tklab-tud / id2t Goto Github PK

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 13:41 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/3

If the most active IP did not send any packets, there is a division by zero in the PortscanAttack. This can happen if, for example, an IP has a lot of packets received but none sent.

Issue by carlos.garcia
Friday May 11, 2018 at 17:20 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/119

ID2T is extremely slow calculating statistics when there are many packets in a PCAP. This is due to the following code in statistics.cpp

    // Increment Degrees for sender and receiver, if Sender sends its first packet to this receiver
    std::vector<std::string>::iterator found_receiver = std::find(contacted_ips[ipAddressSender].begin(), contacted_ips[ipAddressSender].end(), ipAddressReceiver);
    if(found_receiver == contacted_ips[ipAddressSender].end()){
        // Receiver is NOT contained in the List of IPs, that the Sender has contacted, therefore this is the first packet in this direction
        ip_statistics[ipAddressSender].out_degree++;
        ip_statistics[ipAddressReceiver].in_degree++;

        // Increment overall_degree only if this is the first packet for the connection (both directions)
        // Therefore check, whether Receiver has contacted Sender before
        std::vector<std::string>::iterator sender_contacted = std::find(contacted_ips[ipAddressReceiver].begin(), contacted_ips[ipAddressReceiver].end(), ipAddressSender);
        if(sender_contacted == contacted_ips[ipAddressReceiver].end()){
            ip_statistics[ipAddressSender].overall_degree++;
            ip_statistics[ipAddressReceiver].overall_degree++;
        }  

        contacted_ips[ipAddressSender].push_back(ipAddressReceiver);
    }

The complexity of that piece of code is O(n^2). The call to std::find is extremely slow.

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 13:43 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/5

When working in query mode, the user should be able to have commands to see the database tables and their structures. Currently, it is only possible to issue SELECT and INSERT statements.

Issue by emmanouil.vasilomano
Thursday Feb 23, 2017 at 13:33 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/26

Issue by carlos.garcia
Tuesday Mar 27, 2018 at 10:52 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/90

When generating plots using the -p option, a message such as:
"Statistical plots are being generated..."
should be displayed.

Additionally, a loading image/symbol/characters should be displayed to show the user that ID2T is working.

Issue by carlos.garcia
Tuesday Mar 27, 2018 at 11:22 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/91

With the addition of the in operator for named queries, the README file needs updating.

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 14:22 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/9

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 13:45 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/6

In its current state, after issuing a query, that query needs to be written manually again if the user wants to use it again. It would be beneficial to have the ability yo use the up and down arrow keys to select past and future queries.

Issue by carlos.garcia
Tuesday Mar 27, 2018 at 11:23 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/92

The README needs updated information that matches the way that ID2T uses build.sh to compile and install all external requirements.

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 14:01 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/8

In multiple locations, I find references to the table "file_statistics". It could be useful to enable the user access to this table through query mode. For this, the table needs to be documented.

Issue by carlos.garcia
Thursday Mar 15, 2018 at 15:01 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/73

Inside of an "<attack>" tag, instead of using tags such as "<attack_name>", the tag should be called "<name>".

Issue by carlos.garcia
Thursday Nov 03, 2016 at 11:41 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/19

When specifying port ranges and numbers, it is possible to specify port number zero. This number is not a valid port number and should not be allowed to be specified.

Issue by carlos.garcia
Monday Dec 04, 2017 at 17:20 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/32

Issue by carlos.garcia
Monday Dec 04, 2017 at 17:02 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/31

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 16:53 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/13

libpcapreader needs to be compiled by each user, it is not sufficient to use a precompiled version.

The instalation instructions should address this issue.
The compilation needs to be streamlined to make it as easy as possible to compile.

Issue by aidmar.wainakh
Tuesday Dec 05, 2017 at 08:02 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/33

The first 4 letters of the original directory (the path of the .pcap file) are omitted for the label file path.

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 14:36 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/10

If I understood correctly, the intention of the extraction mechanism is to obtain the result of a query, which returns only one value, as a single variable instead of a list.

In it's current form, results of the form:
[(10,'2.6.57.13',5)]
are also processed through the "extraction" mechanism and incorrectly retrieve the value "10", dropping everything else.

