDERFLOW_EXCEPTION "java/nio/BufferUnderflowException" 40 | #define READ_ONLY_BUFFER_EXCETPION "java/nio/ReadOnlyBufferException" 41 | #define UNREGISTERED_SCANNER_EXCEPTION "org/jnetpcap/packet/UnregisteredHeaderException" 42 | #define IO_EXCEPTION "java/io/IOException" 43 | 44 | extern jclass pcapClass; 45 | extern jclass pcapHandlerClass; 46 | extern jclass stringBuilderClass; 47 | 48 | extern jfieldID pcapPhysicalFID; 49 | extern jfieldID pcapIfNextFID; 50 | 51 | extern jmethodID pcapConstructorMID; 52 | extern jmethodID pcapHandlerMID; 53 | extern jmethodID appendMID; 54 | extern jmethodID setLengthMID; 55 | 56 | /* IDs for packet_jpacket.cpp file */ 57 | extern jclass pcapPacketClass; 58 | extern jmethodID pcapPacketConstructorMID; 59 | extern jfieldID pcapStateFID; 60 | extern jfieldID pcapHeaderFID; 61 | 62 | 63 | // GENERIC utilities 64 | const char *toCharArray(JNIEnv *env, jstring jstr, char *buf); 65 | jstring toJavaString(JNIEnv *env, const char *buf); 66 | jlong toLong(void *ptr); 67 | void *toPtr(jlong lp); 68 | 69 | jclass getClass(JNIEnv *env, char *clazz); 70 | 71 | 72 | /* 73 | * PCAP class related utilities 74 | */ 75 | 76 | /* 77 | * Structure which holds information for a callback from dispatch and loop. 78 | * Holds enough information so we can callback to Java handler and still return 79 | * the original generic user data object. 80 | */ 81 | typedef struct pcap_user_data_t { 82 | JNIEnv *env; 83 | jobject obj; 84 | jobject pcap; 85 | jobject user; 86 | jclass clazz; 87 | jthrowable exception; // Any exceptions to rethrow 88 | jmethodID mid; 89 | pcap_t *p; 90 | 91 | } pcap_user_data_t; 92 | 93 | typedef struct cb_byte_buffer_t { 94 | pcap_t *p; 95 | jmethodID mid; 96 | JNIEnv *env; // thread 97 | jobject obj; // ByteBufferHandler 98 | jobject pcap; 99 | jthrowable exception; // Any exceptions to rethrow 100 | jobject user; 101 | jobject header; // PcapHeader 102 | } cb_byte_buffer_t; 103 | 104 | typedef struct cb_jbuffer_t { 105 | pcap_t *p; 106 | jmethodID mid; 107 | JNIEnv *env; // thread 108 | jobject obj; // JBufferHandler 109 | jobject pcap; 110 | jthrowable exception; // Any exceptions to rethrow 111 | jobject user; 112 | jobject header; // PcapHeader 113 | jobject buffer; // JBuffer 114 | } cb_jbuffer_t; 115 | 116 | #define DEBUG_INJECT_PACKET_BREAK_LOOP 1 117 | typedef struct cb_packet_t { 118 | pcap_t *p; 119 | jmethodID mid; 120 | JNIEnv *env; // thread 121 | jobject obj; // JPacketHandler 122 | jobject pcap; 123 | jthrowable exception; // Any exceptions to rethrow 124 | jobject user; 125 | jobject header; // PcapHeader 126 | jobject packet; // JPacket 127 | jobject state; // JPacket.State 128 | jint id; // Header ID 129 | jobject scanner; // JScanner 130 | int flags; // Flags used when inject packet is used 131 | 132 | } cb_jpacket_t; 133 | 134 | 135 | 136 | extern "C" 137 | void pcap_callback(u_char*, const pcap_pkthdr*, const u_char*); 138 | void cb_byte_buffer_dispatch(u_char*, const pcap_pkthdr*, const u_char*); 139 | void cb_jbuffer_dispatch(u_char*, const pcap_pkthdr*, const u_char*); 140 | void cb_pcap_packet_dispatch(u_char*, const pcap_pkthdr*, const u_char*); 141 | void cb_pcap_dumper_handler(u_char*, const pcap_pkthdr*, const u_char*); 142 | 143 | pcap_t *getPcap(JNIEnv *env, jobject obj); 144 | jmethodID getPcapHandlerMID(JNIEnv *env); 145 | jfieldID getPcapPhysicalFID(JNIEnv *env, jclass clazz); 146 | jlong getPhysical(JNIEnv *, jobject); 147 | void setPhysical(JNIEnv *, jobject, jlong); 148 | void setString(JNIEnv *env, jobject buffer, const char *); 149 | jmethodID getPcapConstructorMID(JNIEnv *env, jclass clazz); 150 | pcap_pkthdr *getPktHeader(JNIEnv *env, jobject jpkt_header, pcap_pkthdr *pkt_header); 151 | void setPktHeader(JNIEnv *env, jobject jpkt_header, pcap_pkthdr *pkt_header); 152 | void setPktBuffer(JNIEnv *env, jobject jpkt_buffer, jobject jbuffer); 153 | jclass findClass(JNIEnv *env, const char *name); 154 | jmethodID findMethod(JNIEnv *env, jobject obj, const char *name, const char *signature); 155 | 156 | jobject newPcapAddr(JNIEnv *env, jobject jlist, jmethodID MID_add, pcap_addr *addr); 157 | jobject newPcapIf(JNIEnv *env, jobject jlist, jmethodID MID_add, pcap_if_t *ifp); 158 | jobject newPcapSockAddr(JNIEnv *env, sockaddr *a); 159 | 160 | void setPcapStat(JNIEnv *env, jobject jstats, pcap_stat *stats); 161 | 162 | void throwException(JNIEnv *env, const char *exception, const char *message); 163 | void throwVoidException(JNIEnv *env, const char *exception); 164 | 165 | /* 166 | * Creates a new PcapPacket object, allocates a new memory block and copies 167 | * header, state and packet data into the buffer. Then peers all the packet 168 | * structures to point at the buffer. 