traffic-taffy 0.3.6__py3-none-any.whl → 0.4.1__py3-none-any.whl

traffic_taffy/tools/graph.py

@@ -0,0 +1,85 @@
+"""Read a PCAP file and graph it or parts of it"""
+
+from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter
+from traffic_taffy.graph import PcapGraph
+from traffic_taffy.dissector import (
+    dissector_add_parseargs,
+    limitor_add_parseargs,
+    check_dissector_level,
+)
+import logging
+
+
+def parse_args():
+    "Parse the command line arguments."
+    parser = ArgumentParser(
+        formatter_class=ArgumentDefaultsHelpFormatter,
+        description=__doc__,
+        epilog="Exmaple Usage: ",
+    )
+
+    parser.add_argument(
+        "-o",
+        "--output-file",
+        default=None,
+        type=str,
+        help="Where to save the output (png)",
+    )
+
+    parser.add_argument(
+        "-p",
+        "--by-percentage",
+        action="store_true",
+        help="Graph by percentage of traffic rather than by value",
+    )
+
+    parser.add_argument(
+        "-i",
+        "--interactive",
+        action="store_true",
+        help="Prompt repeatedly for graph data to create",
+    )
+
+    parser.add_argument(
+        "--log-level",
+        "--ll",
+        default="info",
+        help="Define verbosity level (debug, info, warning, error, fotal, critical).",
+    )
+
+    dissector_add_parseargs(parser)
+    limitor_add_parseargs(parser)
+
+    parser.add_argument("input_file", type=str, help="PCAP file to graph", nargs="+")
+
+    args = parser.parse_args()
+    log_level = args.log_level.upper()
+    logging.basicConfig(level=log_level, format="%(levelname)-10s:\t%(message)s")
+    logging.getLogger("matplotlib.font_manager").setLevel(logging.ERROR)
+    return args
+
+
+def main():
+    args = parse_args()
+
+    check_dissector_level(args.dissection_level)
+
+    pc = PcapGraph(
+        args.input_file,
+        args.output_file,
+        maximum_count=args.packet_count,
+        minimum_count=args.minimum_count,
+        bin_size=args.bin_size,
+        match_string=args.match_string,
+        match_value=args.match_value,
+        cache_pcap_results=args.cache_pcap_results,
+        dissector_level=args.dissection_level,
+        interactive=args.interactive,
+        by_percentage=args.by_percentage,
+        ignore_list=args.ignore_list,
+    )
+    pc.graph_it()
+
+
+if __name__ == "__main__":
+    main()

{traffic_taffy-0.3.6.dist-info → traffic_taffy-0.4.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: traffic-taffy
-Version: 0.3.6
+Version: 0.4.1
 Summary: A tool for doing differential analysis of pcap files
 Home-page: https://github.com/hardaker/traffic-taffy
 Author: Wes Hardaker