This incorrect behavior is observed when, for example, entering into query mode and issuing the query: "SELECT * FROM file_statistics;"

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 17:15 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/17

In a SYN port scan, it is expected that the attacker sends a SYN request, and the victim responds with a SYN|ACK reply. Currently, the victim is responding with the RST|ACK flags set instead.

The parameters used for the PortscanAttack are as follows:
-a "PortscanAttack" ip.src="66.66.66.66" mac.src="32:08:24:DC:8D:27" inject.at-timestamp=1476301843

The following is what is observed in Wireshark in the resulting pcap file:
101 2016-11-02 16:44:36.718 66.66.66.66 192.168.178.13 TCP 60 0 8542→8080 [SYN] Seq=0 Win=8192 Len=0
102 2016-11-02 16:44:36.718 192.168.178.13 66.66.66.66 TCP 60 0 8080→8542 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

Issue by carlos.garcia
Monday Dec 04, 2017 at 16:56 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/30

Issue by carlos.garcia
Wednesday May 09, 2018 at 16:20 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/113

Issue by carlos.garcia
Monday May 14, 2018 at 11:46 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/122

The number of packets injected does not match the user specified parameters. For example, the command

id2t -i mawi-2018-04-04/dump.pcap -a ddos inject.at-timestamp=1522825500 attack.duration=60 packets.per-second=10000

does not inject 10,000 packets in total in the range of 60 seconds.

Issue by jens.klein
Sunday May 27, 2018 at 12:23 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/127

ID2T should notify the user before generating, if there is no free space on disk.

This can be achieved by assuming the resulting .pcap size based on the original .pcap size and the estimated amount of generated packets.

At the very least it should not crash.

Crash if disk fills up during writing the result pcap:
$ ./id2t -i resources/201804041400.pcap -a SMBScan -T
Input file: resources/201804041400.pcap
Label file found. Loading labels...
Read 0 label(s) successfully.
Located statistics database at: /home/pepper-jk/.cache/id2t/db/186/185/9289ccfd2840.sqlite3
Loaded file statistics in 0.00 sec from statistics database.

Creating attack instance of SMBScanAttack
Validating and adding attack parameters.
Generating attack packets... done. (total: 1000 pkts in  339.02553367614746  seconds.)

POST INJECTION STATISTICS SUMMARY  --------------------------
Total packet count:	78330145 packets
Added packet count:	1000 packets
Share of added packets:	0.0013 %
Capture duration:	0.4295 seconds
------------------------------------------------------------
Merging base pcap with single attack pcap... Could not serialize base packet with timestamp 1522818221.90773
Could not serialize base packet with timestamp 1522818300.36396
Could not serialize base packet with timestamp 1522818389.45844
Could not serialize base packet with timestamp 1522818389.65043
Could not serialize base packet with timestamp 1522818467.90078
Could not serialize base packet with timestamp 1522818497.87013
Could not serialize base packet with timestamp 1522818565.43478
Could not serialize base packet with timestamp 1522818565.72621
Could not serialize base packet with timestamp 1522818565.72621
Could not serialize base packet with timestamp 1522818565.72626
done.
Deleting intermediate attack pcap... done.
Traceback (most recent call last):
  File "/home/pepper-jk/code/ID2T-toolkit/code/CLI.py", line 189, in <module>
    main(sys.argv[1:])
  File "/home/pepper-jk/code/ID2T-toolkit/code/CLI.py", line 184, in main
    cli.parse_arguments(args)
  File "/home/pepper-jk/code/ID2T-toolkit/code/CLI.py", line 84, in parse_arguments
    self.process_arguments()
  File "/home/pepper-jk/code/ID2T-toolkit/code/CLI.py", line 95, in process_arguments
    self.process_pcap()
  File "/home/pepper-jk/code/ID2T-toolkit/code/CLI.py", line 166, in process_pcap
    controller.process_attacks(self.args.attack, self.args.rngSeed, self.args.time, self.args.inject_empty)
  File "/home/pepper-jk/code/ID2T-toolkit/code/Core/Controller.py", line 158, in process_attacks
    self.label_manager.write_label_file(self.pcap_dest_path)
  File "/home/pepper-jk/code/ID2T-toolkit/code/Core/LabelManager.py", line 171, in write_label_file
    file.close()
OSError: [Errno 28] No space left on device

Crash on start with no free disk space left:

$ ./id2t -i resources/201804041400.pcap -T -a SMBScan target.count=30000 hosting.percentage=0.02
Input file: resources/201804041400.pcap
Label file found. Loading labels...
Read 0 label(s) successfully.
Located statistics database at:  /home/pepper-jk/.cache/id2t/db/186/185/9289ccfd2840.sqlite3
Loaded file statistics in 0.00 sec from statistics database.

