Sockets vs Process: mudanças entre as edições
Ir para navegação
Ir para pesquisar
Sem resumo de edição |
|||
| Linha 14: | Linha 14: | ||
;; | ;; | ||
esac | esac | ||
} | |||
function DRAWDIGRAPH() { | |||
case $1 in | |||
open) | |||
echo "digraph G {" | |||
echo "ratio = \"auto\" ;" | |||
echo "mincross = 2.0 ;" | |||
echo "label = \"Graphic\" ;" | |||
echo "overlap=false;" | |||
echo "splines=true;" | |||
# echo "rankdir = LR;" | |||
;; | |||
close) | |||
echo "}" | |||
;; | |||
*) | |||
exit 1 | |||
;; | |||
esac | |||
} | |||
function DRAWCLUSTER() { | |||
case $1 in | |||
open) | |||
echo "subgraph cluster_$3 {" | |||
echo "label = \"$2\";" | |||
echo "node [style=filled];" | |||
echo "color=blue" | |||
;; | |||
close) | |||
echo "}" | |||
;; | |||
*) | |||
exit 1 | |||
;; | |||
esac | |||
} | |||
function DRAWITEM() { | |||
if [ "$2" == "nothing" ] | |||
then | |||
echo $1 | |||
else | |||
echo "$1 -> $2 [$4,label=\"$3\"""]" | |||
# echo "$1 -> $2 [dir=none, label=\"$3\"""]" | |||
fi | |||
} | |||
function DRAW() { | |||
DRAWDIGRAPH open | |||
export DATASOURCE=$1 | |||
export CLUSTERCOUNT=0 | |||
#Generates the clusters and create entities | |||
while IFS=';' read CLUSTER ORIGIN DESCRIPTION DESTARRAY ATTRIBUTE | |||
do | |||
echo $CLUSTER | |||
done < $DATASOURCE | sort -u | \ | |||
while read CLUSTERS | |||
do | |||
export CLUSTERCOUNT=$(expr $CLUSTERCOUNT + 1) | |||
DRAWCLUSTER open $CLUSTERS $CLUSTERCOUNT | |||
while IFS=';' read CLUSTER ORIGIN DESCRIPTION DESTARRAY ATTRIBUTE | |||
do | |||
ARRAYLENGH=$(echo $DESTARRAY | tr ',' '\n' | wc -l) | |||
if [ $ARRAYLENGH -eq 1 ] | |||
then | |||
if [ "$DESTARRAY" == "" ] | |||
then | |||
ARRAYLENGH=0 | |||
fi | |||
fi | |||
if [ "$CLUSTERS" == "$CLUSTER" ] | |||
then | |||
DRAWITEM $ORIGIN nothing | |||
# seq 1 $(tput cols) | while read COLS; do echo -en "\ "; done; echo -en "\r" >&2 | |||
echo -ne "\r$ORIGIN " >&2 | |||
fi | |||
done < $DATASOURCE | sort -u | |||
DRAWCLUSTER close $CLUSTERS | |||
done | |||
#Populate graph with directions | |||
while IFS=';' read CLUSTER ORIGIN DESCRIPTION DESTARRAY ATTRIBUTE | |||
do | |||
echo $CLUSTER | |||
done < $DATASOURCE | sort -u | \ | |||
while read CLUSTERS | |||
do | |||
export CLUSTERCOUNT=$(expr $CLUSTERCOUNT + 1) | |||
while IFS=';' read CLUSTER ORIGIN DESCRIPTION DESTARRAY ATTRIBUTE | |||
do | |||
ARRAYLENGH=$(echo $DESTARRAY | tr ',' '\n' | wc -l) | |||
if [ $ARRAYLENGH -eq 1 ] | |||
then | |||
if [ "$DESTARRAY" == "" ] | |||
then | |||
ARRAYLENGH=0 | |||
fi | |||
fi | |||
if [ "$CLUSTERS" == "$CLUSTER" ] | |||
then | |||
if [ $ARRAYLENGH -eq 0 ] | |||
then | |||
echo "" | |||
else | |||
echo $DESTARRAY | tr ',' '\n' | \ | |||
while read ARRAYITEM | |||
do | |||
DRAWITEM $ORIGIN $ARRAYITEM "$DESCRIPTION" "$ATTRIBUTE" | |||
# seq 1 $(tput cols) | while read COLS; do echo -en " "; done; echo -en "\r" >&2 | |||
echo -en "\r$ORIGIN $ARRAYITEM $DESCRIPTION " >&2 | |||
done | |||
fi | |||
fi | |||
done < $DATASOURCE | |||
done | |||
DRAWDIGRAPH close | |||
} | } | ||
function ALLTOCSV() { | function ALLTOCSV() { | ||
| Linha 328: | Linha 447: | ||
'LOCAL_PORT'" | 'LOCAL_PORT'" | ||
} | } | ||
function HOSTDRAW() { | |||
SQLITE_SELECT " | |||
SELECT DISTINCT | |||
HOSTNAME | |||
FROM | |||
arquitetura | |||
" | \ | |||
