#!/usr/bin/env python3 """Debug real-time vs batch outlier calculation""" import sys sys.path.append('.') from analyzer.analysis import EthernetAnalyzer from analyzer.utils import PCAPLoader from analyzer.analysis.background_analyzer import BackgroundAnalyzer import time def test_realtime_vs_batch(pcap_file, src_ip="192.168.4.89"): """Test outlier calculation with real-time vs batch processing""" print("=== TEST 1: Batch Processing (Normal) ===") analyzer1 = EthernetAnalyzer(enable_realtime=False, outlier_threshold_sigma=3.0) loader = PCAPLoader(pcap_file) packets = loader.load_all() for i, packet in enumerate(packets, 1): analyzer1._process_single_packet(packet, i) analyzer1.calculate_statistics() flow1 = None for flow_key, flow in analyzer1.flows.items(): if flow.src_ip == src_ip: flow1 = flow break if flow1: print(f"Flow: {flow1.src_ip}:{flow1.src_port} -> {flow1.dst_ip}:{flow1.dst_port}") print(f"Outliers: {len(flow1.outlier_frames)}") print(f"Outlier frames: {sorted(flow1.outlier_frames)}") print("\n=== TEST 2: Real-time Processing ===") analyzer2 = EthernetAnalyzer(enable_realtime=True, outlier_threshold_sigma=3.0) for i, packet in enumerate(packets, 1): analyzer2._process_single_packet(packet, i) analyzer2.calculate_statistics() flow2 = None for flow_key, flow in analyzer2.flows.items(): if flow.src_ip == src_ip: flow2 = flow break if flow2: print(f"Flow: {flow2.src_ip}:{flow2.src_port} -> {flow2.dst_ip}:{flow2.dst_port}") print(f"Outliers: {len(flow2.outlier_frames)}") print(f"Outlier frames: {sorted(flow2.outlier_frames)}") print("\n=== TEST 3: Background Processing (TUI-style) ===") analyzer3 = EthernetAnalyzer(enable_realtime=False, outlier_threshold_sigma=3.0) bg_analyzer = BackgroundAnalyzer(analyzer3) bg_analyzer.start_parsing(pcap_file) while bg_analyzer.is_parsing: time.sleep(0.1) flow3 = None for flow_key, flow in analyzer3.flows.items(): if flow.src_ip == src_ip: flow3 = flow break if flow3: print(f"Flow: {flow3.src_ip}:{flow3.src_port} -> {flow3.dst_ip}:{flow3.dst_port}") print(f"Outliers: {len(flow3.outlier_frames)}") print(f"Outlier frames: {sorted(flow3.outlier_frames)}") print("\n=== TEST 4: Background Processing with Real-time ===") analyzer4 = EthernetAnalyzer(enable_realtime=True, outlier_threshold_sigma=3.0) bg_analyzer4 = BackgroundAnalyzer(analyzer4) bg_analyzer4.start_parsing(pcap_file) while bg_analyzer4.is_parsing: time.sleep(0.1) flow4 = None for flow_key, flow in analyzer4.flows.items(): if flow.src_ip == src_ip: flow4 = flow break if flow4: print(f"Flow: {flow4.src_ip}:{flow4.src_port} -> {flow4.dst_ip}:{flow4.dst_port}") print(f"Outliers: {len(flow4.outlier_frames)}") print(f"Outlier frames: {sorted(flow4.outlier_frames)}") print("\n=== COMPARISON ===") if flow1 and flow2 and flow3 and flow4: counts = [len(flow1.outlier_frames), len(flow2.outlier_frames), len(flow3.outlier_frames), len(flow4.outlier_frames)] print(f"Batch: {counts[0]} outliers") print(f"Real-time: {counts[1]} outliers") print(f"Background: {counts[2]} outliers") print(f"Background+Real-time: {counts[3]} outliers") if 19 in counts: method = ["Batch", "Real-time", "Background", "Background+Real-time"][counts.index(19)] print(f"\n✅ Found 19 outliers in: {method}") else: print(f"\n❌ No method shows 19 outliers") if __name__ == "__main__": if len(sys.argv) > 1: test_realtime_vs_batch(sys.argv[1]) else: test_realtime_vs_batch("1 PTPGM.pcapng")