85 lines
4.1 KiB
Python
85 lines
4.1 KiB
Python
#!/usr/bin/env python3
|
|
"""Debug the real-time statistics issue with frame references"""
|
|
|
|
import sys
|
|
sys.path.append('.')
|
|
|
|
from analyzer.analysis import EthernetAnalyzer
|
|
from analyzer.utils import PCAPLoader
|
|
|
|
def debug_realtime_issue(pcap_file="1 PTPGM.pcapng", src_ip="192.168.4.89"):
|
|
"""Debug why real-time mode has incorrect frame references"""
|
|
|
|
print("=== Debugging Real-time Statistics Issue ===")
|
|
|
|
# Initialize real-time analyzer
|
|
analyzer = EthernetAnalyzer(enable_realtime=True, outlier_threshold_sigma=3.0)
|
|
|
|
# Load packets
|
|
loader = PCAPLoader(pcap_file)
|
|
packets = loader.load_all()
|
|
|
|
print(f"Loaded {len(packets)} packets")
|
|
|
|
# Process packets one by one and monitor suspicious frame types
|
|
suspicious_frames = []
|
|
|
|
for i, packet in enumerate(packets, 1):
|
|
analyzer._process_single_packet(packet, i)
|
|
|
|
# After processing each packet, check for new outliers with suspicious gaps
|
|
for flow_key, flow in analyzer.flows.items():
|
|
if flow.src_ip == src_ip:
|
|
for frame_type, ft_stats in flow.frame_types.items():
|
|
if hasattr(ft_stats, 'enhanced_outlier_details') and ft_stats.enhanced_outlier_details:
|
|
# Check the most recent outlier
|
|
if ft_stats.enhanced_outlier_details:
|
|
frame_num, prev_frame_num, delta_t = ft_stats.enhanced_outlier_details[-1]
|
|
frame_gap = frame_num - prev_frame_num
|
|
|
|
# If this is a new suspicious outlier, record it
|
|
outlier_key = (frame_type, frame_num, prev_frame_num)
|
|
if frame_gap > 50 and outlier_key not in suspicious_frames:
|
|
suspicious_frames.append(outlier_key)
|
|
print(f" Packet {i}: {frame_type} Frame {frame_num} (from {prev_frame_num}) - Gap: {frame_gap}")
|
|
|
|
# Debug the frame sequence at this point
|
|
print(f" Frame sequence length: {len(ft_stats.frame_numbers)}")
|
|
if len(ft_stats.frame_numbers) >= 2:
|
|
print(f" Last 5 frames: {ft_stats.frame_numbers[-5:]}")
|
|
actual_prev = ft_stats.frame_numbers[-2]
|
|
print(f" Actual previous frame should be: {actual_prev}")
|
|
print(f" ❌ MISMATCH: Expected {actual_prev}, got {prev_frame_num}")
|
|
|
|
print(f"\nTotal suspicious outliers found: {len(suspicious_frames)}")
|
|
|
|
# Let's also check one specific frame type in detail
|
|
flow = None
|
|
for flow_key, f in analyzer.flows.items():
|
|
if f.src_ip == src_ip:
|
|
flow = f
|
|
break
|
|
|
|
if flow:
|
|
print(f"\n=== Detailed Analysis of CH10-Extended ===")
|
|
extended_stats = flow.frame_types.get('CH10-Extended')
|
|
if extended_stats:
|
|
print(f"Total frames: {len(extended_stats.frame_numbers)}")
|
|
print(f"Frame numbers: {extended_stats.frame_numbers}")
|
|
print(f"Outliers: {len(extended_stats.outlier_frames)}")
|
|
|
|
if hasattr(extended_stats, 'enhanced_outlier_details'):
|
|
for frame_num, prev_frame_num, delta_t in extended_stats.enhanced_outlier_details:
|
|
# Find actual index
|
|
if frame_num in extended_stats.frame_numbers:
|
|
actual_index = extended_stats.frame_numbers.index(frame_num)
|
|
if actual_index > 0:
|
|
actual_prev = extended_stats.frame_numbers[actual_index - 1]
|
|
status = "✅" if prev_frame_num == actual_prev else f"❌ (should be {actual_prev})"
|
|
print(f" Frame {frame_num} from {prev_frame_num}: {status}")
|
|
|
|
if __name__ == "__main__":
|
|
if len(sys.argv) > 1:
|
|
debug_realtime_issue(sys.argv[1])
|
|
else:
|
|
debug_realtime_issue() |