def simulate(self, pcap_file_name):
print("Simulation starts!")
print("Reading pcap file: " + pcap_file_name)
pcap_reader = PcapReader(pcap_file_name)
statistic_stop_time = 1
pkt_time_base = -1
stop_time = 0
while True:
pkt = pcap_reader.read_packet()
if pkt is None:
break
if not pkt.haslayer('Ether') or not pkt.haslayer(
'IP') or not pkt.haslayer('TCP'):
continue
if pkt_time_base == -1:
pkt_time_base = pkt.time
pkt_time = pkt.time - pkt_time_base
# print("pkt.time %f" % pkt_time)
while pkt_time > stop_time:
for i in range(self.device_count):
(self.entry_num_per_sec[i]).append(
len(self.ip2hc_tables[i]))
print("%d len: %d" % (i, len(self.entry_num_per_sec[i])))
print("stop time %d" % stop_time)
stop_time += 1
self.__learn_host(pkt['IP'].src, pkt['IP'].dst, pkt['TCP'].sport,
pkt['TCP'].dport, pkt['IP'].ttl)
# print("time:%f length:%d " % (pkt_time, len(self.entry_num_per_sec[0])))
pcap_reader.close()
return self.entry_num_per_sec
class RdpcapSource(Source):
"""Read packets from a PCAP file send them to low exit.
.. code::
+----------+
>>-| |->>
| |
>-| [pcap]--|->
+----------+
"""
def __init__(self, fname, name=None):
Source.__init__(self, name=name)
self.fname = fname
self.f = PcapReader(self.fname)
def start(self):
self.f = PcapReader(self.fname)
self.is_exhausted = False
def stop(self):
self.f.close()
def fileno(self):
return self.f.fileno()
def check_recv(self):
return True
def deliver(self):
try:
p = self.f.recv()
self._send(p)
except EOFError:
self.is_exhausted = True
def sniff(count=0, store=1, offline=None, prn = None, lfilter=None, L2socket=None, timeout=None, *arg, **karg):
"""Sniff packets
sniff([count=0,] [prn=None,] [store=1,] [offline=None,] [lfilter=None,] + L2ListenSocket args) -> list of packets
Select interface to sniff by setting conf.iface. Use show_interfaces() to see interface names.
count: number of packets to capture. 0 means infinity
store: wether to store sniffed packets or discard them
prn: function to apply to each packet. If something is returned,
it is displayed. Ex:
ex: prn = lambda x: x.summary()
filter: provide a BPF filter
lfilter: python function applied to each packet to determine
if further action may be done
ex: lfilter = lambda x: x.haslayer(Padding)
offline: pcap file to read packets from, instead of sniffing them
timeout: stop sniffing after a given time (default: None)
L2socket: use the provided L2socket
"""
c = 0
if offline is None:
log_runtime.info('Sniffing on %s' % conf.iface)
if L2socket is None:
L2socket = conf.L2listen
s = L2socket(type=ETH_P_ALL, *arg, **karg)
else:
flt = karg.get('filter')
s = PcapReader(offline if flt is None else
tcpdump(offline, args=["-w", "-", flt], getfd=True))
lst = []
if timeout is not None:
stoptime = time.time()+timeout
remain = None
while 1:
try:
if timeout is not None:
remain = stoptime-time.time()
if remain <= 0:
break
try:
p = s.recv(MTU)
except PcapTimeoutElapsed:
continue
if p is None:
break
if lfilter and not lfilter(p):
continue
if store:
lst.append(p)
c += 1
if prn:
r = prn(p)
if r is not None:
print r
if 0 < count <= c:
break
except KeyboardInterrupt:
break
s.close()
return plist.PacketList(lst,"Sniffed")
class RdpcapSource(Source):
"""Read packets from a PCAP file send them to low exit.
+----------+
>>-| |->>
| |
>-| [pcap]--|->
+----------+
"""
def __init__(self, fname, name=None):
Source.__init__(self, name=name)
self.fname = fname
self.f = PcapReader(self.fname)
def start(self):
print "start"
self.f = PcapReader(self.fname)
self.is_exhausted = False
def stop(self):
print "stop"
self.f.close()
def fileno(self):
return self.f.fileno()
def deliver(self):
p = self.f.recv()
print "deliver %r" % p
if p is None:
self.is_exhausted = True
else:
self._send(p)
class RdpcapSource(Source):
"""Read packets from a PCAP file send them to low exit.