while read SERVERNAME | |||
do | |||
SQLITE_SELECT " | |||
SELECT DISTINCT | |||
'DATA', | |||
c.HOSTNAME, | |||
c.PROCESS_NAME, | |||
(select HOSTNAME from arquitetura as d where c.REMOTE_ADDRESS == d.PUBLIC_IP), | |||
c.REMOTE_ADDRESS | |||
FROM | |||
arquitetura as c | |||
WHERE | |||
STATE == 'ESTABLISHED' | |||
AND | |||
HOSTNAME == '$SERVERNAME' | |||
AND | |||
LOCAL_PORT NOT IN ( | |||
SELECT DISTINCT | |||
LOCAL_PORT | |||
FROM | |||
arquitetura | |||
WHERE | |||
STATE == 'LISTENING' | |||
AND | |||
LOCAL_ADDRESS <> '127.0.0.1' | |||
) | |||
AND | |||
LOCAL_ADDRESS <> '127.0.0.1' | |||
ORDER BY | |||
'LOCAL_PORT'" > pregraph_client_$SERVERNAME.csv | |||
cat pregraph_client_$SERVERNAME.csv | \ | |||
while IFS=',' read v1 v2 v3 v4 v5 | |||
do | |||
echo $v1\;$v2\;$v3\;$( | |||
if [[ "$v4" == "" ]] | |||
then | |||
echo IP_$v5 | |||
else | |||
echo $v4 | |||
fi )\;color=blue | |||
done > graph_client_$SERVERNAME.csv | |||
cat pregraph_client_$SERVERNAME.csv | \ | |||
while IFS=',' read v1 v2 v3 v4 v5 | |||
do | |||
echo $v1\;$( | |||
if [[ "$v4" == "" ]] | |||
then | |||
echo IP_$v5 | |||
else | |||
echo $v4 | |||
fi )\;\;\;color=blue | |||
done >> graph_client_$SERVERNAME.csv | |||
SQLITE_SELECT " | |||
SELECT DISTINCT | |||
'DATA', | |||
c.HOSTNAME, | |||
c.PROCESS_NAME, | |||
(select HOSTNAME from arquitetura as d where c.REMOTE_ADDRESS == d.PUBLIC_IP), | |||
c.REMOTE_ADDRESS | |||
FROM | |||
arquitetura as c | |||
WHERE | |||
STATE == 'ESTABLISHED' | |||
AND | |||
HOSTNAME == '$SERVERNAME' | |||
AND | |||
LOCAL_PORT IN ( | |||
SELECT DISTINCT | |||
LOCAL_PORT | |||
FROM | |||
arquitetura | |||
WHERE | |||
STATE == 'LISTENING' | |||
AND | |||
LOCAL_ADDRESS <> '127.0.0.1' | |||
) | |||
AND | |||
LOCAL_ADDRESS <> '127.0.0.1' | |||
ORDER BY | |||
'LOCAL_PORT'" > pregraph_client_$SERVERNAME.csv | |||
cat pregraph_client_$SERVERNAME.csv | \ | |||
while IFS=',' read v1 v2 v3 v4 v5 | |||
do | |||
echo $v1\;$( | |||
if [[ "$v4" == "" ]] | |||
then | |||
echo IP_$v5 | |||
else | |||
echo $v4 | |||
fi )\;$v3\;$v2\;color=red | |||
done > graph_server_$SERVERNAME.csv | |||
cat pregraph_client_$SERVERNAME.csv | \ | |||
while IFS=',' read v1 v2 v3 v4 v5 | |||
do | |||
echo $v1\;$( | |||
if [[ "$v4" == "" ]] | |||
then | |||
echo IP_$v5 | |||
else | |||
echo $v4 | |||
fi )\;\;\;color=red | |||
done >> graph_server_$SERVERNAME.csv | |||
cat graph_server_$SERVERNAME.csv > graph_$SERVERNAME.csv | |||
cat graph_client_$SERVERNAME.csv >> graph_$SERVERNAME.csv | |||
export DATAFORMATED=$(TEMPFILE create) | |||
dos2unix graph_$SERVERNAME.csv | |||
export DATAIN=graph_$SERVERNAME.csv | |||
export DATAOUT=$SERVERNAME.png | |||
cat $DATAIN | grep -v ^\#| tr '.' '_' | tr ' ' '_' | tr ',' ';' > $DATAFORMATED | |||
DRAW $DATAFORMATED |grep -v "^$"| tee $DATAOUT.dot | cat -n | |||
echo Generating image | |||
echo -en "\rDOT" | |||
dot -Gsize=9,15\! -Gdpi=1500 -Tpng $DATAOUT.dot -odot_$DATAOUT | |||
echo -en "\rNEATO" | |||
neato -Gsize=9,15\! -Gdpi=1500 -Tpng $DATAOUT.dot -oneato_$DATAOUT | |||
echo -en "\rCIRCO" | |||
circo -Gsize=9,15\! -Gdpi=1500 -Tpng $DATAOUT.dot -oncirco_$DATAOUT | |||
echo -en "\r\n" | |||
TEMPFILE delete $DATAFORMATED | |||
# break | |||
done | |||
