new: passive mdns collector for hostnames

2025-07-16 10:03:39 -07:00 · 2018-08-29 17:51:02 +03:00 · 2018-08-29 17:51:02 +03:00 · cd1510f60d
commit cd1510f60d
parent f6bfd683ee
308 changed files with 40633 additions and 31 deletions
--- a/packets/queue.go
+++ b/packets/queue.go
@ -1,7 +1,6 @@
 package packets

 import (
-	"encoding/binary"
 	"fmt"
 	"net"
 	"sync"
@ -165,35 +164,6 @@ func (q *Queue) TrackError() {
 	q.Stats.Errors++
 }

-func (q *Queue) getHostname(eth *layers.Ethernet, ip *layers.IPv4, pkt gopacket.Packet) string {
-	if ludp := pkt.Layer(layers.LayerTypeUDP); ludp != nil {
-		if udp := ludp.(*layers.UDP); udp != nil && udp.SrcPort == 5353 && udp.DstPort == 5353 {
-			data := udp.Payload
-			dataSize := len(data)
-			// mDNS query response, no errors
-			if dataSize > 4 && data[2] == 0x84 && data[3] == 0x00 {
-				// no questions
-				if dataSize > 6 && data[4] == 0x00 && data[5] == 0x00 {
-					if dataSize > 8 {
-						nAnswers := binary.BigEndian.Uint16(data[6:8])
-						auth := binary.BigEndian.Uint16(data[9:11])
-						addt := binary.BigEndian.Uint16(data[12:14])
-
-						for i := 0; i < nAnswers; i++ {
-
-						}
-
-						return fmt.Sprintf("%d answs", nAnswers)
-					}
-				}
-				return "OK"
-			}
-		}
-	}
-
-	return ""
-}
-
 func (q *Queue) worker() {
 	for pkt := range q.srcChannel {
 		if !q.active {
@ -222,7 +192,10 @@ func (q *Queue) worker() {
 			isFromMe := q.iface.IP.Equal(ip4.SrcIP)
 			isFromLAN := q.iface.Net.Contains(ip4.SrcIP)
 			if !isFromMe && isFromLAN {
-				q.trackActivity(eth, ip4, ip4.SrcIP, q.getHostname(eth, ip4, pkt), pktSize, true)
+				// check if the packet is a useful MDNS query response
+				hostname := MDNSGetHostname(pkt)
+
+				q.trackActivity(eth, ip4, ip4.SrcIP, hostname, pktSize, true)
 			}

 			// something going to someone on the LAN