#!/usr/bin/env python3 """Debug specific outlier around frame 1001""" import sys sys.path.append('.') from analyzer.analysis import EthernetAnalyzer from analyzer.utils import PCAPLoader def debug_specific_outlier(pcap_file="1 PTPGM.pcapng", src_ip="192.168.4.89"): """Debug specific outlier around frame 1001""" print("=== Debugging Specific Outlier Around Frame 1001 ===") # Initialize analyzer analyzer = EthernetAnalyzer(enable_realtime=False, outlier_threshold_sigma=3.0) # Load and process packets loader = PCAPLoader(pcap_file) packets = loader.load_all() print(f"Loaded {len(packets)} packets") # Process packets for i, packet in enumerate(packets, 1): analyzer._process_single_packet(packet, i) # Calculate statistics analyzer.calculate_statistics() # Find the test flow test_flow = None for flow_key, flow in analyzer.flows.items(): if flow.src_ip == src_ip: test_flow = flow break if not test_flow: print(f"❌ No flow found from {src_ip}") return print(f"\n✅ Found flow: {test_flow.src_ip}:{test_flow.src_port} → {test_flow.dst_ip}:{test_flow.dst_port}") # Check all frame types for outliers around frame 1001 target_frame = 1001 print(f"\n=== Searching for outliers around frame {target_frame} ===") for frame_type, ft_stats in test_flow.frame_types.items(): if hasattr(ft_stats, 'enhanced_outlier_details') and ft_stats.enhanced_outlier_details: for frame_num, prev_frame_num, delta_t in ft_stats.enhanced_outlier_details: if abs(frame_num - target_frame) <= 5: # Within 5 frames of target deviation = (delta_t - ft_stats.avg_inter_arrival) / ft_stats.std_inter_arrival if ft_stats.std_inter_arrival > 0 else 0 print(f" {frame_type}: Frame {frame_num} (from {prev_frame_num}): {delta_t * 1000:.3f} ms ({deviation:.1f}σ)") # Also check the raw outlier data for any issues print(f"\n=== All CH10-Data Outliers ===") ch10_data_stats = test_flow.frame_types.get('CH10-Data') if ch10_data_stats and hasattr(ch10_data_stats, 'enhanced_outlier_details'): print(f"Total CH10-Data outliers: {len(ch10_data_stats.enhanced_outlier_details)}") for i, (frame_num, prev_frame_num, delta_t) in enumerate(ch10_data_stats.enhanced_outlier_details): deviation = (delta_t - ch10_data_stats.avg_inter_arrival) / ch10_data_stats.std_inter_arrival if ch10_data_stats.std_inter_arrival > 0 else 0 print(f" {i+1}. Frame {frame_num} (from {prev_frame_num}): {delta_t * 1000:.3f} ms ({deviation:.1f}σ)") # Let's also check if there might be confusion between different data sources # Check if there are any outlier frames with frame# around 1001 and prev_frame# around 49 print(f"\n=== Searching for any outlier with prev_frame_num around 49 ===") found_suspicious = False for frame_type, ft_stats in test_flow.frame_types.items(): if hasattr(ft_stats, 'enhanced_outlier_details') and ft_stats.enhanced_outlier_details: for frame_num, prev_frame_num, delta_t in ft_stats.enhanced_outlier_details: if prev_frame_num >= 45 and prev_frame_num <= 55: # Around 49 deviation = (delta_t - ft_stats.avg_inter_arrival) / ft_stats.std_inter_arrival if ft_stats.std_inter_arrival > 0 else 0 print(f" {frame_type}: Frame {frame_num} (from {prev_frame_num}): {delta_t * 1000:.3f} ms ({deviation:.1f}σ)") found_suspicious = True if not found_suspicious: print(" No outliers found with prev_frame_num around 49") # Check the frame sequence around 1001 to understand the context print(f"\n=== Frame sequence context around {target_frame} ===") ch10_data_stats = test_flow.frame_types.get('CH10-Data') if ch10_data_stats: if target_frame in ch10_data_stats.frame_numbers: frame_index = ch10_data_stats.frame_numbers.index(target_frame) start_idx = max(0, frame_index - 2) end_idx = min(len(ch10_data_stats.frame_numbers), frame_index + 3) print(f"CH10-Data frames around index {frame_index}:") for i in range(start_idx, end_idx): marker = " -> " if i == frame_index else " " ts = ch10_data_stats.timestamps[i] if i < len(ch10_data_stats.timestamps) else "N/A" print(f"{marker}[{i}] Frame {ch10_data_stats.frame_numbers[i]}: {ts}") if __name__ == "__main__": if len(sys.argv) > 1: debug_specific_outlier(sys.argv[1]) else: debug_specific_outlier()