def loadpcap(self, pcapfile, field, exp):
self.tm = float(0.0)
try:
pcapinfo = pyshark.read(pcapfile, field, exp)
except pyshark.PySharkError:
return
stm = 0.0
cmd = 'INSERT INTO pcaplog VALUES ('
for pkt in pcapinfo:
#print pkt
tm = pkt['frame.time_epoch']
if self.tm == 0:
self.radio_up.append([pkt, pcapfile])
stm = tm
#elif tm < self.tm:
#print 'ERROR:', pkt, pcapfile
elif tm - self.tm > self.gap:
self.radio_up.append([pkt, pcapfile])
self.tm = tm
cmd = cmd + str(stm) + ',' + str(self.tm) + ',"' + pcapfile + '")'
self.pcapinfo.append([stm, self.tm, pcapfile])
try:
c = self.pcapconn.cursor()
c.execute(cmd)
self.pcapconn.commit()
except sqlite3.OperationalError:
print cmd
def loadpcap(self, pcapfile, field, exp):
if self.got:
return
try:
pcapinfo = pyshark.read(pcapfile, field, exp)
except pyshark.PySharkError:
return
sta = 0
stm = 0
etm = 0
for pkt in pcapinfo:
tm = pkt['frame.time_epoch']
if sta == 0:
stm = tm
sta = 1
else:
etm = tm
stm = datetime.utcfromtimestamp(stm)
stm = stm.strftime('%Y-%m-%d %H:%M:%S.%f')
etm = datetime.utcfromtimestamp(etm)
etm = etm.strftime('%Y-%m-%d %H:%M:%S.%f')
# print stm, etm, pcapfile
self.pcapinfo.append([stm, etm, pcapfile])
def dopcap(arg):
channel = getMQchannel()
filename = arg
print filename
packs = []
try:
packs = pyshark.read(filename, ['frame.time','ip.src', 'ip.dst', 'http.host', 'http.request.uri', 'http.user_agent', 'tcp.data','http.content_type', 'http.x_forwarded_for', 'http.x_real_ip', 'smtp.req.parameter', 'smtp.resp.parameter'], 'ip')
except Exception, e:
print e
return
def main(arvg):
capture = pyshark.read('BECA.pcap', [
'frame.number', 'frame.time', 'ip.addr', 'frame.time_delta',
'wlan.bssid', 'wlan.fc.retry'
], 'ip.version eq 4')
capture = list(capture)
print "The length of the file is of ", len(capture), " lines."
###Variables
statistics = defaultdict(list)
counter = 0
meanInterArrivalTime = defaultdict(list)
###Filling the statistics dictionary of lists
###First index in capute list, should be an int. That's why "counter" exists. Fix needed.
for lines in capture:
statistics[capture[counter]['ip.addr'][0]].append(
capture[counter]['frame.time'])
counter = counter + 1
for k in statistics:
#print statistics[k]
perHostStatistics = statistics[
k] #Reading statistics from one key (ergo host) at a time.
previous = 0
DoA = 0 ##Difference of Arrival
lsDoA = [
] ##Difference of Arrival list of values (used for computing metrics)
###Computing###
if len(perHostStatistics) > 2:
print "\n+++Entering for node: ", k
for item in perHostStatistics:
substraction = item - previous
if substraction == item: #this causes an error
substraction = 0 #maybe should fix it
lsDoA.append(substraction)
previous = item
print "+++Node: ", k, " the average DoA is: ", "%.9f" % average(
lsDoA)
print "+++Node: ", k, " with a standard deviation of", "%.9f" % std(
lsDoA)
else:
print "\n---Node ", k, " does not have enough readings to be counted."
continue
def main(arvg):
capture = pyshark.read('BECA.pcap', ['frame.number', 'frame.time', 'ip.addr', 'frame.time_delta', 'wlan.bssid', 'wlan.fc.retry'], 'ip.version eq 4')
capture = list(capture)
print "The length of the file is of ",len(capture)," lines."
