def main(self):
if self.options.jobname:
export_name = self.options.jobname
source = self.netshark.get_capture_job_by_name(export_name)
elif self.options.clipname:
export_name = self.options.clipname
source = self.netshark.get_trace_clip_by_description(export_name)
filename = self.options.filename
if not filename:
filename = "%s_export.pcap" % export_name
if self.options.timerange:
timefilter = TimeFilter.parse_range(self.options.timerange)
elif self.options.start_time and self.options.end_time:
start = string_to_datetime(float(self.options.start_time))
end = string_to_datetime(float(self.options.end_time))
timefilter = TimeFilter(start, end)
else:
self.parser.error("Select either --timerange or --start and --end times")
if self.options.filters:
kvs = [f.split("=") for f in self.options.filters]
filters = [NetSharkFilter(r'%s="%s"' % (k, v)) for k, v in kvs]
else:
filters = None
with self.netshark.create_export(source, timefilter, filters=filters) as e:
print "beginning download to file %s" % filename
e.download(filename, overwrite=self.options.overwrite)
def main(self):
if self.options.jobname:
export_name = self.options.jobname
source = self.netshark.get_capture_job_by_name(export_name)
elif self.options.clipname:
export_name = self.options.clipname
source = self.netshark.get_trace_clip_by_description(export_name)
filename = self.options.filename
if not filename:
filename = '%s_export.pcap' % export_name
if self.options.timerange:
timefilter = TimeFilter.parse_range(self.options.timerange)
elif self.options.start_time and self.options.end_time:
start = string_to_datetime(float(self.options.start_time))
end = string_to_datetime(float(self.options.end_time))
timefilter = TimeFilter(start, end)
else:
self.parser.error(
'Select either --timerange or --start and --end times')
if self.options.filters:
kvs = [f.split('=') for f in self.options.filters]
filters = [NetSharkFilter(r'%s="%s"' % (k, v)) for k, v in kvs]
else:
filters = None
with self.netshark.create_export(source, timefilter,
filters=filters) as e:
print 'beginning download to file %s' % filename
e.download(filename, overwrite=self.options.overwrite)
def get_property_values(self):
return [
self.subject(), self.fingerprint(),
self.key(), self.issuer(),
timeutils.string_to_datetime(self.valid_at()),
timeutils.string_to_datetime(self.expires_at()),
self.pem()
]
def generate_traffic(self, activity, legend_keys, report_type):
""" Generate traffic data during the time the user was logged-in.
"""
cache = {}
combined_activity = []
for event in activity:
# handle dns names in host along with IP address
host = event[0].split('|', 1)[0]
timefilter = TimeFilter(string_to_datetime(event[1]),
string_to_datetime(event[2]))
# if event occurs in less than a minute, add extra minute to report
while len(timefilter.profiler_minutes()) == 1:
timefilter.end += datetime.timedelta(minutes=1)
# normalize times to minute increments
mins = timefilter.profiler_minutes()
tf = TimeFilter(mins[0], mins[-1])
if self.options.usecache and report_type == 'timeseries':
# only consider a hit when whole time period is covered
minutes = tf.profiler_minutes(astimestamp=True)
if host in cache and all(t in cache[host] for t in minutes):
data = [cache[host][t] for t in minutes]
else:
legend, data = self.traffic_report(host, tf, report_type)
# store results in cache by host->times->data
cache.setdefault(host, {}).update(
(int(x[0]), x) for x in data)
else:
legend, data = self.traffic_report(host, tf, report_type)
if data:
if self.options.aggregate and report_type == 'timeseries':
# generate running averages over data samples received
# first convert empty strings to zeros, then run averages
columns = map(lambda c: [0 if x == '' else x for x in c],
itertools.izip(*data))
aggmap = [x[1] for x in TCOLUMNS]
aggregates = [aggmap[i](x) for i, x in enumerate(columns)]
combined_activity.append(list(event) + aggregates)
elif report_type == 'timeseries' or report_type == 'summary':
# create entry for each element in report
for row in data:
r = ['--' if x == '' else x for x in row]
combined_activity.append(list(event) + r)
else:
raise RuntimeError('unknown report type: %s' % report_type)
else:
# populate result with blanks
combined_activity.append(list(event) + ['--'] * len(legend))
traffic_legend = [c.key for c in legend]
legend = legend_keys + traffic_legend
return legend, combined_activity
def generate_traffic(self, activity, legend_keys, report_type):
""" Generate traffic data during the time the user was logged-in.
