def ethernet_Mac(collection): Field1 = 'EthernetHeader.source_address' Field2 = 'EthernetHeader.destination_address' projects = collection.find(projection=[Field1]).distinct(Field1) json_projects = [] for project in projects: json_projects.append(project) projects = collection.find(projection=[Field2]).distinct(Field2) for project in projects: helper.addDistinct(json_projects, project) json_projects = json.dumps(json_projects, default=json_util.default) return json_projects
def ethernet_Mac(collection): Field1 = "EthernetHeader.source_address" Field2 = "EthernetHeader.destination_address" projects = collection.find(projection=[Field1]).distinct(Field1) json_projects = [] for project in projects: json_projects.append(project) projects = collection.find(projection=[Field2]).distinct(Field2) for project in projects: helper.addDistinct(json_projects, project) json_projects = json.dumps(json_projects, default=json_util.default) return json_projects
def ip_Matrix(collection): json_projects = {} nodes = [] links = [] nodes_ = [] nodeLink = {} seenLinks = {} ident = 0 Field = "IPHeader.destination_address" projects = collection.find({"EthernetHeader.type":2048}).distinct(Field) for project in projects: helper.addDistinct(nodes_, project) Field = "IPHeader.source_address" projects = collection.find({"EthernetHeader.type":2048}).distinct(Field) for project in projects: helper.addDistinct(nodes_, project) for node in nodes_: tmp = {} tmp["name"] = node tmp["id"] = ident nodeLink[node] = ident ident = ident + 1 tmp["group"] = 1 nodes.append(tmp) x = {"$project": {"srcip": "$IPHeader.source_address", "dstip": "$IPHeader.destination_address" }} y = {"$match": {"IPHeader.source_address" : {"$exists": True}}} z = {"$group": {"_id": {"srcip": "$srcip", "dstip": "$dstip"}, "count": {"$sum" : 1}}} pipeline = [y,x,z] projects = collection.aggregate(pipeline) for project in projects: tmp = {} source = project.get("_id").get("srcip") target = project.get("_id").get("dstip") seenLink = source+target if seenLink in seenLinks: for singleLink in links: if singleLink["source"] == source and singleLink["target"] == target: singleLink["value"] = singleLink["value"] + project.get("count") else: tmp["source"] = nodeLink[source] tmp["target"] = nodeLink[target] tmp["value"] = project.get("count") links.append(tmp) seenLinks[seenLink] = links.index(tmp) json_projects["nodes"] = nodes json_projects["links"] = links json_projects = json.dumps(json_projects, default=json_util.default) return json_projects