+----------+
>>-| |->>
| |
>-| [pcap]--|->
+----------+
"""
def __init__(self, fname, name=None):
Source.__init__(self, name=name)
self.fname = fname
self.f = PcapReader(self.fname)
def start(self):
print("start")
self.f = PcapReader(self.fname)
self.is_exhausted = False
def stop(self):
print("stop")
self.f.close()
def fileno(self):
return self.f.fileno()
def check_recv(self):
return True
def deliver(self):
p = self.f.recv()
print("deliver %r" % p)
if p is None:
self.is_exhausted = True
else:
self._send(p)
def process(csvfile, filename, DATA_LENGTH):
#计数
count = 0
#定义csv写入器
writer = csv.writer(csvfile)
writer.writerow(["data"])
#定义pcap读入器
pr = PcapReader(filename)
#循环一行一行数据读入,直到为空
while True:
pcap_data = pr.read_packet()
#空则退出
if pcap_data is None:
break
else:
ether_data = np.fromstring(pcap_data.original, np.uint8, count=14)
type = ether_data[12:14]
# 去除Ethernet包头,取IP包
ip_data = pcap_data.payload
#转换成0-255的数
ipdata = np.fromstring(ip_data.original, np.uint8)
#求数据长度
length = len(ipdata)
#去IP包头
communication_data = ip_data.payload
# 定义一个tmp数据变量,用于存储扩展udp包头与Tcp包头一样长后的udp数据,定义为1500长度,并且填充0,用不补0
tmp_data = np.zeros(shape=[1500], dtype=np.uint8)
# 查找UDP包头的pcap
if communication_data.name == 'UDP':
#ip包长+udp包头长=28字节,因此取前28
tmp_data[0:27] = ipdata[0:27]
#后面补12个0,使其长度与IP+TCP的40字节一致
#后面接上,UDP包长度超过1488 = 1500 - 12的部分去掉,因为补12个0与TCP包头对齐
if length > DATA_LENGTH - 12:
tmp_data[28:] = ipdata[28:DATA_LENGTH - 12]
else:
tmp_data[28:length] = ipdata[28:length]
else:
# TCP保持不变,超过1500的部分去掉
if length > DATA_LENGTH:
tmp_data = ipdata[0:DATA_LENGTH]
else:
tmp_data[0:length] = ipdata[0:length]
#用规范模型对数据进行规范化
X_train = model.transform(np.reshape(tmp_data, newshape=[-1, 1]))
# 写入时写入一行,因此transpose
writer.writerow(np.transpose(X_train)[0])
count = count + 1
if count == 100:
break
# 关闭scapy读入器,防止内存泄露
pr.close()
#反馈文件中的数据总数
return count
def sniff(count=0, store=1, offline=None, prn = None, lfilter=None, L2socket=None, timeout=None, *arg, **karg):
"""Sniff packets
sniff([count=0,] [prn=None,] [store=1,] [offline=None,] [lfilter=None,] + L2ListenSocket args) -> list of packets
Select interface to sniff by setting conf.iface. Use show_interfaces() to see interface names.
count: number of packets to capture. 0 means infinity
store: wether to store sniffed packets or discard them
prn: function to apply to each packet. If something is returned,
it is displayed. Ex:
ex: prn = lambda x: x.summary()
lfilter: python function applied to each packet to determine
if further action may be done
ex: lfilter = lambda x: x.haslayer(Padding)
offline: pcap file to read packets from, instead of sniffing them
timeout: stop sniffing after a given time (default: None)
L2socket: use the provided L2socket
"""
c = 0
if offline is None:
log_runtime.info('Sniffing on %s' % conf.iface)
if L2socket is None:
L2socket = conf.L2listen
s = L2socket(type=ETH_P_ALL, *arg, **karg)
else:
s = PcapReader(offline)
lst = []
if timeout is not None:
stoptime = time.time()+timeout
remain = None
while 1:
try:
if timeout is not None:
remain = stoptime-time.time()
if remain <= 0:
break
try:
p = s.recv(MTU)
except PcapTimeoutElapsed:
continue
if p is None:
break
if lfilter and not lfilter(p):
continue
if store:
lst.append(p)
c += 1
if prn:
r = prn(p)
if r is not None:
print(r)
if count > 0 and c >= count:
break
except KeyboardInterrupt:
break
s.close()
return plist.PacketList(lst,"Sniffed")
def _run_on_pcap(self, args):
reader = PcapReader(args.input_file)
try:
while True:
self.handle_packet(reader.read_packet())
except EOFError:
pass
reader.close()
def parse_pcap_files(self, pcapFiles, quite=True):
"""
Take one more more (list, or tuple) of pcap files and parse them
into the engine.