traffic_taffy-0.4.1.dist-info/RECORD

@@ -0,0 +1,29 @@
+traffic_taffy/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+traffic_taffy/cache_info.py,sha256=tmPmMJFhz74FDxLoqnQgki5qsUtoJBzkzk3w0ZAen0c,1369
+traffic_taffy/compare.py,sha256=RumWfKrJimdJ3s00gVcnFPEY_yeETpWhzg4l9JuPVHI,10103
+traffic_taffy/comparison.py,sha256=goGJbJsr8mzMqRvrJOXxW9QJaLZUg4W85Ji7Bjl-UKA,583
+traffic_taffy/dissection.py,sha256=q27ab-2oN1avXfyoFBhIUb9ZHsikcPm8A_ceQn662XQ,13792
+traffic_taffy/dissectmany.py,sha256=h3tIIQhNCD2OaOev2M2WKAhk5HBX_vw6uhzLZAjohHM,2679
+traffic_taffy/dissector.py,sha256=5XynUhIy80B1ZuWkMBTjeS8_Q1xJYaDp9w3DpQT75w0,7746
+traffic_taffy/dissectorresults.py,sha256=LKoyX04Qjc6B7RnqtJgIWsyVnselJ9CygLkMAp3lhw0,647
+traffic_taffy/graph.py,sha256=xO58IkMmfdgIEt04w06wmJhcdEGVzJxGMl1x7LnC-6k,3409
+traffic_taffy/graphdata.py,sha256=Aa3wTyI_nkOtQQ35Qwv93qGNyytZyNW5V6TvAx9JDb4,2256
+traffic_taffy/pcap_splitter.py,sha256=HKz7QOnekqxUut58TMPK3-dQmP98NIhL7Ii6ofFnxYY,3868
+traffic_taffy/dissector_engine/__init__.py,sha256=iGi_DUtyTRaZxcb2qNbZSuSgE0ITBUpHRNQivo0gwx8,1190
+traffic_taffy/dissector_engine/dpkt.py,sha256=uby0j6LFCjnxQvyR2APhKKtydKJmHV6ANn1oODRyIPo,4256
+traffic_taffy/dissector_engine/scapy.py,sha256=0MMRQt3LTZ7dsEWBXnO4Lk8buQ4vH-9jEkXExuGis48,3799
+traffic_taffy/output/__init__.py,sha256=0laqOfA1LvqlgL0IVDMp-qnwDIQuPLDvrpT3qV-RhjU,3455
+traffic_taffy/output/console.py,sha256=me-BPAHwgqvl5tS-EvHmEPUEt6ryn0Rcj76lfGJazSc,2315
+traffic_taffy/output/fsdb.py,sha256=c_XwjPdLcl85MZwBY7VgbPymqDZje8St_HmyJl_9LFU,1449
+traffic_taffy/output/memory.py,sha256=McYpPbg4kux_U21OabE4lUhrgT60V0eKUiey0Udzc9s,1502
+traffic_taffy/tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+traffic_taffy/tools/cache_info.py,sha256=4SZVdcwA_36YLyIYN8F5AbKaM-xCLj8P089wE2fKXCA,1933
+traffic_taffy/tools/compare.py,sha256=f2A1bDmMZc_TZkAGWCEpcFcQVXkO83aVYpMi013kFbg,3016
+traffic_taffy/tools/dissect.py,sha256=fVfZ_fHOkiHaa51QF7uhTJlknkphw-AWssLF2zWYWCs,2089
+traffic_taffy/tools/explore.py,sha256=Y_fjBDwDkghvK_bvrXevKSBc1qqpfQqkuRngr33T7PY,24888
+traffic_taffy/tools/graph.py,sha256=8o3jxtRDgoXmb9vJXndc4agNzBlYQlNrC3jW5Cn-uAY,2215
+traffic_taffy-0.4.1.dist-info/METADATA,sha256=BEdOspLVEQkIXc1YObuDSyIq9gnUz3rDgJGIXnH85uU,1014
+traffic_taffy-0.4.1.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
+traffic_taffy-0.4.1.dist-info/entry_points.txt,sha256=pl_Acah6y3vbCuS52Thx21WJ91YMzTs8Cdftz9740dk,267
+traffic_taffy-0.4.1.dist-info/top_level.txt,sha256=wjeQaxXSKqUzrRtfbUlbSn8SoaL4VC73yudFAEtnIuo,14
+traffic_taffy-0.4.1.dist-info/RECORD,,

traffic_taffy-0.4.1.dist-info/entry_points.txt

@@ -0,0 +1,6 @@
+[console_scripts]
+taffy-cache-info = traffic_taffy.tools.cache_info:main
+taffy-compare = traffic_taffy.tools.compare:main
+taffy-dissect = traffic_taffy.tools.dissect:main
+taffy-explorer = traffic_taffy.tools.explorer:main
+taffy-graph = traffic_taffy.tools.graph:main

pcap_compare/cache_info.py

@@ -1,46 +0,0 @@
-"""Loads the cached data for a file to display the results about it"""
-
-from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter, FileType
-from logging import debug, info, warning, error, critical
-from rich import print
-import logging
-import sys
-import pickle
-
-def parse_args():
-    "Parse the command line arguments."
-    parser = ArgumentParser(formatter_class=ArgumentDefaultsHelpFormatter,
-                            description=__doc__,
-                            epilog="Exmaple Usage: ")
-
-    parser.add_argument("--log-level", "--ll", default="info",
-                        help="Define the logging verbosity level (debug, info, warning, error, fotal, critical).")
-
-    parser.add_argument("cache_file", type=str,
-                        help="The cache file to load and display information about")
-
-    args = parser.parse_args()
-    log_level = args.log_level.upper()
-    logging.basicConfig(level=log_level,
-                        format="%(levelname)-10s:\t%(message)s")
-    return args
-
-def main():
-    args = parse_args()
-    contents = pickle.load(open(args.cache_file, "rb"))
-
-    # play the major keys
-    for key in contents.keys():
-        if key != 'dissection' and key != 'parameters':
-            print(f"{key:<20} {contents[key]}")
-
-    # then the minors
-    print("parameters:")
-    for key in contents['parameters']:
-        print(f"    {key:<16} {contents['parameters'][key]}")
-    
-    
-
-
-if __name__ == "__main__":
-    main()

