PyPI - traffic-taffy - Versions diffs - 0.3.6__py3-none-any.whl → 0.4.1__py3-none-any.whl - Mend

traffic-taffy 0.3.6py3-none-any.whl → 0.4.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

traffic_taffy/cache_info.py +0 -6
traffic_taffy/compare.py +154 -250
traffic_taffy/comparison.py +26 -0
traffic_taffy/dissection.py +383 -0
traffic_taffy/dissectmany.py +20 -18
traffic_taffy/dissector.py +128 -476
traffic_taffy/dissector_engine/__init__.py +35 -0
traffic_taffy/dissector_engine/dpkt.py +98 -0
traffic_taffy/dissector_engine/scapy.py +98 -0
traffic_taffy/graph.py +23 -90
traffic_taffy/graphdata.py +35 -20
traffic_taffy/output/__init__.py +118 -0
traffic_taffy/output/console.py +72 -0
traffic_taffy/output/fsdb.py +50 -0
traffic_taffy/output/memory.py +51 -0
traffic_taffy/pcap_splitter.py +17 -36
traffic_taffy/tools/cache_info.py +65 -0
traffic_taffy/tools/compare.py +110 -0
traffic_taffy/tools/dissect.py +77 -0
traffic_taffy/tools/explore.py +686 -0
traffic_taffy/tools/graph.py +85 -0
{traffic_taffy-0.3.6.dist-info → traffic_taffy-0.4.1.dist-info}/METADATA +1 -1
traffic_taffy-0.4.1.dist-info/RECORD +29 -0
traffic_taffy-0.4.1.dist-info/entry_points.txt +6 -0
pcap_compare/cache_info.py +0 -46
pcap_compare/compare.py +0 -288
pcap_compare/dissectmany.py +0 -21
pcap_compare/dissector.py +0 -512
pcap_compare/dissectorresults.py +0 -21
pcap_compare/graph.py +0 -210
traffic_taffy/explore.py +0 -221
traffic_taffy-0.3.6.dist-info/RECORD +0 -22
traffic_taffy-0.3.6.dist-info/entry_points.txt +0 -5
{pcap_compare → traffic_taffy/tools}/__init__.py +0 -0
{traffic_taffy-0.3.6.dist-info → traffic_taffy-0.4.1.dist-info}/WHEEL +0 -0
{traffic_taffy-0.3.6.dist-info → traffic_taffy-0.4.1.dist-info}/top_level.txt +0 -0

traffic_taffy/dissector.py CHANGED Viewed

@@ -1,450 +1,90 @@
-"""Loads a PCAP file and counts contents with various levels of storage"""
-import os
-import pickle
-import ipaddress
-from enum import Enum
-from logging import warning, info, error, debug
+import sys
+from logging import warning, error
 from collections import Counter, defaultdict
-from scapy.all import sniff
-from typing import Any, List
-import dpkt
+from typing import List
 from rich import print
-from pcap_parallel import PCAPParallel as pcapp
-class PCAPDissectorType(Enum):
-    COUNT_ONLY = 1
-    THROUGH_IP = 2
-    DETAILED = 10
+from traffic_taffy.dissection import PCAPDissectorLevel, Dissection
 class PCAPDissector:
     "loads a pcap file and counts the contents in both time and depth"
-    TOTAL_COUNT: str = "__TOTAL__"
-    TOTAL_SUBKEY: str = "packet"
-    WIDTH_SUBKEY: str = "__WIDTH__"
-    DISSECTION_KEY: str = "PCAP_DISSECTION_VERSION"
-    DISSECTION_VERSION: int = 4
-    def print_mac_address(value):
-        "Converts bytes to ethernet mac style address"
-        # TODO: certainly inefficient
-        def two_hex(value):
-            return f"{value:02x}"
-        return ":".join(map(two_hex, value))
-    display_transformers = {
-        "Ethernet.IP.src": ipaddress.ip_address,
-        "Ethernet.IP.dst": ipaddress.ip_address,
-        "Ethernet.IP6.src": ipaddress.ip_address,
