78 lines
2.8 KiB
Python
78 lines
2.8 KiB
Python
|
#!/usr/bin/env python3
|
|||
|
|
"""Debug all flows and their outliers"""
|
|||
|
|
|
|||
|
|
import sys
|
|||
|
|
sys.path.append('.')
|
|||
|
|
|
|||
|
|
from analyzer.analysis import EthernetAnalyzer
|
|||
|
|
from analyzer.utils import PCAPLoader
|
|||
|
|
from analyzer.analysis.background_analyzer import BackgroundAnalyzer
|
|||
|
|
import time
|
|||
|
|
|
|||
|
|
def debug_all_flows(pcap_file):
|
|||
|
|
"""Debug all flows to find which has 19 outliers"""
|
|||
|
|
|
|||
|
|
# Use background analyzer like TUI does
|
|||
|
|
analyzer = EthernetAnalyzer(outlier_threshold_sigma=3.0)
|
|||
|
|
bg_analyzer = BackgroundAnalyzer(analyzer)
|
|||
|
|
|
|||
|
|
print("Processing with background analyzer...")
|
|||
|
|
bg_analyzer.start_parsing(pcap_file)
|
|||
|
|
|
|||
|
|
# Wait for completion
|
|||
|
|
while bg_analyzer.is_parsing:
|
|||
|
|
time.sleep(0.1)
|
|||
|
|
|
|||
|
|
print("\n=== ALL FLOWS ===")
|
|||
|
|
|
|||
|
|
# Sort flows by outlier count descending
|
|||
|
|
flows_with_outliers = []
|
|||
|
|
for flow_key, flow in analyzer.flows.items():
|
|||
|
|
if len(flow.outlier_frames) > 0:
|
|||
|
|
flows_with_outliers.append((flow, len(flow.outlier_frames)))
|
|||
|
|
|
|||
|
|
flows_with_outliers.sort(key=lambda x: x[1], reverse=True)
|
|||
|
|
|
|||
|
|
# Show all flows with outliers
|
|||
|
|
for flow, outlier_count in flows_with_outliers:
|
|||
|
|
print(f"\nFlow: {flow.src_ip}:{flow.src_port} -> {flow.dst_ip}:{flow.dst_port}")
|
|||
|
|
print(f" Protocol: {flow.transport_protocol}")
|
|||
|
|
print(f" Packets: {flow.frame_count}")
|
|||
|
|
print(f" Outliers: {outlier_count}")
|
|||
|
|
print(f" Outlier frames: {sorted(flow.outlier_frames)[:10]}")
|
|||
|
|
if len(flow.outlier_frames) > 10:
|
|||
|
|
print(f" ... and {len(flow.outlier_frames) - 10} more")
|
|||
|
|
print(f" Avg ΔT: {flow.avg_inter_arrival * 1000:.3f} ms")
|
|||
|
|
print(f" Std σ: {flow.std_inter_arrival * 1000:.3f} ms")
|
|||
|
|
|
|||
|
|
# Check if this is the one with 19 outliers
|
|||
|
|
if outlier_count == 19:
|
|||
|
|
print(" ⚠️ FOUND THE FLOW WITH 19 OUTLIERS!")
|
|||
|
|
|
|||
|
|
# Show frame type breakdown
|
|||
|
|
print("\n Frame Type Breakdown:")
|
|||
|
|
for ft, stats in flow.frame_types.items():
|
|||
|
|
print(f" {ft}: {stats.count} packets")
|
|||
|
|
|
|||
|
|
# Summary
|
|||
|
|
print(f"\n=== SUMMARY ===")
|
|||
|
|
print(f"Total flows: {len(analyzer.flows)}")
|
|||
|
|
print(f"Flows with outliers: {len(flows_with_outliers)}")
|
|||
|
|
|
|||
|
|
# Look for any flow with exactly 19 outliers
|
|||
|
|
flows_19 = [f for f, c in flows_with_outliers if c == 19]
|
|||
|
|
if flows_19:
|
|||
|
|
print(f"\n✅ Found {len(flows_19)} flow(s) with exactly 19 outliers!")
|
|||
|
|
else:
|
|||
|
|
print("\n❌ No flow found with exactly 19 outliers")
|
|||
|
|
|
|||
|
|
# Show top 5 by outlier count
|
|||
|
|
print("\nTop 5 flows by outlier count:")
|
|||
|
|
for flow, count in flows_with_outliers[:5]:
|
|||
|
|
print(f" {flow.src_ip} -> {flow.dst_ip}: {count} outliers")
|
|||
|
|
|
|||
|
|
if __name__ == "__main__":
|
|||
|
|
if len(sys.argv) > 1:
|
|||
|
|
debug_all_flows(sys.argv[1])
|
|||
|
|
else:
|
|||
|
|
debug_all_flows("1 PTPGM.pcapng")
|