###Variables
statistics = defaultdict(list)
counter = 0
meanInterArrivalTime = defaultdict(list)
###Filling the statistics dictionary of lists
###First index in capute list, should be an int. That's why "counter" exists. Fix needed.
for lines in capture:
statistics[capture[counter]['ip.addr'][0]].append(capture[counter]['frame.time'])
counter = counter + 1
for k in statistics:
#print statistics[k]
perHostStatistics = statistics[k] #Reading statistics from one key (ergo host) at a time.
previous = 0
DoA = 0 ##Difference of Arrival
lsDoA = [] ##Difference of Arrival list of values (used for computing metrics)
###Computing###
if len(perHostStatistics) > 2:
print "\n+++Entering for node: ", k
for item in perHostStatistics:
substraction = item - previous
if substraction == item: #this causes an error
substraction = 0 #maybe should fix it
lsDoA.append(substraction)
previous = item
print "+++Node: ", k ," the average DoA is: ", "%.9f" % average(lsDoA)
print "+++Node: ", k ," with a standard deviation of", "%.9f" % std(lsDoA)
else:
print "\n---Node " ,k , " does not have enough readings to be counted."
continue
'Create',
'Close',
'Flush',
'Read',
'Write',
'Lock',
'IoCtl',
'Cancel',
'Echo',
'QueryDirectory',
'ChangeNotify',
'QueryInfo',
'SetInfo',
'OplockBreak' ]
f = pyshark.read('/home/coffeedude/Desktop/Ubuntu-Boot-1.pcap', ['smb2.cmd'], 'smb2 && smb2.flags.response == 0')
b = list(f)
lengths = {}
for i in range(len(b)):
if list == type(b[i]['smb2.cmd']):
for j in range(len(b[i]['smb2.cmd'])):
if str(b[i]['smb2.cmd'][j]) in lengths:
lengths[str(b[i]['smb2.cmd'][j])] += 1
else:
lengths[str(b[i]['smb2.cmd'][j])] = 1
else:
if str(b[i]['smb2.cmd']) in lengths:
lengths[str(b[i]['smb2.cmd'])] += 1
else:
lengths[str(b[i]['smb2.cmd'])] = 1
if len(OpList) == 0:
return 0
if OpList[0].request.command != smb2.SMB2_CREATE:
return -1
if OpList[-1].request.command != smb2.SMB2_CLOSE:
return '(active)'
return OpList[-1].request.time - OpList[0].request.time
#
# MAIN
#
pcap_file = pyshark.read(sys.argv[1], fields, 'smb2')
# Get the base part of the file name specified on the command line
# E.g. "/a/b/c/d/my_capture_file.pcap" => "my_capture_file"
_base_filename = sys.argv[1].rsplit(os.sep, 1)[-1]
_logname_base = './' + _base_filename.rsplit(os.extsep, 1)[0]
_logname_cmd_distrib = _logname_base + '.cmds.csv'
_logname_io_stat = _logname_base + '.rwstats.csv'
_logname_offset = _logname_base + '.offsets.csv'
_logname_handle = _logname_base + '.handles.csv'
log_cmds = file(_logname_cmd_distrib, 'w')
log_io = file(_logname_io_stat, 'w')
log_offset = file(_logname_offset, 'w')
log_lifetime = file(_logname_handle, 'w')
def add(self, pfile): self.pfile = pfile #self.pcap = pyshark.read(pfile, ['frame.number', 'frame'], self.wire_filter) self.pcap = pyshark.read(pfile, ['frame.number'], self.wire_filter)
#!/usr/bin/env python
import pyshark
if __name__ == '__main__':
f = pyshark.read('/home/coffeedude/Desktop/sample_smb.pcap', ['smb2.read_length'], 'smb2 && smb2.cmd == 8 && smb2.flags.response')