# export DATAIN=$1 | |||
# export DATAOUT=$2 | |||
# export DATAFORMATED=$(TEMPFILE create) | |||
# echo Converting dots to underscore | |||
# cat $DATAIN | grep -v ^\#| tr '.' '_' | tr ' ' '_' > $DATAFORMATED | |||
# echo Converting DOS to UNIX | |||
# dos2unix $DATAFORMATED | |||
# echo Start Drawing | |||
# DRAW $DATAFORMATED |grep -v "^$"| tee $DATAOUT.dot | cat -n | |||
# echo Generating image | |||
# echo -en "\rDOT" | |||
# dot -Gsize=9,15\! -Gdpi=1500 -Tpng $DATAOUT.dot -odot_$DATAOUT | |||
# echo -en "\rNEATO" | |||
# neato -Gsize=9,15\! -Gdpi=1500 -Tpng $DATAOUT.dot -oneato_$DATAOUT | |||
# echo -en "\rCIRCO" | |||
# circo -Gsize=9,15\! -Gdpi=1500 -Tpng $DATAOUT.dot -oncirco_$DATAOUT | |||
# echo -en "\r\n" | |||
# TEMPFILE delete $DATAFORMATED | |||
} | |||
if [ $# -ne 1 ] | if [ $# -ne 1 ] | ||
then | then | ||
| Linha 334: | Linha 609: | ||
export INPUT=$(TEMPFILE create) | export INPUT=$(TEMPFILE create) | ||
export BASE=base.db | export BASE=base.db | ||
case $1 in | case $1 in | ||
zerado) | zerado) | ||
ALLTOCSV $INPUT | |||
dos2unix $INPUT >&2 | |||
SQLITE_PURGE | SQLITE_PURGE | ||
SQLITE_START | SQLITE_START | ||
| Linha 343: | Linha 619: | ||
;; | ;; | ||
coletar) | coletar) | ||
ALLTOCSV $INPUT | |||
dos2unix $INPUT >&2 | |||
SQLITE_START | SQLITE_START | ||
SQLITE_INSERT $INPUT | SQLITE_INSERT $INPUT | ||
| Linha 373: | Linha 651: | ||
pregraph) | pregraph) | ||
PREGRAPH | PREGRAPH | ||
;; | |||
draw) | |||
HOSTDRAW | |||
;; | ;; | ||
*) | *) | ||
| Linha 384: | Linha 665: | ||
TEMPFILE delete $INPUT | TEMPFILE delete $INPUT | ||
fi | fi | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=Data Collector= | =Data Collector= | ||
==Windows== | ==Windows== | ||
Edição das 19h12min de 17 de setembro de 2019
Data aggregate
#!/bin/bash
function TEMPFILE() {
case $1 in
create)
mktemp -p /tmp --suffix tmpdoc
;;
delete)
rm -f $2
;;
*)
EXITNOW "could not create temporary file"
;;
esac
}
function DRAWDIGRAPH() {
case $1 in
open)
echo "digraph G {"
echo "ratio = \"auto\" ;"
echo "mincross = 2.0 ;"
echo "label = \"Graphic\" ;"
echo "overlap=false;"
echo "splines=true;"
# echo "rankdir = LR;"
;;
close)
echo "}"
;;
*)
exit 1
;;
esac
}
function DRAWCLUSTER() {
case $1 in
open)
echo "subgraph cluster_$3 {"
echo "label = \"$2\";"
echo "node [style=filled];"
echo "color=blue"
;;
close)
echo "}"
;;
*)
exit 1
;;
esac
}
function DRAWITEM() {
if [ "$2" == "nothing" ]
then
echo $1
else
echo "$1 -> $2 [$4,label=\"$3\"""]"
# echo "$1 -> $2 [dir=none, label=\"$3\"""]"
fi
}
function DRAW() {
DRAWDIGRAPH open
export DATASOURCE=$1
export CLUSTERCOUNT=0
#Generates the clusters and create entities
while IFS=';' read CLUSTER ORIGIN DESCRIPTION DESTARRAY ATTRIBUTE
do
echo $CLUSTER
done < $DATASOURCE | sort -u | \
while read CLUSTERS
do
export CLUSTERCOUNT=$(expr $CLUSTERCOUNT + 1)
DRAWCLUSTER open $CLUSTERS $CLUSTERCOUNT
while IFS=';' read CLUSTER ORIGIN DESCRIPTION DESTARRAY ATTRIBUTE
do
ARRAYLENGH=$(echo $DESTARRAY | tr ',' '\n' | wc -l)
if [ $ARRAYLENGH -eq 1 ]
then
if [ "$DESTARRAY" == "" ]
then
ARRAYLENGH=0
fi
fi
if [ "$CLUSTERS" == "$CLUSTER" ]
then
DRAWITEM $ORIGIN nothing
# seq 1 $(tput cols) | while read COLS; do echo -en "\ "; done; echo -en "\r" >&2
echo -ne "\r$ORIGIN " >&2
fi
done < $DATASOURCE | sort -u
DRAWCLUSTER close $CLUSTERS
done
#Populate graph with directions