"""
if not hasattr(pcapFiles, '__iter__'):
if isinstance(pcapFiles, str):
pcapFiles = [pcapFiles]
else:
return
for i in range(0, len(pcapFiles)):
pcap = pcapFiles[i]
pcapName = os.path.split(pcap)[1]
if not quite:
sys.stdout.write("Reading PCap File: {0}\r".format(pcapName))
sys.stdout.flush()
if not os.path.isfile(pcap):
if not quite:
sys.stdout.write("Skipping File {0}: File Not Found\n".format(pcap))
sys.stdout.flush()
continue
elif not os.access(pcap, os.R_OK):
if not quite:
sys.stdout.write("Skipping File {0}: Permissions Issue\n".format(pcap))
sys.stdout.flush()
continue
pcapr = PcapReader(pcap) # pylint: disable=no-value-for-parameter
packet = pcapr.read_packet()
i = 1
try:
while packet:
if not quite:
sys.stdout.write('Parsing File: ' + pcap + ' Packets Done: ' + str(i) + '\r')
sys.stdout.flush()
self.parse_wireless_packet(packet)
packet = pcapr.read_packet()
i += 1
i -= 1
if not quite:
sys.stdout.write((' ' * len('Parsing File: ' + pcap + ' Packets Done: ' + str(i))) + '\r')
sys.stdout.write('Done With File: ' + pcap + ' Read ' + str(i) + ' Packets\n')
sys.stdout.flush()
except KeyboardInterrupt:
if not quite:
sys.stdout.write("Skipping File {0} Due To Ctl+C\n".format(pcap))
sys.stdout.flush()
except: # pylint: disable=bare-except
if not quite:
sys.stdout.write("Skipping File {0} Due To Scapy Exception\n".format(pcap))
sys.stdout.flush()
self.fragment_buffer = {}
pcapr.close()
def modify_traffic(self, output_filename, fake_ttl=False,
src_mac=None, dst_mac=None, src_ip_addr=None, dst_ip_addr=None):
if fake_ttl is True and len(self.src_hosts_with_fake_ttl) == 0:
print("Please extract ip2hc table before modify traffic with fake ttl.")
# show modify request
request = "Generating " + output_filename + " with\n"
if fake_ttl:
request += " fake ttl\n"
if src_mac is not None:
request += " src mac:" + src_mac + "\n"
if dst_mac is not None:
request += " dst mac:" + dst_mac + "\n"
if src_ip_addr is not None:
request += " src ip addr:" + src_ip_addr + "\n"
if dst_ip_addr is not None:
request += " dst ip addr:" + dst_ip_addr + "\n"
print(request + "\n")
pcap_reader = PcapReader(self.pcap_filename)
pcap_writer = PcapWriter(output_filename)
counter = 0
while True:
pkt = pcap_reader.read_packet()
if pkt is None:
break
if not pkt.haslayer('Ether') or not pkt.haslayer('IP'):
continue
# ipv4 packets
counter += 1
ip_int = self.__ip_str2int(pkt['IP'].src)
if fake_ttl:
pkt['IP'].ttl = self.src_hosts_with_fake_ttl[ip_int]
if src_mac is not None:
pkt['Ethernet'].src = src_mac
if dst_mac is not None:
pkt['Ethernet'].dst = dst_mac
if src_ip_addr is not None:
pkt['IP'].src = src_ip_addr
if dst_ip_addr is not None:
pkt['IP'].dst = dst_ip_addr
pcap_writer.write(pkt)
if counter % 10000 == 0:
print("%d packets have been processed\n" % counter)
pcap_writer.flush()
pcap_writer.close()
pcap_reader.close()
def mysniff(self, *arg, **karg):
c = 0
if self.opened_socket is not None:
s = self.opened_socket
else:
if self.offline is None:
if self.L2socket is None:
self.L2socket = conf.L2listen
s = self.L2socket(type=ETH_P_ALL, *arg, **karg)
else:
s = PcapReader(self.offline)
lst = []
if self.timeout is not None:
stoptime = time.time() + self.timeout
remain = None
while 1:
if not self.running:
break
try:
if self.timeout is not None:
remain = stoptime - time.time()
if remain <= 0:
break
sel = select([s], [], [], remain)
if s in sel[0]:
p = s.recv(MTU)
if p is None:
break
if self.lfilter and not self.lfilter(p):
continue
if self.store:
lst.append(p)
c += 1
if self.prn:
r = self.prn(p)
if r is not None:
print r
if self.stop_filter and self.stop_filter(p):
break
if 0 < self.count <= c:
break
except KeyboardInterrupt:
break
if self.opened_socket is None:
s.close()
return plist.PacketList(lst, "Sniffed")
def mysniff(self, *arg, **karg):
c = 0
if self.opened_socket is not None:
s = self.opened_socket
else:
if self.offline is None:
if self.L2socket is None:
self.L2socket = conf.L2listen
s = self.L2socket(type=ETH_P_ALL, *arg, **karg)
else:
s = PcapReader(self.offline)
lst = []
if self.timeout is not None:
stoptime = time.time() + self.timeout
remain = None
while 1:
if not self.running:
break
try:
if self.timeout is not None:
remain = stoptime - time.time()
if remain <= 0:
break
sel = select([s], [], [], remain)
if s in sel[0]:
p = s.recv(MTU)
if p is None:
break
if self.lfilter and not self.lfilter(p):
continue
if self.store:
lst.append(p)
c += 1
if self.prn:
r = self.prn(p)
if r is not None:
print r
if self.stop_filter and self.stop_filter(p):
break
if 0 < self.count <= c:
break
except KeyboardInterrupt:
break
if self.opened_socket is None:
s.close()
return plist.PacketList(lst, "Sniffed")
def arp_analyse(self, files_path):
# count = 0
for i in range(0, len(files_path)):
try:
packets = PcapReader(files_path[i])
while True:
packet = packets.read_packet()
if packet is None:
break
else:
# count = count+1
print(repr(packet))
packets.close()
except Scapy_Exception as e:
print(e)
def analyse(self, files_path):
count = 0
for i in range(0, len(files_path)):
try:
packets = PcapReader(files_path[i])
while True:
packet = packets.read_packet()
if packet is None:
break
else:
count = count + 1
print(repr(packet))
# print(packet['DNS'].id)
# for packet in packets:
# print(repr(packet))
# #print(type(packet))
# #print(packet['CookedLinux'].src)
# break
print(count)
packets.close()
except Scapy_Exception as e:
print(e)
def extract_ip2hc_table(self):
self.counter = 0
print("Reading pcap file: " + self.pcap_filename)
# src_hosts is a dict
pcap_reader = PcapReader(self.pcap_filename)
while True:
pkt = pcap_reader.read_packet()
if pkt is None:
break
if not pkt.haslayer('Ether') or not pkt.haslayer('IP'):
continue
self.counter += 1
# progress indicator
if self.counter % 10000 == 0:
print(str(self.counter) + "packets have been processed")
# ipv4 packets
ip_int = self.__ip_str2int(pkt['IP'].src)
if ip_int in self.src_hosts:
continue
# unrecorded source host
hc = self.__ttl2hc(pkt['IP'].ttl)
fake_ttl = self.__gen_fake_ttl(pkt['IP'].ttl)
if hc is not None and fake_ttl is not None:
self.src_hosts[ip_int] = hc
self.src_hosts_with_fake_ttl[ip_int] = fake_ttl
pcap_reader.close()
print(str(len(self.src_hosts)) + " source hosts extracted")
print("Writing ip,hc dict into " + self.ip_hc_filename + "...")
with open(self.ip_hc_filename, "w") as f:
json.dump(self.src_hosts, f)
f.close()
def sniff(count=0,
store=1,
offline=None,
prn=None,
lfilter=None,
L2socket=None,
timeout=None,
stopperTimeout=None,
flag_dict=None,
pkt_lst=pkt_lst,
*arg,
**karg):
"""Sniff packets
sniff([count=0,] [prn=None,] [store=1,] [offline=None,] [lfilter=None,] + L2ListenSocket args) -> list of packets
Select interface to sniff by setting conf.iface. Use show_interfaces() to see interface names.
