def addFiles(self):
files = QFileDialog.getOpenFileNames(self, u"选择pcap包--仅支持libpcap格式",
self.defaultDir,
"pcap file(*.pcap *.cap)")
if not files:
return 'NULL'
#初始化,重新选择数据
self.sources = []
self.pre_L5node = {}
back = ''
for string in files:
self.sources.append(string)
if back == '':
seq = ''
else:
seq = '|'
size = calc.cflow(os.path.getsize(string))
back += seq + string + '<td>' + size + '</td>'
self.defaultDir = u'/'.join(
re.split('[/\\\]', str(self.sources[0]))[0:-1])
#win7 XP different:/ or \
#print self.sources
#print self.defaultDir
return back
def richNode(L5node, L3node, errornode, pre_L5node):
totalflow = 0
for key, stream in L5node.items():
totalflow += stream['size']
for key, stream in L5node.items():
size = stream['size']
rate = str(((size * 1000) / totalflow) / 10.0) + '%' + '[' + str(
calc.cflow(stream['addsize'])) + ']'
split = key.split('_')
skey = 'S' + split[4] + '_' + split[0] + '_' + split[1]
dkey = 'D' + split[4] + '_' + split[2] + '_' + split[3]
#if stream.has_key('newkey'):
if 'newkey' in stream:
skey += '_' + stream['newkey'].split('_')[5] + '_' + stream[
'newkey'].split('_')[6] + '_' + stream['newkey'].split('_')[7]
dkey += '_' + stream['newkey'].split('_')[5] + '_' + stream[
'newkey'].split('_')[6] + '_' + stream['newkey'].split('_')[7]
#if stream.has_key('ssl'):
if 'ssl' in stream:
skey += '_' + stream['ssl'].split('_')[5]
dkey += '_' + stream['ssl'].split('_')[5]
if len(L3node[skey]['pl']) == 1:
del L3node[skey]
subNode(L3node, dkey, L5node, key, size, rate)
elif len(L3node[dkey]['pl']) == 1:
del L3node[dkey]
subNode(L3node, skey, L5node, key, size, rate)
elif len(L3node[skey]['pl']) > len(L3node[dkey]['pl']):
#del L3node[dkey]
subNode(L3node, skey, L5node, key, size, rate)
else:
#del L3node[skey]
subNode(L3node, dkey, L5node, key, size, rate)
for key, stream in L3node.items():
if stream['sub'] == []:
del L3node[key]
continue
if len(stream['sub']) != len(stream['pl']):
L3node[key]['pl'] = []
L3node[key]['content'] = []
L3node[key]['size'] = 0
for sub in stream['sub']:
L3node[key]['pl'].append(sub[13])
L3node[key]['content'].append(sub[12])
L3node[key]['size'] += sub[11]
L3node[key]['addsize'] = 0
for sub in stream['sub']:
L3node[key]['addsize'] += sub[17]
#print key,L3node[key]['addsize']
dpcap.getsig(L3node, pre_L5node)
return L3node, totalflow
def delCap(self, mstr):
try:
self.sources.remove(mstr)
except:
pass
back = ''
for string in self.sources:
if back == '':
seq = ''
else:
seq = '|'
size = calc.cflow(os.path.getsize(string))
back += seq + string + '<td>' + size + '</td>'
return back
def nodeBI(L3node, totalflow):
interval = 64
for key, stream in L3node.items():
stream['rate'] = str(
((stream['size'] * 1000) / totalflow) / 10.0) + '%' + '[' + str(
calc.cflow(stream['addsize'])) + ']'
spl = []
apl = [[] for x in xrange(var.maxpl)]
showapl = ''
showsig = ''
for sub in stream['sub']:
if len(sub[10]) == var.maxpl:
spl.append(sub[10])
for x in xrange(0, len(sub[10])):
apl[x].append(sub[10][x])
IsOrder = True
for x in xrange(0, len(apl)):
if apl[x] == []:
break
apl[x] = list(set(apl[x]))
apl[x].sort()
if x != len(apl):
showapl += str(apl[x])
if IsOrder == False:
continue
alen = len(apl[x])
if alen == 1:
showsig += str(apl[x][0]) + ' '
elif len(set([type(y) for y in apl[x]])) != 1:
#showsig+='.'
IsOrder = False
elif type(apl[x][0]) == int:
if apl[x][-1] - apl[x][0] > interval:
showsig += '.'
else:
showsig += str(apl[x][0]) + '<>' + str(apl[x][-1]) + ' '
else:
temp = [int(y) for y in apl[x]]
temp.sort()
if temp[-1] - temp[0] > interval:
showsig += '.'
