tabbed frametype filtering

debug_tui_outlier_count.py

@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+"""Debug TUI outlier count calculation"""
+
+import sys
+sys.path.append('.')
+
+from analyzer.analysis import EthernetAnalyzer
+from analyzer.analysis.background_analyzer import BackgroundAnalyzer
+import time
+
+def debug_tui_outlier_count(pcap_file="1 PTPGM.pcapng"):
+    """Debug TUI outlier count calculation across all flows"""
+    
+    print("=== Debugging TUI Outlier Count Calculation ===")
+    
+    # Test background analyzer (used by TUI)
+    analyzer = EthernetAnalyzer(enable_realtime=False, outlier_threshold_sigma=3.0)
+    bg_analyzer = BackgroundAnalyzer(analyzer, num_threads=1)
+    
+    bg_analyzer.start_parsing(pcap_file)
+    while bg_analyzer.is_parsing:
+        time.sleep(0.1)
+    
+    # Replicate TUI outlier count calculation (from app_v2.py:220)
+    flows = bg_analyzer.get_current_flows()
+    
+    print(f"Total flows: {len(flows)}")
+    
+    # Calculate outliers exactly like the TUI does
+    tui_outlier_count = 0  # Using flow.outlier_frames (WRONG)
+    correct_outlier_count = 0  # Using frame-type outliers (CORRECT)
+    
+    print(f"\n=== Per-Flow Outlier Analysis ===")
+    for i, (flow_key, flow) in enumerate(flows.items(), 1):
+        flow_level_outliers = len(flow.outlier_frames)
+        frame_type_outliers = sum(len(ft_stats.outlier_frames) for ft_stats in flow.frame_types.values())
+        
+        tui_outlier_count += flow_level_outliers
+        correct_outlier_count += frame_type_outliers
+        
+        if flow_level_outliers > 0 or frame_type_outliers > 0:
+            print(f"Flow {i}: {flow.src_ip}:{flow.src_port} → {flow.dst_ip}:{flow.dst_port}")
+            print(f"  Flow-level outliers: {flow_level_outliers}")
+            print(f"  Frame-type outliers: {frame_type_outliers}")
+            
+            # Show the outlier frames
+            if flow_level_outliers > 0:
+                print(f"  Flow-level frames: {sorted(flow.outlier_frames)}")
+            
+            if frame_type_outliers > 0:
+                for frame_type, ft_stats in flow.frame_types.items():
+                    if len(ft_stats.outlier_frames) > 0:
+                        print(f"    {frame_type}: {len(ft_stats.outlier_frames)} ({sorted(ft_stats.outlier_frames)})")
+    
+    print(f"\n=== Summary ===")
+    print(f"TUI currently shows (WRONG): {tui_outlier_count} outliers")
+    print(f"TUI should show (CORRECT): {correct_outlier_count} outliers")
+    
+    if tui_outlier_count == 20:
+        print(f"✅ Found the source of your 20 outliers!")
+    else:
+        print(f"⚠️  TUI count doesn't match your observation of 20")
+
+if __name__ == "__main__":
+    if len(sys.argv) > 1:
+        debug_tui_outlier_count(sys.argv[1])
+    else:
+        debug_tui_outlier_count()