count: number of packets to capture. 0 means infinity
store: wether to store sniffed packets or discard them
prn: function to apply to each packet. If something is returned,
it is displayed. Ex:
ex: prn = lambda x: x.summary()
lfilter: python function applied to each packet to determine
if further action may be done
ex: lfilter = lambda x: x.haslayer(Padding)
offline: pcap file to read packets from, instead of sniffing them
timeout: stop sniffing after a given time (default: None)
L2socket: use the provided L2socket
stop_callback: Call every loop to determine if we need
to stop the capture
"""
mac = flag_dict['mac']
up = 0
down = 0
c = 0
last_time = ''
if offline is None:
if L2socket is None:
L2socket = conf.L2listen
s = L2socket(type=ETH_P_ALL, *arg, **karg)
else:
s = PcapReader(offline)
global lst
global length
if timeout is not None:
stoptime = time.time() + timeout
remain = None
if stopperTimeout is not None:
stopperStoptime = time.time() + stopperTimeout
remainStopper = None
if (flag_dict['max']):
s.recv_pkt_lst_init()
while 1:
try:
if timeout is not None:
remain = stoptime - time.time()
if remain <= 0:
break
if stopperTimeout is not None:
remainStopper = stopperStoptime - time.time()
if remainStopper <= 0:
if flag_dict['start'] == False:
break
stopperStoptime = time.time() + stopperTimeout
remainStopper = stopperStoptime - time.time()
ll = s.ins.datalink()
if ll in conf.l2types:
cls = conf.l2types[ll]
else:
cls = conf.default_l2
warning(
"Unable to guess datalink type (interface=%s linktype=%i). Using %s"
% (self.iface, ll, cls.name))
while (s.num_process >= s.num_capture):
if (flag_dict['start'] == False):
return (None)
pass
pkt, t = s.pkt_lst[s.num_process][0], s.pkt_lst[
s.num_process][1]
ts, pkt = pkt
# if scapy.arch.WINDOWS and pkt is None:
#raise PcapTimeoutElapsed
try:
pkt = cls(pkt)
except KeyboardInterrupt:
raise
except:
if conf.debug_dissector:
raise
pkt = conf.raw_layer(pkt)
s.num_process += 1
p = pkt
length = s.num_process
if p is None:
break
if lfilter and not lfilter(p):
continue
if store:
lst.append(p)
pkt_lst.put([bytes(p), t])
c += 1
if prn:
r = prn(p)
if r is not None:
print(r)
if count > 0 and c >= count:
break
except KeyboardInterrupt:
break
s.close()
return plist.PacketList(lst, "Sniffed")
else:
while 1:
try:
if timeout is not None:
remain = stoptime - time.time()
if remain <= 0:
break
if stopperTimeout is not None:
remainStopper = stopperStoptime - time.time()
if remainStopper <= 0:
if flag_dict['start'] == False:
break
stopperStoptime = time.time() + stopperTimeout
remainStopper = stopperStoptime - time.time()
try:
p = s.recv(MTU)
except PcapTimeoutElapsed:
continue
if p is None:
break
if lfilter and not lfilter(p):
continue
if store:
lst.append(p)
pkt_lst.put([bytes(p), datetime.now().strftime("%H:%M:%S")])
#print (length,str(datetime.now()),bytes(p))
c += 1
if prn:
r = prn(p)
if r is not None:
print(r)
if count > 0 and c >= count:
break
except KeyboardInterrupt:
break
s.close()
return plist.PacketList(lst, "Sniffed")
# -*- coding:utf-8 -*-
import time
from scapy.all import *
from scapy.utils import PcapReader, PcapWriter
if __name__ == '__main__':
time1 = time.time()
s1 = PcapReader(r'C:\Users\hasee\Desktop\tcppcap.pcap')
fpwrite = open(r'resultbyscapy.txt', 'w')
count = 0
while (True):
count += 1
data = s1.read_packet()
if (data == None):
break
if (data['Ethernet'].type == 0x0800):
if (data['IP'].proto == 6):
fpwrite.write(
'序号:%d\nIP协议版本:4\nIP源地址:%s\nIP目的地址:%s\n源端口:%d\n目的端口:%d\n\n'
