68 lines
2.7 KiB
Python
68 lines
2.7 KiB
Python
#!/usr/bin/env python3
|
|
"""Debug TUI outlier count calculation"""
|
|
|
|
import sys
|
|
sys.path.append('.')
|
|
|
|
from analyzer.analysis import EthernetAnalyzer
|
|
from analyzer.analysis.background_analyzer import BackgroundAnalyzer
|
|
import time
|
|
|
|
def debug_tui_outlier_count(pcap_file="1 PTPGM.pcapng"):
|
|
"""Debug TUI outlier count calculation across all flows"""
|
|
|
|
print("=== Debugging TUI Outlier Count Calculation ===")
|
|
|
|
# Test background analyzer (used by TUI)
|
|
analyzer = EthernetAnalyzer(enable_realtime=False, outlier_threshold_sigma=3.0)
|
|
bg_analyzer = BackgroundAnalyzer(analyzer, num_threads=1)
|
|
|
|
bg_analyzer.start_parsing(pcap_file)
|
|
while bg_analyzer.is_parsing:
|
|
time.sleep(0.1)
|
|
|
|
# Replicate TUI outlier count calculation (from app_v2.py:220)
|
|
flows = bg_analyzer.get_current_flows()
|
|
|
|
print(f"Total flows: {len(flows)}")
|
|
|
|
# Calculate outliers exactly like the TUI does
|
|
tui_outlier_count = 0 # Using flow.outlier_frames (WRONG)
|
|
correct_outlier_count = 0 # Using frame-type outliers (CORRECT)
|
|
|
|
print(f"\n=== Per-Flow Outlier Analysis ===")
|
|
for i, (flow_key, flow) in enumerate(flows.items(), 1):
|
|
flow_level_outliers = len(flow.outlier_frames)
|
|
frame_type_outliers = sum(len(ft_stats.outlier_frames) for ft_stats in flow.frame_types.values())
|
|
|
|
tui_outlier_count += flow_level_outliers
|
|
correct_outlier_count += frame_type_outliers
|
|
|
|
if flow_level_outliers > 0 or frame_type_outliers > 0:
|
|
print(f"Flow {i}: {flow.src_ip}:{flow.src_port} → {flow.dst_ip}:{flow.dst_port}")
|
|
print(f" Flow-level outliers: {flow_level_outliers}")
|
|
print(f" Frame-type outliers: {frame_type_outliers}")
|
|
|
|
# Show the outlier frames
|
|
if flow_level_outliers > 0:
|
|
print(f" Flow-level frames: {sorted(flow.outlier_frames)}")
|
|
|
|
if frame_type_outliers > 0:
|
|
for frame_type, ft_stats in flow.frame_types.items():
|
|
if len(ft_stats.outlier_frames) > 0:
|
|
print(f" {frame_type}: {len(ft_stats.outlier_frames)} ({sorted(ft_stats.outlier_frames)})")
|
|
|
|
print(f"\n=== Summary ===")
|
|
print(f"TUI currently shows (WRONG): {tui_outlier_count} outliers")
|
|
print(f"TUI should show (CORRECT): {correct_outlier_count} outliers")
|
|
|
|
if tui_outlier_count == 20:
|
|
print(f"✅ Found the source of your 20 outliers!")
|
|
else:
|
|
print(f"⚠️ TUI count doesn't match your observation of 20")
|
|
|
|
if __name__ == "__main__":
|
|
if len(sys.argv) > 1:
|
|
debug_tui_outlier_count(sys.argv[1])
|
|
else:
|
|
debug_tui_outlier_count() |