def union_pcap(self):
"""Given sets A = (1, 2, 3), B = (2, 3, 4), A + B = (1, 2, 3, 4).
About:
This method uses tshark to get identifying information on
pcaps and then mergepcap to save the combined pcap.
Returns:
(string): Name of generated pcap.
"""
raw_packet_list = []
for pcap in self.pcap_json_dict.values():
for frame in pcap:
raw_frame = get_frame_from_json(frame)
raw_packet_list.append(raw_frame)
self.print_10_most_common_frames(raw_packet_list)
union_frame_dict = {}
for frame in raw_packet_list:
union_frame_dict[frame] = self.frame_timestamp_dict[frame]
save.save_pcap(pcap_dict=union_frame_dict,
name='union.pcap',
options=self.options)
return 'union.pcap'
def intersect_pcap(self):
"""Save pcap intersection. First filename is pivot packet capture.
Returns:
(str): Fileame of generated pcap.
"""
# Generate intersection set of frames
if not self.frame_list_by_pcap:
self.frame_list_by_pcap = \
get_frame_list_by_pcap(self.pcap_json_dict)
frame_list = self.frame_list_by_pcap
frame_intersection = set(frame_list[0]).intersection(*frame_list[1:])
# Print intersection output like in docstring
intersection_count = len(frame_intersection)
print("{: <12} {: <}".format('\nSAME %', 'PCAP NAME'))
for pcap in self.filenames:
same_percent = str(
round(100 * (intersection_count / len(frame_list[0])))) + '%'
print("{: <12} {: <}".format(same_percent, pcap))
intersect_frame_dict = {}
for frame in frame_intersection:
intersect_frame_dict[frame] = self.frame_timestamp_dict[frame]
save.save_pcap(pcap_dict=intersect_frame_dict,
name='intersect.pcap',
options=self.options)
if frame_intersection:
return 'intersect.pcap'
print('WARNING! Intersection between ', self.filenames,
' contains no packets!')
return ''
def bounded_intersect_pcap(self):
"""Create a packet capture intersection out of two files using ip.ids.
Create a packet capture by finding the earliest common packet by and
then the latest common packet in both pcaps by ip.id.
Returns:
(list(string)): Filenames of generated pcaps.
"""
# Init vars
bounded_pcaps = self.get_bounded_pcaps()
names = [] # Names of all generated pcaps
for index, _ in enumerate(bounded_pcaps):
names.append('bounded_intersect-simul' + str(index + 1) + '.pcap')
save.save_pcap(pcap_dict=bounded_pcaps[index],
name=names[index],
options=self.options)
return names
def difference_pcap(self, pivot_index=0):
"""Given sets A = (1, 2, 3), B = (2, 3, 4), C = (3, 4, 5), A-B-C = (1).
Args:
pivot_index [int]: Specify minuend by index of filename in list
Returns:
(string): Name of generated pcap.
"""
pcap_json_list = [*self.pcap_json_dict.values()]
minuend_pcap_json = pcap_json_list[pivot_index]
minuend_name = self.filenames[pivot_index]
# pcap json list - minuend json. With index 0, remove 1st pcap json.
diff_pcap_json_list = pcap_json_list[:pivot_index] + \
pcap_json_list[pivot_index+1:]
minuend_frame_dict = get_flat_frame_dict([minuend_pcap_json])
minuend_frame_list = list(minuend_frame_dict.keys())
diff_frame_dict = get_flat_frame_dict(diff_pcap_json_list)
diff_frame_list = list(diff_frame_dict.keys())
packet_diff = set(minuend_frame_list).difference(set(diff_frame_list))
diff_frame_dict = {}
for frame in packet_diff:
# Minuend frame dict should have all values we care about.
diff_frame_dict[frame] = minuend_frame_dict[frame]
diff_filename = 'diff_' + os.path.basename(minuend_name)
# Save only if there are packets or -x flag is not used.
if not packet_diff:
print('WARNING! ' + minuend_name +
' difference contains no packets!')
if packet_diff or not self.exclude_empty:
# If the file already exists, choose a different name.
unique_diff_name = diff_filename
while os.path.isfile(unique_diff_name):
unique_diff_name = diff_filename[:-5] + '-' + \
str(int(time.time())) + '.pcap'
save.save_pcap(pcap_dict=diff_frame_dict,
name=unique_diff_name,
options=self.options)
return unique_diff_name
return ''
def test_save_pcap(self):
"""test save_pacp."""
pcap_dict = {self.test_packet: '1537945792.667334763'}
save_pcap(pcap_dict=pcap_dict, name='test.pcap', options=self.options)
self.assertTrue(filecmp.cmp('test.pcap', 'tests/files/test.pcap'))
os.remove('test.pcap')