traffic-taffy 0.2__py3-none-any.whl → 0.3.5__py3-none-any.whl

traffic_taffy/explore.py

@@ -0,0 +1,222 @@
+import sys
+import logging
+from logging import info, debug
+from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter
+from PyQt6.QtWidgets import QPushButton, QVBoxLayout, QLineEdit, QTextEdit, QWidget, QApplication, QLabel
+from traffic_taffy.dissector import (
+    PCAPDissectorType,
+    dissector_add_parseargs,
+    limitor_add_parseargs,
+    PCAPDissector,
+    check_dissector_level,
+)
+from traffic_taffy.compare import PcapCompare
+
+# https://stackoverflow.com/questions/32476006/how-to-make-an-expandable-collapsable-section-widget-in-qt
+
+# class Widget(QWidget):
+#     def __init__(self):
+#         super().__init__()
+#         self.__initUi()
+
+#     def __initUi(self):
+#         addBtn = QPushButton('Add')
+#         addBtn.clicked.connect(self.__add)
+#         self.__foldableListWidget = FoldableListWidget()
+#         lay = QVBoxLayout()
+#         lay.addWidget(addBtn)
+#         lay.addWidget(self.__foldableListWidget)
+#         self.setLayout(lay)
+
+#     def __add(self):
+#         foldedItem = QLabel("folded")
+# #        foldedItem.setPlaceholderText('Input...')
+
+#         sublist = FoldableListWidget()
+#         subitem1 = QLabel("main item")
+#         subitem2 = QLabel("sub item")
+#         sublist.setFoldableListWidgetItem(subitem1, subitem2)
+
+#         self.__foldableListWidget.setFoldableListWidgetItem(foldedItem, sublist)
+
+
+from PyQt6.QtWidgets import (QPushButton, QDialog, QTreeWidget,
+                             QTreeWidgetItem, QVBoxLayout,
+                             QHBoxLayout, QFrame, QLabel,
+                             QApplication)
+
+class SectionExpandButton(QPushButton):
+    """a QPushbutton that can expand or collapse its section
+    """
+    def __init__(self, item, text = "", parent = None):
+        super().__init__(text, parent)
+        self.section = item
+        self.clicked.connect(self.on_clicked)
+
+    def on_clicked(self):
+        """toggle expand/collapse of section by clicking
+        """
+        if self.section.isExpanded():
+            self.section.setExpanded(False)
+        else:
+            self.section.setExpanded(True)
+
+
+class TaffyExplorer(QDialog):
+    """Explore PCAP files by comparison slices"""
+    def __init__(self, args):
+        super().__init__()
+        self.tree = QTreeWidget()
+        self.tree.setHeaderHidden(True)
+        self.mainLayout = QVBoxLayout()
+        self.mainLayout.addWidget(self.tree)
+        self.setLayout(self.mainLayout)
+        self.tree.setIndentation(0)
+
+        self.sections = []
+        self.define_sections()
+        self.add_sections()
+
+        self.plusone = QPushButton("Add one")
+        self.mainLayout.addWidget(self.plusone)
+        self.plusone.clicked.connect(self.addone)
+
+        self.args = args
+
+    def addone(self):
+        print("here")
+        self.add_section("new item", QLabel("one thing"))
+
+    def add_section(self, title, widget):
+        button1 = self.add_button(title)
+        section1 = self.add_widget(button1, widget)
+        button1.addChild(section1)
+
+    def add_sections(self):
+        """adds a collapsible sections for every 
+        (title, widget) tuple in self.sections
+        """
+        #self.tree.clear()
+        for (title, widget) in self.sections:
+            self.add_section(title, widget)
+
+    def define_sections(self):
+        """reimplement this to define all your sections
+        and add them as (title, widget) tuples to self.sections
+        """
+        widget = QFrame(self.tree)
+        layout = QHBoxLayout(widget)
+        layout.addWidget(QLabel("Bla"))
+        layout.addWidget(QLabel("Blubb"))
+        title = "Section 1"
+        self.sections.append((title, widget))
+
+    def add_button(self, title):
+        """creates a QTreeWidgetItem containing a button 
+        to expand or collapse its section
+        """
+        item = QTreeWidgetItem()
+        self.tree.addTopLevelItem(item)
+        self.tree.setItemWidget(item, 0, SectionExpandButton(item, text = title))
+        return item
+
+    def add_widget(self, button, widget):
+        """creates a QWidgetItem containing the widget,
+        as child of the button-QWidgetItem
+        """
+        section = QTreeWidgetItem(button)
+        section.setDisabled(True)
+        self.tree.setItemWidget(section, 0, widget)
+        return section
+
+    def create_comparison(self):
+        self.pc = PcapCompare(
+            self.args.pcap_files,
+            maximum_count=self.args.packet_count,
+            print_threshold=float(self.args.print_threshold) / 100.0,
+            print_minimum_count=self.args.minimum_count,
+            print_match_string=self.args.match_string,
+            only_positive=self.args.only_positive,
+            only_negative=self.args.only_negative,
+            cache_results=self.args.cache_pcap_results,
+            dissection_level=self.args.dissection_level,
+            between_times=self.args.between_times,
+        )
+
+        # compare the pcaps
+        self.pcap_data = list(self.pc.load_pcaps())
+
+    def show_comparison(self, pcap_one, timestamp_one, pcap_two, timestamp_two):
+        
+
+
+def parse_args():
+    "Parse the command line arguments."
+    parser = ArgumentParser(
+        formatter_class=ArgumentDefaultsHelpFormatter,
+        description=__doc__,
+        epilog="Exmaple Usage: ",
+    )
+
+    limiting_parser = limitor_add_parseargs(parser)
+
+    limiting_parser.add_argument(
+        "-t",
+        "--print-threshold",
+        default=0.0,
+        type=float,
+        help="Don't print results with abs(percent) less than this threshold",
+    )
+
+    limiting_parser.add_argument(
+        "-P", "--only-positive", action="store_true", help="Only show positive entries"
+    )
+
+    limiting_parser.add_argument(
+        "-N", "--only-negative", action="store_true", help="Only show negative entries"
+    )
+
+    limiting_parser.add_argument(
+        "-T",
+        "--between-times",
+        nargs=2,
+        type=int,
+        help="For single files, only display results between these timestamps",
+    )
+
+    dissector_add_parseargs(parser)
+
+    debugging_group = parser.add_argument_group("Debugging options")
+
+    debugging_group.add_argument(
+        "--log-level",
+        "--ll",
+        default="info",
+        help="Define the logging verbosity level (debug, info, warning, error, ...).",
+    )
+
+    parser.add_argument("pcap_files", type=str, nargs="*", help="PCAP files to analyze")
+
+    args = parser.parse_args()
+    log_level = args.log_level.upper()
+    logging.basicConfig(level=log_level, format="%(levelname)-10s:\t%(message)s")
+
+    check_dissector_level(args.dissection_level)
+
+    return args
+
+
+def main():
+    args = parse_args()
+
+    app = QApplication(sys.argv)
+    window = TaffyExplorer(args)
+    window.create_comparison()
+    window.show()
+    sys.exit(app.exec())
+
+
+
+if __name__ == "__main__":
+    main()
+

