DhcpOsDetector.java example

Explorer
kraken-master
/*
 * Copyright 2010 NCHOVY
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.krakenapps.sonar.passive.fingerprint;

import org.apache.felix.ipojo.annotations.Component;
import org.apache.felix.ipojo.annotations.Invalidate;
import org.apache.felix.ipojo.annotations.Provides;
import org.apache.felix.ipojo.annotations.Requires;
import org.apache.felix.ipojo.annotations.Validate;
import org.krakenapps.pcap.Protocol;
import org.krakenapps.pcap.decoder.dhcp.DhcpMessage;
import org.krakenapps.pcap.decoder.dhcp.DhcpProcessor;
import org.krakenapps.pcap.decoder.dhcp.fingerprint.FingerprintDetector;
import org.krakenapps.pcap.decoder.dhcp.fingerprint.FingerprintMetadata;
import org.krakenapps.pcap.decoder.dhcp.options.DhcpOption;
import org.krakenapps.pcap.decoder.dhcp.options.ParameterRequestListOption;
import org.krakenapps.pcap.decoder.ethernet.MacAddress;
import org.krakenapps.sonar.Metabase;
import org.krakenapps.sonar.PassiveScanner;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(name = "sonar-dhcp-os-detector")
@Provides
public class DhcpOsDetector implements DhcpProcessor {
	private final Logger logger = LoggerFactory.getLogger(DhcpOsDetector.class.getName());

	@Requires
	private PassiveScanner scanner;

	@Requires
	private Metabase metabase;

	@Validate
	public void start() {
		scanner.addUdpSniffer(Protocol.DHCP, this);

		logger.info("kraken sonar: dhcp os detector started");
	}

	@Invalidate
	public void stop() {
		if (scanner != null)
			scanner.removeUdpSniffer(Protocol.DHCP, this);

		logger.info("kraken sonar: dhcp os detector stopped");
	}

	@Override
	public void process(DhcpMessage msg) {
		StringBuilder sb = new StringBuilder();
		String finger = null;

		MacAddress macAddress = null;
		FingerprintMetadata fm = null;

		int i = 0;
		for (DhcpOption option : msg.getOptions()) {
			if (i != 0)
				sb.append(",");

			sb.append(option.getType());
			if (option instanceof ParameterRequestListOption) {
				ParameterRequestListOption o = (ParameterRequestListOption) option;
				fm = FingerprintDetector.matches(o.getFingerprint());
				if (fm != null) {
					macAddress = msg.getClientMac();
					finger = "client ip: " + msg.getClientAddress() + " client mac: " + msg.getClientMac()
							+ " your ip: " + msg.getYourAddress() + " finger: " + o.getFingerprint()
							+ " metadata: " + fm.toString();
				}
			}
			i++;
		}

		if (macAddress != null && fm != null) {
			metabase.updateIpEndpoint(macAddress,
					metabase.updateEnvironment(
					metabase.updateVendor(fm.getVendor()),
					fm.getFamily(),
					fm.getDescription()));
		}

		String options = sb.toString();
		logger.trace("kraken sonar: dhcp options [{}], finger [{}]", options, finger);
	}

}