From db17f33dfef2ed32eabb3e27145761ef8ed3e1c1 Mon Sep 17 00:00:00 2001 From: ImBenji Date: Fri, 29 Aug 2025 02:08:29 +0100 Subject: [PATCH] Add network debugging functionality and enhance packet capture monitoring --- lib/services/protocol_blocking_service.dart | 62 ++++++++++++++++++--- 1 file changed, 55 insertions(+), 7 deletions(-) diff --git a/lib/services/protocol_blocking_service.dart b/lib/services/protocol_blocking_service.dart index 5784c38..ff11ff6 100644 --- a/lib/services/protocol_blocking_service.dart +++ b/lib/services/protocol_blocking_service.dart @@ -92,14 +92,16 @@ class ProtocolBlockingService { } static Future _monitorPeerTraffic() async { - // Capture ANY packet on ALL interfaces and print it + // Monitor FORWARDED traffic (after VPN decryption, before internet) try { final process = await Process.start('timeout', [ '0.1', // Very short timeout 'tcpdump', - '-i', 'any', // Monitor ALL interfaces + '-i', 'any', '-c', '1', '-v', // Verbose + // Only capture forwarded packets from VPN peers to internet + 'src net 10.0.0.0/24 and not dst net 10.0.0.0/24', ]); final output = []; @@ -112,7 +114,7 @@ class ProtocolBlockingService { if (exitCode == 0 && output.isNotEmpty) { final packetData = output.join().trim(); - print('📦 PACKET DETECTED ON ANY INTERFACE: $packetData'); + print('📦 DECRYPTED VPN TRAFFIC TO INTERNET: $packetData'); // Check if it's from our monitored peers for (final peerIP in _activePeerIPs) { @@ -150,11 +152,12 @@ class ProtocolBlockingService { final process = await Process.start('timeout', [ '2', 'tcpdump', - '-i', 'wg0', + '-i', 'any', '-c', '3', // Capture a few packets to get handshake '-s', '200', '-x', - 'src $peerIP', + // Capture decrypted traffic from peer to internet for handshake analysis + 'src $peerIP and not dst net 10.0.0.0/24', ]); final handshakeData = []; @@ -575,9 +578,54 @@ class ProtocolBlockingService { print('✅ ALLOWING PROTOCOL: $detectedProtocol'); } } else { - print('❓ UNKNOWN PROTOCOL (basic analysis)'); - print('🔤 ASCII sample: ${asciiData.replaceAll(RegExp(r'[^\x20-\x7E]'), '.').substring(0, 50)}...'); + // Check for BitTorrent by traffic patterns + if (_analyzeTrafficPatterns(conn)) { + detectedProtocol = 'BitTorrent (Pattern Analysis)'; + } else { + print('❓ UNKNOWN PROTOCOL (basic analysis)'); + print('🔤 ASCII sample: ${asciiData.replaceAll(RegExp(r'[^\x20-\x7E]'), '.').substring(0, 50)}...'); + } } + + if (detectedProtocol != null) { + print('🎯 BASIC DETECTION: $detectedProtocol'); + + // Simple blocking logic for basic patterns + if (['BitTorrent', 'BitTorrent (Pattern Analysis)', 'eMule'].contains(detectedProtocol)) { + print('🚫 BLOCKING PROTOCOL: $detectedProtocol'); + } else { + print('✅ ALLOWING PROTOCOL: $detectedProtocol'); + } + } + } + + static final Map> _recentConnections = {}; + + static bool _analyzeTrafficPatterns(Connection conn) { + final now = DateTime.now(); + final peerIP = conn.localIP; + + // Track recent connections from this peer + if (!_recentConnections.containsKey(peerIP)) { + _recentConnections[peerIP] = []; + } + + // Clean old connections (older than 2 minutes) + _recentConnections[peerIP]!.removeWhere((time) => + now.difference(time).inMinutes > 2); + + _recentConnections[peerIP]!.add(now); + + final connectionCount = _recentConnections[peerIP]!.length; + + // BitTorrent pattern: Multiple connections in short time + if (connectionCount >= 3) { + print('🔍 Pattern Analysis: $connectionCount connections from $peerIP in 2 minutes'); + print('🚨 SUSPICIOUS: Multiple rapid connections typical of P2P protocols'); + return true; + } + + return false; } static List _extractHexBytes(String tcpdumpOutput) {