traffic_taffy/graph.py

@@ -26,14 +26,6 @@ def parse_args():
         epilog="Exmaple Usage: ",
     )
 
-    parser.add_argument(
-        "-g",
-        "--graph-elements",
-        default=None,
-        type=str,
-        help="Graph these particular elements; the default is packet counts",
-    )
-
     parser.add_argument(
         "-o",
         "--output-file",
@@ -49,14 +41,6 @@ def parse_args():
         help="Define verbosity level (debug, info, warning, error, fotal, critical).",
     )
 
-    parser.add_argument(
-        "-b",
-        "--bin-size",
-        type=int,
-        default=1,
-        help="Bin results into this many seconds",
-    )
-
     parser.add_argument(
         "-i",
         "--interactive",

traffic_taffy/pcap_splitter.py

@@ -3,10 +3,11 @@
 import io
 import os
 import multiprocessing
+from traffic_taffy.dissector import PCAPDissector
 from typing import List
 import dpkt
 from concurrent.futures import ProcessPoolExecutor, Future
-from logging import debug
+from logging import debug, info
 
 
 class PCAPSplitter:
@@ -26,6 +27,7 @@ class PCAPSplitter:
         self.split_size: int = split_size
         self.maximum_count: int = maximum_count
         self.pcap_filter: str | None = pcap_filter
+        self.maximum_cores = maximum_cores
 
         self.header: bytes = None
         self.buffer: bytes = None
@@ -38,29 +40,46 @@ class PCAPSplitter:
         if not os.path.exists(self.pcap_file):
             raise ValueError(f"failed to find pcap file '{self.pcap_file}'")
 