while IFS=';' read CLUSTER ORIGIN DESCRIPTION DESTARRAY ATTRIBUTE
do
echo $CLUSTER
done < $DATASOURCE | sort -u | \
while read CLUSTERS
do
export CLUSTERCOUNT=$(expr $CLUSTERCOUNT + 1)
while IFS=';' read CLUSTER ORIGIN DESCRIPTION DESTARRAY ATTRIBUTE
do
ARRAYLENGH=$(echo $DESTARRAY | tr ',' '\n' | wc -l)
if [ $ARRAYLENGH -eq 1 ]
then
if [ "$DESTARRAY" == "" ]
then
ARRAYLENGH=0
fi
fi
if [ "$CLUSTERS" == "$CLUSTER" ]
then
if [ $ARRAYLENGH -eq 0 ]
then
echo ""
else
echo $DESTARRAY | tr ',' '\n' | \
while read ARRAYITEM
do
DRAWITEM $ORIGIN $ARRAYITEM "$DESCRIPTION" "$ATTRIBUTE"
# seq 1 $(tput cols) | while read COLS; do echo -en " "; done; echo -en "\r" >&2
echo -en "\r$ORIGIN $ARRAYITEM $DESCRIPTION " >&2
done
fi
fi
done < $DATASOURCE
done
DRAWDIGRAPH close
}
function ALLTOCSV() {
INPUT=$1
cat *.csv > $INPUT
}
function PARSE() {
export INPUT=$1
export LOCAL_PORT_LISTENING=$(TEMPFILE create)
#Get the ports for the listening services
cat $INPUT | grep -v ^\# | \
while IFS=',' read HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
do
echo $HOSTNAME
done | sort -u | \
while IFS=',' read SERVERNAME
do
cat $1 | grep -v ^\# | \
while IFS=',' read HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
do
if [[ ( "$SERVERNAME" == "$HOSTNAME" ) && ( "$STATE" == "LISTENING" ) && ( "$LOCAL_ADDRESS" != "127.0.0.1" ) ]]
then
echo $HOSTNAME $LOCAL_PORT
fi
done | sort -u -n -k2
done > $LOCAL_PORT_LISTENING
# Show only established sockets
cat $INPUT | grep -v ^\# | \
while IFS=',' read HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
do
while read SERVERNAME PORT
do
#Show established sockets with listener process on the server, server side
if [[ ( "$SERVERNAME" == "$HOSTNAME" ) && ( $PORT -eq $LOCAL_PORT ) && ( "$STATE" == "ESTABLISHED" ) && ( "$LOCAL_ADDRESS" != "$REMOTE_ADDRESS" ) && ( "$PUBLIC_IP" != "$REMOTE_ADDRESS" ) ]]
then
echo $HOSTNAME LOCAL $LOCAL_PORT $REMOTE_ADDRESS $PROCESS_NAME
fi
#Sow eatablished sockets withot listener, client side
#PORT diferente local_port
RETORNO=$(grep -w $LOCAL_PORT $LOCAL_PORT_LISTENING | wc -l)
if [[ ( "$SERVERNAME" == "$HOSTNAME" ) && ( $RETORNO == 0 ) && ( "$STATE" == "ESTABLISHED" ) && ( "$LOCAL_ADDRESS" != "$REMOTE_ADDRESS" ) && ( "$PUBLIC_IP" == "$REMOTE_ADDRESS" ) ]]
then
echo $HOSTNAME REMOTE $REMOTE_PORT $REMOTE_ADDRESS $PROCESS_NAME
fi
done < $LOCAL_PORT_LISTENING
done | sort -u
# cat $LOCAL_PORT_LISTENING
TEMPFILE delete $LOCAL_PORT_LISTENING
}
function SQLITE_START() {
#HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
sqlite3 $BASE "CREATE TABLE IF NOT EXISTS arquitetura(
HOSTNAME text,
PUBLIC_IP text,
STATE text,
LOCAL_ADDRESS text,
LOCAL_PORT integer,
REMOTE_ADDRESS text,
REMOTE_PORT integer,
PROCESS_ID integer,
PROCESS_NAME text,
OS_VERSION text,
PROCESSOR_COUNT integer,
RAM_MEMORY_KB real)"
# sqlite3 base.sb "create table IF NOT EXISTS hosts(endereco varchar(15) , nome varchar(60) primary key,TTL integer, tipo varchar(30))"
}
function SQLITE_INSERT() {
INPUT=$1
export COUNTER=0
wc -l $INPUT
cat $INPUT | grep -v ^\# | \
while IFS=',' read HOSTNAME PUBLIC_IP STATE LOCAL_ADDRESS LOCAL_PORT REMOTE_ADDRESS REMOTE_PORT PROCESS_ID PROCESS_NAME OS_VERSION PROCESSOR_COUNT RAM_MEMORY_KB
do
echo -ne "\rInserted $COUNTER Record(s)"
export COUNTER=$(expr $COUNTER + 1)
