diff --git a/test_5.py b/test_5.py deleted file mode 100644 index bab8484..0000000 --- a/test_5.py +++ /dev/null @@ -1,233 +0,0 @@ -# Name:fang xiaoyu -# Time: 2023/3/11 20:10 -''' -import cicflowmeter -from scapy.all import * -import requests -#import pypcap -import scipy - -cfm = cicflowmeter.CFM() -# 读取pcap文件 -packets = rdpcap('/Users/fangxiaoyu/Desktop/VPN及其流量识别研究/抓包分析/wcx-抓包-用于模型复现/TorGuard_openvpnOverSSL.pcap') - -print(packets) -for ts, pkt in packets: - cfm.flow_handler(pkt) - -result = cfm.get_result() -''' - -''' -from cicflowmeter.flow import Flow -#from cicflowmeter.pcapy_reader import PcapyReader -from scapy.all import * -import csv - -# 定义pcap文件路径 -pcap_file = 'sample.pcap' - -# 创建PcapyReader对象 -pcap = rdpcap('20230309_fxy_psiphon_operation.pcapng') - -# 定义输出CSV文件路径 -output_file = 'output.csv' - -# 创建CSV文件对象并定义列名 -csv_file = open(output_file, 'w', newline='') -csv_writer = csv.writer(csv_file) -csv_writer.writerow(['src_ip', 'dst_ip', 'src_port', 'dst_port', 'proto', 'num_packets', 'bytes', 'duration', 'timestamp_start', 'timestamp_end', 'flags']) - -# 循环遍历每个数据包,并提取流特征,并将特征写入CSV文件 -for pkt in pcap: - flow = Flow(pkt, direction='B2A') - features = flow.features() - csv_writer.writerow([features['src_ip'], features['dst_ip'], features['src_port'], features['dst_port'], features['proto'], features['num_packets'], features['bytes'], features['duration'], features['timestamp_start'], features['timestamp_end'], features['flags']]) - -# 关闭CSV文件 -csv_file.close() -''' - -from datetime import datetime -from pathlib import Path - -from cicflowmeter.flow import Flow -#from cicflowmeter.reader import Reader -from scapy.all import * -import csv - -# 设置输入文件路径 -# 创建PcapyReader对象 -pcap = rdpcap('20230309_fxy_psiphon_operation.pcapng') - -# 设置输出文件路径 -output_file_path = "output.csv" - -# 创建CSV输出文件 -with open(output_file_path, mode='w', newline='') as output_file: - writer = csv.writer(output_file) - - # 写入标题行 - writer.writerow( - ['src_ip', 'dst_ip', 'src_port', 'dst_port', 'proto', 'num_packets', 'bytes', 'duration', 'timestamp_start', - 'timestamp_end', 'flags']) - - # 打开pcap文件并逐个处理数据包 -#with Reader(input_file_path) as reader: -for pkt in pcap: - # 仅处理IP数据包 - if pkt.haslayer('IP'): - # 创建Flow对象 - flow = Flow(pkt,direction='B2A') - - # 获取特征值列表 - feature_values = flow.get_features() - - # 将特征值列表写入CSV文件 - writer.writerow(feature_values) - -''' -from scapy.all import * - -# 读取pcap文件 -packets = rdpcap('/Users/fangxiaoyu/Desktop/VPN及其流量识别研究/抓包分析/wcx-抓包-用于模型复现/TorGuard_openvpnOverSSL.pcap') - -# 定义字典存储特征 -features = {} - -# 统计每个协议的数据包数量 -protocols = {} -for pkt in packets: - if pkt.haslayer(IP): - protocol = pkt[IP].proto - if protocol not in protocols: - protocols[protocol] = 0 - protocols[protocol] += 1 -for p in protocols: - features['protocol_{}'.format(p)] = protocols[p] - -# 统计每个源IP地址的数据包数量和大小 -src_ips = {} -for pkt in packets: - if pkt.haslayer(IP): - src_ip = pkt[IP].src - if