-        if not self.split_size:
-            cores = multiprocessing.cpu_count()
-            if maximum_cores and cores > maximum_cores:
-                cores = maximum_cores
+    def set_split_size(self):
+        "Attempt to calculate a reasonable split size"
+        if self.split_size:
+            info(f"split size already set to {self.split_size}")
+            return self.split_size
 
-            if self.maximum_count:
-                # not ideal math, but better than nothing
-                self.split_size = int(self.maximum_count / cores)
+        cores = multiprocessing.cpu_count()
+        if self.maximum_cores and cores > self.maximum_cores:
+            cores = self.maximum_cores
+
+        if self.maximum_count and self.maximum_count > 0:
+            # not ideal math, but better than nothing
+            self.split_size = int(self.maximum_count / cores)
+        else:
+            if isinstance(self.our_data, io.BufferedReader):
+                # raw uncompressed file
+                divide_size = 1200
             else:
-                # even worse math and assumes generally large packets
-                stats = os.stat(self.pcap_file)
-                file_size = stats.st_size
-                self.split_size = int(file_size / 1200 / cores)
+                # likely a compressed file
+                divide_size = 5000
+
+            # even worse math and assumes generally large packets
+            stats = os.stat(self.pcap_file)
+            file_size = stats.st_size
+            self.split_size = int(file_size / divide_size / cores)
+            debug(
+                f"split info: {file_size=}, {divide_size=}, {cores=}, {self.split_size=}"
+            )
 
-            # even 1000 is kinda silly to split, but is better than nothing
-            self.split_size = min(self.split_size, 1000)
-            debug(f"setting PCAPSplitter split size to {self.split_size} for {cores}")
+        # even 1000 is kinda silly to split, but is better than nothing
+        self.split_size = max(self.split_size, 1000)
+        debug(f"setting PCAPSplitter split size to {self.split_size} for {cores} cores")
 
     def split(self) -> List[io.BytesIO] | List[Future]:
         "Does the actual reading and splitting"
         # open one for the dpkt reader and one for us independently
-        self.our_data = open(self.pcap_file, "rb")
-        self.dpkt_data = open(self.pcap_file, "rb")
+        self.our_data = PCAPDissector.open_maybe_compressed(self.pcap_file)
+        self.dpkt_data = PCAPDissector.open_maybe_compressed(self.pcap_file)
+
+        self.set_split_size()
 
         # read the first 24 bytes which is the pcap header
         self.header = self.our_data.read(24)

{traffic_taffy-0.2.dist-info → traffic_taffy-0.3.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: traffic-taffy
-Version: 0.2
+Version: 0.3.5
 Summary: A tool for doing differential analysis of pcap files
 Home-page: https://github.com/hardaker/traffic-taffy
 Author: Wes Hardaker
@@ -9,6 +9,11 @@ Classifier: Programming Language :: Python :: 3
 Classifier: Operating System :: OS Independent
 Requires-Python: >=3.7
 Description-Content-Type: text/markdown
+Requires-Dist: pandas
+Requires-Dist: rich
+Requires-Dist: seaborn
+Requires-Dist: scapy
+Requires-Dist: dpkt
 