169 | */ 170 | jobject transferToNewBuffer( 171 | JNIEnv *env, 172 | const pcap_pkthdr *pkt_header, 173 | const u_char *pkt_data, 174 | jobject state); 175 | 176 | #ifdef __cplusplus 177 | } 178 | #endif 179 | #endif 180 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/libjnetpcap-pcap100.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/libjnetpcap-pcap100.so -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/libjnetpcap.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/libjnetpcap.so -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/mac_addr.h: -------------------------------------------------------------------------------- 1 | #ifndef __MAC_ADDR_HDR__ 2 | #define __MAC_ADDR_HDR__ 3 | 4 | extern "C" int mac_addr_dlpi ( char *dev, u_char *addr); 5 | extern "C" int mac_addr_sys ( char *dev, u_char *addr); 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/nio_jbuffer.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_nio_jbuffer_h 4 | #define _Included_nio_jbuffer_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include "export.h" 11 | 12 | #include 13 | 14 | 15 | /**************************************************************** 16 | * ************************************************************** 17 | * 18 | * JNI IDs 19 | * 20 | * ************************************************************** 21 | ****************************************************************/ 22 | extern jfieldID jbufferOrderFID; 23 | extern jfieldID jbufferReadonlyFID; 24 | 25 | /**************************************************************** 26 | * ************************************************************** 27 | * 28 | * ENDIAN MACROS - swap bytes for proper endianess 29 | * 30 | * ************************************************************** 31 | ****************************************************************/ 32 | #define ENDIAN16_ATOM_SWAP(data) (\ 33 | ((((uint16_t)data) >> 8) & 0x00FF) | ((((uint16_t)data) << 8) & 0xFF00)) 34 | 35 | #define ENDIAN32_ATOM_SWAP(data) (\ 36 | ( (((uint32_t)data) >> 24) & 0x000000FF) | ((((uint32_t)data) >> 8) & 0x0000FF00) |\ 37 | ( (((uint32_t)data) << 8) & 0x00FF0000) | ((((uint32_t)data) << 24) & 0xFF000000)) 38 | 39 | #define ENDIAN64_ATOM_SWAP(data) (\ 40 | ( (((uint64_t)data) >> 56) & 0x00000000000000FFLLU) | ((((uint64_t)data) >> 40) & 0x000000000000FF00LLU) |\ 41 | ( (((uint64_t)data) >> 24) & 0x0000000000FF0000LLU) | ((((uint64_t)data) >> 8) & 0x00000000FF000000LLU) |\ 42 | ( (((uint64_t)data) << 8) & 0x000000FF00000000LLU) | ((((uint64_t)data) << 24) & 0x0000FF0000000000LLU) |\ 43 | ( (((uint64_t)data) << 40) & 0x00FF000000000000LLU) | ((((uint64_t)data) << 56) & 0xFF00000000000000LLU) \ 44 | ) 45 | 46 | #define ENDIAN16_PTR_SWAP(data) \ 47 | ((uint16_t)*(data + 0) << 8) | ((uint16_t)*(data + 1)) 48 | 49 | #define ENDIAN32_PTR_SWAP(data) \ 50 | ((uint32_t)*(data + 0) << 24) | ((uint32_t)*(data + 3) ) |\ 51 | ((uint32_t)*(data + 1) << 16) | ((uint32_t)*(data + 2) << 8) 52 | 53 | #define ENDIAN64_PTR_SWAP(data) \ 54 | ((uint64_t)*(data + 0) << 56) | ((uint64_t)*(data + 7) ) |\ 55 | ((uint64_t)*(data + 1) << 48) | ((uint64_t)*(data + 6) << 8) |\ 56 | ((uint64_t)*(data + 2) << 40) | ((uint64_t)*(data + 5) << 16) |\ 57 | ((uint64_t)*(data + 3) << 32) | ((uint64_t)*(data + 4) << 24) 58 | 59 | /* 60 | * These macros test for requested BIG ENDIAN condition and appropriately define 61 | * the correct byte swap macro for various CPU ENDIAN platforms. 62 | * 63 | * Usage - if cond is TRUE will ensure that BIG_ENDIAN is returned on both 64 | * LITTLE AND BIG platforms. If cond is FALSE then LITTLE_ENDIAN will be 65 | * returned. 