"""
cache = {}
combined_activity = []
for event in activity:
# handle dns names in host along with IP address
host = event[0].split('|', 1)[0]
timefilter = TimeFilter(string_to_datetime(event[1]),
string_to_datetime(event[2]))
# if event occurs in less than a minute, add extra minute to report
while len(timefilter.profiler_minutes()) == 1:
timefilter.end += datetime.timedelta(minutes=1)
# normalize times to minute increments
mins = timefilter.profiler_minutes()
tf = TimeFilter(mins[0], mins[-1])
if self.options.usecache and report_type == 'timeseries':
# only consider a hit when whole time period is covered
minutes = tf.profiler_minutes(astimestamp=True)
if host in cache and all(t in cache[host] for t in minutes):
data = [cache[host][t] for t in minutes]
else:
legend, data = self.traffic_report(host, tf, report_type)
# store results in cache by host->times->data
cache.setdefault(host, {}).update((int(x[0]), x) for x in data)
else:
legend, data = self.traffic_report(host, tf, report_type)
if data:
if self.options.aggregate and report_type == 'timeseries':
# generate running averages over data samples received
# first convert empty strings to zeros, then run averages
columns = map(lambda c: [0 if x == '' else x for x in c],
itertools.izip(*data))
aggmap = [x[1] for x in TCOLUMNS]
aggregates = [aggmap[i](x) for i, x in enumerate(columns)]
combined_activity.append(list(event) + aggregates)
elif report_type == 'timeseries' or report_type == 'summary':
# create entry for each element in report
for row in data:
r = ['--' if x == '' else x for x in row]
combined_activity.append(list(event) + r)
else:
raise RuntimeError('unknown report type: %s' % report_type)
else:
# populate result with blanks
combined_activity.append(list(event) + ['--'] * len(legend))
traffic_legend = [c.key for c in legend]
legend = legend_keys + traffic_legend
return legend, combined_activity
def get_property_values(self):
return [
self.id(),
self.name(),
self.description(),
timeutils.string_to_datetime(self.timestamp())
]
def compare_time(self, t, resolution=60):
""" Return True if time `t` falls in between start and end times.
`t` may be a unix timestamp (float or string) or a datetime.datetime
object
`resolution` is the number of seconds to use for rounding. Since
NetProfiler stores data in one-minute increments, typically this
should allow reasonable comparisons to report outputs. Passing
zero (`0`) in here will enforce strict comparisons.
"""
# try converting to datetime object
try:
t = timeutils.string_to_datetime(t)
except TypeError:
pass
# move everything to uniform utc timezone
# string to datetime already returns utc, but if this is a
# datetime object, we are just being safe here
t = timeutils.force_to_utc(t)
start = timeutils.force_to_utc(self.start)
end = timeutils.force_to_utc(self.end)
# by default, this will be one minute delta
delta = datetime.timedelta(0, resolution, 0)
return (start <= t <= end or abs(start - t) < delta
or abs(end - t) < delta)
def compare_time(self, t, resolution=60):
""" Return True if time `t` falls in between start and end times.
`t` may be a unix timestamp (float or string) or a datetime.datetime
object
`resolution` is the number of seconds to use for rounding. Since
NetProfiler stores data in one-minute increments, typically this
should allow reasonable comparisons to report outputs. Passing
zero (`0`) in here will enforce strict comparisons.
"""
# try converting to datetime object
try:
t = timeutils.string_to_datetime(t)
except TypeError:
pass
# move everything to uniform utc timezone
# string to datetime already returns utc, but if this is a
# datetime object, we are just being safe here
t = timeutils.force_to_utc(t)
start = timeutils.force_to_utc(self.start)
end = timeutils.force_to_utc(self.end)
# by default, this will be one minute delta
delta = datetime.timedelta(0, resolution, 0)
return (start <= t <= end or
abs(start - t) < delta or
abs(end - t) < delta)
def get_property_values(self):
return [
self.state(),
self.state_description(),
timeutils.string_to_datetime(self.last_state_time()),
self.target_version(),
self.get_history_details()
]
def get_history_details(self):
history = self.update_history()
f_history = ""
for i in range(len(history)):
f_time = "\nTime: " + str(
timeutils.string_to_datetime(history[i].time))
f_version = "Version: " + history[i].version + "\n"
f_history += f_time + " " + f_version
return f_history
def main(self):
if self.options.jobname:
export_name = self.options.jobname
source = self.netshark.get_capture_job_by_name(export_name)
create_export = self.netshark.api.jobs.create_export
status_export = self.netshark.api.jobs.get_export_details
download_export = self.netshark.api.jobs.get_packets_from_export
delete_export = self.netshark.api.jobs.delete_export
elif self.options.clipname:
export_name = self.options.clipname
source = self.netshark.get_trace_clip_by_description(export_name)
create_export = self.netshark.api.clips.create_export
status_export = self.netshark.api.clips.get_export_details
download_export = self.netshark.api.clips.get_packets_from_export
delete_export = self.netshark.api.clips.delete_export
filename = self.options.filename
if not filename:
filename = '%s_export.pcap' % export_name
if self.options.timerange:
timefilter = TimeFilter.parse_range(self.options.timerange)
elif self.options.start_time and self.options.end_time:
start = string_to_datetime(float(self.options.start_time))
end = string_to_datetime(float(self.options.end_time))
timefilter = TimeFilter(start, end)
else:
self.optparse.error('Select either --timerange or --start and --end times')
config = {
#'output_filename': filename,
'output_format': 'PCAP_US',
'start_time': datetime_to_seconds(timefilter.start),
'end_time': datetime_to_seconds(timefilter.end),
}
if self.options.filters:
filters = [f.split('=') for f in self.options.filters]
filters = [r'%s="%s"' % (k, v) for k, v in filters]
config['filters'] = [NetSharkFilter(filt).bind(self.netshark) for filt in filters]
try:
export_id = create_export(source.id, config=config)
print 'Export created with ID: %s' % export_id
status = status_export(source.id, export_id['id'])
print 'Current status of export is:\n%s' % status
if status['status']['state'] == 'RUNNING':
print 'beginning download to file %s' % filename
download_export(source.id, export_id['id'], filename)
finally:
try:
print 'Trying to delete export ... ',
delete_export(source.id, export_id['id'])
print 'deleted.'
except:
print 'Error when trying to delete export. Ignoring.'
pass