sqlite3 $BASE "INSERT INTO arquitetura(HOSTNAME,PUBLIC_IP,STATE,LOCAL_ADDRESS,LOCAL_PORT,REMOTE_ADDRESS,REMOTE_PORT,PROCESS_ID,PROCESS_NAME,OS_VERSION,PROCESSOR_COUNT,RAM_MEMORY_KB) VALUES('$HOSTNAME', '$PUBLIC_IP', '$STATE', '$LOCAL_ADDRESS', $LOCAL_PORT, '$REMOTE_ADDRESS', $REMOTE_PORT, $PROCESS_ID, '$PROCESS_NAME', '$OS_VERSION', $PROCESSOR_COUNT, $RAM_MEMORY_KB)"
done
}
function SQLITE_SELECT() {
# WHERE STATE == 'ESTABLIHED' AND LOCAL_ADDRESS <> '127.0.0.1'
sqlite3 $BASE -csv "$1"
}
function SQLITE_PURGE() {
rm -fr $BASE
}
function SERVER() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
REMOTE_ADDRESS,
LOCAL_ADDRESS
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_ADDRESS'"
}
function CLIENT() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
LOCAL_ADDRESS,
REMOTE_ADDRESS
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_ADDRESS'"
}
function ESTABLISHED() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
'SERVER',
PROCESS_NAME,
PUBLIC_IP,
LOCAL_ADDRESS,
LOCAL_PORT,
REMOTE_ADDRESS,
REMOTE_PORT
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_PORT'"
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
'CLIENT',
PROCESS_NAME,
PUBLIC_IP,
LOCAL_ADDRESS,
LOCAL_PORT,
REMOTE_ADDRESS,
REMOTE_PORT
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'LOCAL_PORT'"
}
function SERVER_PORT() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
REMOTE_ADDRESS,
REMOTE_PORT,
PROCESS_NAME
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_PORT'"
}
function CLIENT_PORT() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
REMOTE_ADDRESS,
LOCAL_PORT,
PROCESS_NAME
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'REMOTE_ADDRESS'"
}
function INVENTORY() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME,
PUBLIC_IP,
PROCESSOR_COUNT,
CAST((RAM_MEMORY_KB/1024/1024) AS INT),
OS_VERSION
FROM
arquitetura
ORDER BY
HOSTNAME"
}
function UNMAPPED_HOSTS() {
SQLITE_SELECT "
SELECT DISTINCT
REMOTE_ADDRESS
FROM
arquitetura
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_ADDRESS <> '127.0.0.1'
AND
REMOTE_ADDRESS <> '0.0.0.0'
AND
REMOTE_ADDRESS NOT IN (
SELECT DISTINCT
PUBLIC_IP
FROM
arquitetura
)"
}
function PREGRAPH() {
SQLITE_SELECT "
SELECT DISTINCT
c.HOSTNAME,
c.PUBLIC_IP,
c.PROCESS_NAME,
(select HOSTNAME from arquitetura as d where c.REMOTE_ADDRESS == d.PUBLIC_IP),
c.REMOTE_ADDRESS
FROM
arquitetura as c
WHERE
STATE == 'ESTABLISHED'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'LOCAL_PORT'"
}
function HOSTDRAW() {
SQLITE_SELECT "
SELECT DISTINCT
HOSTNAME
FROM
arquitetura
" | \
while read SERVERNAME
do
SQLITE_SELECT "
SELECT DISTINCT
'DATA',
c.HOSTNAME,
c.PROCESS_NAME,
(select HOSTNAME from arquitetura as d where c.REMOTE_ADDRESS == d.PUBLIC_IP),
c.REMOTE_ADDRESS
FROM
arquitetura as c
WHERE
STATE == 'ESTABLISHED'
AND
HOSTNAME == '$SERVERNAME'
AND
LOCAL_PORT NOT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'LOCAL_PORT'" > pregraph_client_$SERVERNAME.csv
cat pregraph_client_$SERVERNAME.csv | \
while IFS=',' read v1 v2 v3 v4 v5
do
echo $v1\;$v2\;$v3\;$(
if [[ "$v4" == "" ]]
then
echo IP_$v5
else
echo $v4
fi )\;color=blue
done > graph_client_$SERVERNAME.csv
cat pregraph_client_$SERVERNAME.csv | \
while IFS=',' read v1 v2 v3 v4 v5
do
echo $v1\;$(
if [[ "$v4" == "" ]]
then
echo IP_$v5
else
echo $v4
fi )\;\;\;color=blue