b = list(f)
print "Number of SMB2_READ requests == %s" % (len(b))
lengths = {}
for i in range(len(b)):
if list == type(b[i]['smb2.read_length']):
for j in range(len(b[i]['smb2.read_length'])):
if str(b[i]['smb2.read_length'][j]) in lengths:
lengths[str(b[i]['smb2.read_length'][j])] += 1
else:
lengths[str(b[i]['smb2.read_length'][j])] = 1
else:
if str(b[i]['smb2.read_length']) in lengths:
lengths[str(b[i]['smb2.read_length'])] += 1
else:
lengths[str(b[i]['smb2.read_length'])] = 1
key_list = [int(x) for x in lengths.keys()]
for k in sorted(key_list):
print "%s\t => %s" % (k, lengths[str(k)])
#!/usr/bin/env python
import sys
import pyshark
if __name__ == '__main__':
if len(sys.argv) < 2:
print >> sys.stderr, "usage: %s <pcap filename>" % (sys.argv[0])
sys.exit(1)
print "Opening file: %s" % (sys.argv[1])
f = pyshark.read(
sys.argv[1],
['smb2.read_length',
'smb2.write_length',
'smb2.file_offet', ],
'smb2 && ((smb2.cmd == 8) || (smb2.cmd == 9)) && smb2.flags.response == 1')
b = list(f)
rlengths = {}
wlengths = {}
for i in range(len(b)):
if 'smb2.read_length' in b[i]:
if list == type(b[i]['smb2.read_length']):
for j in range(len(b[i]['smb2.read_length'])):
if str(b[i]['smb2.read_length'][j]) in rlengths:
rlengths[str(b[i]['smb2.read_length'][j])] += 1
else:
rlengths[str(b[i]['smb2.read_length'][j])] = 1
else:
def add(self, pfile):
self.pfile = pfile
#self.pcap = pyshark.read(pfile, ['frame.number', 'frame'], self.wire_filter)
self.pcap = pyshark.read(pfile, ['frame.number'], self.wire_filter)
#!/usr/bin/env python
import pyshark
if __name__ == '__main__':
f = pyshark.read('/home/coffeedude/Desktop/Ubuntu-Boot-1.pcap', ['smb2.read_length'], 'smb2 && smb2.cmd == 8 && smb2.flags.response == 1')
b = list(f)
print "Number of SMB2_READ requests == %s" % (len(b))
lengths = {}
for i in range(len(b)):
if list == type(b[i]['smb2.read_length']):
for j in range(len(b[i]['smb2.read_length'])):
if str(b[i]['smb2.read_length'][j]) in lengths:
lengths[str(b[i]['smb2.read_length'][j])] += 1
else:
lengths[str(b[i]['smb2.read_length'][j])] = 1
else:
if str(b[i]['smb2.read_length']) in lengths:
lengths[str(b[i]['smb2.read_length'])] += 1
else:
lengths[str(b[i]['smb2.read_length'])] = 1
key_list = [int(x) for x in lengths.keys()]
for k in sorted(key_list):
print "%s, %s" % (k, lengths[str(k)])
def loadpcap(self, pcapfile, field, exp):
self.tm = float(0.0)
try:
pcapinfo = pyshark.read(pcapfile, field, exp)
except pyshark.PySharkError:
return
stm = 0.0
cmd = 'INSERT INTO pcaplog VALUES ('
for pkt in pcapinfo:
#print pkt
tm = pkt['frame.time_epoch']
if self.tm == 0:
self.radio_up.append([pkt, pcapfile])
stm = tm
#elif tm < self.tm:
#print 'ERROR:', pkt, pcapfile
elif tm - self.tm > self.gap:
self.radio_up.append([pkt, pcapfile])
self.tm = tm
cmd = cmd + str(stm) + ','+str(self.tm)+',"'+pcapfile+'")'
self.pcapinfo.append([stm, self.tm, pcapfile])
try:
c = self.pcapconn.cursor()
c.execute(cmd)
self.pcapconn.commit()
except sqlite3.OperationalError:
print cmd