-        "Ethernet.IP6.dst": ipaddress.ip_address,
-        "Ethernet.src": print_mac_address,
-        "Ethernet.dst": print_mac_address,
-    }
     def __init__(
         self,
         pcap_file: str,
         bin_size: int = 0,
         maximum_count: int = 0,
-        dissector_level: PCAPDissectorType = PCAPDissectorType.DETAILED,
+        dissector_level: PCAPDissectorLevel = PCAPDissectorLevel.DETAILED,
         pcap_filter: str | None = None,
         cache_results: bool = False,
+        cache_file_suffix: str = "taffy",
+        ignore_list: list = [],
     ):
         self.pcap_file = pcap_file
-        self.bin_size = bin_size
         self.dissector_level = dissector_level
         self.pcap_filter = pcap_filter
         self.maximum_count = maximum_count
         self.cache_results = cache_results
+        self.bin_size = bin_size
+        if cache_file_suffix[0] != ".":
+            cache_file_suffix = "." + cache_file_suffix
+        self.cache_file_suffix = cache_file_suffix
+        self.ignore_list = ignore_list
-        self.parameters = [
-            "pcap_file",
-            "bin_size",
-            "dissector_level",
-            "pcap_filter",
-            "maximum_count",
-        ]
-        self.settable_from_cache = ["bin_size", "dissector_level", "maximum_count"]
-        # TODO: convert to a factory
-        self.data = {0: defaultdict(Counter)}
-        if dissector_level == PCAPDissectorType.COUNT_ONLY and bin_size == 0:
+        if dissector_level == PCAPDissectorLevel.COUNT_ONLY and bin_size == 0:
             warning("counting packets only with no binning is unlikely to be helpful")
     @property
-    def data(self):
-        return self._data
-    @data.setter
-    def data(self, value):
-        self._data = value
-    @staticmethod
-    def find_data(
-        data,
-        timestamps: List[int] | None = None,
-        match_string: str | None = None,
-        match_value: str | None = None,
-        minimum_count: int | None = None,
-        make_printable: bool = False,
-    ):
-        if not timestamps:
-            timestamps = data.keys()
-        for timestamp in timestamps:
-            for key in sorted(data[timestamp]):
-                if match_string and match_string not in key:
-                    continue
-                for subkey, count in sorted(
-                    data[timestamp][key].items(), key=lambda x: x[1], reverse=True
-                ):
-                    if minimum_count and abs(count) < minimum_count:
-                        continue
-                    if make_printable:
-                        subkey = PCAPDissector.make_printable(key, subkey)
-                        count = PCAPDissector.make_printable(None, count)
-                    if match_value and match_value not in subkey:
-                        continue
-                    yield (timestamp, key, subkey, count)
-    @staticmethod
-    def calculate_metadata(data):
-        "Calculates things like the number of value entries within each key/subkey"
-        # TODO: do we do this with or without key and value matches?
