Example #1
0
def get_pktsize_distribution_info(db_name, coll_name):

    #create a distribution
    #create the first entry before starting the loop
    pktsize_bin = { 'start': 0, 'end': PKTSIZE_BIN_SIZE, 'count': 0, 'count_percentage': 0.0 }
    pktsize_distribution =[]
    pktsize_distribution.append(pktsize_bin)
    for i in range(MAX_PACKETSIZE_BINS - 1):
        pktsize_bin = { 'start': pktsize_distribution[i]['end'] + 1, 'end': pktsize_distribution[i]['end'] + PKTSIZE_BIN_SIZE, 'count': 0, 'count_percentage': 0.0 }
        pktsize_distribution.append(pktsize_bin)
    #make the last bin all the way to max packet size to cover all possible packet sizes
    pktsize_distribution[MAX_PACKETSIZE_BINS - 1]['end'] = MAX_POSSIBLE_PACKET_SIZE

    #map reduce to find out the count of packets for each packet size
    mapper = Code("""
              function () {
                emit(String(this.network.total_length), 1);        
               }
               """)
    reducer = Code("""
                function (key, values) {
                  
                  return Array.sum(values);
                }
                """)
    status, error_text, coll = dbif.db_do_mapreduce(db_name, coll_name, mapper, reducer, 'pktsize_distribution')

    total_count = 0
    for doc in coll.find():
        length = int(doc['_id'])
        index = length / PKTSIZE_BIN_SIZE;
        if length % PKTSIZE_BIN_SIZE == 0:
            index -= 1;
        if index >= MAX_PACKETSIZE_BINS:
            index = MAX_PACKETSIZE_BINS - 1
        pktsize_distribution[index]['count'] += int(doc['value'])
        total_count += int(doc['value'])

    #now calculate percentages
    for i in range(MAX_PACKETSIZE_BINS):
        pktsize_distribution[i]['count_percentage'] = (pktsize_distribution[i]['count'] * 100.0) / total_count
    
    logger.info(pktsize_distribution)
    return pktsize_distribution
Example #2
0
def get_quic_info(db_name, coll_name):

    # map reduce to find out the count of packets for each packet size
    mapper = Code(
        """
              function () {
                if (this.transport.protocol == "UDP" && (this.transport.src_port == 443 || this.transport.dest_port == 443))
                {
                    emit("quic_pkts", 1); 
                    emit("quic_bytes", this.network.total_length); 
                    emit("total_pkts", 1); 
                    emit("total_bytes", this.network.total_length);      
                }  
                else
                {
                    emit("total_pkts", 1); 
                    emit("total_bytes", this.network.total_length);  
                }
               }
               """
    )
    reducer = Code(
        """
                function (key, values) {
                  
                  return Array.sum(values);
                }
                """
    )
    status, error_text, coll = dbif.db_do_mapreduce(db_name, coll_name, mapper, reducer, "quic_info")

    quic_info = {}
    for doc in coll.find():
        print doc
        quic_info[doc["_id"]] = int(doc["value"])

    quic_info["pkts_percentage"] = (quic_info["quic_pkts"] * 100.0) / quic_info["total_pkts"]
    quic_info["bytes_percentage"] = (quic_info["quic_bytes"] * 100.0) / quic_info["total_bytes"]

    logger.info(quic_info)
    return quic_info