forked from sjcomeau43543/MLforAndroidApps
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlogFlows.py
More file actions
125 lines (98 loc) · 3.21 KB
/
logFlows.py
File metadata and controls
125 lines (98 loc) · 3.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# classes
from classes import Burst, Flow, Packet
# for usability
import argparse
import logging
# for verification
import os
# for python memory problems
import copy
# for logging
import csv
# for packet parsing
import pyshark
import datetime
import time
# tries to make a Packet object from a packet
# if the packet is incomplete then it returns None
def parse_packet(packet, appname):
try:
ppacket = Packet(packet.ip.src, packet[packet.transport_layer].srcport, packet.ip.dst, packet[packet.transport_layer].dstport, packet.transport_layer, packet.sniff_timestamp, int(packet.length), appname, packet.eth.type, packet.ip.ttl, packet.ip.flags, packet.ip.proto)
return ppacket
except AttributeError:
return None
def parse_file(file, appname):
list_of_packets = []
packets = pyshark.FileCapture(file)
for packet in packets:
ppacket = parse_packet(packet, appname)
if ppacket is not None:
list_of_packets.append(ppacket)
return list_of_packets
def parse_live(writer):
first_ppacket = True
live_cap = pyshark.LiveCapture(interface="eth1")
iterate = live_cap.sniff_continuously
for packet in iterate():
ppacket = parse_packet(packet)
if ppacket is not None:
if first_ppacket == True:
burst = Burst(ppacket)
first_ppacket = False
else:
if ppacket.timestamp >= burst.timestamp_lastrecvppacket + 1.0:
burst.pretty_print()
burst.write_to_csv(writer)
burst.clean_me()
burst = Burst(ppacket)
else:
burst.write_to_csv(ppacket)
def main():
parser = argparse.ArgumentParser(description="parse pcap files")
parser.add_argument("-l", "--liveparse", action="store_true", help="live parse packets")
parser.add_argument("-f", "--file", help="the file to parse")
parser.add_argument("-d", "--directory", help="the directory of files to parse")
args = parser.parse_args()
csv_file = open("traffic.csv", "wb")
writer = csv.writer(csv_file, delimiter=',')
# see the google doc for the csv rows
if args.liveparse:
parse_live(writer)
elif args.file is not None:
if not os.path.exists(args.file):
logging.error("input a valid file to be parsed")
exit()
ppackets = parse_file(args.file, os.path.dirname(args.file).replace("Samples/", ""))
burst = Burst(ppackets[0])
for ppacket in ppackets[1:]:
# print ppacket.timestamp
if ppacket.timestamp >= burst.timestamp_lastrecvppacket + 1.0:
burst.pretty_print()
burst.write_to_csv(writer)
burst.clean_me()
# del burst.flows
burst = copy.deepcopy([])
burst = Burst(ppacket)
else:
burst.add_ppacket(ppacket)
csv_file.close()
else:
for dirname, subdirlist, filelist in os.walk(args.directory):
for file in filelist:
ppackets = parse_file(os.path.join(dirname, file), dirname.replace("Samples/",""))
print dirname.replace("Samples/", "")
burst = Burst(ppackets[0])
for ppacket in ppackets[1:]:
# print ppacket.timestamp
if ppacket.timestamp >= burst.timestamp_lastrecvppacket + 1.0:
burst.pretty_print()
burst.write_to_csv(writer)
burst.clean_me()
# del burst.flows
burst = copy.deepcopy([])
burst = Burst(ppacket)
else:
burst.add_ppacket(ppacket)
csv_file.close()
if __name__ == "__main__":
main()