]> git.somenet.org - pub/jan/netsec2.git/blob - exercise2/task1/somefilter.py
SomeNet / public repos / pub / jan / netsec2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
GITOLITE.txt
[pub/jan/netsec2.git] / exercise2 / task1 / somefilter.py
1 #!/usr/bin/env python
2
3 from scapy.all import *
4
5 def somefilter(pcapfile):
6     flows = dict()
7     for p in PcapReader(pcapfile):
8         if IP in p:
9             src = p[IP].src
10             dst = p[IP].dst
11     
12             if (src,dst) in flows:
13                 flows[(src,dst)] +=1
14             else:
15                 flows[(src,dst)] = 1
16     
17     for flow,cnt in flows.items():
18         if cnt >= 400:
19             print 'tshark -r '+pcapfile+' -w "flow_'+flow[0]+'_'+flow[1]+'.pcap" -F pcap ' \
20                    + '\'ip.src == '+flow[0]+' and ip.dst == '+flow[1]+'\''
21     
22 if __name__ == "__main__":
23         somefilter("team15_ex21.pcap")