noisedestroyers/StreamLens
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bb3eeb79d0bb3619812e18005310cc0e61092296
StreamLens/debug_background_outlier_count.py

96 lines
4.0 KiB
Python
Raw Normal View History

tabbed frametype filtering
2025-07-30 23:48:32 -04:00
#!/usr/bin/env python3
"""Debug background analyzer outlier count"""
import sys
sys.path.append('.')
from analyzer.analysis import EthernetAnalyzer
from analyzer.analysis.background_analyzer import BackgroundAnalyzer
import time
def debug_background_outlier_count(pcap_file="1 PTPGM.pcapng", src_ip="192.168.4.89"):
"""Debug background analyzer outlier counting"""
print("=== Debugging Background Analyzer Outlier Count ===")
# Test background analyzer (used by TUI)
analyzer = EthernetAnalyzer(enable_realtime=False, outlier_threshold_sigma=3.0)
bg_analyzer = BackgroundAnalyzer(analyzer, num_threads=1)
bg_analyzer.start_parsing(pcap_file)
while bg_analyzer.is_parsing:
time.sleep(0.1)
# Find test flow
test_flow = None
for flow_key, flow in analyzer.flows.items():
if flow.src_ip == src_ip:
test_flow = flow
break
if not test_flow:
print(f"❌ No flow found from {src_ip}")
return
print(f"\n✅ Found flow: {test_flow.src_ip}:{test_flow.src_port}{test_flow.dst_ip}:{test_flow.dst_port}")
# Check both flow-level and frame-type outliers
print(f"\n=== Outlier Count Analysis ===")
print(f"Flow-level outliers: {len(test_flow.outlier_frames)}")
total_frame_type_outliers = 0
for frame_type, ft_stats in test_flow.frame_types.items():
outlier_count = len(ft_stats.outlier_frames)
total_frame_type_outliers += outlier_count
if outlier_count > 0:
print(f" {frame_type}: {outlier_count} outliers")
print(f"Total frame-type outliers: {total_frame_type_outliers}")
# This is what the TUI should be showing
frame_type_outlier_count = sum(len(ft_stats.outlier_frames) for ft_stats in test_flow.frame_types.values())
print(f"TUI should show: {frame_type_outlier_count} outliers")
# Let's check if the flow-level outliers are contaminating things
if len(test_flow.outlier_frames) != frame_type_outlier_count:
print(f"\n⚠️ DISCREPANCY FOUND!")
print(f" Flow-level outliers: {len(test_flow.outlier_frames)}")
print(f" Frame-type outliers: {frame_type_outlier_count}")
print(f"\nFlow-level outlier frames: {sorted(test_flow.outlier_frames)}")
# Show which frames are different
frame_type_outlier_frames = set()
for ft_stats in test_flow.frame_types.values():
frame_type_outlier_frames.update(ft_stats.outlier_frames)
flow_level_set = set(test_flow.outlier_frames)
frame_type_set = frame_type_outlier_frames
only_in_flow_level = flow_level_set - frame_type_set
only_in_frame_type = frame_type_set - flow_level_set
if only_in_flow_level:
print(f"Outliers only in flow-level: {sorted(only_in_flow_level)}")
if only_in_frame_type:
print(f"Outliers only in frame-type: {sorted(only_in_frame_type)}")
# Check specific CH10-Data outliers in detail
print(f"\n=== CH10-Data Detailed Analysis ===")
ch10_stats = test_flow.frame_types.get('CH10-Data')
if ch10_stats:
print(f"CH10-Data outliers: {len(ch10_stats.outlier_frames)}")
print(f"CH10-Data outlier frames: {sorted(ch10_stats.outlier_frames)}")
# Check enhanced details
if hasattr(ch10_stats, 'enhanced_outlier_details') and ch10_stats.enhanced_outlier_details:
print(f"Enhanced outlier details: {len(ch10_stats.enhanced_outlier_details)}")
for frame_num, prev_frame_num, delta_t in ch10_stats.enhanced_outlier_details:
deviation = (delta_t - ch10_stats.avg_inter_arrival) / ch10_stats.std_inter_arrival if ch10_stats.std_inter_arrival > 0 else 0
print(f" Frame {frame_num} (from {prev_frame_num}): {delta_t * 1000:.3f} ms ({deviation:.1f}σ)")
if __name__ == "__main__":
if len(sys.argv) > 1:
debug_background_outlier_count(sys.argv[1])
else:
debug_background_outlier_count()
Reference in New Issue Copy Permalink