done >> graph_client_$SERVERNAME.csv
SQLITE_SELECT "
SELECT DISTINCT
'DATA',
c.HOSTNAME,
c.PROCESS_NAME,
(select HOSTNAME from arquitetura as d where c.REMOTE_ADDRESS == d.PUBLIC_IP),
c.REMOTE_ADDRESS
FROM
arquitetura as c
WHERE
STATE == 'ESTABLISHED'
AND
HOSTNAME == '$SERVERNAME'
AND
LOCAL_PORT IN (
SELECT DISTINCT
LOCAL_PORT
FROM
arquitetura
WHERE
STATE == 'LISTENING'
AND
LOCAL_ADDRESS <> '127.0.0.1'
)
AND
LOCAL_ADDRESS <> '127.0.0.1'
ORDER BY
'LOCAL_PORT'" > pregraph_client_$SERVERNAME.csv
cat pregraph_client_$SERVERNAME.csv | \
while IFS=',' read v1 v2 v3 v4 v5
do
echo $v1\;$(
if [[ "$v4" == "" ]]
then
echo IP_$v5
else
echo $v4
fi )\;$v3\;$v2\;color=red
done > graph_server_$SERVERNAME.csv
cat pregraph_client_$SERVERNAME.csv | \
while IFS=',' read v1 v2 v3 v4 v5
do
echo $v1\;$(
if [[ "$v4" == "" ]]
then
echo IP_$v5
else
echo $v4
fi )\;\;\;color=red
done >> graph_server_$SERVERNAME.csv
cat graph_server_$SERVERNAME.csv > graph_$SERVERNAME.csv
cat graph_client_$SERVERNAME.csv >> graph_$SERVERNAME.csv
export DATAFORMATED=$(TEMPFILE create)
dos2unix graph_$SERVERNAME.csv
export DATAIN=graph_$SERVERNAME.csv
export DATAOUT=$SERVERNAME.png
cat $DATAIN | grep -v ^\#| tr '.' '_' | tr ' ' '_' | tr ',' ';' > $DATAFORMATED
DRAW $DATAFORMATED |grep -v "^$"| tee $DATAOUT.dot | cat -n
echo Generating image
echo -en "\rDOT"
dot -Gsize=9,15\! -Gdpi=1500 -Tpng $DATAOUT.dot -odot_$DATAOUT
echo -en "\rNEATO"
neato -Gsize=9,15\! -Gdpi=1500 -Tpng $DATAOUT.dot -oneato_$DATAOUT
echo -en "\rCIRCO"
circo -Gsize=9,15\! -Gdpi=1500 -Tpng $DATAOUT.dot -oncirco_$DATAOUT
echo -en "\r\n"
TEMPFILE delete $DATAFORMATED
# break
done
# export DATAIN=$1
# export DATAOUT=$2
# export DATAFORMATED=$(TEMPFILE create)
# echo Converting dots to underscore
# cat $DATAIN | grep -v ^\#| tr '.' '_' | tr ' ' '_' > $DATAFORMATED
# echo Converting DOS to UNIX
# dos2unix $DATAFORMATED
# echo Start Drawing
# DRAW $DATAFORMATED |grep -v "^$"| tee $DATAOUT.dot | cat -n
# echo Generating image
# echo -en "\rDOT"
# dot -Gsize=9,15\! -Gdpi=1500 -Tpng $DATAOUT.dot -odot_$DATAOUT
# echo -en "\rNEATO"
# neato -Gsize=9,15\! -Gdpi=1500 -Tpng $DATAOUT.dot -oneato_$DATAOUT
# echo -en "\rCIRCO"
# circo -Gsize=9,15\! -Gdpi=1500 -Tpng $DATAOUT.dot -oncirco_$DATAOUT
# echo -en "\r\n"
# TEMPFILE delete $DATAFORMATED
}
if [ $# -ne 1 ]
then
exit 1
else
export INPUT=$(TEMPFILE create)
export BASE=base.db
case $1 in
zerado)
ALLTOCSV $INPUT
dos2unix $INPUT >&2
SQLITE_PURGE
SQLITE_START
SQLITE_INSERT $INPUT
;;
coletar)
ALLTOCSV $INPUT
dos2unix $INPUT >&2
SQLITE_START
SQLITE_INSERT $INPUT
;;
established)
ESTABLISHED
;;
server_port)
SERVER_PORT
;;
server)
SERVER
;;
client)
CLIENT
;;
client_port)
CLIENT_PORT
;;
server_client)
SERVER
CLIENT
;;
inventario)
INVENTORY
;;
unmapped_hosts)
UNMAPPED_HOSTS
;;
pregraph)
PREGRAPH
;;
draw)
HOSTDRAW
;;
*)
exit 1
;;
esac
# PARSE $INPUT
# SQLITE_START
# SQLITE_INSERT $INPUT
TEMPFILE delete $INPUT
fi
Data Collector
Windows
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Linq;
using System.Net;
using System.Net.NetworkInformation;
using System.Net.Sockets;
using System.Runtime.InteropServices;
using System.Threading;
namespace ConsoleApplication1
{
internal class Program
{
public static void Main(string[] args)
{