-        for timestamp in data.keys():
-            for key in data[timestamp]:
-                if PCAPDissector.WIDTH_SUBKEY in data[timestamp][key]:
-                    # make sure to avoid counting itself
-                    del data[timestamp][key][PCAPDissector.WIDTH_SUBKEY]
-                data[timestamp][key][PCAPDissector.WIDTH_SUBKEY] = len(
-                    data[timestamp][key]
-                )
-    def incr(self, key: str, value: Any, count: int = 1):
-        # always save a total count at the zero bin
-        # note: there should be no recorded tcpdump files from 1970 Jan 01 :-)
-        self.data[0][key][value] += count
-        if self.timestamp:
-            if self.timestamp not in self.data:
-                self.data[self.timestamp] = defaultdict(Counter)
-            self.data[self.timestamp][key][value] += count
-    def load_from_cache(self) -> dict | None:
-        if not self.pcap_file or not isinstance(self.pcap_file, str):
-            return None
-        if not (self.cache_results and os.path.exists(self.pcap_file + ".pkl")):
-            return None
-        cached_file = self.pcap_file + ".pkl"
-        cached_contents = self.load_saved(cached_file, dont_overwrite=True)
-        ok_to_load = True
-        if cached_contents[self.DISSECTION_KEY] != self.DISSECTION_VERSION:
-            debug(
-                "dissection cache version ({cached_contents[self.DISSECTION_KEY]}) differs from code version {self.DISSECTION_VERSION}"
-            )
-            ok_to_load = False
-        # a zero really is a 1 since bin(0) still does int(timestamp)
-        if (
-            cached_contents["parameters"]["bin_size"] == 0
-            or cached_contents["parameters"]["bin_size"] is None
-        ):
-            cached_contents["parameters"]["bin_size"] = 1
-        for parameter in self.parameters:
-            specified = getattr(self, parameter)
-            cached = cached_contents["parameters"][parameter]
-            if not specified and parameter in self.settable_from_cache:
-                # inherit from the cache
-                setattr(self, parameter, cached)
-                continue
-            if specified and specified != cached:
-                # special checks for certain types of parameters:
-                if parameter == "dissector_level":
-                    debug("------------ here 1")
-                if parameter == "dissector_level" and specified <= cached:
-                    debug(f"here with dissector_level {specified} and {cached}")
-                    # loading a more detailed cache is ok
-                    continue
-                if parameter == "pcap_file" and os.path.basename(
-                    specified
-                ) == os.path.basename(cached):
-                    # as long as the basename is ok, we'll assume it's a different path
-                    # TODO: only store basename?
-                    continue
-                debug(
-                    f"parameter {parameter} doesn't match: specified={specified} != cached={cached}"
-                )
-                ok_to_load = False
-        if ok_to_load:
-            info(f"loading cached pcap contents from {cached_file}")
-            self.load_saved_contents(cached_contents)
-            return self.data
-        error(f"Failed to load cached data for {self.pcap_file} due to differences")
-        error("refusing to continue -- remove the cache to recreate it")
-        raise ValueError(
-            "INCOMPATIBLE CACHE: remove the cache or don't use it to continue"
+    def dissection(self):
+        return self._dissection
+    @dissection.setter
+    def dissection(self, new_dissection):
+        self._dissection = new_dissection
+    def dissection_args(self):
+        return (
+            self.pcap_file,
+            self.pcap_filter,
+            self.maximum_count,
+            self.bin_size,
+            self.dissector_level,
+            self.cache_file_suffix,
+            set(self.ignore_list),
         )
-    def load(self) -> dict:
+    def load_from_cache(self, force: bool = False):
+        if self.cache_results:
+            args = self.dissection_args()
+            self.dissection = Dissection(*args)
+            cached_data = self.dissection.load_from_cache(force=force)