pcap_compare/compare.py

@@ -1,288 +0,0 @@
-"""Takes a set of pcap files to compare and creates a report"""
-
-import logging
-from logging import info
-from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter
-from typing import List
-from rich.console import Console
-from pcap_compare.dissectmany import PCAPDissectMany
-from pcap_compare.dissector import (
-    PCAPDissectorType,
-    dissector_add_parseargs,
-    limitor_add_parseargs,
-    PCAPDissector,
-    check_dissector_level,
-)
-
-
-class PcapCompare:
-    "Takes a set of PCAPs to then perform various comparisons upon"
-
-    REPORT_VERSION: int = 2
-
-    def __init__(
-        self,
-        pcaps: List[str],
-        maximum_count: int | None = None,
-        deep: bool = True,
-        print_threshold: float = 0.0,
-        print_minimum_count: int | None = None,
-        print_match_string: str | None = None,
-        pkt_filter: str | None = None,
-        only_positive: bool = False,
-        only_negative: bool = False,
-        cache_results: bool = False,
-        dissection_level: PCAPDissectorType = PCAPDissectorType.COUNT_ONLY,
-    ) -> None:
-
-        self.pcaps = pcaps
-        self.deep = deep
-        self.maximum_count = maximum_count
-        self.print_threshold = print_threshold
-        self.print_minimum_count = print_minimum_count
-        self.print_match_string = print_match_string
-        self.pkt_filter = pkt_filter
-        self.only_positive = only_positive
-        self.only_negative = only_negative
-        self.cache_results = cache_results
-        self.dissection_level = dissection_level
-
-    def compare_results(self, report1: dict, report2: dict) -> dict:
-        "compares the results from two reports"
-
-        # TODO: handle recursive depths, where items are subtrees rather than Counters
-
-        report = {}
-
-        # TODO: we're only (currently) doing full pcap compares
-        report1 = report1[0]
-        report2 = report2[0]
-
-        for key in report1:
-            # TODO: deal with missing keys from one set
-            report1_total = report1[key].total()
-            report2_total = report2[key].total()
-            report[key] = {}
-
-            for subkey in report1[key].keys():
-                delta = 0.0
-                total = 0
-                if subkey in report1[key] and subkey in report2[key]:
-                    delta = (
-                        report2[key][subkey] / report2_total
-                        - report1[key][subkey] / report1_total
-                    )
-                    total = report2[key][subkey] + report1[key][subkey]
-                    ref_count = report1[key][subkey]
-                    comp_count = report2[key][subkey]
-                else:
-                    delta = -1.0
-                    total = report1[key][subkey]
-                    ref_count = report1[key][subkey]
-                    comp_count = 0
-
-                report[key][subkey] = {
-                    "delta": delta,
-                    "total": total,
-                    "ref_count": ref_count,
-                    "comp_count": comp_count,
-                }
-
-            for subkey in report2[key].keys():
-                if subkey not in report[key]:
-                    delta = 1.0
-                    total = report2[key][subkey]
-                    ref_count = 0
-                    comp_count = report2[key][subkey]
-
-                    report[key][subkey] = {
-                        "delta": delta,
-                        "total": total,
-                        "ref_count": ref_count,
-                        "comp_count": comp_count,
-                    }
-
-        return report
-
-    def filter_check(self, data: dict) -> bool:
-        "Returns true if we should include it"
-        delta: float = data["delta"]
-        total: int = data["total"]
-
-        if self.only_positive and delta <= 0:
-            return False
-
-        if self.only_negative and delta >= 0:
-            return False
-
-        if not self.print_threshold and not self.print_minimum_count:
-            # always print
-            return True
-
-        if self.print_threshold and not self.print_minimum_count:
-            # check print_threshold as a fraction
-            if abs(delta) > self.print_threshold:
-                return True
-        elif not self.print_threshold and self.print_minimum_count:
-            # just check print_minimum_count
-            if total > self.print_minimum_count:
-                return True
-        else:
-            # require both
-            if total > self.print_minimum_count and abs(delta) > self.print_threshold:
-                return True
-
-        return False
-
-    def print_report(self, report: dict) -> None:
-        "prints a report to the console"
-        console = Console()
-        for key in sorted(report):
-            reported: bool = False
-
-            if self.print_match_string and self.print_match_string not in key:
-                continue
-
-            for subkey, data in sorted(