System.Console.WriteLine("SocketProcessToFile, por Alexandre D´Amato");
System.Console.WriteLine("Se tudo der certo um arquivo será gerado no diretório de execução.");
System.Console.WriteLine("Nome do arquivo a ser gerado:");
System.Console.WriteLine(Environment.MachineName + ".csv");
List<String> adresses = new List<string>();
foreach (var nic in NetworkInterface.GetAllNetworkInterfaces())
{
foreach (var addr in nic.GetIPProperties().UnicastAddresses)
{
if (addr.Address.IsIPv6LinkLocal == false && AddressFamily.InterNetwork == addr.Address.AddressFamily)
{
if (addr.IPv4Mask != null)
{
// System.Console.Out.WriteLine(addr.Address.ToString());
adresses.Add(addr.Address.ToString());
}
}
}
}
String inlineAddresses = "";
if (adresses.Count >= 2)
{
int control = 0;
foreach (var addr in adresses)
{
if (control == 0)
{
inlineAddresses = addr.ToString();
}
else
{
inlineAddresses = inlineAddresses + ";" + addr.ToString();
}
}
}
else
{
inlineAddresses = adresses[0].ToString();
}
// System.Console.Out.WriteLine(adresses.Count);
// System.Console.Out.WriteLine(inlineAddresses);
long memKb;
GetPhysicallyInstalledSystemMemory(out memKb);
String separator = ",";
List<TcpProcessRecord> valores = GetAllTcpConnections();
List<String> lines = new List<string>();
lines.Add("#" + "HOSTNAME" +
separator + "PUBLIC_IP" +
separator + "STATE" +
separator + "LOCAL_ADDRESS" +
separator + "LOCAL_PORT" +
separator + "REMOTE_ADDRESS" +
separator + "REMOTE_PORT" +
separator + "PROCESS_ID" +
separator + "PROCESS_NAME" +
separator + "OS_VERSION" +
separator + "PROCESSOR_COUNT" +
separator + "RAM_MEMORY_KB");
foreach (var valor in valores)
{
lines.Add(Environment.MachineName +
separator + inlineAddresses +
separator + valor.State +
separator + valor.LocalAddress +
separator + valor.LocalPort +
separator + valor.RemoteAddress +
separator + valor.RemotePort +
separator + valor.ProcessId +
separator + valor.ProcessName +
separator + Environment.OSVersion +
separator + Environment.ProcessorCount +
separator + memKb);
}
System.IO.StreamWriter file = new System.IO.StreamWriter(Environment.MachineName + ".csv", false);
foreach (var line in lines)
{
file.WriteLine(line);
}
System.Console.WriteLine("Sucesso. \\o/");
System.Console.WriteLine("Finalizando em 5 segundos.");
// Console.WriteLine((memKb ));
Thread.Sleep(5000);
}
//
[DllImport("kernel32.dll")]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool GetPhysicallyInstalledSystemMemory(out long TotalMemoryInKilobytes);
public class TcpProcessRecord
{
[DisplayName("Local Address")]
public IPAddress LocalAddress { get; set; }
[DisplayName("Local Port")]
public ushort LocalPort { get; set; }
[DisplayName("Remote Address")]
public IPAddress RemoteAddress { get; set; }
[DisplayName("Remote Port")]
public ushort RemotePort { get; set; }
[DisplayName("State")]
public MibTcpState State { get; set; }
[DisplayName("Process ID")]
public int ProcessId { get; set; }
[DisplayName("Process Name")]
public string ProcessName { get; set; }
public TcpProcessRecord(IPAddress localIp, IPAddress remoteIp, ushort localPort,
ushort remotePort, int pId, MibTcpState state)
{
LocalAddress = localIp;
RemoteAddress = remoteIp;
LocalPort = localPort;
RemotePort = remotePort;
State = state;
ProcessId = pId;
// Getting the process name associated with a process id.
