search

invernizzi / scapy-http

Support for HTTP in Scapy
Other
301 stars 77 forks source link

Analyzing pcap files using dpkt with python #49

Open rabbitoc opened 4 years ago

rabbitoc commented 4 years ago

please i am trying to analyse a pcap file in python using dpkt. I am having troubles with the code that 1) counts the number of TCP flows in the pcap file 2) counts the number of UDP flows in the pcap file 3) counts the number of unique IP addresses 4) calculate the total number of packets per flow 5) calculate the average packet size per flow 6) calculate the duration of each flow. From my code above, i have not been able to achieve that. I will appreciate it if anyone can help me with the python code for the above question. Thanks

this is what i have done so far

import dpkt from functools import reduce import socket

flows = {}

for ts,pkt in dpkt.pcap.Reader(open('tesst.pcap','rb')): eth=dpkt.ethernet.Ethernet(pkt)

if eth.type==dpkt.ethernet.ETH_TYPE_IP:

    ip=eth.data

    if ip.p==dpkt.ip.IP_PROTO_TCP:

        tcp = ip.data
        src_ip = socket.inet_ntoa(ip.src)
        src_port = tcp.sport
        dst_ip = socket.inet_ntoa(ip.dst)
        dst_port = tcp.dport

        flow = sorted([(src_ip, src_port), (dst_ip, dst_port)])
        flow = (flow[0], flow[1])
        # uncomment below for uni-directional flow
        # flow = (src_ip, src_port, dst_ip, dst_port)

        flow_data = {
            'byte_count': len(eth)
        }

        if flows.get(flow):
            flows[flow].append(flow_data)
        else:
            flows[flow] = [flow_data]

for k in flows.keys(): print(f'Data for flow: {k}:') bytes = reduce(lambda x, y: x+y, map(lambda e: e['byte_count'], flows[k])) print(f"Total Bytes: {bytes}")