def parse(f, proto=None):
logger = logging.getLogger('pcap-to-data-flow')
logger.info('Reading %s as %s proto ...', repr(f), proto)
# @see http://kisom.github.io/pypcapfile/
# @see https://stackoverflow.com/questions/42963343/reading-pcap-file-with-scapy
packets = rdpcap(f)
packets_count = len(packets)
packets_time_diff = packets[-1].time - packets[0].time
logger.info('Packets read: %d / sniffed in %.2f sec / %s', packets_count, packets_time_diff, repr(packets))
# logger.info('First one: %s', repr(packets[0]))
# logger.info('Last one: %s', repr(packets[-1]))
packets = [
(packet['IP'], packet['Raw'])
for packet in packets
]
# print(packets)
# protocol specific handling
if proto == 'redis':
packets = map(parse_redis_packet, packets)
elif proto =='scribe':
packets = map(parse_scribe_packet, packets)
elif proto is None:
packets = map(parse_raw_packet, packets)
else:
raise Exception('Unsupported proto: %s', proto)
# remove empty entries
packets = filter(lambda x: x is not None, packets)
# and sort starting with the most frequent ones
stats = Counter(packets)
(_, top_freq) = stats.most_common(1)[0] # the most frequent entry with have edge weight = 1
packets = [
'{}\t{:.4f}'.format(val, 1. * freq / top_freq)
for (val, freq) in stats.most_common()
]
print('# processed {} packets sniffed in {:.2f} sec as {}'.format(packets_count, packets_time_diff, proto))
print('\n'.join(packets))
评论列表
文章目录
