Skip to content
/ sundial Public

Sundial ICMP timestamp Zmap module and analysis

Notifications You must be signed in to change notification settings

cmand/sundial

Repository files navigation

Sundial Zmap module

https://www.cmand.org/sundial/

  1. Background: Sundial is a project to expose properties of Internet devices via ICMP timestamp messages. For full details, or to cite this work, please see: E.C. Rye and R. Beverly "Sundials in the Shade," PAM 2019

  2. Dependencies: Zmap itself requires several dependencies; a handy list of debian packages that are pre-requisites include:

    $ sudo apt-get install build-essential cmake libgmp3-dev gengetopt libpcap-dev flex byacc libjson-c-dev pkg-config libunistring-dev

  3. Building: Follow these steps to build Zmap with Sundial support:

    • Clone Zmap (https://github.com/zmap/zmap)
    • Copy packet.*, probe_modules.*, and module_sundial.c to zmap/src/probe_modules/
    • Add probe_modules/module_sundial.c to set(EXTRA_PROBE_MODULES) in zmap/src/CMakeLists.txt
    • Copy md5.h to zmap/lib
    • cd zmap && mkdir build && cd build
    • cmake ..
    • make -j4
    • sudo make install
  4. Running:

    $ zmap -M sundial --probe-args=X -I listofips

    where X = 1 (Standard Probe), 2 (Bad Clock), 3 (Bad Checksum), 4 (Duplicate TS)

  5. Analysis:

    • Build analyze from timestampAnalyzer.c using included Makefile
    • Analysis scripts require a pcap capture of the Zmap run (ICMP probes and responses)
    • Analysis scripts assume pcap contains all 4 probe types
    • Assuming the captured pcap zmap_sundial.pcap:
      • analyze zmap_sundial.pcap
      • python sundialClassifier.py -i zmap_sundial.pcap_results.txt
    • Use python sundialClassifier.py -h for a list of analysis options

About

Sundial ICMP timestamp Zmap module and analysis

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published