92 lines
3.2 KiB
Python
92 lines
3.2 KiB
Python
#!/usr/bin/env python3
|
|
"""Simulate exactly what the TUI should show"""
|
|
|
|
import sys
|
|
sys.path.append('.')
|
|
|
|
from analyzer.analysis import EthernetAnalyzer
|
|
from analyzer.analysis.background_analyzer import BackgroundAnalyzer
|
|
import time
|
|
|
|
def simulate_tui_exactly(pcap_file="1 PTPGM.pcapng"):
|
|
"""Simulate exactly what the TUI should display"""
|
|
|
|
print("=== Simulating TUI Exactly ===")
|
|
|
|
# Initialize exactly like the TUI does
|
|
analyzer = EthernetAnalyzer(enable_realtime=False, outlier_threshold_sigma=3.0)
|
|
|
|
# Use background analyzer like TUI
|
|
def flow_update_callback():
|
|
pass # TUI callback
|
|
|
|
bg_analyzer = BackgroundAnalyzer(
|
|
analyzer,
|
|
num_threads=4, # TUI default
|
|
flow_update_callback=flow_update_callback
|
|
)
|
|
|
|
print(f"Starting background parsing of {pcap_file}...")
|
|
bg_analyzer.start_parsing(pcap_file)
|
|
|
|
while bg_analyzer.is_parsing:
|
|
time.sleep(0.1)
|
|
|
|
print("Parsing complete. Calculating final results...")
|
|
|
|
# Get flows exactly like TUI does
|
|
flows = bg_analyzer.get_current_flows()
|
|
|
|
print(f"Total flows found: {len(flows)}")
|
|
|
|
# Calculate metrics exactly like TUI (_update_flow_metrics)
|
|
enhanced_flows = 0
|
|
total_outliers = 0
|
|
|
|
for flow in flows.values():
|
|
if flow.enhanced_analysis.decoder_type != "Standard":
|
|
enhanced_flows += 1
|
|
|
|
# Use our fixed calculation (frame-type outliers)
|
|
frame_type_outliers = sum(len(ft_stats.outlier_frames) for ft_stats in flow.frame_types.values())
|
|
total_outliers += frame_type_outliers
|
|
|
|
print(f"\n=== TUI Metrics ===")
|
|
print(f"Enhanced flows: {enhanced_flows}")
|
|
print(f"Total outliers: {total_outliers}")
|
|
|
|
# Show flow table like TUI
|
|
print(f"\n=== Flow Table (like TUI) ===")
|
|
print(f"{'#':<3} {'Source':<20} {'Dest':<20} {'Packets':<8} {'Outliers':<8}")
|
|
print("-" * 65)
|
|
|
|
sorted_flows = sorted(flows.values(), key=lambda x: sum(len(ft_stats.outlier_frames) for ft_stats in x.frame_types.values()), reverse=True)
|
|
|
|
for i, flow in enumerate(sorted_flows[:10], 1): # Top 10 flows
|
|
source = f"{flow.src_ip}:{flow.src_port}"
|
|
dest = f"{flow.dst_ip}:{flow.dst_port}"
|
|
packets = flow.frame_count
|
|
|
|
# Calculate outliers exactly like flow_table_v2.py does
|
|
frame_type_outlier_count = sum(len(ft_stats.outlier_frames) for ft_stats in flow.frame_types.values())
|
|
|
|
print(f"{i:<3} {source:<20} {dest:<20} {packets:<8} {frame_type_outlier_count:<8}")
|
|
|
|
# Show frame type breakdown if there are outliers
|
|
if frame_type_outlier_count > 0:
|
|
for frame_type, ft_stats in flow.frame_types.items():
|
|
if len(ft_stats.outlier_frames) > 0:
|
|
print(f" └─ {frame_type}: {len(ft_stats.outlier_frames)} outliers")
|
|
|
|
# Cleanup
|
|
bg_analyzer.cleanup()
|
|
|
|
print(f"\n=== Expected TUI Display ===")
|
|
print(f"Main outlier count should show: {total_outliers}")
|
|
print(f"This should match what you see in the TUI")
|
|
|
|
if __name__ == "__main__":
|
|
if len(sys.argv) > 1:
|
|
simulate_tui_exactly(sys.argv[1])
|
|
else:
|
|
simulate_tui_exactly() |