else:
showsig += str(temp[0]) + '<>' + str(temp[-1]) + ' '
stream['banalysis'] = {}
stream['banalysis']['sig'] = apl
stream['banalysis']['showsig'] = showapl + '<br />' + showsig
return L3node, totalflow
def addCap(self):
files = QFileDialog.getOpenFileNames(self, u"选择pcap包--仅支持libpcap格式",
self.defaultDir,
"pcap file(*.pcap *.cap)")
if not files:
return 'NULL'
for string in files:
if string not in self.sources:
self.sources.append(string)
self.defaultDir = u'/'.join(
re.split('[/\\\]', str(self.sources[-1]))[0:-2])
back = ''
for string in self.sources:
if back == '':
seq = ''
else:
seq = '|'
size = calc.cflow(os.path.getsize(string))
back += seq + string + '<td>' + size + '</td>'
return back
def showNode(L3node, totalflow, valid, invalid, usetime, pcapNum, error,
sclass, iclass):
if error:
return error + u"<br /><span style='color:red'>信息提醒:包文件读入错误,可能导入包并非是libpcap格式文件,请转化为libpcap格式后再分析或者QQ联系开发者</span>"
#print time.time()
#网页浏览[htm|js|css|jpg|png|gif|aspx|php|ico]、DNS[53]、DHCP[67-68]、Netbios[137-139]、SSDP[1900]、智能过滤
if valid == 0:
return u"<br /><span style='color:red'>信息提醒:包文件没有一条完整会话->继续抓包稍后分析或者重新选择包文件</span>"
if valid == -1:
return u"<br /><span style='color:red'>信息提醒:没有选择包文件->请选择包文件</span>"
summary=[u"<table id='summary'><tr><th>分析包数量</th><th>"+str(pcapNum)+u"</th><th>负载总流量</th><th>"+calc.cflow(totalflow)+u"</th><th>总会话数</th><th>"+str(valid+invalid)+u"</th><th>有效会话数</th><th>"+str(valid)\
+u"</th><th>错包会话数</th><th>"+str(invalid)+u"</th><th>分析后特征数</th><th>"+str(len(L3node))+u"</th><th>减轻工作量</th><th>"\
+str(float("%.2f" %((valid+invalid-len(L3node))*100/float(valid+invalid))))+'%'+u"</th><th>分析所用时间</th><th>"+str(float("%.2f" %usetime))\
+u"秒</th><th>分析模式</th><th>自动归类</th><th>实时分析次数</th><th style='color:red' id='aCount'></th><th>实时分析倒计时[秒]</th><th style='color:red' id='aCountDown'></th>\
</tr></table><table id='report'><thead><tr><th></th><th><input type='checkbox' id='cAll'></th><th>连接建立时间</th><th>属性协议</th><th>流量比例[增加]</th><th>会话数</th><th>首报长度</th><th>首长范围</th>\
<th>IP范围</th><th>端口范围</th><th>特征类型</th><th>协议</th><th> 内容特征 <img class='cArrow' /></th><th>报长特征 <img class='bArrow' /></th></tr></thead>" ]
#print time.time()
subsizekey = {}
for key, stream in L3node.items():
if sclass == 'fp':
subkey = key.split('_')[0] + key.split('_')[2]
elif sclass == 'f':
subkey = stream['size']
elif sclass == 's':
subkey = len(stream['pl'])
elif sclass == 'p':
subkey = int(key.split('_')[2].split('<')[0].split(' ')[0])
elif sclass == 't':
subkey = min(stream['time'])
elif sclass == 'r':
subkey = stream['addsize']
if iclass == 'fp':
L3node[key]['sub'].sort(key=lambda x: x[10][0], reverse=False)
elif iclass == 'f':
L3node[key]['sub'].sort(key=lambda x: x[11], reverse=True)
elif iclass == 'p':
L3node[key]['sub'].sort(key=lambda x: x[7], reverse=False)
elif iclass == 't':
L3node[key]['sub'].sort(key=lambda x: x[16], reverse=False)
elif iclass == 'r':
L3node[key]['sub'].sort(key=lambda x: x[17], reverse=True)
#if subsizekey.has_key(subkey):
if subkey in subsizekey:
#subsizekey[subkey].append([min(stream['pl']),key])
subsizekey[subkey].append([stream['size'], key])
else:
#subsizekey[subkey]=[[min(stream['pl']),key]]
subsizekey[subkey] = [[stream['size'], key]]
#print time.time()
subsizekey = subsizekey.items()
for every in subsizekey:
every[1].sort(key=lambda x: x[0], reverse=True)
if sclass == 'fp':
subsizekey.sort(key=lambda x: x[1][0][0], reverse=True)
elif sclass == 'f':
subsizekey.sort(reverse=True)
elif sclass == 's':
subsizekey.sort(reverse=True)
elif sclass == 'p':
subsizekey.sort(reverse=False)
elif sclass == 't':
subsizekey.sort(reverse=False)
elif sclass == 'r':
subsizekey.sort(reverse=True)
'''
for x in subsizekey:
print x[0]
'''
#print time.time()
for subkey, sizekey in subsizekey:
for size, key in sizekey:
attr = key.split('_')[0]
if attr[0] == 'S':
attr = u'源端' + attr[1:]
