search

NikolaiT / zardaxt

Passive TCP/IP Fingerprinting Tool. Run this on your server and find out what Operating Systems your clients are *really* using.
Other
292 stars 33 forks source link

update tcp_fingerprint.py for addTimestamp #11

Closed Xxx-Bin closed 1 year ago

Xxx-Bin commented 2 years ago

addTimestamp function optimization, deltas only need to incrementally calculate the last 2.

Xxx-Bin commented 2 years ago

A little test code

#!/usr/bin/python
# Write Python 3 code in this online editor and run it.

def addTimestamp(key, packetReceived, tcp_timestamp, tcp_timestamp_echo_reply, tcp_seq):
  if not key in timestamps:
    timestamps[key] = {
      'timestamps': [tcp_timestamp],
      'timestamp_echo_replies' :[tcp_timestamp_echo_reply],
      'clock_ticks': [packetReceived],
      'seq_nums': [tcp_seq],
      'deltas':[]
    }
  elif len(timestamps[key].get('timestamps', [])) <= 20:
    timestamps[key]['timestamps'].append(tcp_timestamp)
    timestamps[key]['timestamp_echo_replies'].append(tcp_timestamp_echo_reply)
    timestamps[key]['clock_ticks'].append(packetReceived)
    timestamps[key]['seq_nums'].append(tcp_seq)
    tss = timestamps[key].get('timestamps', [])
    ticks = timestamps[key].get('clock_ticks', [])
    deltas = timestamps[key].get('deltas', [])
    if len(tss) >= 2:
      i = len(tss)-2
      rtt = int(tss[i+1]) - int(tss[i])
      real = ticks[i+1] - ticks[i]
      deltas.append('rtt={}, clock={}'.format(rtt, real))

    timestamps[key]['deltas'] = deltas

def addTimestamp2(key, packetReceived, tcp_timestamp, tcp_timestamp_echo_reply, tcp_seq):
  if not key in timestamps:
    timestamps[key] = {
      'timestamps': [tcp_timestamp],
      'timestamp_echo_replies' :[tcp_timestamp_echo_reply],
      'clock_ticks': [packetReceived],
      'seq_nums': [tcp_seq]
    }
  elif len(timestamps[key].get('timestamps', [])) <= 20:
    timestamps[key]['timestamps'].append(tcp_timestamp)
    timestamps[key]['timestamp_echo_replies'].append(tcp_timestamp_echo_reply)
    timestamps[key]['clock_ticks'].append(packetReceived)
    timestamps[key]['seq_nums'].append(tcp_seq)
    tss = timestamps[key].get('timestamps', [])
    ticks = timestamps[key].get('clock_ticks', [])
    deltas = []
    if len(tss) > 2:
      for i in range(len(tss) - 1):
        rtt = int(tss[i+1]) - int(tss[i])
        real = ticks[i+1] - ticks[i]
        deltas.append('rtt={}, clock={}'.format(rtt, real))

    timestamps[key]['deltas'] = deltas

timestamps = {}
addTimestamp(1,1662283217.969,4026246295,0,0)
addTimestamp(1,1662283217.974,4026246300,392710821,1)
addTimestamp(1,1662283217.976,4026246301,392710821,1)
addTimestamp(1,1662283217.979,4026246305,392710828,1)
print(timestamps)
timestamps1 = timestamps
timestamps = {}
addTimestamp2(1,1662283217.969,4026246295,0,0)
addTimestamp2(1,1662283217.974,4026246300,392710821,1)
addTimestamp2(1,1662283217.976,4026246301,392710821,1)
addTimestamp2(1,1662283217.979,4026246305,392710828,1)
print(timestamps)
print(timestamps1 == timestamps)