Add network debugging functionality and enhance packet capture monitoring

2025-08-29 02:08:29 +01:00
parent 8bc9762e6f
commit db17f33dfe
1 changed files with 55 additions and 7 deletions
--- a/lib/services/protocol_blocking_service.dart
+++ b/lib/services/protocol_blocking_service.dart
@@ -92,14 +92,16 @@ class ProtocolBlockingService {
  }
  
  static Future<void> _monitorPeerTraffic() async {
-    // Capture ANY packet on ALL interfaces and print it
+    // Monitor FORWARDED traffic (after VPN decryption, before internet)
    try {
      final process = await Process.start('timeout', [
        '0.1', // Very short timeout
        'tcpdump',
-        '-i', 'any', // Monitor ALL interfaces
+        '-i', 'any',
        '-c', '1',
        '-v', // Verbose
+        // Only capture forwarded packets from VPN peers to internet
+        'src net 10.0.0.0/24 and not dst net 10.0.0.0/24',
      ]);
      
      final output = <String>[];
@@ -112,7 +114,7 @@ class ProtocolBlockingService {
      
      if (exitCode == 0 && output.isNotEmpty) {
        final packetData = output.join().trim();
-        print('📦 PACKET DETECTED ON ANY INTERFACE: $packetData');
+        print('📦 DECRYPTED VPN TRAFFIC TO INTERNET: $packetData');
        
        // Check if it's from our monitored peers
        for (final peerIP in _activePeerIPs) {
@@ -150,11 +152,12 @@ class ProtocolBlockingService {
      final process = await Process.start('timeout', [
        '2',
        'tcpdump',
-        '-i', 'wg0',
+        '-i', 'any',
        '-c', '3', // Capture a few packets to get handshake
        '-s', '200',
        '-x',
-        'src $peerIP',
+        // Capture decrypted traffic from peer to internet for handshake analysis
+        'src $peerIP and not dst net 10.0.0.0/24',
      ]);
      
      final handshakeData = <String>[];
@@ -574,12 +577,57 @@ class ProtocolBlockingService {
      } else {
        print('✅ ALLOWING PROTOCOL: $detectedProtocol');
      }
+    } else {
+      // Check for BitTorrent by traffic patterns
+      if (_analyzeTrafficPatterns(conn)) {
+        detectedProtocol = 'BitTorrent (Pattern Analysis)';
      } else {
        print('❓ UNKNOWN PROTOCOL (basic analysis)');
        print('🔤 ASCII sample: ${asciiData.replaceAll(RegExp(r'[^\x20-\x7E]'), '.').substring(0, 50)}...');
      }
    }
    
+    if (detectedProtocol != null) {
+      print('🎯 BASIC DETECTION: $detectedProtocol');
+      
+      // Simple blocking logic for basic patterns
+      if (['BitTorrent', 'BitTorrent (Pattern Analysis)', 'eMule'].contains(detectedProtocol)) {
+        print('🚫 BLOCKING PROTOCOL: $detectedProtocol');
+      } else {
+        print('✅ ALLOWING PROTOCOL: $detectedProtocol');
+      }
+    }
+  }
+  
+  static final Map<String, List<DateTime>> _recentConnections = {};
+  
+  static bool _analyzeTrafficPatterns(Connection conn) {
+    final now = DateTime.now();
+    final peerIP = conn.localIP;
+    
+    // Track recent connections from this peer
+    if (!_recentConnections.containsKey(peerIP)) {
+      _recentConnections[peerIP] = [];
+    }
+    
+    // Clean old connections (older than 2 minutes)
+    _recentConnections[peerIP]!.removeWhere((time) => 
+        now.difference(time).inMinutes > 2);
+    
+    _recentConnections[peerIP]!.add(now);
+    
+    final connectionCount = _recentConnections[peerIP]!.length;
+    
+    // BitTorrent pattern: Multiple connections in short time
+    if (connectionCount >= 3) {
+      print('🔍 Pattern Analysis: $connectionCount connections from $peerIP in 2 minutes');
+      print('🚨 SUSPICIOUS: Multiple rapid connections typical of P2P protocols');
+      return true;
+    }
+    
+    return false;
+  }
+  
  static List<String> _extractHexBytes(String tcpdumpOutput) {
    final hexPattern = RegExp(r'0x[0-9a-f]+:\s*([0-9a-f\s]+)', caseSensitive: false);
    final matches = hexPattern.allMatches(tcpdumpOutput);