66 | */ 67 | #if __BYTE_ORDER == __LITTLE_ENDIAN 68 | #define ENDIAN16_GET(big, data) ((big == JNI_TRUE)?ENDIAN16_ATOM_SWAP(data):data) 69 | #define ENDIAN32_GET(big, data) ((big == JNI_TRUE)?ENDIAN32_ATOM_SWAP(data):data) 70 | #define ENDIAN64_GET(big, data) ((big == JNI_TRUE)?ENDIAN64_ATOM_SWAP(data):data) 71 | 72 | #define BIG_ENDIAN16(data) ENDIAN16_ATOM_SWAP(data) 73 | #define BIG_ENDIAN32(data) ENDIAN32_ATOM_SWAP(data) 74 | #define BIG_ENDIAN64(data) ENDIAN64_ATOM_SWAP(data) 75 | 76 | #define LITTLE_ENDIAN16(data) data 77 | #define LITTLE_ENDIAN32(data) data 78 | #define LITTLE_ENDIAN64(data) data 79 | 80 | #elif __BYTE_ORDER == __BIG_ENDIAN 81 | #define ENDIAN16_GET(big, data) ((big == JNI_TRUE)?data:ENDIAN16_ATOM_SWAP(data)) 82 | #define ENDIAN32_GET(big, data) ((big == JNI_TRUE)?data:ENDIAN32_ATOM_SWAP(data)) 83 | #define ENDIAN64_GET(big, data) ((big == JNI_TRUE)?data:ENDIAN64_ATOM_SWAP(data)) 84 | 85 | #define BIG_ENDIAN16(data) data 86 | #define BIG_ENDIAN32(data) data 87 | #define BIG_ENDIAN64(data) data 88 | 89 | #define LITTLE_ENDIAN16(data) ENDIAN16_ATOM_SWAP(data) 90 | #define LITTLE_ENDIAN32(data) ENDIAN32_ATOM_SWAP(data) 91 | #define LITTLE_ENDIAN64(data) ENDIAN64_ATOM_SWAP(data) 92 | 93 | #else 94 | # error "ENDIAN MACROS NOT DEFINED :(" 95 | #endif 96 | 97 | 98 | 99 | #ifdef __cplusplus 100 | } 101 | #endif 102 | #endif 103 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/nio_jmemory.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_nio_jmemory_h 4 | #define _Included_nio_jmemory_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include 11 | #include "export.h" 12 | 13 | #include 14 | 15 | typedef struct memory_usage_t { 16 | uint64_t total_allocated; 17 | uint64_t total_deallocated; 18 | 19 | uint64_t total_allocate_calls; 20 | uint64_t total_deallocate_calls; 21 | 22 | uint64_t seg_0_255_bytes; 23 | uint64_t seg_256_or_above_bytes; 24 | 25 | uint64_t max_direct; 26 | uint64_t soft_direct; 27 | uint64_t reserved_direct; 28 | uint64_t available_direct; 29 | 30 | } memory_usage_t; 31 | 32 | typedef struct jni_global_ref_t { 33 | int count; // Number of references held 34 | jobject reference[]; // array of references held 35 | } jni_global_ref_t; 36 | 37 | 38 | extern jclass jmemoryClass; 39 | extern jclass jmemoryPoolClass; 40 | extern jclass jmemoryReferenceClass; 41 | 42 | extern jmethodID jmemoryToDebugStringMID; 43 | extern jmethodID jmemoryMaxDirectMemoryBreachMID; 44 | extern jmethodID jmemorySoftDirectMemoryBreachMID; 45 | extern jmethodID jmemoryCleanupMID; 46 | extern jmethodID jmemoryPeer0MID; 47 | extern jmethodID jmemoryAllocateMID; 48 | extern jmethodID jmemorySetSize0MID; 49 | 50 | extern jfieldID jmemoryPhysicalFID; 51 | extern jfieldID jmemorySizeFID; 52 | extern jfieldID jmemoryOwnerFID; 53 | extern jfieldID jmemoryKeeperFID; 54 | extern jfieldID jmemoryRefFID; 55 | extern jfieldID jmemoryRefAddressFID; 56 | extern jobject jmemoryPOINTER_CONST; // JMemory.POINTER constant reference 57 | 58 | extern jmethodID jmemoryPoolAllocateExclusiveMID; 59 | extern jmethodID jmemoryPoolDefaultMemoryPoolMID; 60 | 61 | extern jobject defaultMemoryPool; 62 | 63 | extern memory_usage_t memory_usage; 64 | 65 | // Prototypes 66 | void init_jmemory(JNIEnv *env); 67 | void *getJMemoryPhysical(JNIEnv *env, jobject obj); 68 | void setJMemoryPhysical(JNIEnv *env, jobject obj, jlong value); 69 | void jmemoryCleanup(JNIEnv *env, jobject obj); 70 | 71 | jint jmemoryPeer(JNIEnv *env, jobject obj, const void *ptr, size_t length, jobject owner); 72 | 73 | char *jmemoryPoolAllocate(JNIEnv *env, size_t size, jobject *obj_ref); 74 | void jmemoryResize(JNIEnv *env, jobject obj, size_t size); 75 | char *jmemoryAllocate(JNIEnv *env, size_t size, jobject obj); 76 | char *jmemoryToDebugString(JNIEnv *env, jobject obj, char *buf); 77 | 78 | #ifdef ENABLE_ASSERT 79 | #define TOKEN_TO_STRING(TOK) # TOK 80 | #define ASSERT(cond) if (!(cond)) { fprintf(stderr, "ASSERT FAILED: %s:%d \"%s\"\n", __FILE__, __LINE__, TOKEN_TO_STRING(cond)); fflush(stderr); exit(1);} 81 | #else 82 | #define ASSERT(cond) 83 | #endif 84 | 85 | #ifdef __cplusplus 86 | } 87 | #endif 88 | #endif 89 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/packet_flow.h: -------------------------------------------------------------------------------- 1 | /* Header for analysis_flow utility methods */ 2 | 3 | #ifndef _Included_packet_flow_h 4 | #define _Included_packet_flow_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include 11 | #include 12 | #include "export.h" 13 | 14 | #include 15 | #include "org_jnetpcap_packet_JFlowKey.h" 16 | 17 | #define FLOW_KEY_PAIR_COUNT org_jnetpcap_packet_JFlowKey_FLOW_KEY_PAIR_COUNT 18 | 19 | struct scan_t; // Forward reference 20 | 21 | /* 22 | * Flow key is made up of several key pairs. In order for a flow key to be 23 | * equal to another flow key, all the pair values must match. The flow pairs 24 | * can be bi-directional. If uni directional flag is not set, it means that the 25 | * second array of pairs is also in use and the values there are exact pair 26 | * reversal of the first array of pairs. 