#!/usr/bin/env python

from scapy.all import *

def somefilter(pcapfile):
    flows = dict()
    for p in PcapReader(pcapfile):
        if IP in p:
            src = p[IP].src
            dst = p[IP].dst
    
            if (src,dst) in flows:
                flows[(src,dst)] +=1
            else:
                flows[(src,dst)] = 1
    
    for flow,cnt in flows.items():
        if cnt >= 400:
            print 'tshark -r '+pcapfile+' -w "flow_'+flow[0]+'_'+flow[1]+'.pcap" -F pcap ' \
                   + '\'ip.src == '+flow[0]+' and ip.dst == '+flow[1]+'\''
    
if __name__ == "__main__":
	somefilter("team15_ex21.pcap")