128 lines
5.5 KiB
Python
128 lines
5.5 KiB
Python
#!/usr/bin/env python3
|
|
"""Debug missing frames in CH10-Data sequence"""
|
|
|
|
import sys
|
|
sys.path.append('.')
|
|
|
|
from analyzer.analysis import EthernetAnalyzer
|
|
from analyzer.utils import PCAPLoader
|
|
|
|
def debug_missing_frames(pcap_file="1 PTPGM.pcapng", src_ip="192.168.4.89"):
|
|
"""Debug why frames are missing from CH10-Data sequence"""
|
|
|
|
print("=== Debugging Missing Frames in CH10-Data Sequence ===")
|
|
|
|
# Use batch processing for most accurate results
|
|
analyzer = EthernetAnalyzer(enable_realtime=False, outlier_threshold_sigma=3.0)
|
|
|
|
loader = PCAPLoader(pcap_file)
|
|
packets = loader.load_all()
|
|
|
|
for i, packet in enumerate(packets, 1):
|
|
analyzer._process_single_packet(packet, i)
|
|
|
|
analyzer.calculate_statistics()
|
|
|
|
# Find test flow
|
|
test_flow = None
|
|
for flow_key, flow in analyzer.flows.items():
|
|
if flow.src_ip == src_ip:
|
|
test_flow = flow
|
|
break
|
|
|
|
if not test_flow:
|
|
print(f"❌ No flow found from {src_ip}")
|
|
return
|
|
|
|
print(f"✅ Found flow: {test_flow.src_ip}:{test_flow.src_port} → {test_flow.dst_ip}:{test_flow.dst_port}")
|
|
|
|
# Get CH10-Data frame sequence
|
|
ch10_data_stats = test_flow.frame_types.get('CH10-Data')
|
|
if not ch10_data_stats:
|
|
print("❌ No CH10-Data frame type found")
|
|
return
|
|
|
|
print(f"\nCH10-Data frames: {len(ch10_data_stats.frame_numbers)}")
|
|
|
|
# Check specifically around the problematic frames
|
|
problem_frames = [
|
|
(486, 485, "Frame 486 should follow 485, but shows 471"),
|
|
(957, 955, "Frame 957 should follow 955, but shows 942")
|
|
]
|
|
|
|
for target_frame, expected_prev, description in problem_frames:
|
|
print(f"\n🔍 {description}")
|
|
|
|
if target_frame in ch10_data_stats.frame_numbers:
|
|
frame_index = ch10_data_stats.frame_numbers.index(target_frame)
|
|
print(f" Frame {target_frame} found at index {frame_index}")
|
|
|
|
# Show sequence around this frame
|
|
start_idx = max(0, frame_index - 5)
|
|
end_idx = min(len(ch10_data_stats.frame_numbers), frame_index + 3)
|
|
|
|
print(f" CH10-Data sequence around frame {target_frame}:")
|
|
for i in range(start_idx, end_idx):
|
|
marker = " -> " if i == frame_index else " "
|
|
frame_num = ch10_data_stats.frame_numbers[i]
|
|
print(f"{marker}[{i}] Frame {frame_num}")
|
|
|
|
# Check what happened to the expected previous frame
|
|
if expected_prev not in ch10_data_stats.frame_numbers:
|
|
print(f" ❌ Expected previous frame {expected_prev} is NOT in CH10-Data sequence")
|
|
|
|
# Check what frame type frame 485 actually got classified as
|
|
print(f" 🔍 Checking what frame type {expected_prev} was classified as:")
|
|
found_frame_type = None
|
|
for frame_type, ft_stats in test_flow.frame_types.items():
|
|
if expected_prev in ft_stats.frame_numbers:
|
|
found_frame_type = frame_type
|
|
frame_idx = ft_stats.frame_numbers.index(expected_prev)
|
|
print(f" Frame {expected_prev} classified as: {frame_type} (index {frame_idx})")
|
|
break
|
|
|
|
if not found_frame_type:
|
|
print(f" Frame {expected_prev} not found in ANY frame type!")
|
|
|
|
else:
|
|
actual_prev_idx = ch10_data_stats.frame_numbers.index(expected_prev)
|
|
print(f" ✅ Expected previous frame {expected_prev} is at index {actual_prev_idx}")
|
|
else:
|
|
print(f" ❌ Frame {target_frame} not found in CH10-Data sequence")
|
|
|
|
# Let's also check for any large gaps in the CH10-Data sequence
|
|
print(f"\n=== Analyzing CH10-Data Frame Sequence Gaps ===")
|
|
gaps = []
|
|
for i in range(1, len(ch10_data_stats.frame_numbers)):
|
|
current_frame = ch10_data_stats.frame_numbers[i]
|
|
prev_frame = ch10_data_stats.frame_numbers[i-1]
|
|
gap = current_frame - prev_frame
|
|
if gap > 1: # Missing frames
|
|
gaps.append((prev_frame, current_frame, gap-1))
|
|
|
|
print(f"Found {len(gaps)} gaps in CH10-Data sequence:")
|
|
for prev_frame, current_frame, missing_count in gaps[:10]: # Show first 10 gaps
|
|
print(f" Gap: {prev_frame} -> {current_frame} (missing {missing_count} frames)")
|
|
|
|
# Check what those missing frames were classified as
|
|
for missing_frame in range(prev_frame + 1, current_frame):
|
|
for frame_type, ft_stats in test_flow.frame_types.items():
|
|
if missing_frame in ft_stats.frame_numbers:
|
|
print(f" Missing frame {missing_frame} classified as: {frame_type}")
|
|
break
|
|
else:
|
|
print(f" Missing frame {missing_frame} not found in any frame type!")
|
|
|
|
# Show frame type distribution
|
|
print(f"\n=== Frame Type Distribution ===")
|
|
total_frames = sum(len(ft_stats.frame_numbers) for ft_stats in test_flow.frame_types.values())
|
|
for frame_type, ft_stats in sorted(test_flow.frame_types.items(), key=lambda x: len(x[1].frame_numbers), reverse=True):
|
|
count = len(ft_stats.frame_numbers)
|
|
percentage = (count / total_frames * 100) if total_frames > 0 else 0
|
|
print(f" {frame_type}: {count} frames ({percentage:.1f}%)")
|
|
|
|
if __name__ == "__main__":
|
|
if len(sys.argv) > 1:
|
|
debug_missing_frames(sys.argv[1])
|
|
else:
|
|
debug_missing_frames() |