 # Traffic Analysis of Fluctuating Flows (TAFFy)
 

traffic_taffy-0.3.5.dist-info/RECORD

@@ -0,0 +1,21 @@
+pcap_compare/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+pcap_compare/cache_info.py,sha256=22Fs5fNU_GzWwcAua_XfEFswRmlM8TmTbHXe2CYKQDE,1468
+pcap_compare/compare.py,sha256=xVRNmCsdUp1mEZub0SN2CW7osOZMgJuW__Cj9UA2DRE,9169
+pcap_compare/dissectmany.py,sha256=dxxChV0Qq9LeoPXiS0cCIEKFtO_RJwHxwOoPOZ3rwU8,681
+pcap_compare/dissector.py,sha256=iEZzLHJ7HubM3-UbZR461irXkZcpM8u_Aoa7GzWUMEY,17571
+pcap_compare/dissectorresults.py,sha256=LKoyX04Qjc6B7RnqtJgIWsyVnselJ9CygLkMAp3lhw0,647
+pcap_compare/graph.py,sha256=cioVq9JYNRVqzlRJSKLveGnGSEL9FkXDUyp-Y7osSkM,5935
+traffic_taffy/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+traffic_taffy/cache_info.py,sha256=zpuuJcPzJzyma37YJE4FwKSaOBAmzImDj0Khdn2x1FI,1623
+traffic_taffy/compare.py,sha256=-PvazIzp1ABvtZpjb1tjG9KAcnZYO_PU29FJpDNwPus,11654
+traffic_taffy/dissectmany.py,sha256=QCqnIhtMMIqHXPVg4KOIcUYaIyaDR_DCIKLoD41E1C0,2528
+traffic_taffy/dissector.py,sha256=M75VGvrv2M1NOJ2JkDaxemlxZWr10WswXN2sOTbcX9I,22085
+traffic_taffy/dissectorresults.py,sha256=LKoyX04Qjc6B7RnqtJgIWsyVnselJ9CygLkMAp3lhw0,647
+traffic_taffy/explore.py,sha256=QaRqr4UdpO72yxWMfg-WK9YkhQTXZwLzWX6K2qg18d0,6808
+traffic_taffy/graph.py,sha256=GZsuppEbMeJA9mr3OH-n5ba5sNT7l35P3Qv-eh1MR3E,6221
+traffic_taffy/pcap_splitter.py,sha256=qDZ0Nd81fIteQRVElyKsD1ncBi4lg07cmx8KPl_q3rY,4585
+traffic_taffy-0.3.5.dist-info/METADATA,sha256=sA9UeWzu1nJyFxcNOXFJ6dJNFDeGA48URLd4TpwrTx0,985
+traffic_taffy-0.3.5.dist-info/WHEEL,sha256=G16H4A3IeoQmnOrYV4ueZGKSjhipXx8zc8nu9FGlvMA,92
+traffic_taffy-0.3.5.dist-info/entry_points.txt,sha256=xabsmMHgr0Pek8ccdQoW6iAKqljueozDZW-q1hJ79eU,194
+traffic_taffy-0.3.5.dist-info/top_level.txt,sha256=wjeQaxXSKqUzrRtfbUlbSn8SoaL4VC73yudFAEtnIuo,14
+traffic_taffy-0.3.5.dist-info/RECORD,,

traffic_taffy-0.2.dist-info/RECORD

@@ -1,13 +0,0 @@
-traffic_taffy/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-traffic_taffy/cache_info.py,sha256=tmPmMJFhz74FDxLoqnQgki5qsUtoJBzkzk3w0ZAen0c,1369
-traffic_taffy/compare.py,sha256=SW-wT8y9jnWg9Hx3Fa-XdutHasjF-DjfhCIl3DQgoBM,9074
-traffic_taffy/dissectmany.py,sha256=ZsWKR9eid_Ft-HMLvl-Zy2jyofMeZTzqI8Dl0gZ5AWU,2530
-traffic_taffy/dissector.py,sha256=iwSUPQujI37h3EM17tic4zmk0GTZe8Xrp7Ov13t51k8,20064
-traffic_taffy/dissectorresults.py,sha256=LKoyX04Qjc6B7RnqtJgIWsyVnselJ9CygLkMAp3lhw0,647
-traffic_taffy/graph.py,sha256=gpf_64XBH9rM7uLQhYA3p0PTButfiUvcmY5SNLnq4IA,6569
-traffic_taffy/pcap_splitter.py,sha256=HKz7QOnekqxUut58TMPK3-dQmP98NIhL7Ii6ofFnxYY,3868
-traffic_taffy-0.2.dist-info/METADATA,sha256=tzkA86g8DlpwNMUuoSBl3Y4tzqNBjv0FROdqTawVUBc,877
-traffic_taffy-0.2.dist-info/WHEEL,sha256=G16H4A3IeoQmnOrYV4ueZGKSjhipXx8zc8nu9FGlvMA,92
-traffic_taffy-0.2.dist-info/entry_points.txt,sha256=xabsmMHgr0Pek8ccdQoW6iAKqljueozDZW-q1hJ79eU,194
-traffic_taffy-0.2.dist-info/top_level.txt,sha256=wjeQaxXSKqUzrRtfbUlbSn8SoaL4VC73yudFAEtnIuo,14
-traffic_taffy-0.2.dist-info/RECORD,,