Skip to content

Commit

Permalink
updated docs
Browse files Browse the repository at this point in the history
  • Loading branch information
arunppsg committed Aug 25, 2021
1 parent 6ac60b7 commit 016bc19
Show file tree
Hide file tree
Showing 7 changed files with 32 additions and 45 deletions.
26 changes: 19 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
## Packet Sniffer

An application which extracts payload and computes payload hash using
An application which extracts payload and computes sha512 digest of the payload using
sha256 digest of the payload from live traffic.

The code under `src` has the packet sniffer application. It can capture upto
Expand All @@ -18,14 +18,26 @@ sudo ./sniffer.o -c eth0 # the interface in which packets are received

## Examples:

For capturing in interface eno1: `./sniffer.o -c eno1`
For capturing in interface eno1: `./sniffer -c eno1`

For using 2 threads: `./sniffer.o -T 2`
For using 2 threads: `./sniffer -T 2`

For capturing upto 10 seconds: `./sniffer.o -t 10`
For capturing upto 10 seconds: `./sniffer -t 10`

For choosing output json file name: `./sniffer.o -j output.json`

For help: `./sniffer.o -h`
For choosing output json file name: `./sniffer -j output.json`

For help: `./sniffer -h`

For duplicate packet detection, to build index for bloom filter
run the application in mode 1 and to perform detection, rerun it in mode 2.
```
./sniffer -m 1 # building bloom filter index
./sniffer -m 2 # performing detection
```
BloomFilter is a probabilistic data structure. Given that the application
needs to capture `n` packets at a false positive rate of `e`, the configuration can be
set as
```
./sniffer -m 1 -n 10000 -e 0.001
```
The same configuration should be used during testing.
4 changes: 4 additions & 0 deletions docs/duplicate_packet_detection.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
## Duplicate Packet Detection

The application uses BloomFilter datatype to detect
duplicate packets.
16 changes: 0 additions & 16 deletions docs/references.md

This file was deleted.

11 changes: 0 additions & 11 deletions docs/references.txt

This file was deleted.

13 changes: 9 additions & 4 deletions docs/socket_options.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,17 @@
## Socket Options

` int sockfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_IP));`
` int sockfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_IP))`

We use a socket of type AF_PACKET. The term AF_PACKET allows us to send or
receive packets at layer 2 level. We analyse only IP Protocolsand hence we
have set the protocol level as `ETH_P_IP`. The SOCK_RAW keyword provides
access to raw network protocol.

PACKET_FANOUT
### Packet Fanout

We use Packet_fanout_lb for load balancing of traffic across
all sockets.
The application uses `PACKET_FANOUT_FLAG_ROLLOVER` as fanout configuration.
In this mode, if one socket is full, packets are rolled over to another group.
This helps in capture at high speed. Each thread of the application handles
a single socket and each socket is associated with a ring buffer. When one socket gets
full, this options helps in loading other sockets. It gets more time for the threads to
finish processing of packets in a thread.
6 changes: 0 additions & 6 deletions src/README.md

This file was deleted.

1 change: 0 additions & 1 deletion src/bloom_filter.cc
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,6 @@ int BloomFilter::check(std::string message) const{
* 1: hash is found in the table
* 0: hash is not found in the table
*/
std::cout << "In hash check ";
for(int i=0; i<this->k; ++i){
long hash = compute_hash(message, i);
if(this->bit_array[hash] == 0)
Expand Down

0 comments on commit 016bc19

Please sign in to comment.