def test_retrieve_geoip3(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=3, args=args, dnsCACHE=dnsCACHE)
node = list(g.data.keys())[-1]
g._retrieve_node_info(node, g.data[node]['packet'])
#self.assertIn('country', g.data[node].keys())
self.assertTrue(dnsCACHE[node]['country'] > '')
def _draw(self, png, layer):
try:
os.remove(png)
except OSError:
pass
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=layer, args=args, dnsCACHE=dnsCACHE)
g.title = 'pcapGrok tests/test.pcap layer %d' % layer
g.draw(filename=png)
self.assertTrue(os.path.exists(png))
def test_graphviz(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=3, args=args, dnsCACHE=dnsCACHE)
self.assertIsNotNone(g.get_graphviz_format())
def test_retrieve_geoip4(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=4, args=args, dnsCACHE=dnsCACHE)
node = list(g.data.keys())[8]
g._retrieve_node_info(node, g.data[node]['packet'])
self.assertTrue(dnsCACHE[node.split(':')[0]]['country'] > '')
def test_get_frequent_ips_out(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=3, args=args, dnsCACHE=dnsCACHE)
ips = g.get_out_degree(print_stdout=True)
self.assertIsNotNone(ips)
def test_build_graph_layer4(self):
packets = ScapySource.load(['test.pcap'])
args.squishports = False
g = GraphManager(packets, layer=4, args=args, dnsCACHE=dnsCACHE)
self.assertEqual(36, g.graph.number_of_edges())
def test_build_graph_layer3(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=3, args=args, dnsCACHE=dnsCACHE)
self.assertEqual(8, g.graph.number_of_edges())
else:
logger.warning("## Invalid hostsfile %s supplied, skipping" %
args.hostsfile)
else:
logger.debug("### hostsfile not supplied")
if os.path.isfile(dnsCACHEfile):
dnsCACHE = readDnsCache(dnsCACHEfile, dnsCACHE)
else:
logger.info(
'### No dnsCACHE file %s found. Will create a new one' %
dnsCACHEfile)
if args.restrict:
r = args.restrict
rl = [x.lower() for x in r]
args.restrict = rl
gM = GraphManager(args, dnsCACHE, {}, {}, '', '')
if args.append: # old style amalgamated input
filesused = '_'.join(
[os.path.basename(x).split('.')[0] for x in realfiles])
if len(filesused) > 50:
filesused = '%s_etc' % filesused[:50]
title = filesused
gM.filesused = filesused
rpin = ScapySource.load(realfiles)
pin = [x for x in rpin if x.haslayer(Ether)]
diff = len(rpin) - len(pin)
if abs(diff) > 0:
logger.warning(
'##### Found %d packets without an ethernet layer in %s' %
(diff, realfiles))
if False and args.kyddbpath: