Namespace to group everything related to network traffic. More...

Namespaces
	BitTorrent
	Detect and examine BitTorrent packets.

	EPS_Conduits
	Detect and examine EPS Conduits packets.

	Flash
	Detect and examine Flash packets.

	FTP
	Detect and examine plain text FTP packets.

	GoogleTalk
	Detect and examine Google Talk packets.

	HTTP
	Detect and examine HTTP packets.

	ICMP
	Detect and examine ICMP packets.

	Name_Resolution
	Detect and examine DNS packets.

	NTP
	Detect and examine UDP network time protocol packets.

	Ping
	Detect and examine ICMP ping packets.

	QUIC
	Detect and examine Google QUIC packets.

	RFB
	Detect and examine RFB packets, such as VNC.

	SIP
	Detect and examine SIP packets.

	SPDY
	Detect and examine SPDY packets.

	SSH
	Detect and examine SSH packets.

	SVN
	Detect and examine Subversion packets.

	TLS
	Detect and examine TLS packets.

	UDP_Name_Resolution
	Detect and examine UDP DNS packets.

Classes
class	Types
	A `std::set<>` of Traffic::Type. More...

Enumerations
enum	Type { Type::Unknown = 0, Type::StopAnalysis = 1, Type::FlowStart = 2, Type::FlowEnded = 3, Type::PortBased = 4, Type::Recovered = 5, Type::ARP = 70, Type::IP = 71, Type::IPv4 = 72, Type::IPv6 = 73, Type::TCP = 100, Type::UDP = 101, Type::ICMP = 102, Type::NameResolution = 1000, Type::HTTP = 1001, Type::SPDY = 1002, Type::PING = 1003, Type::SSH = 1004, Type::FTP = 1005, Type::FTPData = 1006, Type::GoogleTalk = 1007, Type::NTP = 1008, Type::EPSConduits = 1009, Type::SVN = 1010, Type::Flash = 1011, Type::FlashRTMP = 1012, Type::QUIC = 1013, Type::HTTPS = 1014, Type::RFB = 1015, Type::BitTorrent = 1016, Type::Bencode = 1017, Type::ICMPUnreachable = 1018, Type::TLS = 1019, Type::SIP = 1020 }
	Traffic can identify as several different things at once. More...

Functions
std::string	to_string (const Myra::Traffic::Type &t)
	Convert the type to a single-word text string. More...

std::string	to_string (const Types &types)
	Convert an entire Types container to a string. More...

bool	examine_first_packet (Flow &flow, const Myra::PktInfo &info)
	Function to do the very first packet analysis for Flow. More...

bool	examine_tcp_packet (Flow &flow, const Myra::PktInfo &info)
	Quickly examine a TCP packet for 3 key flags (`SYN`, `FIN`, and `RST`). More...

bool	debug_unknown_packet (Flow &flow, const Myra::PktInfo &info)
	Log debugging information on unknown flow packets. More...

Detailed Description

Namespace to group everything related to network traffic.

Enumeration Type Documentation

enum Myra::Traffic::Type

strong

Traffic can identify as several different things at once.

These enum values are not mutually exclusive when traffic is examined.

The numeric ranges are split into 4 sections:

Starting at index 0 is meta information on the flow.
Starting at index 70 is layer 3 information on the flow.
Starting at index 100 is layer 4 information on the flow.
Starting at index 1000 is layer 7 information on the flow.

If a new range is started, or an index is skipped, changes will also be required in Myra::DB::update_traffic_types().

See also: Myra::Traffic::Types; Myra::Flow::traffic_types; Myra::DB::update_traffic_types()

Enumerator
Unknown	Traffic type is unknown. This is automatically set on all flows prior to packet examinations.
StopAnalysis	Do not perform any more packet analysis on the flow.
FlowStart	We've seen this flow from the very beginning (e.g., `SYN` packet for `TCP`). See also Traffic::examine_tcp_packet()
FlowEnded	We've seen the end of this flow (e.g., `FIN` or `RST` packet for `TCP`). Warning The type Traffic::Type::FlowEnded does not indicate the last packet has been seen, since more data may arrive after a one-sided `FIN`. But in general terms, it normally indicates that we are near the end of a flow. See also Traffic::examine_tcp_packet()
PortBased	Traffic was identified using purely port-based rules.
Recovered	Flow was recovered from database after a reboot or restart.
ARP	ARP packets. See also Traffic::examine_first_packet()
IP	IPv4 or IPv6 packets. See also Traffic::examine_first_packet()
IPv4	IPv4 packets. See also Traffic::examine_first_packet()
IPv6	IPv6 packets. See also Traffic::examine_first_packet()
TCP	TCP packets. See also Traffic::examine_first_packet()
UDP	UDP packets. See also Traffic::examine_first_packet()
ICMP	ICMP packets. See also Traffic::examine_first_packet()
NameResolution	DNS packets. See also Traffic::UDP_Name_Resolution::examine()
HTTP	HTTP packets. See also Traffic::HTTP::examine()
SPDY	SPDY packets. See also Traffic::SPDY::examine()
PING	ICMP ping packets. See also Traffic::Ping::examine()
SSH	SSH packets. See also Traffic::SSH::examine()
FTP	FTP packets. See also Traffic::FTP::examine()
FTPData	FTP data packets. See also Traffic::FTP::helper()
GoogleTalk	GoogleTalk packets. See also Traffic::GoogleTalk::examine()
NTP	NTP packets. See also Traffic::NTP::examine()
EPSConduits	EPS Conduits packets. See also Traffic::EPS_Conduits::examine()
SVN	Subversion packets. See also Traffic::SVN::examine()
Flash	Flash packets. See also Traffic::Flash
FlashRTMP	Flash RTMP packets. See also Traffic::Flash::examine_flash_rtmp()
QUIC	Google QUIC packets. See also Traffic::QUIC::examine()
HTTPS	HTTPS packets. See also Traffic::HTTP::examine_port()
RFB	RFB packets. See also Traffic::RFB::examine() Note E.g., VNC remote desktop
BitTorrent	BitTorrent packets. See also Traffic::BitTorrent
Bencode	Bencode packets. See also Traffic::BitTorrent::examine_udp_bencode()
ICMPUnreachable	Dst unreachable. See also Traffic::ICMP::examine_unreachable()
TLS	TLS packets. See also Traffic::TLS::examine()
SIP	SIP packets. See also Traffic::SIP::examine()