# Name:fang xiaoyu # Time: 2023/3/11 20:10 ''' import cicflowmeter from scapy.all import * import requests #import pypcap import scipy cfm = cicflowmeter.CFM() # 读取pcap文件 packets = rdpcap('/Users/fangxiaoyu/Desktop/VPN及其流量识别研究/抓包分析/wcx-抓包-用于模型复现/TorGuard_openvpnOverSSL.pcap') print(packets) for ts, pkt in packets: cfm.flow_handler(pkt) result = cfm.get_result() ''' ''' from cicflowmeter.flow import Flow #from cicflowmeter.pcapy_reader import PcapyReader from scapy.all import * import csv # 定义pcap文件路径 pcap_file = 'sample.pcap' # 创建PcapyReader对象 pcap = rdpcap('20230309_fxy_psiphon_operation.pcapng') # 定义输出CSV文件路径 output_file = 'output.csv' # 创建CSV文件对象并定义列名 csv_file = open(output_file, 'w', newline='') csv_writer = csv.writer(csv_file) csv_writer.writerow(['src_ip', 'dst_ip', 'src_port', 'dst_port', 'proto', 'num_packets', 'bytes', 'duration', 'timestamp_start', 'timestamp_end', 'flags']) # 循环遍历每个数据包,并提取流特征,并将特征写入CSV文件 for pkt in pcap: flow = Flow(pkt, direction='B2A') features = flow.features() csv_writer.writerow([features['src_ip'], features['dst_ip'], features['src_port'], features['dst_port'], features['proto'], features['num_packets'], features['bytes'], features['duration'], features['timestamp_start'], features['timestamp_end'], features['flags']]) # 关闭CSV文件 csv_file.close() ''' from datetime import datetime from pathlib import Path from cicflowmeter.flow import Flow #from cicflowmeter.reader import Reader from scapy.all import * import csv # 设置输入文件路径 # 创建PcapyReader对象 pcap = rdpcap('20230309_fxy_psiphon_operation.pcapng') # 设置输出文件路径 output_file_path = "output.csv" # 创建CSV输出文件 with open(output_file_path, mode='w', newline='') as output_file: writer = csv.writer(output_file) # 写入标题行 writer.writerow( ['src_ip', 'dst_ip', 'src_port', 'dst_port', 'proto', 'num_packets', 'bytes', 'duration', 'timestamp_start', 'timestamp_end', 'flags']) # 打开pcap文件并逐个处理数据包 #with Reader(input_file_path) as reader: for pkt in pcap: # 仅处理IP数据包 if pkt.haslayer('IP'): # 创建Flow对象 flow = Flow(pkt,direction='B2A') # 获取特征值列表 feature_values = flow.get_features() # 将特征值列表写入CSV文件 writer.writerow(feature_values) ''' from scapy.all import * # 读取pcap文件 packets = rdpcap('/Users/fangxiaoyu/Desktop/VPN及其流量识别研究/抓包分析/wcx-抓包-用于模型复现/TorGuard_openvpnOverSSL.pcap') # 定义字典存储特征 features = {} # 统计每个协议的数据包数量 protocols = {} for pkt in packets: if pkt.haslayer(IP): protocol = pkt[IP].proto if protocol not in protocols: protocols[protocol] = 0 protocols[protocol] += 1 for p in protocols: features['protocol_{}'.format(p)] = protocols[p] # 统计每个源IP地址的数据包数量和大小 src_ips = {} for pkt in packets: if pkt.haslayer(IP): src_ip = pkt[IP].src if src_ip not in src_ips: src_ips[src_ip] = {'count': 0, 'size': 0} src_ips[src_ip]['count'] += 1 src_ips[src_ip]['size'] += len(pkt) for ip in src_ips: features['src_ip_{}_count'.format(ip)] = src_ips[ip]['count'] features['src_ip_{}_size'.format(ip)] = src_ips[ip]['size'] # 统计每个目的IP地址的数据包数量和大小 dst_ips = {} for pkt in packets: if pkt.haslayer(IP): dst_ip = pkt[IP].dst if dst_ip not in dst_ips: dst_ips[dst_ip] = {'count': 0, 'size': 0} dst_ips[dst_ip]['count'] += 1 dst_ips[dst_ip]['size'] += len(pkt) for ip in dst_ips: features['dst_ip_{}_count'.format(ip)] = dst_ips[ip]['count'] features['dst_ip_{}_size'.format(ip)] = dst_ips[ip]['size'] # 输出特征 print(features) ''' ''' from scapy.all import * # 读取pcap文件 pcap = rdpcap('/Users/fangxiaoyu/Desktop/VPN及其流量识别研究/抓包分析/wcx-抓包-用于模型复现/TorGuard_openvpnOverSSL.pcap') # 遍历数据包,提取流量特征 for pkt in pcap: # 数据包大小 pkt_size = len(pkt) # IP地址 if IP in pkt: src_ip = pkt[IP].src dst_ip = pkt[IP].dst # 协议类型 if TCP in pkt: protocol = 'TCP' elif UDP in pkt: protocol = 'UDP' elif ICMP in pkt: protocol = 'ICMP' else: protocol = 'Other' # 端口号 if TCP in pkt: src_port = pkt[TCP].sport dst_port = pkt[TCP].dport elif UDP in pkt: src_port = pkt[UDP].sport dst_port = pkt[UDP].dport else: src_port = 0 dst_port = 0 # 输出流量特征 print( 'Packet Size: {}, Source IP: {}, Destination IP: {}, Protocol: {}, Source Port: {}, Destination Port: {}'.format( pkt_size, src_ip, dst_ip, protocol, src_port, dst_port)) ''' ''' from scapy.all import * import collections # 读取pcap文件 packets = rdpcap('/Users/fangxiaoyu/Desktop/VPN及其流量识别研究/抓包分析/wcx-抓包-用于模型复现/TorGuard_openvpnOverSSL.pcap') # 计算数据包总数 total_packets = len(packets) print("Total packets:", total_packets) # 计算不同协议类型的数据包数量 protocols = collections.Counter([packet[IP].proto for packet in packets]) print("Protocol counts:", protocols) # 查找源IP地址和目的IP地址 for packet in packets: if IP in packet: src_ip = packet[IP].src dst_ip = packet[IP].dst print("Source IP:", src_ip) print("Destination IP:", dst_ip) # 查找源MAC地址和目的MAC地址 for packet in packets: if Ether in packet: src_mac = packet[Ether].src dst_mac = packet[Ether].dst print("Source MAC:", src_mac) print("Destination MAC:", dst_mac) # 查找源端口号和目的端口号 for packet in packets: if TCP in packet: src_port = packet[TCP].sport dst_port = packet[TCP].dport print("Source port:", src_port) print("Destination port:", dst_port) # 计算数据包的平均大小 total_size = sum(len(packet) for packet in packets) avg_size = total_size / total_packets print("Average packet size:", avg_size) # 查找HTTP请求 for packet in packets: if TCP in packet and packet[TCP].dport == 80 and packet.haslayer(Raw): http_request = packet[Raw].load.decode() print("HTTP request:", http_request) ''' import flowcontainer import cicflowmeter