% (count, data['IP'].src, data['IP'].dst,
data['TCP'].sport, data['TCP'].dport))
fpwrite.close()
s1.close()
time2 = time.time()
print(time2 - time1)
def sniff(count=0,
store=1,
offline=None,
prn=None,
lfilter=None,
L2socket=None,
timeout=None,
*arg,
**karg):
"""Sniff packets
sniff([count=0,] [prn=None,] [store=1,] [offline=None,] [lfilter=None,] + L2ListenSocket args) -> list of packets
count: number of packets to capture. 0 means infinity
store: wether to store sniffed packets or discard them
prn: function to apply to each packet. If something is returned,
it is displayed. Ex:
ex: prn = lambda x: x.summary()
lfilter: python function applied to each packet to determine
if further action may be done
ex: lfilter = lambda x: x.haslayer(Padding)
offline: pcap file to read packets from, instead of sniffing them
timeout: stop sniffing after a given time (default: None)
L2socket: use the provided L2socket
"""
c = 0
if offline is None:
if L2socket is None:
L2socket = conf.L2listen
s = L2socket(type=ETH_P_ALL, *arg, **karg)
else:
s = PcapReader(offline)
lst = []
if timeout is not None:
stoptime = time.time() + timeout
remain = None
while 1:
try:
if timeout is not None:
remain = stoptime - time.time()
if remain <= 0:
break
try:
p = s.recv(MTU)
except PcapTimeoutElapsed:
continue
if p is None:
break
if lfilter and not lfilter(p):
continue
if store:
lst.append(p)
c += 1
if prn:
r = prn(p)
if r is not None:
print(r)
if count > 0 and c >= count:
break
except KeyboardInterrupt:
break
s.close()
return plist.PacketList(lst, "Sniffed")
def read_file(filename, interval_in_s):
start_time = -1
stop_time = interval
sender_reader = PcapReader(filename)
SYN_pps = []
ACK_pps = []
UDP_pps = []
normal_pps = []
SYN_count_in_interval = 0
ACK_count_in_interval = 0
UDP_count_in_interval = 0
normal_count_in_interval = 0
while True:
pkt = sender_reader.read_packet()
if pkt is None:
break
if not pkt.haslayer('Ether') or not pkt.haslayer('IP'):
continue
if start_time == -1:
start_time = pkt.time
time = pkt.time - start_time
while time > stop_time:
if stop_time != interval:
if SYN_pps[-1] \
+ ACK_pps[-1] \
+ UDP_pps[-1] == 0 \
and \
SYN_count_in_interval \
+ ACK_count_in_interval \
+ UDP_count_in_interval != 0:
print("time:%f, stop_time: %f" % (time, stop_time))
print("SYN %d ACK %d UDP %d normal %d" %
(SYN_count_in_interval, ACK_count_in_interval,
UDP_count_in_interval, normal_count_in_interval))
elif SYN_pps[-1] \
+ ACK_pps[-1] \
+ UDP_pps[-1] != 0 \
and \
SYN_count_in_interval \
+ ACK_count_in_interval \
+ UDP_count_in_interval == 0:
print("time:%f, stop_time: %f" % (time, stop_time))
print("SYN %d ACK %d UDP %d normal %d" %
(SYN_count_in_interval, ACK_count_in_interval,
UDP_count_in_interval, normal_count_in_interval))
normal_pps.append(normal_count_in_interval / 10.0)
SYN_pps.append(SYN_count_in_interval / 10.0)
ACK_pps.append(ACK_count_in_interval / 10.0)
UDP_pps.append(UDP_count_in_interval / 10.0)
stop_time += interval
SYN_count_in_interval = 0
ACK_count_in_interval = 0
UDP_count_in_interval = 0
normal_count_in_interval = 0
if pkt['Ether'].src == "00:00:00:00:00:11":
# spoofed!
if pkt.haslayer('UDP'):
UDP_count_in_interval += 1
elif pkt.haslayer('TCP'):
if pkt['TCP'].flags == 0x02:
SYN_count_in_interval += 1
elif pkt['TCP'].flags == 0x10:
ACK_count_in_interval += 1
else:
# unspoofed!
normal_count_in_interval += 1
sender_reader.close()
return (SYN_pps, ACK_pps, UDP_pps, normal_pps), stop_time - interval