+            if cached_data:
+                return cached_data
+    def load(self, force: bool = False) -> dict:
         "Loads data from a pcap file or its cached results"
-        cached_data = self.load_from_cache()
+        cached_data = self.load_from_cache(force=force)
         if cached_data:
             return cached_data
+        engine = None
+        args = self.dissection_args()
         if (
-            self.dissector_level == PCAPDissectorType.DETAILED
-            or self.dissector_level == PCAPDissectorType.DETAILED.value
+            self.dissector_level == PCAPDissectorLevel.DETAILED
+            or self.dissector_level == PCAPDissectorLevel.DETAILED.value
         ):
-            return self.load_via_scapy()
-        else:
-            return self.load_via_dpkt()
-    def dpkt_callback(self, timestamp: float, packet: bytes):
-        # if binning is requested, save it in a binned time slot
-        self.timestamp = int(timestamp)
-        if self.bin_size:
-            self.timestamp = self.timestamp - self.timestamp % self.bin_size
-        self.incr(self.TOTAL_COUNT, self.TOTAL_SUBKEY)
-        if self.dissector_level.value >= PCAPDissectorType.THROUGH_IP.value:
-            eth = dpkt.ethernet.Ethernet(packet)
-            # these names are designed to match scapy names
-            self.incr("Ethernet.dst", eth.dst)
-            self.incr("Ethernet.src", eth.src)
-            self.incr("Ethernet.type", eth.type)
-            if isinstance(eth.data, dpkt.ip.IP):
-                ip = eth.data
-                IPVER = "IP"
-                if ip.v == 6:
-                    IPVER = "IPv6"
-                # TODO: make sure all these match scapy
-                self.incr(f"Ethernet.{IPVER}.dst", ip.dst)
-                self.incr(f"Ethernet.{IPVER}.src", ip.src)
-                self.incr(f"Ethernet.{IPVER}.df", ip.df)
-                self.incr(f"Ethernet.{IPVER}.offset", ip.offset)
-                self.incr(f"Ethernet.{IPVER}.tos", ip.tos)
-                self.incr(f"Ethernet.{IPVER}.len", ip.len)
-                self.incr(f"Ethernet.{IPVER}.id", ip.id)
-                self.incr(f"Ethernet.{IPVER}.hl", ip.hl)
-                self.incr(f"Ethernet.{IPVER}.rf", ip.rf)
-                self.incr(f"Ethernet.{IPVER}.p", ip.p)
-                self.incr(f"Ethernet.{IPVER}.chksum", ip.sum)
-                self.incr(f"Ethernet.{IPVER}.tos", ip.tos)
-                self.incr(f"Ethernet.{IPVER}.version", ip.v)
-                self.incr(f"Ethernet.{IPVER}.ttl", ip.ttl)
-                if isinstance(ip.data, dpkt.udp.UDP):
-                    udp = ip.data
-                    self.incr(f"Ethernet.{IPVER}.UDP.sport", udp.sport)
-                    self.incr(f"Ethernet.{IPVER}.UDP.dport", udp.dport)
-                    self.incr(f"Ethernet.{IPVER}.UDP.len", udp.ulen)
-                    self.incr(f"Ethernet.{IPVER}.UDP.chksum", udp.sum)
-                    # TODO: handle DNS and others for level 3
-                elif isinstance(ip.data, dpkt.tcp.TCP):
-                    # TODO
-                    tcp = ip.data
-                    self.incr(f"Ethernet.{IPVER}.TCP.sport", tcp.sport)
-                    self.incr(f"Ethernet.{IPVER}.TCP.dport", tcp.dport)
-                    self.incr(f"Ethernet.{IPVER}.TCP.seq", tcp.seq)
-                    self.incr(f"Ethernet.{IPVER}.TCP.flags", tcp.flags)
-                    # self.incr(f"Ethernet.{IPVER}.TCP.reserved", tcp.reserved)
-                    self.incr(f"Ethernet.{IPVER}.TCP.window", tcp.win)
-                    self.incr(f"Ethernet.{IPVER}.TCP.chksum", tcp.sum)
-                    self.incr(f"Ethernet.{IPVER}.TCP.options", tcp.opts)
-                    # TODO: handle DNS and others for level 3
-    def load_via_dpkt(self) -> dict:
-        self.data = {0: defaultdict(Counter)}
-        if isinstance(self.pcap_file, str):
-            pcap = dpkt.pcap.Reader(pcapp.open_maybe_compressed(self.pcap_file))
-        else:
-            # it's an open handle already
-            pcap = dpkt.pcap.Reader(self.pcap_file)
-        if self.pcap_filter:
-            pcap.setfilter(self.pcap_filter)
-        pcap.dispatch(self.maximum_count, self.dpkt_callback)
-        self.calculate_metadata(self.data)
-        self.save_to_cache()
-        return self.data
