def union_pcap(self): """Given sets A = (1, 2, 3), B = (2, 3, 4), A + B = (1, 2, 3, 4). About: This method uses tshark to get identifying information on pcaps and then mergepcap to save the combined pcap. Returns: (string): Name of generated pcap. """ raw_packet_list = [] for pcap in self.pcap_json_dict.values(): for frame in pcap: raw_frame = get_frame_from_json(frame) raw_packet_list.append(raw_frame) self.print_10_most_common_frames(raw_packet_list) union_frame_dict = {} for frame in raw_packet_list: union_frame_dict[frame] = self.frame_timestamp_dict[frame] save.save_pcap(pcap_dict=union_frame_dict, name='union.pcap', options=self.options) return 'union.pcap'
def intersect_pcap(self): """Save pcap intersection. First filename is pivot packet capture. Returns: (str): Fileame of generated pcap. """ # Generate intersection set of frames if not self.frame_list_by_pcap: self.frame_list_by_pcap = \ get_frame_list_by_pcap(self.pcap_json_dict) frame_list = self.frame_list_by_pcap frame_intersection = set(frame_list[0]).intersection(*frame_list[1:]) # Print intersection output like in docstring intersection_count = len(frame_intersection) print("{: <12} {: <}".format('\nSAME %', 'PCAP NAME')) for pcap in self.filenames: same_percent = str( round(100 * (intersection_count / len(frame_list[0])))) + '%' print("{: <12} {: <}".format(same_percent, pcap)) intersect_frame_dict = {} for frame in frame_intersection: intersect_frame_dict[frame] = self.frame_timestamp_dict[frame] save.save_pcap(pcap_dict=intersect_frame_dict, name='intersect.pcap', options=self.options) if frame_intersection: return 'intersect.pcap' print('WARNING! Intersection between ', self.filenames, ' contains no packets!') return ''
def bounded_intersect_pcap(self): """Create a packet capture intersection out of two files using ip.ids. Create a packet capture by finding the earliest common packet by and then the latest common packet in both pcaps by ip.id. Returns: (list(string)): Filenames of generated pcaps. """ # Init vars bounded_pcaps = self.get_bounded_pcaps() names = [] # Names of all generated pcaps for index, _ in enumerate(bounded_pcaps): names.append('bounded_intersect-simul' + str(index + 1) + '.pcap') save.save_pcap(pcap_dict=bounded_pcaps[index], name=names[index], options=self.options) return names
def difference_pcap(self, pivot_index=0): """Given sets A = (1, 2, 3), B = (2, 3, 4), C = (3, 4, 5), A-B-C = (1). Args: pivot_index [int]: Specify minuend by index of filename in list Returns: (string): Name of generated pcap. """ pcap_json_list = [*self.pcap_json_dict.values()] minuend_pcap_json = pcap_json_list[pivot_index] minuend_name = self.filenames[pivot_index] # pcap json list - minuend json. With index 0, remove 1st pcap json. diff_pcap_json_list = pcap_json_list[:pivot_index] + \ pcap_json_list[pivot_index+1:] minuend_frame_dict = get_flat_frame_dict([minuend_pcap_json]) minuend_frame_list = list(minuend_frame_dict.keys()) diff_frame_dict = get_flat_frame_dict(diff_pcap_json_list) diff_frame_list = list(diff_frame_dict.keys()) packet_diff = set(minuend_frame_list).difference(set(diff_frame_list)) diff_frame_dict = {} for frame in packet_diff: # Minuend frame dict should have all values we care about. diff_frame_dict[frame] = minuend_frame_dict[frame] diff_filename = 'diff_' + os.path.basename(minuend_name) # Save only if there are packets or -x flag is not used. if not packet_diff: print('WARNING! ' + minuend_name + ' difference contains no packets!') if packet_diff or not self.exclude_empty: # If the file already exists, choose a different name. unique_diff_name = diff_filename while os.path.isfile(unique_diff_name): unique_diff_name = diff_filename[:-5] + '-' + \ str(int(time.time())) + '.pcap' save.save_pcap(pcap_dict=diff_frame_dict, name=unique_diff_name, options=self.options) return unique_diff_name return ''
def test_save_pcap(self): """test save_pacp.""" pcap_dict = {self.test_packet: '1537945792.667334763'} save_pcap(pcap_dict=pcap_dict, name='test.pcap', options=self.options) self.assertTrue(filecmp.cmp('test.pcap', 'tests/files/test.pcap')) os.remove('test.pcap')