]> git.somenet.org - pub/jan/netsec2.git/blob - exercise2/task1/readflows.py
try second-largest flow
[pub/jan/netsec2.git] / exercise2 / task1 / readflows.py
1 #!/usr/bin/env python
2
3 # disable IPv6 error message
4 import logging
5 logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
6 from scapy.all import *
7 logging.getLogger("scapy.runtime").setLevel(logging.WARN)
8 from pprint import pprint
9
10 # disable payload parsing (saves two seconds runtime^^)
11 IP.payload_guess = []
12
13 flowset = {}
14
15 for p in PcapReader('ex21.pcap'):
16     if IP in p:
17         src = p[IP].src
18         dst = p[IP].dst
19
20         if (src,dst) in flowset:
21             i,o = flowset[(src,dst)]
22             flowset[(src,dst)] = (i+1,o)
23         elif (dst,src) in flowset:
24             i,o = flowset[(dst,src)]
25             flowset[(dst,src)] = (i,o+1)
26         else:
27             flowset[(src,dst)] = (1, 0)
28
29 largeflows = {}
30
31 for flow,counts in flowset.items():
32     if counts[0]+counts[1] >= 400:
33         largeflows[flow] = counts
34
35 pprint(largeflows)