-    def add_scapy_item(self, field_value, prefix: str) -> None:
-        "Adds an item to the self.data regardless of it's various types"
-        if isinstance(field_value, list):
-            if len(field_value) > 0:
-                # if it's a list of tuples, count the (eg TCP option) names
-                # TODO: values can be always the same or things like timestamps
-                #       that will always change or are too unique
-                if isinstance(field_value[0], tuple):
-                    for item in field_value:
-                        self.incr(prefix, item[0])
-                else:
-                    for item in field_value:
-                        self.add_scapy_item(item, prefix)
-            # else:
-            #     debug(f"ignoring empty-list: {field_value}")
-        elif (
-            isinstance(field_value, str)
-            or isinstance(field_value, int)
-            or isinstance(field_value, float)
-        ):
-            self.incr(prefix, field_value)
-        elif isinstance(field_value, bytes):
-            try:
-                converted = field_value.decode("utf-8")
-                self.incr(prefix, converted)
-            except Exception:
-                converted = "0x" + field_value.hex()
-                self.incr(prefix, converted)
-    def add_scapy_layer(self, layer, prefix: str | None = "") -> None:
-        "Analyzes a layer to add counts to each layer sub-component"
-        if hasattr(layer, "fields_desc"):
-            name_list = [field.name for field in layer.fields_desc]
-        elif hasattr(layer, "fields"):
-            name_list = [field.name for field in layer.fields]
+            from traffic_taffy.dissector_engine.scapy import DissectionEngineScapy
+            engine = DissectionEngineScapy(*args)
         else:
-            warning(f"unavailable to deep dive into: {layer}")
-            return
-        for field_name in name_list:
-            try:
-                field_value = getattr(layer, field_name)
-                if hasattr(field_value, "fields"):
-                    self.add_scapy_layer(field_value, prefix + field_name + ".")
-                else:
-                    self.add_scapy_item(field_value, prefix + field_name)
-            except Exception:
-                warning(f"scapy error at '{prefix}' in field '{field_name}'")
-    def scapy_callback(self, packet):
-        prefix = "."
-        self.timestamp = int(packet.time)
-        if self.bin_size:
-            self.timestamp = self.timestamp - self.timestamp % self.bin_size
-        self.incr(self.TOTAL_COUNT, self.TOTAL_SUBKEY)
-        for payload in packet.iterpayloads():
-            prefix = f"{prefix}{payload.name}."
-            self.add_scapy_layer(payload, prefix[1:])
-    def load_via_scapy(self) -> dict:
-        "Loads a pcap file into a nested dictionary of statistical counts"
-        load_this = self.pcap_file
-        if isinstance(self.pcap_file, str):
-            load_this = pcapp.open_maybe_compressed(self.pcap_file)
-        sniff(
-            offline=load_this,
-            prn=self.scapy_callback,
-            store=0,
-            count=self.maximum_count,
-            filter=self.pcap_filter,
-        )
-        self.calculate_metadata(self.data)
-        self.save_to_cache()
-        return self.data
-    def save_to_cache(self):
-        if self.pcap_file and isinstance(self.pcap_file, str) and self.cache_results:
-            self.save(self.pcap_file + ".pkl")
-    def save(self, where: str) -> None:
-        "Saves a generated dissection to a pickle file"
-        # wrap the report in a version header
-        versioned_cache = {
-            self.DISSECTION_KEY: self.DISSECTION_VERSION,
-            "file": self.pcap_file,
-            "parameters": {},
-            "dissection": self.data,
-        }
-        for parameter in self.parameters:
-            versioned_cache["parameters"][parameter] = getattr(self, parameter)
-            # TODO: fix this hack
-            # basically, bin_size of 0 is 1...  but it may be faster
-            # to leave it at zero to avoid the bin_size math of 1,
-            # which is actually a math noop that will still consume
-            # cycles.  We save it as 1 though since the math is past
-            # us and a 1 value is more informative to the user.