27 | */ 28 | typedef struct flow_key_t { 29 | uint64_t header_map; // bitmap of header IDs part of this flowkey 30 | uint32_t hash; // Hashcode 31 | #define FLOW_KEY_FLAG_REVERSABLE_PAIRS org_jnetpcap_packet_JFlowKey_FLAG_REVERSABLE 32 | uint16_t flags; // flags 33 | uint16_t pair_count; // number of pairs upto FLOW_KEY_PAIR_COUNT 34 | uint8_t id[FLOW_KEY_PAIR_COUNT]; 35 | uint32_t forward_pair[FLOW_KEY_PAIR_COUNT][2]; 36 | uint32_t reverse_pair[FLOW_KEY_PAIR_COUNT][2]; 37 | } flow_key_t; 38 | 39 | /** 40 | * Based on the first part of the key, it sets the second part of the key 41 | * using reversed direction values for each pair. flow_key_t->pair[2] is a 42 | * multi-dimensional array that has 2 sets of key pairs. [0] for forward keys 43 | * and [1] for reverse direction keys. 44 | */ 45 | void flow_key_init(flow_key_t *key, int id); 46 | 47 | void process_flow_key(scan_t *scan); 48 | 49 | 50 | #ifdef __cplusplus 51 | } 52 | #endif 53 | #endif 54 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/util_crc16.h: -------------------------------------------------------------------------------- 1 | /* crc16.h 2 | * Declaration of CRC-16 routines and table 3 | * 4 | * 2004 Richard van der Hoff 5 | * 6 | * $Id: crc16.h 20485 2007-01-18 18:43:30Z guy $ 7 | * 8 | * Wireshark - Network traffic analyzer 9 | * By Gerald Combs 10 | * Copyright 1998 Gerald Combs 11 | * 12 | * Copied from README.developer 13 | * 14 | * This program is free software; you can redistribute it and/or 15 | * modify it under the terms of the GNU General Public License 16 | * as published by the Free Software Foundation; either version 2 17 | * of the License, or (at your option) any later version. 18 | * 19 | * This program is distributed in the hope that it will be useful, 20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 | * GNU General Public License for more details. 23 | * 24 | * You should have received a copy of the GNU General Public License 25 | * along with this program; if not, write to the Free Software 26 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 27 | */ 28 | 29 | #ifndef __CRC16_H_ 30 | #define __CRC16_H_ 31 | 32 | #ifdef __cplusplus 33 | extern "C" { 34 | #endif /* __cplusplus */ 35 | 36 | #include 37 | 38 | /* Calculate the CCITT/ITU/CRC-16 16-bit CRC 39 | 40 | (parameters for this CRC are: 41 | Polynomial: x^16 + x^12 + x^5 + 1 (0x1021); 42 | Start value 0xFFFF; 43 | XOR result with 0xFFFF; 44 | First bit is LSB) 45 | */ 46 | 47 | /** Compute CRC16 CCITT checksum of a buffer of data. 48 | @param buf The buffer containing the data. 49 | @param len The number of bytes to include in the computation. 50 | @return The CRC16 CCITT checksum. */ 51 | extern uint16_t crc16_ccitt(const uint8_t *buf, uint32_t len); 52 | 53 | /** Compute CRC16 X.25 CCITT checksum of a buffer of data. 54 | @param buf The buffer containing the data. 55 | @param len The number of bytes to include in the computation. 56 | @return The CRC16 X.25 CCITT checksum. */ 57 | extern uint16_t crc16_x25_ccitt(const uint8_t *buf, uint32_t len); 58 | 59 | /** Compute CRC16 CCITT checksum of a buffer of data. If computing the 60 | * checksum over multiple buffers and you want to feed the partial CRC16 61 | * back in, remember to take the 1's complement of the partial CRC16 first. 62 | @param buf The buffer containing the data. 63 | @param len The number of bytes to include in the computation. 64 | @param seed The seed to use. 65 | @return The CRC16 CCITT checksum (using the given seed). */ 66 | extern uint16_t crc16_ccitt_seed(const uint8_t *buf, uint32_t len, uint16_t seed); 67 | 68 | #ifdef __cplusplus 69 | } 70 | #endif /* __cplusplus */ 71 | 72 | #endif /* crc16.h */ 73 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/util_crc32.h: -------------------------------------------------------------------------------- 1 | /* crc32.h 2 | * Declaration of CRC-32 routine and table 3 | * 4 | * $Id: crc32.h 24930 2008-04-12 12:31:53Z stig $ 5 | * 6 | * Wireshark - Network traffic analyzer 7 | * By Gerald Combs 8 | * Copyright 1998 Gerald Combs 9 | * 10 | * Copied from README.developer 11 | * 12 | * This program is free software; you can redistribute it and/or 13 | * modify it under the terms of the GNU General Public License 14 | * as published by the Free Software Foundation; either version 2 15 | * of the License, or (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 25 | */ 26 | 27 | #ifndef __UTIL_CRC32_H_ 28 | #define __UTIL_CRC32_H_ 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif /* __cplusplus */ 33 | 34 | #include 35 | 36 | #define CRC32C_PRELOAD 0xffffffff 37 | 38 | /* 39 | * Byte swap fix contributed by Dave Wysochanski . 