def _draw(self, png, layer): try: os.remove(png) except OSError: pass packets = ScapySource.load(['test.pcap']) g = GraphManager(packets, layer=layer) g.draw(filename=png) self.assertTrue(os.path.exists(png))
def test_graphviz(self): packets = ScapySource.load(['test.pcap']) g = GraphManager(packets, layer=3) self.assertIsNotNone(g.get_graphviz_format())
def test_retrieve_geoip(self): packets = ScapySource.load(['test.pcap']) g = GraphManager(packets, layer=4) node = g.graph.nodes()[0] g._retrieve_node_info(node) self.assertIn('country', g.data[node])
def test_get_frequent_ips_out(self): packets = ScapySource.load(['test.pcap']) g = GraphManager(packets, layer=3) ips = g.get_out_degree(print_stdout=True) self.assertIsNotNone(ips)
def test_build_graph_layer4(self): packets = ScapySource.load(['test.pcap']) g = GraphManager(packets, layer=4) self.assertEqual(36, g.graph.number_of_edges())
help='print frequent source nodes to stdout') args = parser.parse_args() if args.pcaps: packets = ScapySource.load(args.pcaps) #if args.exclude: # packet_ls = exclude_ips(packet_lists=packet_ls, ips=args.exclude) if args.layer2: layer = 2 elif args.layer3: layer = 3 elif args.layer4: layer = 4 else: layer = 3 g = GraphManager(packets, layer=layer) if args.out: g.draw(filename=args.out) if args.frequent_in: g.get_in_degree() if args.frequent_out: g.get_out_degree() if args.graphviz: g.get_graphviz_format(args.graphviz)
parser.add_argument('-fo', '--frequent-out', action='store_true', help='print frequent source nodes to stdout') args = parser.parse_args() if args.pcaps: packets = ScapySource.load(args.pcaps) #if args.exclude: # packet_ls = exclude_ips(packet_lists=packet_ls, ips=args.exclude) if args.layer2: layer = 2 elif args.layer3: layer = 3 elif args.layer4: layer = 4 else: layer = 3 g = GraphManager(packets, layer=layer) if args.out: g.draw(filename=args.out) if args.frequent_in: g.get_in_degree() if args.frequent_out: g.get_out_degree() if args.graphviz: g.get_graphviz_format(args.graphviz)
packets = pin if args.whitelist: # packets are returned from ScapySource.load as a list so cannot use pcap.filter(lambda...) wl = [llook[x] for x in args.whitelist] packets = [x for x in pin if sum([x.haslayer(y) for y in wl]) > 0 and x != None] elif args.blacklist: bl = [llook[x] for x in args.blacklist] packets = [x for x in pin if sum([x.haslayer(y) for y in bl]) == 0 and x != None] if args.DEBUG and (args.blacklist or args.whitelist): print('### Read', len(pin), 'packets. After applying supplied filters,',len(packets),'are left. wl=',wl,'bl=',bl) layer = 3 if args.layer2: layer = 2 elif args.layer4: layer = 4 args.nmax = int(args.nmax) g = GraphManager(packets, layer=layer, args=args) nn = len(g.graph.nodes()) if nn > args.nmax: print('Asked to draw %d nodes with --nmax set to %d. Will also do useful protocols separately' % (nn,args.nmax)) for kind in llook.keys(): subset = [x for x in packets if x.haslayer(kind) and x != None] if len(subset) > 2: sg = GraphManager(subset,layer=layer, args=args) nn = len(sg.graph.nodes()) if nn > 2: ofn = '%s_%d_%s' % (kind,nn,args.out) sg.draw(filename = ofn) print('drew %s %d nodes' % (ofn,nn)) if args.out: g.draw(filename=args.out)
def test_retrieve_geoip4(self): packets = ScapySource.load(['test.pcap']) g = GraphManager(packets, layer=4, args=args) node = list(g.data.keys())[0] g._retrieve_node_info(node) self.assertIn('country', g.data[node])