-            if parameter == "bin_size" and self.bin_size == 0:
-                versioned_cache["parameters"][parameter] = 1
-        # save it
-        info(f"caching PCAP data to '{where}'")
-        pickle.dump(versioned_cache, open(where, "wb"))
-    def load_saved_contents(self, versioned_cache):
-        # set the local parameters from the cache
-        for parameter in self.parameters:
-            setattr(self, parameter, versioned_cache["parameters"][parameter])
-        # load the data
-        self.data = versioned_cache["dissection"]
-    def load_saved(self, where: str, dont_overwrite: bool = False) -> dict:
-        "Loads a previous saved report from a file instead of re-parsing pcaps"
-        contents = pickle.load(open(where, "rb"))
-        # check that the version header matches something we understand
-        if contents["PCAP_DISSECTION_VERSION"] != self.DISSECTION_VERSION:
-            raise ValueError(
-                "improper saved dissection version: report version = "
-                + str(contents["PCAP_COMPARE_VERSION"])
-                + ", our version: "
-                + str(self.DISSECTION_VERSION)
-            )
-        if not dont_overwrite:
-            self.load_saved_contents(contents)
-        return contents
-    @staticmethod
-    def make_printable(value_type: str, value: Any) -> str:
-        try:
-            if isinstance(value, bytes):
-                if value_type in PCAPDissector.display_transformers:
-                    value = str(PCAPDissector.display_transformers[value_type](value))
-                else:
-                    value = "0x" + value.hex()
-            else:
-                value = str(value)
-        except Exception:
-            if isinstance(value, bytes):
-                value = "0x" + value.hex()
-            else:
-                value = "[unprintable]"
-        return value
+            from traffic_taffy.dissector_engine.dpkt import DissectionEngineDpkt
+            engine = DissectionEngineDpkt(*args)
+        self.dissection = engine.load()
+        if self.cache_results:
+            self.dissection.save_to_cache()
+        return self.dissection
     def print(
         self,
@@ -453,8 +93,7 @@ class PCAPDissector:
         match_value: str | None = None,
         minimum_count: int | None = None,
     ) -> None:
-        for timestamp, key, subkey, value in self.find_data(
-            self._data,
+        for timestamp, key, subkey, value in self.dissection.find_data(
             timestamps=timestamps,
             match_string=match_string,
             match_value=match_value,
@@ -463,6 +102,30 @@ class PCAPDissector:
         ):
             print(f"{key:<30} {subkey:<30} {value}")
+    def print_to_fsdb(
+        self,
+        timestamps: List[int] | None = [0],
+        match_string: str | None = None,
+        match_value: str | None = None,
+        minimum_count: int | None = None,
+    ) -> None:
+        import pyfsdb
+        fh = pyfsdb.Fsdb(
+            out_file_handle=sys.stdout,
+            out_column_names=["key", "subkey", "value"],
+            converters={"value": int},
+        )
+        for timestamp, key, subkey, value in self.dissection.find_data(
+            timestamps=timestamps,
+            match_string=match_string,
+            match_value=match_value,
+            minimum_count=minimum_count,
+            make_printable=True,
+        ):
+            fh.append([key, subkey, value])
+        fh.close()
 def dissector_add_parseargs(parser, add_subgroup: bool = True):
     if add_subgroup:
@@ -471,15 +134,44 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
     parser.add_argument(
         "-d",
         "--dissection-level",
-        default=PCAPDissectorType.THROUGH_IP.value,
+        default=PCAPDissectorLevel.THROUGH_IP.value,
         type=int,
         help="Dump to various levels of detail (1-10, with 10 is the most detailed and slowest)",
     )
+    parser.add_argument(
+        "-I",
+        "--ignore-list",
+        default=[
+            "Ethernet.IP.TCP.seq",
+            "Ethernet.IP.TCP.ack",
+            "Ethernet.IPv6.TCP.seq",
