public async Task InitializeAsync(IConversationsModel model)
{
if (this.Initialized)
{
return;
}
this.Initialized = true;
await Task.Run(() => { this.Initialize(model); });
}
private void Initialize(IConversationsModel model)
{
//var conversationsStatistics = new ConversationsStatistics
//{
// Frames = model.Frames.Count(),
// CaptureStart = DateTime.MaxValue,
// CaptureFinish = DateTime.MinValue
//};
this.ConversationsStatistics.Frames = model.Frames.Count();
this.ConversationsStatistics.CaptureStart = DateTime.MaxValue;
this.ConversationsStatistics.CaptureFinish = DateTime.MinValue;
this.ComputeConversationStatistics(model);
}
public ConversationsGroup(IConversationsModel conversationsModel) : this()
{
//todo fix this.Investigation = investigation;
foreach (var conv in conversationsModel.L3Conversations)
{
this.L3Conversations.Add(conv);
}
foreach (var conv in conversationsModel.L4Conversations)
{
this.L4Conversations.Add(conv);
}
foreach (var conv in conversationsModel.L7Conversations)
{
this.L7Conversations.Add(conv);
}
}
private void ComputeConversationStatistics(IConversationsModel model)
{
var hosts = new List <IPAddress>();
var protoDistribution = new Dictionary <string, long>();
var missingBytesListNew = new SortedList <DateTime, KeyValue <DateTime, long> >();
var historyListNew = new SortedList <DateTime, KeyValue <DateTime, long> >();
var hostsTraffic = new Dictionary <IPAddress, HostTraffic>();
var avg = (long)this.Average(model.L7Conversations, conversation => conversation.ConversationStats.Bytes);
foreach (var l7Conversation in model.L7Conversations)
{
if (!l7Conversation.L7PDUs.Any())
{
// TODO: Is this correct?
continue;
}
// TO L3 foreach
if (this.ConversationsStatistics.CaptureStart > l7Conversation.FirstSeen.ToUniversalTime())
{
this.ConversationsStatistics.CaptureStart = l7Conversation.FirstSeen.ToUniversalTime();
}
if (this.ConversationsStatistics.CaptureFinish < l7Conversation.LastSeen.ToUniversalTime())
{
this.ConversationsStatistics.CaptureFinish = l7Conversation.LastSeen.ToUniversalTime();
}
switch (l7Conversation.L3ProtocolType)
{
case AddressFamily.InterNetwork:
this.ConversationsStatistics.IPv4Conversations++;
break;
case AddressFamily.InterNetworkV6:
this.ConversationsStatistics.IPv6Conversations++;
break;
}
hosts.Add(l7Conversation.SourceEndPoint.Address);
hosts.Add(l7Conversation.DestinationEndPoint.Address);
// To L4 foreach
switch (l7Conversation.L4ProtocolType)
{
case IPProtocolType.TCP:
this.ConversationsStatistics.TcpConversations++;
this.ConversationsStatistics.UpFlowTcpLostBytes += l7Conversation.UpConversationStatistic?.MissingBytes ?? 0;
this.ConversationsStatistics.DownFlowTcpLostBytes += l7Conversation.DownConversationStatistic?.MissingBytes ?? 0;
this.ConversationsStatistics.TotalTcpBytes += ((long?)l7Conversation.ConversationStats?.Bytes) ?? 0;
break;
case IPProtocolType.UDP:
this.ConversationsStatistics.UdpConversations++;
this.ConversationsStatistics.TotalUdpBytes += ((long?)l7Conversation.ConversationStats?.Bytes) ?? 0;
break;
}
// TO L7 statistics
this.ConversationsStatistics.UpFlowFrames += l7Conversation.UpConversationStatistic?.Frames ?? 0;
this.ConversationsStatistics.DownFlowFrames += l7Conversation.DownConversationStatistic?.Frames ?? 0;
this.ConversationsStatistics.UpFlowBytes += l7Conversation.UpConversationStatistic?.Bytes ?? 0;
this.ConversationsStatistics.DownFlowBytes += l7Conversation.DownConversationStatistic?.Bytes ?? 0;
//TODO how this should be implemented? What happens if there are more app tags at once
string apptag;
if (l7Conversation.ApplicationTags.IsNullOrEmpty())
{
apptag = "unknown";
}
else if (l7Conversation.ApplicationTags.Count() == 1)
{
apptag = l7Conversation.ApplicationTags.First();
if (apptag.IsNullOrEmpty())
{
apptag = "unknown";
}
}
else
{
apptag = "multiple-protocols";
}
if (l7Conversation.ConversationStats == null)
{
continue;
}
if (!protoDistribution.ContainsKey(apptag))
{
protoDistribution.Add(apptag, l7Conversation.ConversationStats.Bytes);
