re-focus on TUI and core

2025-07-26 16:51:37 -04:00
parent 272d23c6be
commit 0f2fc8f92c
5 changed files with 359 additions and 21 deletions
--- a/analyzer/analysis/flow_manager.py
+++ b/analyzer/analysis/flow_manager.py
@@ -40,6 +40,9 @@ class FlowManager:
        timestamp = float(packet.time)
        packet_size = len(packet)
        
+        # Extract transport layer information
+        transport_info = self._extract_transport_info(packet)
+        
        # Determine basic protocol
        protocols = self._detect_basic_protocols(packet)
        
@@ -51,6 +54,10 @@ class FlowManager:
            self.flows[flow_key] = FlowStats(
                src_ip=src_ip,
                dst_ip=dst_ip,
+                src_port=transport_info['src_port'],
+                dst_port=transport_info['dst_port'],
+                transport_protocol=transport_info['protocol'],
+                traffic_classification=self._classify_traffic(dst_ip),
                frame_count=0,
                timestamps=[],
                frame_numbers=[],
@@ -314,6 +321,64 @@ class FlowManager:
            inter_arrival = timestamp - ft_stats.timestamps[-2]
            ft_stats.inter_arrival_times.append(inter_arrival)
    
+    def _extract_transport_info(self, packet: Packet) -> Dict[str, any]:
+        """Extract transport protocol and port information from packet"""
+        transport_info = {
+            'protocol': 'Unknown',
+            'src_port': 0,
+            'dst_port': 0
+        }
+        
+        if packet.haslayer(UDP):
+            udp_layer = packet[UDP]
+            transport_info['protocol'] = 'UDP'
+            transport_info['src_port'] = udp_layer.sport
+            transport_info['dst_port'] = udp_layer.dport
+        elif packet.haslayer(TCP):
+            tcp_layer = packet[TCP]
+            transport_info['protocol'] = 'TCP'
+            transport_info['src_port'] = tcp_layer.sport
+            transport_info['dst_port'] = tcp_layer.dport
+        elif packet.haslayer(IP):
+            ip_layer = packet[IP]
+            if ip_layer.proto == 1:
+                transport_info['protocol'] = 'ICMP'
+            elif ip_layer.proto == 2:
+                transport_info['protocol'] = 'IGMP'
+            elif ip_layer.proto == 6:
+                transport_info['protocol'] = 'TCP'
+            elif ip_layer.proto == 17:
+                transport_info['protocol'] = 'UDP'
+            else:
+                transport_info['protocol'] = f'IP-{ip_layer.proto}'
+        
+        return transport_info
+    
+    def _classify_traffic(self, dst_ip: str) -> str:
+        """Classify traffic as Unicast, Multicast, or Broadcast based on destination IP"""
+        try:
+            # Check for broadcast address
+            if dst_ip == '255.255.255.255':
+                return 'Broadcast'
+            
+            # Check for multicast ranges
+            if dst_ip.startswith('224.') or dst_ip.startswith('239.'):
+                return 'Multicast'
+            
+            # Check for other multicast ranges (224.0.0.0 to 239.255.255.255)
+            ip_parts = dst_ip.split('.')
+            if len(ip_parts) == 4:
+                first_octet = int(ip_parts[0])
+                if 224 <= first_octet <= 239:
+                    return 'Multicast'
+            
+            # Everything else is unicast
+            return 'Unicast'
+            
+        except (ValueError, IndexError):
+            # If IP parsing fails, default to unknown
+            return 'Unknown'
+    
    def get_flows_summary(self) -> Dict:
        """Get summary of all flows"""
        unique_ips = set()