40 | */ 41 | #define CRC32C_SWAP(crc32c_value) \ 42 | (((crc32c_value & 0xff000000) >> 24) | \ 43 | ((crc32c_value & 0x00ff0000) >> 8) | \ 44 | ((crc32c_value & 0x0000ff00) << 8) | \ 45 | ((crc32c_value & 0x000000ff) << 24)) 46 | 47 | #define CRC32C(c,d) (c=(c>>8)^crc32c_table[(c^(d))&0xFF]) 48 | 49 | extern const uint32_t crc32c_table[256]; 50 | 51 | /** Compute CRC32C checksum of a buffer of data. 52 | @param buf The buffer containing the data. 53 | @param len The number of bytes to include in the computation. 54 | @param crc The preload value for the CRC32C computation. 55 | @return The CRC32C checksum. */ 56 | extern uint32_t calculate_crc32c(const void *buf, int len, uint32_t crc); 57 | 58 | extern const uint32_t crc32_ccitt_table[256]; 59 | 60 | /** Compute CRC32 CCITT checksum of a buffer of data. 61 | @param buf The buffer containing the data. 62 | @param len The number of bytes to include in the computation. 63 | @return The CRC32 CCITT checksum. */ 64 | extern uint32_t crc32_ccitt(const uint8_t *buf, uint32_t len); 65 | 66 | /** Compute CRC32 CCITT checksum of a buffer of data. If computing the 67 | * checksum over multiple buffers and you want to feed the partial CRC32 68 | * back in, remember to take the 1's complement of the partial CRC32 first. 69 | @param buf The buffer containing the data. 70 | @param len The number of bytes to include in the computation. 71 | @param seed The seed to use. 72 | @return The CRC32 CCITT checksum (using the given seed). */ 73 | extern uint32_t crc32_ccitt_seed(const uint8_t *buf, uint32_t len, uint32_t seed); 74 | 75 | 76 | #ifdef __cplusplus 77 | } 78 | #endif /* __cplusplus */ 79 | 80 | #endif /* util_crc32.h */ 81 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/util_debug.h: -------------------------------------------------------------------------------- 1 | 2 | // Include this file after jni.h is included. It undefines MS compiler, def for 3 | // gcc specific one. 4 | // 5 | #ifndef Include_util_debug_h 6 | #define Include_util_debug_h 7 | 8 | #define JNIEXPORT extern "C" 9 | 10 | #undef __declspec 11 | #define __declspec(a) extern "C" 12 | 13 | #include 14 | 15 | #define DEBUG_MAX_LEVEL 10 16 | 17 | #define DEBUG_TRACE 10 18 | #define DEBUG_INFO 8 19 | #define DEBUG_WARN 6 20 | #define DEBUG_ERROR 4 21 | 22 | #define DEFAULT_LEVEL DEBUG_TRACE 23 | #define DEFAULT_INDENT_CHAR '.' 24 | 25 | extern int debug_get_level(); 26 | extern void debug_set_level(int level); 27 | extern void debug_inc(); 28 | extern void debug_dec(); 29 | extern void debug_reset(); 30 | extern void debug_vmsg(const char *type, const char *msg, const char *fmt, va_list ap); 31 | extern void debug_msg(const char *type, const char *msg, const char *fmt, ...); 32 | extern void debug_trace(const char *msg, const char *fmt, ...); 33 | extern void debug_warn(const char *msg, const char *fmt, ...); 34 | extern void debug_error(const char *msg, const char *fmt, ...); 35 | extern void debug_info(const char *msg, const char *fmt, ...); 36 | extern void debug_enter(const char *method); 37 | extern void debug_exit(const char *method); 38 | 39 | #define DEBUG_MAX_NAME 256 40 | #define DEBUG_DEFAULT_LEVEL TRACE 41 | 42 | /*** 43 | ******** Temporarily backedout 44 | class Debug { 45 | public: 46 | enum Level { 47 | ALL, 48 | TRACE, 49 | INFO, 50 | WARN, 51 | ERR, 52 | NONE, 53 | UNDEFINED 54 | }; 55 | 56 | private: 57 | Level level; 58 | int indentation; 59 | char indentBuffer[DEBUG_MAX_LEVEL + 2]; 60 | char indentChar; 61 | Debug *parent; 62 | char name[DEBUG_MAX_NAME]; 63 | 64 | public: 65 | Debug(const char *name, Debug *parent); 66 | Debug(const char *name); 67 | Debug(const char *name, Level defaultLevel); 68 | ~Debug() { } 69 | void setLevel(Level level); 70 | Level getLevel(); 71 | void inc(); 72 | void dec(); 73 | void reset(); 74 | 75 | void msg(Level type, char *msg, char *fmt, ...); 76 | void trace(char *msg, char *fmt, ...); 77 | void info(char *msg, char *fmt, ...); 78 | void warn(char *msg, char *fmt, ...); 79 | void error(char *msg, char *fmt, ...); 80 | 81 | void enter(char *method); 82 | void exit(char *method); 83 | 84 | 85 | private: 86 | void vmsg(Level type, char *msg, char *fgm, va_list ap); 87 | char *indent(); 88 | char *getLevelName(Level level); 89 | static char *levelNames[ERR + 1]; 90 | static Debug global_logger; 91 | static Debug null_logger; 92 | }; 93 | 94 | ****************/ 95 | 96 | #endif 97 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/util_in_cksum.h: -------------------------------------------------------------------------------- 1 | /* in_cksum.h 2 | * Declaration of Internet checksum routine. 