def on_packet_received(self, packet): count = 0 direction = PacketDirection.FORWARD if self.output_mode != 'flow': if TLS not in packet: return if TLSApplicationData not in packet: return if len(packet[TLSApplicationData]) < 40: # PING frame (len = 34) or other useless frames return self.packets_count += 1 # Creates a key variable to check packet_flow_key = get_packet_flow_key(packet, direction) flow = self.flows.get((packet_flow_key, count)) # If there is no forward flow with a count of 0 if flow is None: # There might be one of it in reverse direction = PacketDirection.REVERSE packet_flow_key = get_packet_flow_key(packet, direction) flow = self.flows.get((packet_flow_key, count)) if flow is None: # If no flow exists create a new flow direction = PacketDirection.FORWARD flow = Flow(packet, direction) packet_flow_key = get_packet_flow_key(packet, direction) self.flows[(packet_flow_key, count)] = flow elif (packet.time - flow.latest_timestamp) > EXPIRED_UPDATE: # If the packet exists in the flow but the packet is sent # after too much of a delay than it is a part of a new flow. expired = EXPIRED_UPDATE while (packet.time - flow.latest_timestamp) > expired: count += 1 expired += EXPIRED_UPDATE flow = self.flows.get((packet_flow_key, count)) if flow is None: flow = Flow(packet, direction) self.flows[(packet_flow_key, count)] = flow break elif (packet.time - flow.latest_timestamp) > EXPIRED_UPDATE: expired = EXPIRED_UPDATE while (packet.time - flow.latest_timestamp) > expired: count += 1 expired += EXPIRED_UPDATE flow = self.flows.get((packet_flow_key, count)) if flow is None: flow = Flow(packet, direction) self.flows[(packet_flow_key, count)] = flow break flow.add_packet(packet, direction) if self.packets_count % 10000 == 0 or (flow.duration > 120 and self.output_mode == 'flow'): print('Packet count: {}'.format(self.packets_count)) self.garbage_collect(packet.time)