Creating attack instance of SMBScanAttack
Traceback (most recent call last):
  File "/home/pepper-jk/code/ID2T-toolkit/code/CLI.py", line 189, in <module>
    main(sys.argv[1:])
  File "/home/pepper-jk/code/ID2T-toolkit/code/CLI.py", line 184, in main
    cli.parse_arguments(args)
  File "/home/pepper-jk/code/ID2T-toolkit/code/CLI.py", line 84, in parse_arguments
    self.process_arguments()
  File "/home/pepper-jk/code/ID2T-toolkit/code/CLI.py", line 95, in process_arguments
    self.process_pcap()
  File "/home/pepper-jk/code/ID2T-toolkit/code/CLI.py", line 166, in process_pcap
    controller.process_attacks(self.args.attack, self.args.rngSeed, self.args.time, self.args.inject_empty)
  File "/home/pepper-jk/code/ID2T-toolkit/code/Core/Controller.py", line 89, in process_attacks
    temp_attack_pcap, duration = self.attack_controller.process_attack(attack[0], attack[1:], time)
  File "/home/pepper-jk/code/ID2T-toolkit/code/Core/AttackController.py", line 139, in process_attack
    self.create_attack(attack, self.seed)
  File "/home/pepper-jk/code/ID2T-toolkit/code/Core/AttackController.py", line 116, in create_attack
    self.current_attack.set_statistics(self.statistics)
  File "/home/pepper-jk/code/ID2T-toolkit/code/Attack/BaseAttack.py", line 79, in set_statistics
    self.most_used_ttl_value = self.statistics.get_most_used_ttl_value()
  File "/home/pepper-jk/code/ID2T-toolkit/code/Core/Statistics.py", line 619, in get_most_used_ttl_value
    return self.process_db_query("SELECT ttlValue FROM (SELECT ttlValue, SUM(ttlCount) as occ FROM ip_ttl GROUP BY "
  File "/home/pepper-jk/code/ID2T-toolkit/code/Core/Statistics.py", line 803, in process_db_query
    return self.stats_db.process_db_query(query_string_in, print_results)
  File "/home/pepper-jk/code/ID2T-toolkit/code/Core/StatsDatabase.py", line 329, in process_db_query
    result = self.process_user_defined_query(query_string, sql_query_parameters)
  File "/home/pepper-jk/code/ID2T-toolkit/code/Core/StatsDatabase.py", line 137, in process_user_defined_query
    self.cursor.execute(query_string)
sqlite3.OperationalError: database or disk is full

Issue by carlos.garcia
Friday May 11, 2018 at 11:07 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/116

The command columns asdfasdf crashes query mode.

Issue by aidmar.wainakh
Monday Dec 18, 2017 at 09:48 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/35

In SQLiAttack, the last connection has a special treatment in the code because it is established by the attacker. The code of this connection can be optimized/merged with the code of the rest of the connections.

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 13:46 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/7

The aforementioned tables currently have packet counts only. Storing the amount of bytes observed is also desirable.

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 17:01 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/15

If a labels' file is found, allow the user to list and work with the labels (like adding notes to them) while in query mode.

Issue by carlos.garcia
Friday May 11, 2018 at 16:37 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/117

When analyzing the file found in 1, the following error is displayed when writing the statistics to the database:

Exception in statistics_db: UNIQUE constraint failed: ip_ports.ipAddress, ip_ports.portDirection, ip_ports.portNumber

Issue by patrick.jattke
Friday Nov 11, 2016 at 23:01 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/25

At the moment there is no information available in the statistics database to determine the protocol which the ports belongs to. This would be helpful, for example, for the DoS attack based on TCP SYN packets.

Issue by carlos.garcia
Thursday Nov 03, 2016 at 12:01 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/20

The parsing procedure responsible for determining port ranges, does not recognize correctly ports with 5 digits (ports larger than 9999).

The faulty regexp is located in "BaseAttack.py" line 117. The correct regexp should be:
'^([0-9]{1,5})(?:-|.{2,3})([0-9]{1,5})$'

Issue by jens.klein
Saturday May 26, 2018 at 18:07 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/126

The installation of pip dependencies fails while offline. This is due to pip requesting hashes for the packages in cache before installing, this requires an internet connection.

$ ./build.sh 
Updating SQLiteCpp
Detected OS: Arch Linux
Packages: Checking...
Packages: Found.
Additional Packages: Checking...
Additional Packages: Found.
Collecting coverage==4.5.1 (from -r resources/requirements.txt (line 1))
  Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7fcb1a8ec160>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)': /simple/coverage/
  Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7fcb1a8ec4a8>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)': /simple/coverage/
  Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7fcb1a8ecba8>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)': /simple/coverage/
  Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7fcb1a8ec0f0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)': /simple/coverage/
  Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7fcb1a8ec128>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)': /simple/coverage/
  Could not find a version that satisfies the requirement coverage==4.5.1 (from -r resources/requirements.txt (line 1)) (from versions: )
No matching distribution found for coverage==4.5.1 (from -r resources/requirements.txt (line 1))
-- The C compiler identification is GNU 8.1.0
-- The CXX compiler identification is GNU 8.1.0
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
[...]

This results in the python-venv not being setup probably and ID2T to crash on start, because of the missing dependencies:

$ ./id2t -i resources/201804041400.pcap -a SMBScan-T                   
Traceback (most recent call last):
  File "/home/pepper-jk/code/ID2T-toolkit/code/CLI.py", line 5, in <module>
    from Core.Controller import Controller
  File "/home/pepper-jk/code/ID2T-toolkit/code/Core/Controller.py", line 8, in <module>
    import pyparsing as pp
ModuleNotFoundError: No module named 'pyparsing'

Issue by carlos.garcia
Thursday Nov 03, 2016 at 13:32 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/21

When instructing to inject a PortscanAttack, the first injected packets are correctly placed at the timestamp specified by "inject.at-timestamp" but subsequent packets are wrongly placed using the current timestamp.

To test this problem, execute the command:
./CLI.py -i test_me_short.pcap -a "PortscanAttack" ip.src="66.66.66.66" mac.src="32:08:24:DC:8D:27" inject.at-timestamp=921506778

on the attached file. (cannot attach files right now, will attach later)

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 17:04 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/16

The crash message is:

Input file: test_me_short_20161102-164436.pcap
Label file found. Loading labels...
Traceback (most recent call last):
  File "./CLI.py", line 113, in <module>
    main(sys.argv[1:])
  File "./CLI.py", line 108, in main
    cli.parse_arguments(args)
  File "./CLI.py", line 97, in parse_arguments
    self.process_arguments()
  File "./CLI.py", line 32, in process_arguments
    controller = Controller(self.args.input)
  File "/home/boy/Documents/CASED/Repos/id2t/code/ID2TLib/Controller.py", line 23, in __init__
    self.label_manager = LabelManager(self.pcap_src_path)
  File "/home/boy/Documents/CASED/Repos/id2t/code/ID2TLib/LabelManager.py", line 34, in __init__
    self._load_labels()
  File "/home/boy/Documents/CASED/Repos/id2t/code/ID2TLib/LabelManager.py", line 136, in _load_labels
    attack_note = a.childNodes[3].firstChild.data
AttributeError: 'NoneType' object has no attribute 'data'

There are no notes in the XML file, is this what is not correctly parsed?

Issue by carlos.garcia
Thursday Mar 15, 2018 at 14:59 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/72

The labels file should specify the details that relate to the creation of the attack. If the user gives parameters or if defaults are used, the parameters should be listed inside the "<attack>" tags.

Issue by carlos.garcia
Thursday Mar 15, 2018 at 14:55 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/71

ID2T is saving all cached statistics (the databases) in the folder ~/ID2T_DATA. This folder clutters the home directory of the user.

I see two ways to resolve this issue:

• Save the databases in an XDG standard location such as ~/.config/id2t
• Save it in the same directory as where the pcap is found

We can discuss this next time we meet.

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 13:38 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/2

The named query that returns the IP address with the most packets might return more than one result if different IPs are tied.

PortscanAttack expects only one IP when using this named query and fails if a list of addresses is returned instead.

Issue by jens.klein
Thursday May 24, 2018 at 13:01 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/125

When running an Attack ID2T will generate the default parameters before taking the user defined ones into account.

