def _draw(self, png, layer):
try:
os.remove(png)
except OSError:
pass
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=layer)
g.draw(filename=png)
self.assertTrue(os.path.exists(png))
def _draw(self, png, layer):
try:
os.remove(png)
except OSError:
pass
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=layer)
g.draw(filename=png)
self.assertTrue(os.path.exists(png))
def test_load_pcap(self):
loaded = ScapySource.load(['test.pcap', 'test.pcap'])
self.assertEqual(282, len(loaded))
def test_graphviz(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=3)
self.assertIsNotNone(g.get_graphviz_format())
def test_retrieve_geoip(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=4)
node = g.graph.nodes()[0]
g._retrieve_node_info(node)
self.assertIn('country', g.data[node])
def test_get_frequent_ips_out(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=3)
ips = g.get_out_degree(print_stdout=True)
self.assertIsNotNone(ips)
def test_build_graph_layer4(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=4)
self.assertEqual(36, g.graph.number_of_edges())
action='store_true',
help='create layer4 topology')
#parser.add_argument('-e', '--exclude', nargs='*', help='exclude nodes from analysis')
parser.add_argument('-fi',
'--frequent-in',
action='store_true',
help='print frequently contacted nodes to stdout')
parser.add_argument('-fo',
'--frequent-out',
action='store_true',
help='print frequent source nodes to stdout')
args = parser.parse_args()
if args.pcaps:
packets = ScapySource.load(args.pcaps)
#if args.exclude:
# packet_ls = exclude_ips(packet_lists=packet_ls, ips=args.exclude)
if args.layer2:
layer = 2
elif args.layer3:
layer = 3
elif args.layer4:
layer = 4
else:
layer = 3
g = GraphManager(packets, layer=layer)
if args.out:
parser = ArgumentParser(description='pcap topology drawer')
parser.add_argument('-i', '--pcaps', nargs='*', help='capture files to be analyzed')
parser.add_argument('-o', '--out', help='topology will be stored in the specified file')
parser.add_argument('-g', '--graphviz', help='graph will be exported to the specified file (dot format)')
parser.add_argument('--layer2', action='store_true', help='create layer2 topology')
parser.add_argument('--layer3', action='store_true', help='create layer3 topology')
parser.add_argument('--layer4', action='store_true', help='create layer4 topology')
#parser.add_argument('-e', '--exclude', nargs='*', help='exclude nodes from analysis')
parser.add_argument('-fi', '--frequent-in', action='store_true', help='print frequently contacted nodes to stdout')
parser.add_argument('-fo', '--frequent-out', action='store_true', help='print frequent source nodes to stdout')
args = parser.parse_args()
if args.pcaps:
packets = ScapySource.load(args.pcaps)
#if args.exclude:
# packet_ls = exclude_ips(packet_lists=packet_ls, ips=args.exclude)
if args.layer2:
layer = 2
elif args.layer3:
layer = 3
elif args.layer4:
layer = 4
else:
layer = 3
g = GraphManager(packets, layer=layer)
if args.out:
parser.add_argument('-fo', '--frequent-out', action='store_true', help='print frequent source nodes to stdout')
parser.add_argument('-G', '--geopath', default='/usr/share/GeoIP/GeoLite2-City.mmdb', help='path to maxmind geodb data')
parser.add_argument('-l', '--geolang', default='en', help='Language to use for geoIP names')
parser.add_argument('-E', '--layoutengine', default='sfdp', help='Graph layout method - dot, sfdp etc.')
parser.add_argument('-s', '--shape', default='diamond', help='Graphviz node shape - circle, diamond, box etc.')
parser.add_argument('-n', '--nmax', default=100, help='Automagically draw individual protocols where useful if more than --nmax nodes. 100 seems too many for any one graph.')
args = parser.parse_args()
llook = {'DNS':DNS,'UDP':UDP,'ARP':ARP,'NTP':NTP,'IP':IP,'TCP':TCP,'Raw':Raw,'HTTP':HTTP,'RIP':RIP,'RTP':RTP}
if __name__ == '__main__':
if args.pcaps:
bl=[]
wl=[]
pin = ScapySource.load(args.pcaps)
if args.whitelist != None and args.blacklist != None:
print('### Parameter error: Specify --blacklist or specify --whitelist but not both together please.')
sys.exit(1)
packets = pin
if args.whitelist: # packets are returned from ScapySource.load as a list so cannot use pcap.filter(lambda...)
wl = [llook[x] for x in args.whitelist]
packets = [x for x in pin if sum([x.haslayer(y) for y in wl]) > 0 and x != None]
elif args.blacklist:
bl = [llook[x] for x in args.blacklist]
packets = [x for x in pin if sum([x.haslayer(y) for y in bl]) == 0 and x != None]
if args.DEBUG and (args.blacklist or args.whitelist):
print('### Read', len(pin), 'packets. After applying supplied filters,',len(packets),'are left. wl=',wl,'bl=',bl)
layer = 3
if args.layer2:
layer = 2
def test_retrieve_geoip4(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=4, args=args)
node = list(g.data.keys())[0]
g._retrieve_node_info(node)
self.assertIn('country', g.data[node])
def test_graphviz(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=3)
self.assertIsNotNone(g.get_graphviz_format())
def test_retrieve_geoip(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=4)
node = g.graph.nodes()[0]
g._retrieve_node_info(node)
self.assertIn('country', g.data[node])
def test_get_frequent_ips_out(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=3)
ips = g.get_out_degree(print_stdout=True)
self.assertIsNotNone(ips)
def test_build_graph_layer4(self):
packets = ScapySource.load(['test.pcap'])
g = GraphManager(packets, layer=4)
self.assertEqual(36, g.graph.number_of_edges())
def test_load_pcap(self):
loaded = ScapySource.load(['test.pcap', 'test.pcap'])
self.assertEqual(282, len(loaded))