3 | * 4 | * $Id: in_cksum.h 12117 2004-09-28 00:06:32Z guy $ 5 | */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif /* __cplusplus */ 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | typedef struct { 16 | const uint8_t *ptr; 17 | int len; 18 | } vec_t; 19 | 20 | extern uint16_t in_cksum(const vec_t *vec, int veclen); 21 | extern uint16_t in_cksum_shouldbe(uint16_t sum, uint16_t computed_sum); 22 | 23 | typedef union { 24 | uint8_t c[2]; 25 | uint16_t s; 26 | } pad_t; 27 | 28 | extern int in_checksum_pad_to_even( 29 | vec_t *vec, 30 | int veclen, 31 | pad_t *pad); 32 | 33 | extern int in_checksum_skip_crc16_field( 34 | const uint8_t *buf, // Buffer ptr 35 | vec_t *vec, 36 | int len, 37 | int crc_offset); 38 | 39 | extern int in_checksum_add_ip_pseudo_header( 40 | const uint8_t *buf, 41 | vec_t *vec, 42 | int type, 43 | int len, 44 | uint32_t phdr[2]); 45 | 46 | extern uint16_t psuedo_ip4_tcp( 47 | JNIEnv *env, 48 | const uint8_t *mem, 49 | size_t size, 50 | jint ip4, 51 | jint tcp); 52 | 53 | uint16_t psuedo_ip6_tcp( 54 | JNIEnv *env, 55 | const uint8_t *mem, 56 | size_t size, 57 | jint ip6, 58 | jint tcp); 59 | 60 | 61 | #ifdef __cplusplus 62 | } 63 | #endif /* __cplusplus */ 64 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/winpcap_ext.h: -------------------------------------------------------------------------------- 1 | #include 2 | /* Header for jnetpcap_utils utility methods */ 3 | 4 | #ifndef _Included_org_jnetpcap_WinPcapExtensions 5 | #define _Included_org_jnetpcap_WinPcapExtensions 6 | #ifdef __cplusplus 7 | extern "C" { 8 | #define EXTERN extern "C" 9 | #endif 10 | 11 | extern jclass winPcapClass; 12 | 13 | // Prototypes 14 | 15 | #ifdef __cplusplus 16 | } 17 | #endif 18 | #endif 19 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/winpcap_ids.h: -------------------------------------------------------------------------------- 1 | /* Header for jnetpcap_utils utility methods */ 2 | 3 | #ifndef _Included_winpcap_ids_h 4 | #define _Included_winpcap_ids_h 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #define EXTERN extern "C" 8 | #endif 9 | 10 | #include "export.h" 11 | 12 | #include 13 | 14 | // WinPcapSamp 15 | extern jclass winPcapSampClass; 16 | extern jfieldID winPcapSampPhysicalFID; 17 | extern jmethodID winPcapSampConstructorMID; 18 | 19 | // WinPcapStat 20 | extern jclass WinPcapStatClass; 21 | extern jmethodID WinPcapStatConstructorMID; 22 | 23 | // WinPcapRmtAuth 24 | extern jclass winPcapRmtAuthClass; 25 | extern jfieldID winPcapRmtAuthTypeFID; 26 | extern jfieldID winPcapRmtAuthUsernameFID; 27 | extern jfieldID winPcapRmtAuthPasswordFID; 28 | 29 | #ifdef __cplusplus 30 | } 31 | #endif 32 | #endif 33 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4/winpcap_stat_ex.h: -------------------------------------------------------------------------------- 1 | #include 2 | /* Header for jnetpcap_utils utility methods */ 3 | 4 | #ifndef _Included_org_jnetpcap_WinWinPcapStat 5 | #define _Included_org_jnetpcap_WinWinPcapStat 6 | #ifdef __cplusplus 7 | extern "C" { 8 | #define EXTERN extern "C" 9 | #endif 10 | 11 | extern jclass winWinPcapStatClass; 12 | 13 | // Prototypes 14 | jobject newWinPcapStat(JNIEnv *env); 15 | void setWinPcapStat(JNIEnv *env, jobject jstats, struct pcap_stat *stats, 16 | int size); 17 | 18 | 19 | #ifdef __cplusplus 20 | } 21 | #endif 22 | #endif 23 | -------------------------------------------------------------------------------- /CICFlowMeters/CICFlowMeters.original.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/CICFlowMeters/CICFlowMeters.original.tar.gz -------------------------------------------------------------------------------- /CICFlowMeters/install_new_cicflowmeter-3.0.sh: -------------------------------------------------------------------------------- 1 | install_new_cicflowmeter.sh -------------------------------------------------------------------------------- /CICFlowMeters/install_new_cicflowmeter-4.0.sh: -------------------------------------------------------------------------------- 1 | install_new_cicflowmeter.sh -------------------------------------------------------------------------------- /CICFlowMeters/install_new_cicflowmeter.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | script_name=$(basename $0 .sh) 4 | version=${script_name##*-} 5 | [[ "${version}" == "" ]] && echo "Please run one of the links to this script!!" && exit 255 6 | 7 | rm -rf CICFlowMeter-${version} 8 | 9 | [[ ! -d CICFlowMeter_repo ]] && (\ 10 | git clone https://github.com/iPAS/CICFlowMeter.git CICFlowMeter_repo || (\ 11 | echo "Cannot clone the repository https://github.com/iPAS/CICFlowMeter.git!" && exit 255)) 12 | 13 | cd CICFlowMeter_repo 14 | git fetch 15 | git checkout tags/CICFlowMeter-${version}-commandline 16 | gradle clean 17 | gradle build 18 | cd .. 19 | 20 | # cp CICFlowMeter_repo/build/distributions/CICFlowMeter-${version}.zip . 21 | # unzip CICFlowMeter-${version}.zip 22 | # rm -f CICFlowMeter-${version}.zip 23 | tar -xf CICFlowMeter_repo/build/distributions/CICFlowMeter-${version}.tar -C . 24 | cp -f CICFlowMeter.revised CICFlowMeter-${version}/bin/CICFlowMeter 25 | -------------------------------------------------------------------------------- /apt_ipv4.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # https://www.vultr.com/docs/force-apt-get-to-ipv4-or-ipv6-on-ubuntu-or-debian 3 | apt-get -o Acquire::ForceIPv4=true $@ 4 | -------------------------------------------------------------------------------- /capture_interface_pcap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | interface=$1 4 | output_dir=$2 5 | user=$3 6 | rotate_interval=60 7 | 8 | [[ "$(grep -c "$interface" /proc/net/dev)" == "0" ]] && echo "The interface is NOT found!" && exit 255 9 | [[ ! -d "$output_dir" ]] && echo "The output directory does NOT exist!" && exit 255 10 | 11 | # Clean 12 | cleanup() { 13 | echo "=== Capturer is being cancled ===" 14 | echo "=== Wait the converter finished for 3 seconds..." 15 | sleep 3 16 | echo 17 | echo "=== Convert left PCAP files if any" 18 | OIFS="$IFS" 19 | IFS=$'\n' 20 | for f in `find "${output_dir}" -type f -name "*.pcap"`; do 21 | echo "=== $f is left" 22 | "${post_rotate_command}" "$f" 23 | done 24 | IFS="$OIFS" 25 | 26 | echo "=== Clean stuff up" 27 | rm -f "$output_dir"/*.pcap 28 | 29 | echo 30 | exit 0 31 | } 32 | 33 | trap 'cleanup' INT TERM EXIT 34 | 35 | #output_file=${output_dir}/$(date +'%Y-%m-%d-%H:%M:%S.pcap') 36 | output_file_format=${output_dir}/'%Y-%m-%d-%H:%M:%S.pcap' 37 | options="-n -nn -N -s 0" 38 | 39 | [[ ! -z "${user}" ]] && options="${options} -Z ${user}" #$(id -nu 1000) 40 | 41 | # Before the post-rotatation script can be run, please edit an AppArmor configuration file: 42 | # $ sudo vi /etc/apparmor.d/usr.sbin.tcpdump 43 | # by adding the line: 44 | # /**/* ixr, 45 | # then 46 | # $ sudo service apparmor restart 47 | # 48 | script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # On the same directory. 49 | post_rotate_command="${script_dir}"/convert_pcap_csv.sh 50 | 51 | sudo tcpdump ${options} -z "${post_rotate_command}" -i ${interface} -G ${rotate_interval} -w "${output_file_format}" 52 | 53 | #sudo chown 1000:1000 "${output_dir}"/* 54 | 55 | -------------------------------------------------------------------------------- /clean_pcap_csv.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rm -f tmp/*.* 4 | rm -f pcap/*.pcap 5 | rm -f csv/*.csv 6 | rm -f csv/*/*.csv 7 | -------------------------------------------------------------------------------- /convert_pcap_csv.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | pcap_file="$1" 4 | [[ ! -f "${pcap_file}" ]] && echo "PCAP file ${pcap_file} does NOT exist!" && exit 255 5 | 6 | script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # On the same directory. 7 | echo ">>> Script dir: ${script_dir}" 8 | 9 | output_dir="${script_dir}"/csv 10 | 11 | 12 | ## Clean 13 | cancel() { 14 | echo "+++ Converter is being canceled +++" 15 | echo "+++ The last conversion, ${pcap_file}, is not completed!" 