-                report[key].items(), key=lambda x: x[1]["delta"], reverse=True
-            ):
-                if not self.filter_check(data):
-                    continue
-
-                # print the header
-                if not reported:
-                    print(f"====== {key}")
-                    reported = True
-
-                delta: float = data["delta"]
-
-                # apply some fancy styling
-                style = ""
-                if delta < -0.5:
-                    style = "[bold red]"
-                elif delta < 0.0:
-                    style = "[red]"
-                elif delta > 0.5:
-                    style = "[bold green]"
-                elif delta > 0.0:
-                    style = "[green]"
-                endstyle = style.replace("[", "[/")
-
-                # construct the output line with styling
-                subkey = PCAPDissector.make_printable(subkey)
-                line = f"  {style}{subkey:<50}{endstyle}"
-                line += f"{100*delta:>6.2f} {data['total']:>8} "
-                line += f"{data['ref_count']:>8} {data['comp_count']:>8}"
-
-                # print it to the rich console
-                console.print(line)
-
-    def print(self) -> None:
-        "outputs the results"
-        for n, report in enumerate(self.reports):
-            print(f"************ report #{n}")
-            self.print_report(report)
-
-    def compare(self) -> None:
-        "Compares each pcap against the original source"
-
-        reports = []
-
-        # TODO: use parallel processes to load multiple at a time
-
-        # load the first as a reference pcap
-        info(f"reading pcap files using level={self.dissection_level}")
-        pdm = PCAPDissectMany(
-            self.pcaps,
-            bin_size=None,
-            maximum_count=self.maximum_count,
-            pcap_filter=self.pkt_filter,
-            cache_results=self.cache_results,
-            dissector_level=self.dissection_level,
-        )
-        results = pdm.load_all()
-
-        reference = next(results)
-        for other in results:
-            # compare the two
-            reports.append(self.compare_results(reference["data"], other["data"]))
-
-        self.reports = reports
-
-
-def parse_args():
-    "Parse the command line arguments."
-    parser = ArgumentParser(
-        formatter_class=ArgumentDefaultsHelpFormatter,
-        description=__doc__,
-        epilog="Exmaple Usage: ",
-    )
-
-    limiting_parser = limitor_add_parseargs(parser)
-
-    limiting_parser.add_argument(
-        "-t",
-        "--print-threshold",
-        default=0.0,
-        type=float,
-        help="Don't print results with abs(percent) less than this threshold",
-    )
-
-    limiting_parser.add_argument(
-        "-P", "--only-positive", action="store_true", help="Only show positive entries"
-    )
-
-    limiting_parser.add_argument(
-        "-N", "--only-negative", action="store_true", help="Only show negative entries"
-    )
-
-    dissector_add_parseargs(parser)
-
-    debugging_group = parser.add_argument_group("Debugging options")
-
-    debugging_group.add_argument(
-        "--log-level",
-        "--ll",
-        default="info",
-        help="Define the logging verbosity level (debug, info, warning, error, ...).",
-    )
-
-    parser.add_argument("pcap_files", type=str, nargs="*", help="PCAP files to analyze")
-
-    args = parser.parse_args()
-    log_level = args.log_level.upper()
-    logging.basicConfig(level=log_level, format="%(levelname)-10s:\t%(message)s")
-
-    check_dissector_level(args.dissection_level)
-
-    return args
-
-
-def main():
-    args = parse_args()
-    pc = PcapCompare(
-        args.pcap_files,
-        maximum_count=args.packet_count,
-        print_threshold=float(args.print_threshold) / 100.0,
-        print_minimum_count=args.minimum_count,
-        print_match_string=args.match_string,
-        only_positive=args.only_positive,
-        only_negative=args.only_negative,
-        cache_results=args.cache_pcap_results,
-        dissection_level=args.dissection_level,
-    )
-
-    # compare the pcaps
-    pc.compare()
-
-    # print the results
-    pc.print()
-
-    # maybe save them
-    # TODO: loading and saving both makes more sense, throw error
-    if args.save_report:
-        pc.save_report(args.save_report)
-
-
-if __name__ == "__main__":
-    main()

pcap_compare/dissectmany.py

@@ -1,21 +0,0 @@
-from pcap_compare.dissector import PCAPDissector
-from concurrent.futures import ProcessPoolExecutor
-from logging import info
-
-
-class PCAPDissectMany:
-    def __init__(self, pcap_files, *args, **kwargs):
-        self.pcap_files = pcap_files
-        self.args = args
-        self.kwargs = kwargs
-        self.futures = {}
-
-    def load_pcap(self, pcap_file):
-        pd = PCAPDissector(pcap_file, *self.args, **self.kwargs)
-        info(f"reading {pcap_file}")
-        return {"file": pcap_file, "data": pd.load()}
-
-    def load_all(self):
-        with ProcessPoolExecutor() as executor:
-            results = executor.map(self.load_pcap, self.pcap_files)
-            return results