This results in unnecessary overhead.

One way to tackle this issue could be init_params() getting either the user defined parameters or flags representing them as an option. So that it only generates the needed parameters, which would be the wanted behavior.

Issue by aidmar.wainakh
Monday Dec 18, 2017 at 10:03 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/36

The EternalBlue exploit contains MS17 scan, which checks whether the targeted host has a vulnerable SMB. This code can be separated to a standalone scan.

Issue by carlos.garcia
Tuesday May 15, 2018 at 16:37 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/123

When using large PCAP files (>5GiB) with many IP addresses (>2 million), the SMBScan attack does not finish "Creating an attack instance".

Issue by patrick.jattke
Saturday Nov 05, 2016 at 10:33 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/24

The program should store a version number into the statistics database such that changes in the statistics calculation (e.g., extension of available statistics) or the scheme if the statistics database (e.g., renaming of columns, new tables) leads to an automatic recalculation. At the moment the user must force the recalculation by providing -r/--recalculate as program argument.

Issue by carlos.garcia
Wednesday May 09, 2018 at 16:22 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/114

Issue by carlos.garcia
Tuesday Mar 27, 2018 at 10:44 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/89

When executing ./run_tests, the first message shown to the user is:

Unrecognized PDUs detected: Check 'unrecognized_pdus' table!

The message is bound to confuse the user. When running tests, it's desirable to run ID2T in non-verbose mode (assuming that removes that message).

Issue by carlos.garcia
Wednesday May 09, 2018 at 16:33 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/115

If id2t is in the PATH, PCAP files cannot be found if id2t is called from another location that is not the actual directory where id2t lies.

EDIT:
e.g. symlink to bin folder and execution somewhere else.

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 16:59 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/14

When a pcap file is loaded and a corresponding labels file is found, ID2T states that the labels are loaded.
The purpose of this is not documented.

Issue by leon.boeck
Monday Nov 06, 2017 at 10:30 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/27

Quickfix:

git submodule add -f https://github.com/SRombauts/SQLiteCpp.git code_boost/src/SQLiteCpp

Issue by patrick.jattke
Friday Nov 04, 2016 at 10:51 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/23

The parsing process of queries is not robust and providing queries not recognized may lead to errors or unexpressive error messages.
For example, submitting the query most_used(macAddr); prints the error message An error occurred: near "None": syntax error.

Therefore I suggest re-implementing the query parsing functionality in StatsDatabase.process_db_query and StatsDatabase._process_named_query. This can be realized by using an existing library such as pyparsing.

Issue by jens.klein
Friday Mar 30, 2018 at 22:33 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/106

EternalBlue needs 2.6402532561751437 seconds to generate 1000 packets.

Exceeding the 1.5 seconds limit by far.

Issue by carlos.garcia
Friday May 11, 2018 at 16:40 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/118

After finishing analyzing and storing the statistics of the pcap file in 1, the reported duration is wrong. The reported statistics are:

PCAP FILE STATISTICS SUMMARY  ------------------------------
Total packet count:     78329145 packets
Recognized packets:     78329145 packets
Unrecognized packets:   0 PDUs
% Recognized packets:   100.0 %
% Unrecognized packets: 0.0 %
Last unknown PDU:       None
Capture duration:       0.4295 seconds
------------------------------------------------------------

Examining the database in query mode, we can see:

SELECT timestampLastPacket FROM file_statistics;
Query returned 1 record:

+----------------------------+
| timestampLastPacket        |
+----------------------------+
| 2018-04-04 07:15:00.331786 |
+----------------------------+
> SELECT timestampFirstPacket FROM file_statistics;
Query returned 1 record:

+----------------------------+
| timestampFirstPacket       |
+----------------------------+
| 2018-04-04 07:00:00.448274 |
+----------------------------+

Issue by carlos.garcia
Monday May 28, 2018 at 11:43 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/128

Add to the table file_statistics:

• most used TTL, MSS, winSize, and others that make sense

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 13:42 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/4

A command should be available to list all possible named queries while in query mode.

Issue by carlos.garcia
Wednesday Nov 02, 2016 at 13:36 GMT
Originally opened as https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit/issues/1

Compiling libpcapreader is not possible using the current CMakeLists.txt
It must be adapter to run on different distributions.