elif attr[0] == 'D':
attr = u'目的' + attr[1:]
ip = key.split('_')[1]
if re.match('^A', ip):
ip = u'任意'
#pass
elif re.match('.*[0-9]A', ip):
ip = ip.split('A')[0]
elif re.match('^M', ip):
ip = u'任意[合并]'
elif re.match('^L', ip):
ip = u'任意[分离]'
elif re.match('.*[0-9]L', ip):
ip = ip.split('L')[0] + u'[分离]'
elif re.match('.*[0-9]M', ip):
ip = ip.split('M')[0] + u'[合并]'
port = key.split('_')[2]
pnum = len(L3node[key]['pl'])
if L3node[key]['pl'].count(L3node[key]['pl'][0]) == pnum:
if pnum == 1:
status = u'--'
else:
status = u'相等'
prange = str(L3node[key]['pl'][0])
else:
status = u'不等'
prange = str(min(L3node[key]['pl'])) + '-' + str(
max(L3node[key]['pl']))
SC = L3node[key]['canalysis']['quality']
#if port in var.protocol:
#SC=var.protocol[port]
#if nFilter.has_key(port):
#continue
if SC == "EP":
SC = u'报长特征'
elif SC == "NEP" or SC == "web":
SC = u'内容特征'
protocol_range = []
for sub in L3node[key]['sub']:
protocol_range.append(sub[18])
protocol_range = list(set(protocol_range))
if len(protocol_range) == 1:
protocol_name = protocol_range[0]
#protocol_name = protocol_range[0]
else:
protocol_name = '[' + str(len(protocol_range)) + ']'
#print protocol_name
#print protocol_name.decode('utf-8').encode('gbk').decode('utf-8').encode('gbk')
#time_range=time.strftime("%Y/%m/%d %H:%M:%S",time.localtime(min(L3node[key]['time'])))+'-'+time.strftime("%Y/%m/%d %H:%M:%S",time.localtime(max(L3node[key]['time'])))
time_range = time.strftime(
"%H:%M:%S", time.localtime(min(
L3node[key]['time']))) + '-' + time.strftime(
"%H:%M:%S", time.localtime(max(L3node[key]['time'])))
summary.append(
"<tbody class='control'><tr class='node'><td><div class='close'></div></td><td class='choose' ><input type='checkbox' id='"
+ key + "'></td><td>" + time_range + "</td><td class='fd'>")
try:
summary.append(attr+'</td><td>'+L3node[key]['rate']+'</td><td>'+str(len(L3node[key]['pl']))+'</td><td>'+status+'</td><td>'\
+prange+'</td><td>'+ip+'</td><td class="fd">'+port+'</td><td>'\
+SC+'</td><td>'+protocol_name+'</td><td><div class="csig" onmouseover=$(this).children("span.unshow").show() onmouseout=$(this).children("span.unshow").hide()>'\
+L3node[key]['canalysis']['showsig']+'</div></td><td><div class="bsig">'+L3node[key]['banalysis']['showsig']+'</div></td></tr></tbody>')
except Exception, e:
print Exception, ":", e
#add sort:通过报长排序,期望获得子节点,解决节点下再区分
#加入tbody是为了快速显示与隐藏
summary.append("<tbody class='sub' style='display:none;'>")
#L3node[key]['sub'].sort(key=lambda x:x[10][0])
for sub in L3node[key]['sub']:
SC = sub[8]
if SC == 'C':
SC = u'首报内容'
elif SC == 'S':
SC = u'首报内容<br />会话特征'
summary.append(
"<tr class='session'><td><div class='wireshark' id='" +
sub[15] +
"' onclick=openPcap(this.id)></div></td><td class='choose_son'><input type='checkbox' id='"
)
summary.append(key + '-' + sub[6] + '-' + str(sub[7]) + '-' +
sub[14] + "'></td>")
'''
summary.append('<td>'+sub[0]+'</td><td>'+sub[1]+'</td><td>'+str(sub[2])+'</td><td>'+str(sub[3])+'</td><td>'+str(sub[4])+'</td><td>'\
+sub[6]+'</td><td>'+str(sub[7])+'</td><td>'+SC\
+'</td><td><div class="csig" onmouseover=$(this).children("span.unshow").show() onmouseout=$(this).children("span.unshow").hide()>'\
+sub[9]+'</div></td><td><div class="bsig">'+str(sub[10])+'</div></td></tr>')
'''
dlist = sub[15].split('_')
summary.append('<td>'+time.strftime("%Y/%m/%d %H:%M:%S",time.localtime(sub[16]))+':'+str(repr(sub[16]).split('.')[1])+'</td><td>'+sub[0]+'</td><td>'+sub[1]+'</td><td>'+str(sub[2])+'</td><td>'+str(sub[3])+'</td><td>'+str(sub[4])+'</td><td>'\
+(dlist[1]+'-'+dlist[3])+'</td><td>'+(dlist[2]+'-'+dlist[4])+'</td><td>'+SC\
+'</td><td>'+sub[18]+'</td><td><div class="csig" onmouseover=$(this).children("span.unshow").show() onmouseout=$(this).children("span.unshow").hide()>'\
+sub[9]+'</div></td><td><div class="bsig">'+str(sub[10])+'</div></td></tr>')
summary.append("</tbody>")