noisedestroyers/StreamLens
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
StreamLens/debug_all_flows.py

78 lines
2.8 KiB
Python
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env python3
"""Debug all flows and their outliers"""
import sys
sys.path.append('.')
from analyzer.analysis import EthernetAnalyzer
from analyzer.utils import PCAPLoader
from analyzer.analysis.background_analyzer import BackgroundAnalyzer
import time
def debug_all_flows(pcap_file):
"""Debug all flows to find which has 19 outliers"""
# Use background analyzer like TUI does
analyzer = EthernetAnalyzer(outlier_threshold_sigma=3.0)
bg_analyzer = BackgroundAnalyzer(analyzer)
print("Processing with background analyzer...")
bg_analyzer.start_parsing(pcap_file)
# Wait for completion
while bg_analyzer.is_parsing:
time.sleep(0.1)
print("\n=== ALL FLOWS ===")
# Sort flows by outlier count descending
flows_with_outliers = []
for flow_key, flow in analyzer.flows.items():
if len(flow.outlier_frames) > 0:
flows_with_outliers.append((flow, len(flow.outlier_frames)))
flows_with_outliers.sort(key=lambda x: x[1], reverse=True)
# Show all flows with outliers
for flow, outlier_count in flows_with_outliers:
print(f"\nFlow: {flow.src_ip}:{flow.src_port} -> {flow.dst_ip}:{flow.dst_port}")
print(f" Protocol: {flow.transport_protocol}")
print(f" Packets: {flow.frame_count}")
print(f" Outliers: {outlier_count}")
print(f" Outlier frames: {sorted(flow.outlier_frames)[:10]}")
if len(flow.outlier_frames) > 10:
print(f" ... and {len(flow.outlier_frames) - 10} more")
print(f" Avg ΔT: {flow.avg_inter_arrival * 1000:.3f} ms")
print(f" Std σ: {flow.std_inter_arrival * 1000:.3f} ms")
# Check if this is the one with 19 outliers
if outlier_count == 19:
print(" ⚠️ FOUND THE FLOW WITH 19 OUTLIERS!")
# Show frame type breakdown
print("\n Frame Type Breakdown:")
for ft, stats in flow.frame_types.items():
print(f" {ft}: {stats.count} packets")
# Summary
print(f"\n=== SUMMARY ===")
print(f"Total flows: {len(analyzer.flows)}")
print(f"Flows with outliers: {len(flows_with_outliers)}")
# Look for any flow with exactly 19 outliers
flows_19 = [f for f, c in flows_with_outliers if c == 19]
if flows_19:
print(f"\n✅ Found {len(flows_19)} flow(s) with exactly 19 outliers!")
else:
print("\n❌ No flow found with exactly 19 outliers")
# Show top 5 by outlier count
print("\nTop 5 flows by outlier count:")
for flow, count in flows_with_outliers[:5]:
print(f" {flow.src_ip} -> {flow.dst_ip}: {count} outliers")
if __name__ == "__main__":
if len(sys.argv) > 1:
debug_all_flows(sys.argv[1])
else:
debug_all_flows("1 PTPGM.pcapng")
Reference in New Issue View Git Blame Copy Permalink