So far I've only constructed the classes for Unix and not Windows, I've created a separate branch for the Windows code but the associated directory is currently empty. Of course, there may be source files which will end up being common to both branches, however I don't think that maintaining a more complex directory structure in order to have both branches share common source files is something that's currently necessary (or something I currently know how to do!).
So right now the Traffic Analyzer can detect packet traffic and deconstruct packets sequentially using some clever pointer logic and special structs; nothing new there. There are a few command line arguments that the user can use to customize how the program runs and I've even included the old ConfigReader class from previous projects which can be used to read and parse standard .conf files or user-specified configuration files.
The problem right now is threefold:
- How do I properly parse the packet payload? I don't understand enough about the special characters I'm currently seeing padding the SQL queries to know what they mean, how I might use them or whether I can discard them.
- Will there be much of a headache in porting this code to Windows? I've got some knowledge of Winpcap but what else is there to consider? My experience with Windows program development has been so blissfully limited up until this point.
- How much of a pain in the ass is the MySQL API going to be to master? It doesn't look that bad but I expect there's going to be buckets of code needed in order to sanitize every little thing that's entered into the Auditing database. Even getting around this with the help of the MySQL++ libraries wasn't easy last time!