src_ip not in src_ips: - src_ips[src_ip] = {'count': 0, 'size': 0} - src_ips[src_ip]['count'] += 1 - src_ips[src_ip]['size'] += len(pkt) -for ip in src_ips: - features['src_ip_{}_count'.format(ip)] = src_ips[ip]['count'] - features['src_ip_{}_size'.format(ip)] = src_ips[ip]['size'] - -# 统计每个目的IP地址的数据包数量和大小 -dst_ips = {} -for pkt in packets: - if pkt.haslayer(IP): - dst_ip = pkt[IP].dst - if dst_ip not in dst_ips: - dst_ips[dst_ip] = {'count': 0, 'size': 0} - dst_ips[dst_ip]['count'] += 1 - dst_ips[dst_ip]['size'] += len(pkt) -for ip in dst_ips: - features['dst_ip_{}_count'.format(ip)] = dst_ips[ip]['count'] - features['dst_ip_{}_size'.format(ip)] = dst_ips[ip]['size'] - -# 输出特征 -print(features) -''' - -''' -from scapy.all import * - -# 读取pcap文件 -pcap = rdpcap('/Users/fangxiaoyu/Desktop/VPN及其流量识别研究/抓包分析/wcx-抓包-用于模型复现/TorGuard_openvpnOverSSL.pcap') - -# 遍历数据包,提取流量特征 -for pkt in pcap: - # 数据包大小 - pkt_size = len(pkt) - - # IP地址 - if IP in pkt: - src_ip = pkt[IP].src - dst_ip = pkt[IP].dst - - # 协议类型 - if TCP in pkt: - protocol = 'TCP' - elif UDP in pkt: - protocol = 'UDP' - elif ICMP in pkt: - protocol = 'ICMP' - else: - protocol = 'Other' - - # 端口号 - if TCP in pkt: - src_port = pkt[TCP].sport - dst_port = pkt[TCP].dport - elif UDP in pkt: - src_port = pkt[UDP].sport - dst_port = pkt[UDP].dport - else: - src_port = 0 - dst_port = 0 - - # 输出流量特征 - print( - 'Packet Size: {}, Source IP: {}, Destination IP: {}, Protocol: {}, Source Port: {}, Destination Port: {}'.format( - pkt_size, src_ip, dst_ip, protocol, src_port, dst_port)) -''' - -''' -from scapy.all import * -import collections - -# 读取pcap文件 -packets = rdpcap('/Users/fangxiaoyu/Desktop/VPN及其流量识别研究/抓包分析/wcx-抓包-用于模型复现/TorGuard_openvpnOverSSL.pcap') - -# 计算数据包总数 -total_packets = len(packets) -print("Total packets:", total_packets) - -# 计算不同协议类型的数据包数量 -protocols = collections.Counter([packet[IP].proto for packet in packets]) -print("Protocol counts:", protocols) - -# 查找源IP地址和目的IP地址 -for packet in packets: - if IP in packet: - src_ip = packet[IP].src - dst_ip = packet[IP].dst - print("Source IP:", src_ip) - print("Destination IP:", dst_ip) - -# 查找源MAC地址和目的MAC地址 -for packet in packets: - if Ether in packet: - src_mac = packet[Ether].src - dst_mac = packet[Ether].dst - print("Source MAC:", src_mac) - print("Destination MAC:", dst_mac) - -# 查找源端口号和目的端口号 -for packet in packets: - if TCP in packet: - src_port = packet[TCP].sport - dst_port = packet[TCP].dport - print("Source port:", src_port) - print("Destination port:", dst_port) - -# 计算数据包的平均大小 -total_size = sum(len(packet) for packet in packets) -avg_size = total_size / total_packets -print("Average packet size:", avg_size) - -# 查找HTTP请求 -for packet in packets: - if TCP in packet and packet[TCP].dport == 80 and packet.haslayer(Raw): - http_request = packet[Raw].load.decode() - print("HTTP request:", http_request) -''' -import flowcontainer -import cicflowmeter \ No newline at end of file