140 lines
6.4 KiB
Python
140 lines
6.4 KiB
Python
#!/usr/bin/env python3
|
|
"""Debug frame 2002 outlier issue"""
|
|
|
|
import sys
|
|
sys.path.append('.')
|
|
|
|
from analyzer.analysis import EthernetAnalyzer
|
|
from analyzer.analysis.background_analyzer import BackgroundAnalyzer
|
|
from analyzer.utils import PCAPLoader
|
|
import time
|
|
|
|
def debug_frame_2002(pcap_file="1 PTPGM.pcapng", src_ip="192.168.4.89"):
|
|
"""Debug frame 2002 outlier issue"""
|
|
|
|
print("=== Debugging Frame 2002 Outlier Issue ===")
|
|
|
|
# Test both batch and background analyzer
|
|
print("\n1. BATCH PROCESSING:")
|
|
analyzer1 = EthernetAnalyzer(enable_realtime=False, outlier_threshold_sigma=3.0)
|
|
|
|
loader = PCAPLoader(pcap_file)
|
|
packets = loader.load_all()
|
|
|
|
for i, packet in enumerate(packets, 1):
|
|
analyzer1._process_single_packet(packet, i)
|
|
|
|
analyzer1.calculate_statistics()
|
|
|
|
# Find test flow
|
|
test_flow1 = None
|
|
for flow_key, flow in analyzer1.flows.items():
|
|
if flow.src_ip == src_ip:
|
|
test_flow1 = flow
|
|
break
|
|
|
|
if test_flow1:
|
|
print(f"Found flow: {test_flow1.src_ip}:{test_flow1.src_port} → {test_flow1.dst_ip}:{test_flow1.dst_port}")
|
|
|
|
# Check all frame types for frame 2002
|
|
target_frame = 2002
|
|
found_frame = False
|
|
|
|
for frame_type, ft_stats in test_flow1.frame_types.items():
|
|
if target_frame in ft_stats.frame_numbers:
|
|
frame_index = ft_stats.frame_numbers.index(target_frame)
|
|
print(f"\n✅ Frame {target_frame} found in {frame_type}")
|
|
print(f" Index in {frame_type} sequence: {frame_index}")
|
|
print(f" Total {frame_type} frames: {len(ft_stats.frame_numbers)}")
|
|
|
|
if frame_index > 0:
|
|
expected_prev = ft_stats.frame_numbers[frame_index - 1]
|
|
print(f" Expected previous frame: {expected_prev}")
|
|
else:
|
|
print(f" This is the first {frame_type} frame")
|
|
|
|
# Check if it's an outlier
|
|
if hasattr(ft_stats, 'enhanced_outlier_details') and ft_stats.enhanced_outlier_details:
|
|
for frame_num, prev_frame_num, delta_t in ft_stats.enhanced_outlier_details:
|
|
if frame_num == target_frame:
|
|
print(f" 🔍 OUTLIER FOUND: Frame {frame_num} (from {prev_frame_num}): {delta_t * 1000:.3f} ms")
|
|
if frame_index > 0:
|
|
expected_prev = ft_stats.frame_numbers[frame_index - 1]
|
|
if prev_frame_num == expected_prev:
|
|
print(f" ✅ Frame reference CORRECT: {prev_frame_num}")
|
|
else:
|
|
print(f" ❌ Frame reference WRONG: got {prev_frame_num}, expected {expected_prev}")
|
|
break
|
|
else:
|
|
print(f" Frame {target_frame} is not an outlier in enhanced details")
|
|
elif ft_stats.outlier_details:
|
|
for frame_num, delta_t in ft_stats.outlier_details:
|
|
if frame_num == target_frame:
|
|
print(f" 🔍 OUTLIER FOUND (legacy): Frame {frame_num}: {delta_t * 1000:.3f} ms")
|
|
break
|
|
else:
|
|
print(f" Frame {target_frame} is not an outlier in legacy details")
|
|
else:
|
|
print(f" No outlier details available")
|
|
|
|
# Show frame sequence around target
|
|
print(f"\n Frame sequence around {target_frame}:")
|
|
start_idx = max(0, frame_index - 2)
|
|
end_idx = min(len(ft_stats.frame_numbers), frame_index + 3)
|
|
|
|
for i in range(start_idx, end_idx):
|
|
marker = " -> " if i == frame_index else " "
|
|
frame_num = ft_stats.frame_numbers[i]
|
|
timestamp = ft_stats.timestamps[i] if i < len(ft_stats.timestamps) else "N/A"
|
|
print(f"{marker}[{i}] Frame {frame_num}: {timestamp}")
|
|
|
|
found_frame = True
|
|
|
|
if not found_frame:
|
|
print(f"\n❌ Frame {target_frame} not found in any frame type")
|
|
|
|
# Now test background analyzer
|
|
print("\n\n2. BACKGROUND ANALYZER:")
|
|
analyzer2 = EthernetAnalyzer(enable_realtime=False, outlier_threshold_sigma=3.0)
|
|
bg_analyzer = BackgroundAnalyzer(analyzer2, num_threads=1)
|
|
|
|
bg_analyzer.start_parsing(pcap_file)
|
|
while bg_analyzer.is_parsing:
|
|
time.sleep(0.1)
|
|
|
|
# Find test flow
|
|
test_flow2 = None
|
|
for flow_key, flow in analyzer2.flows.items():
|
|
if flow.src_ip == src_ip:
|
|
target_frame = 2002
|
|
found_frame = False
|
|
|
|
for frame_type, ft_stats in flow.frame_types.items():
|
|
if hasattr(ft_stats, 'enhanced_outlier_details') and ft_stats.enhanced_outlier_details:
|
|
for frame_num, prev_frame_num, delta_t in ft_stats.enhanced_outlier_details:
|
|
if frame_num == target_frame:
|
|
print(f"🔍 Background analyzer - {frame_type}: Frame {frame_num} (from {prev_frame_num}): {delta_t * 1000:.3f} ms")
|
|
|
|
# Check if this matches the expected previous frame
|
|
if target_frame in ft_stats.frame_numbers:
|
|
frame_index = ft_stats.frame_numbers.index(target_frame)
|
|
if frame_index > 0:
|
|
expected_prev = ft_stats.frame_numbers[frame_index - 1]
|
|
if prev_frame_num == expected_prev:
|
|
print(f" ✅ Background analyzer frame reference CORRECT")
|
|
else:
|
|
print(f" ❌ Background analyzer frame reference WRONG: got {prev_frame_num}, expected {expected_prev}")
|
|
|
|
found_frame = True
|
|
|
|
if not found_frame:
|
|
print(f"❌ Frame {target_frame} not found as outlier in background analyzer")
|
|
break
|
|
|
|
bg_analyzer.cleanup()
|
|
|
|
if __name__ == "__main__":
|
|
if len(sys.argv) > 1:
|
|
debug_frame_2002(sys.argv[1])
|
|
else:
|
|
debug_frame_2002() |