16 | echo 17 | exit 0 18 | } 19 | trap 'cancel' INT TERM 20 | 21 | cleanup() { 22 | # echo "+++ Remove ${pcap_file}" 23 | # rm -f "${pcap_file}" 24 | 25 | echo "+++ Finish the conversion" 26 | echo 27 | exit 0 28 | } 29 | trap 'cleanup' EXIT 30 | 31 | 32 | ## Convert 33 | echo "+++ CICFlowMeter PCAP-to-CSV Converter +++" 34 | echo " Input file: ${pcap_file}" 35 | echo " Output dir: ${output_dir}" 36 | 37 | # CICFlowMeter-3.0/bin/CICFlowMeter 38 | # cic="${script_dir}"/CICFlowMeters/CICFlowMeter-3.0/bin/CICFlowMeter 39 | cic="${script_dir}"/CICFlowMeters/CICFlowMeter-4.0/bin/CICFlowMeter 40 | 41 | "${cic}" "${pcap_file}" "${output_dir}" 42 | 43 | 44 | echo "+++ Remove ${pcap_file}" 45 | rm -f "${pcap_file}" 46 | 47 | 48 | 49 | 50 | ## Rearrange the PCAP due to other CICFlowMeter versions' compatibility 51 | # pcap_dir="${script_dir}"/tmp 52 | # pcap_tmp="${pcap_dir}"/$(basename "${pcap_file}") 53 | 54 | #echo "> move ${pcap_file} to ${pcap_tmp}" 55 | #mv "${pcap_file}" "${pcap_dir}" 56 | 57 | 58 | # CICFlowMeterV2 59 | #cic_dir="${script_dir}"/CICFlowMeters/CICFlowMeterV2 60 | #java -Djava.library.path="${cic_dir}" -jar "${cic_dir}"/CICFlowMeter.jar "${pcap_dir}/" "${output_dir}/2/" 61 | 62 | #cic_dir=${HOME}/CICFlowMeterV2 63 | #java -Djava.library.path="${cic_dir}/jnetpcap" -jar "${cic_dir}"/CICFlowMeter.jar "${pcap_dir}/" "${output_dir}/2/" 64 | 65 | # CICFlowMeterV3-jnetpcap-1.3 66 | #cic_dir="${script_dir}"/CICFlowMeters/CICFlowMeterV3-jnetpcap-1.3 67 | #java -Djava.library.path="${cic_dir}" -jar "${cic_dir}"/CICFlowMeterV3.jar "${pcap_tmp}" "${output_dir}/3.1.3/" 68 | 69 | # CICFlowMeterV3-jnetpcap-1.4 70 | #cic_dir="${script_dir}"/CICFlowMeters/CICFlowMeterV3-jnetpcap-1.4 71 | #java -Djava.library.path="${cic_dir}" -jar "${cic_dir}"/CICFlowMeterV3.jar "${pcap_tmp}" "${output_dir}/3.1.4/" 72 | 73 | 74 | #echo "+++ remove ${pcap_tmp}" 75 | #rm -f "${pcap_tmp}" 76 | 77 | 78 | -------------------------------------------------------------------------------- /csv/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/csv/.keepme -------------------------------------------------------------------------------- /csv/2/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/csv/2/.keepme -------------------------------------------------------------------------------- /csv/3.1.3/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/csv/3.1.3/.keepme -------------------------------------------------------------------------------- /csv/3.1.4/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/csv/3.1.4/.keepme -------------------------------------------------------------------------------- /pcap/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/pcap/.keepme -------------------------------------------------------------------------------- /pcap2ciclog.service: -------------------------------------------------------------------------------- 1 | ## Capture and Convert internet traffic to CICFlowMeter log file. 2 | # 3 | # https://www.digitalocean.com/community/tutorials/systemd-essentials-working-with-services-units-and-the-journal 4 | # https://www.digitalocean.com/community/tutorials/how-to-connect-your-internet-of-things-with-node-red-on-ubuntu-16-04#step-4-%E2%80%94-setting-up-nginx 5 | 6 | [Unit] 7 | Description=PCAP-to-CIClog Collection and Conversion 8 | After=syslog.target network.target 9 | 10 | 11 | [Service] 12 | WorkingDirectory=/home/rapidadmin/TCPDUMP_and_CICFlowMeter 13 | 14 | #User=sammy 15 | #Group=sammy 16 | 17 | ExecStart=/home/rapidadmin/TCPDUMP_and_CICFlowMeter/pcap2ciclog.sh 18 | Restart=on-failure 19 | KillSignal=SIGINT 20 | 21 | SyslogIdentifier=pcap2ciclog 22 | StandardOutput=syslog 23 | 24 | 25 | [Install] 26 | WantedBy=multi-user.target 27 | -------------------------------------------------------------------------------- /pcap2ciclog.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ./capture_interface_pcap.sh wlan0 pcap $(id -nu 1000) 4 | -------------------------------------------------------------------------------- /tmp/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iPAS/TCPDUMP_and_CICFlowMeter/8623d91fa723a865cd8d8d407be7e6493e619e0b/tmp/.keepme -------------------------------------------------------------------------------- /try_me.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ./capture_interface_pcap.sh wlan0 pcap $(id -nu 1000) 4 | -------------------------------------------------------------------------------- /watch_files.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | watch -n1 'ls -lh pcap tmp csv' 4 | --------------------------------------------------------------------------------