}
else
{
protoDistribution[apptag] += l7Conversation.ConversationStats.Bytes;
}
// Traffic errors and history
if (l7Conversation.FirstSeen != DateTime.MinValue && l7Conversation.FirstSeen != DateTime.MaxValue)
{
var ct = l7Conversation.FirstSeen.ToUniversalTime();
KeyValue <DateTime, long> tmp;
if (!missingBytesListNew.TryGetValue(ct, out tmp))
{
tmp = new KeyValue <DateTime, long>(ct, l7Conversation.ConversationStats.MissingBytes);
missingBytesListNew.Add(ct, tmp);
}
else
{
tmp.Value += l7Conversation.ConversationStats.MissingBytes;
}
if (!historyListNew.TryGetValue(ct, out tmp))
{
tmp = new KeyValue <DateTime, long>(ct, l7Conversation.ConversationStats.Bytes);
historyListNew.Add(ct, tmp);
}
else
{
tmp.Value += l7Conversation.ConversationStats.Bytes;
}
}
// hosts traffic
if (l7Conversation.ConversationStats.Bytes < avg)
{
continue;
}
var srcHostAddress = l7Conversation.SourceEndPoint.Address;
HostTraffic srcHost;
if (!hostsTraffic.TryGetValue(srcHostAddress, out srcHost))
{
srcHost = new HostTraffic
{
Host = srcHostAddress
};
hostsTraffic.Add(srcHostAddress, srcHost);
}
var dstHostAddress = l7Conversation.DestinationEndPoint.Address;
HostTraffic dstHost;
if (!hostsTraffic.TryGetValue(dstHostAddress, out dstHost))
{
dstHost = new HostTraffic
{
Host = dstHostAddress
};
hostsTraffic.Add(dstHostAddress, dstHost);
}
srcHost.UpTraffic += l7Conversation.UpConversationStatistic.Bytes;
srcHost.DownTraffic += l7Conversation.DownConversationStatistic.Bytes;
dstHost.UpTraffic += l7Conversation.DownConversationStatistic.Bytes;
dstHost.DownTraffic += l7Conversation.UpConversationStatistic.Bytes;
}
this.ConversationsStatistics.UniqueHostsCount = (uint)hosts.Distinct().Count();
//TODO: hack, Cant bind KeyValuePair (value type)
// this.ConversationsStatistics.AppProtocolsDistribution = protoDistribution.ToArray();
this.ConversationsStatistics.ReckognizedProtocolsCount = (uint)protoDistribution.Count();
this.ConversationsStatistics.AppProtocolsDistribution = new KeyValue <string, long> [this.ConversationsStatistics.ReckognizedProtocolsCount];
this.ConversationsStatistics.AppProtocolsSummary = new ProtocolSummaryItem[this.ConversationsStatistics.ReckognizedProtocolsCount];
var i = 0;
foreach (var proto in protoDistribution)
{
this.ConversationsStatistics.AppProtocolsDistribution[i] = new KeyValue <string, long>(proto.Key, proto.Value);
this.ConversationsStatistics.AppProtocolsSummary[i] = new ProtocolSummaryItem(proto.Key, proto.Value,
(float)proto.Value / this.ConversationsStatistics.TotalFlowBytes * 100);
i++;
}
this.ConversationsStatistics.TransportProtocolsDistribution = new KeyValue <string, long> [TransportProtocolsCount];
this.ConversationsStatistics.TransportProtocolsSummary = new ProtocolSummaryItem[TransportProtocolsCount];
this.ConversationsStatistics.TransportProtocolsDistribution[0] = new KeyValue <string, long>("TCP", this.ConversationsStatistics.TotalTcpBytes);
this.ConversationsStatistics.TransportProtocolsDistribution[1] = new KeyValue <string, long>("UDP", this.ConversationsStatistics.TotalUdpBytes);
var tcpPerc = (float)this.ConversationsStatistics.TotalTcpBytes / (this.ConversationsStatistics.TotalTcpBytes + this.ConversationsStatistics.TotalUdpBytes) * 100;
var udpPerc = (float)this.ConversationsStatistics.TotalUdpBytes / (this.ConversationsStatistics.TotalTcpBytes + this.ConversationsStatistics.TotalUdpBytes) * 100;
this.ConversationsStatistics.TransportProtocolsSummary[0] = new ProtocolSummaryItem("TCP", this.ConversationsStatistics.TotalTcpBytes, tcpPerc);
this.ConversationsStatistics.TransportProtocolsSummary[1] = new ProtocolSummaryItem("UDP", this.ConversationsStatistics.TotalUdpBytes, udpPerc);
// traffic errors
this.ConversationsStatistics.TrafficErrors = missingBytesListNew.Values.ToArray();
// history
this.ConversationsStatistics.TrafficHistory = historyListNew.Values.ToArray();
// hosts traffic
this.ConversationsStatistics.HostsTraffic = hostsTraffic.Values.OrderByDescending(h => h.TotalTraffic).ToArray();
}