+            "Ethernet.IPv6.TCP.ack",
+            "Ethernet.IP.UDP.DNS.id",
+            "Ethernet.IP.TCP.DNS.id",
+            "Ethernet.IPv6.UDP.DNS.id",
+            "Ethernet.IPv6.TCP.DNS.id",
+            "Ethernet.IP.id",
+            "Ethernet.IP.chksum",
+            "Ethernet.IP.UDP.chksum",
+            "Ethernet.IP.TCP.chksum",
+            "Ethernet.IPv6.UDP.chksum" "Ethernet.IPv6.fl",
+            "Ethernet.IP.ICMP.chksum",
+            "Ethernet.IP.ICMP.id",
+            "Ethernet.IP.ICMP.seq",
+            "Ethernet.IP.TCP.Padding.load",
+            "Ethernet.IPv6.TCP.chksum",
+            "Ethernet.IPv6.plen",
+        ],
+        nargs="*",
+        type=str,
+        help="A list of (unlikely to be useful) packet fields to ignore",
+    )
     parser.add_argument(
         "-n",
         "--packet-count",
-        default=-1,
+        default=0,
         type=int,
         help="Maximum number of packets to analyze",
     )
@@ -488,7 +180,6 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
         "-b",
         "--bin-size",
         type=int,
-        default=3600,
         help="Bin results into this many seconds",
     )
@@ -496,7 +187,21 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
         "-C",
         "--cache-pcap-results",
         action="store_true",
-        help="Cache and use PCAP results into/from a .pkl file",
+        help="Cache and use PCAP results into/from a cache file file",
+    )
+    parser.add_argument(
+        "--cache-file-suffix",
+        "--cs",
+        type=str,
+        default="taffy",
+        help="The suffix file to use when creating cache files",
+    )
+    parser.add_argument(
+        "--force",
+        action="store_true",
+        help="Force continuing with an incompatible cache (and rewriting it)",
     )
     return parser
@@ -535,9 +240,9 @@ def limitor_add_parseargs(parser, add_subgroup: bool = True):
 def check_dissector_level(level: int):
     current_dissection_levels = [
-        PCAPDissectorType.COUNT_ONLY.value,
-        PCAPDissectorType.THROUGH_IP.value,
-        PCAPDissectorType.DETAILED.value,
+        PCAPDissectorLevel.COUNT_ONLY.value,
+        PCAPDissectorLevel.THROUGH_IP.value,
+        PCAPDissectorLevel.DETAILED.value,
     ]
     if level not in current_dissection_levels:
         error(f"currently supported dissection levels: {current_dissection_levels}")
@@ -553,56 +258,3 @@ def pcap_data_merge(d1: dict, d2: dict):
                 d1[key] = defaultdict(Counter)
             d1[key][subkey] += d2[key][subkey]
     return d1
-def main():
-    from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter
-    import logging
-    def parse_args():
-        "Parse the command line arguments."
-        parser = ArgumentParser(
-            formatter_class=ArgumentDefaultsHelpFormatter,
-            description=__doc__,
-            epilog="Exmaple Usage: ",
-        )
-        parser.add_argument(
-            "--log-level",
-            "--ll",
-            default="info",
-            help="Define the logging verbosity level (debug, info, warning, error, fotal, critical).",
-        )
-        dissector_add_parseargs(parser)
-        limitor_add_parseargs(parser)
-        parser.add_argument("input_file", type=str, help="input pcap file")
-        args = parser.parse_args()
-        log_level = args.log_level.upper()
-        logging.basicConfig(level=log_level, format="%(levelname)-10s:\t%(message)s")
-        return args
-    args = parse_args()
-    check_dissector_level(args.dissection_level)
-    pd = PCAPDissector(
-        args.input_file,
-        bin_size=args.bin_size,
-        dissector_level=args.dissection_level,
-        maximum_count=args.packet_count,
-        cache_results=args.cache_pcap_results,
-    )
-    pd.load()
-    pd.print(
-        timestamps=[0],
-        match_string=args.match_string,
-        match_value=args.match_value,
-        minimum_count=args.minimum_count,
-    )
-if __name__ == "__main__":
-    main()

traffic-taffy 0.3.6__py3-none-any.whl → 0.4.1__py3-none-any.whl

traffic-taffy 0.3.6py3-none-any.whl → 0.4.1py3-none-any.whl