if (Process.GetProcesses().Any(process => process.Id == pId))
{
ProcessName = Process.GetProcessById(ProcessId).ProcessName;
}
}
}
public enum TcpTableClass
{
TCP_TABLE_BASIC_LISTENER,
TCP_TABLE_BASIC_CONNECTIONS,
TCP_TABLE_BASIC_ALL,
TCP_TABLE_OWNER_PID_LISTENER,
TCP_TABLE_OWNER_PID_CONNECTIONS,
TCP_TABLE_OWNER_PID_ALL,
TCP_TABLE_OWNER_MODULE_LISTENER,
TCP_TABLE_OWNER_MODULE_CONNECTIONS,
TCP_TABLE_OWNER_MODULE_ALL
}
public enum MibTcpState
{
CLOSED = 1,
LISTENING = 2,
SYN_SENT = 3,
SYN_RCVD = 4,
ESTABLISHED = 5,
FIN_WAIT1 = 6,
FIN_WAIT2 = 7,
CLOSE_WAIT = 8,
CLOSING = 9,
LAST_ACK = 10,
TIME_WAIT = 11,
DELETE_TCB = 12,
NONE = 0
}
public struct MIB_TCPROW_OWNER_PID
{
public MibTcpState state;
public uint localAddr;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public byte[] localPort;
public uint remoteAddr;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public byte[] remotePort;
public int owningPid;
}
public struct MIB_TCPTABLE_OWNER_PID
{
public uint dwNumEntries;
[MarshalAs(UnmanagedType.ByValArray, ArraySubType = UnmanagedType.Struct,
SizeConst = 1)]
public MIB_TCPROW_OWNER_PID[] table;
}
[DllImport("iphlpapi.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern uint GetExtendedTcpTable(IntPtr pTcpTable, ref int pdwSize,
bool bOrder, int ulAf, TcpTableClass tableClass, uint reserved = 0);
private const int AF_INET = 2;
// List of Active TCP Connections.
private static List<TcpProcessRecord> TcpActiveConnections = null;
// List of Active UDP Connections.
// private static List<UdpProcessRecord> UdpActiveConnections = null;
private static List<TcpProcessRecord> GetAllTcpConnections()
{
int bufferSize = 0;
List<TcpProcessRecord> tcpTableRecords = new List<TcpProcessRecord>();
// Getting the size of TCP table, that is returned in 'bufferSize' variable.
uint result = GetExtendedTcpTable(IntPtr.Zero, ref bufferSize, true, AF_INET,
TcpTableClass.TCP_TABLE_OWNER_PID_ALL);
// Allocating memory from the unmanaged memory of the process by using the
// specified number of bytes in 'bufferSize' variable.
IntPtr tcpTableRecordsPtr = Marshal.AllocHGlobal(bufferSize);
try
{
// The size of the table returned in 'bufferSize' variable in previous
// call must be used in this subsequent call to 'GetExtendedTcpTable'
// function in order to successfully retrieve the table.
result = GetExtendedTcpTable(tcpTableRecordsPtr, ref bufferSize, true,
AF_INET, TcpTableClass.TCP_TABLE_OWNER_PID_ALL);
// Non-zero value represent the function 'GetExtendedTcpTable' failed,
// hence empty list is returned to the caller function.
if (result != 0)
return new List<TcpProcessRecord>();
// Marshals data from an unmanaged block of memory to a newly allocated
// managed object 'tcpRecordsTable' of type 'MIB_TCPTABLE_OWNER_PID'
// to get number of entries of the specified TCP table structure.
MIB_TCPTABLE_OWNER_PID tcpRecordsTable = (MIB_TCPTABLE_OWNER_PID)
Marshal.PtrToStructure(tcpTableRecordsPtr,
typeof(MIB_TCPTABLE_OWNER_PID));
IntPtr tableRowPtr = (IntPtr)((long)tcpTableRecordsPtr +
Marshal.SizeOf(tcpRecordsTable.dwNumEntries));
// Reading and parsing the TCP records one by one from the table and
// storing them in a list of 'TcpProcessRecord' structure type objects.
for (int row = 0; row < tcpRecordsTable.dwNumEntries; row++)
{
MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.
PtrToStructure(tableRowPtr, typeof(MIB_TCPROW_OWNER_PID));
tcpTableRecords.Add(new TcpProcessRecord(
new IPAddress(tcpRow.localAddr),
new IPAddress(tcpRow.remoteAddr),
BitConverter.ToUInt16(new byte[2] {
tcpRow.localPort[1],
tcpRow.localPort[0] }, 0),
BitConverter.ToUInt16(new byte[2] {
tcpRow.remotePort[1],
tcpRow.remotePort[0] }, 0),
tcpRow.owningPid, tcpRow.state));
tableRowPtr = (IntPtr)((long)tableRowPtr + Marshal.SizeOf(tcpRow));
}
}
catch (OutOfMemoryException outOfMemoryException)
{
System.Console.Out.WriteLine(outOfMemoryException.Message);
// MessageBox.Show(outOfMemoryException.Message, "Out Of Memory",
// MessageBoxButtons.OK, MessageBoxIcon.Stop);
}
catch (Exception exception)
{
System.Console.Out.WriteLine(exception.Message);
// MessageBox.Show(exception.Message, "Exception",
// MessageBoxButtons.OK, MessageBoxIcon.Stop);
}
finally
{
Marshal.FreeHGlobal(tcpTableRecordsPtr);
}
return tcpTableRecords != null ? tcpTableRecords.Distinct()
.ToList<TcpProcessRecord>() : new List<TcpProcessRecord>();
}
}
}