traffic-taffy 0.8.1__tar.gz → 0.8.5__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/PKG-INFO +1 -1
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/pyproject.toml +3 -0
- traffic_taffy-0.8.5/traffic_taffy/__init__.py +1 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/dissection.py +93 -0
- traffic_taffy-0.8.5/traffic_taffy/iana/tables.msgpak +0 -0
- traffic_taffy-0.8.1/traffic_taffy/__init__.py +0 -1
- traffic_taffy-0.8.1/traffic_taffy/tests/test_dpkt_engine.py +0 -15
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/.gitignore +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/LICENSE.txt +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/README.md +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/algorithms/__init__.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/algorithms/statistical.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/compare.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/comparison.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/dissectmany.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/dissector.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/dissector_engine/__init__.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/dissector_engine/dnstap.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/dissector_engine/dpkt.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/dissector_engine/scapy.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/graph.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/graphdata.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/hooks/__init__.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/hooks/ip2asn.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/hooks/psl.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/output/__init__.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/output/console.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/output/fsdb.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/output/memory.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/report.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tests/test_compare_results.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tests/test_dict_merge.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tests/test_hooks.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tests/test_normalize.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tests/test_pcap_dissector.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tests/test_pcap_splitter.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tests/test_splitter.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tests/test_value_printing.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tools/__init__.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tools/cache_info.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tools/compare.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tools/dissect.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tools/explore.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tools/export.py +0 -0
- {traffic_taffy-0.8.1 → traffic_taffy-0.8.5}/traffic_taffy/tools/graph.py +0 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
__VERSION__ = "0.8.5"
|
|
@@ -11,6 +11,23 @@ from typing import List
|
|
|
11
11
|
from copy import deepcopy
|
|
12
12
|
from pathlib import Path
|
|
13
13
|
from traffic_taffy import __VERSION__ as VERSION
|
|
14
|
+
from io import BytesIO
|
|
15
|
+
import pkgutil
|
|
16
|
+
|
|
17
|
+
# TODO(hardaker): fix to not use a global
|
|
18
|
+
# note that this is designed to load only once before forking
|
|
19
|
+
iana_data = None
|
|
20
|
+
if not iana_data:
|
|
21
|
+
# try a local copy first
|
|
22
|
+
if Path("traffic_taffy/iana/tables.msgpakx").exists():
|
|
23
|
+
iana_data = msgpack.load(Path.open("traffic_taffy/iana/tables.msgpak", "rb"))
|
|
24
|
+
else:
|
|
25
|
+
content = pkgutil.get_data("traffic_taffy", "iana/tables.msgpak")
|
|
26
|
+
if content:
|
|
27
|
+
content = BytesIO(content)
|
|
28
|
+
iana_data = msgpack.load(content)
|
|
29
|
+
else:
|
|
30
|
+
warning("failed to load IANA data tables -- no enum expansion available")
|
|
14
31
|
|
|
15
32
|
|
|
16
33
|
class PCAPDissectorLevel(Enum):
|
|
@@ -57,6 +74,7 @@ class Dissection:
|
|
|
57
74
|
self.maximum_count = maximum_count
|
|
58
75
|
self.pcap_filter = pcap_filter
|
|
59
76
|
self.ignore_list = ignore_list or []
|
|
77
|
+
self.iana_data = defaultdict(dict)
|
|
60
78
|
|
|
61
79
|
self.parameters = [
|
|
62
80
|
"pcap_file",
|
|
@@ -421,6 +439,8 @@ class Dissection:
|
|
|
421
439
|
)
|
|
422
440
|
else:
|
|
423
441
|
value = "0x" + value.hex()
|
|
442
|
+
elif value_type in Dissection.ENUM_TRANSLATORS:
|
|
443
|
+
value = str(Dissection.ENUM_TRANSLATORS[value_type](value_type, value))
|
|
424
444
|
else:
|
|
425
445
|
value = str(value)
|
|
426
446
|
except Exception:
|
|
@@ -448,6 +468,79 @@ class Dissection:
|
|
|
448
468
|
"""Convert binary bytes to IP addresses (v4 and v6)."""
|
|
449
469
|
return ipaddress.ip_address(value)
|
|
450
470
|
|
|
471
|
+
UDP_PORTS: ClassVar[Dict[str, str]] = {
|
|
472
|
+
"53": "DNS",
|
|
473
|
+
}
|
|
474
|
+
|
|
475
|
+
IANA_TRANSLATORS: ClassVar[Dict[str, str]] = {
|
|
476
|
+
"Ethernet_IP_proto": "protocols",
|
|
477
|
+
"Ethernet_IPv6_proto": "protocols",
|
|
478
|
+
"Ethernet_IP_UDP_sport": "udp_ports",
|
|
479
|
+
"Ethernet_IP_UDP_dport": "udp_ports",
|
|
480
|
+
"Ethernet_IP_TCP_sport": "tcp_ports",
|
|
481
|
+
"Ethernet_IP_TCP_dport": "tcp_ports",
|
|
482
|
+
"Ethernet_IPv6_UDP_sport": "udp_ports",
|
|
483
|
+
"Ethernet_IPv6_UDP_dport": "udp_ports",
|
|
484
|
+
"Ethernet_IPv6_TCP_sport": "tcp_ports",
|
|
485
|
+
"Ethernet_IPv6_TCP_dport": "tcp_ports",
|
|
486
|
+
"Ethernet_IP_ICMP_code": "icmp_codes",
|
|
487
|
+
"Ethernet_IP_ICMP_type": "icmp_types",
|
|
488
|
+
"Ethernet_IP_ICMP_IP in ICMP_UDP in ICMP_dport": "udp_ports",
|
|
489
|
+
"Ethernet_IP_ICMP_IP in ICMP_UDP in ICMP_sport": "udp_ports",
|
|
490
|
+
"Ethernet_IP_ICMP_IP in ICMP_TCP in ICMP_dport": "tcp_ports",
|
|
491
|
+
"Ethernet_IP_ICMP_IP in ICMP_TCP in ICMP_sport": "tcp_ports",
|
|
492
|
+
"Ethernet_IP_ICMP_IP in ICMP_protoc": "protocols",
|
|
493
|
+
"Ethernet_IP_UDP_DNS_qd_qclass": "dns_classes",
|
|
494
|
+
"Ethernet_IP_UDP_DNS_ns_rclass": "dns_classes",
|
|
495
|
+
"Ethernet_IP_UDP_DNS_an_rclass": "dns_classes",
|
|
496
|
+
"Ethernet_IP_UDP_DNS_qd_qtype": "dns_rrtypes",
|
|
497
|
+
"Ethernet_IP_UDP_DNS_ns_type": "dns_rrtypes",
|
|
498
|
+
"Ethernet_IP_UDP_DNS_an_type": "dns_rrtypes",
|
|
499
|
+
"Ethernet_IP_UDP_DNS_opcode": "dns_opcodes",
|
|
500
|
+
}
|
|
501
|
+
|
|
502
|
+
@staticmethod
|
|
503
|
+
def print_iana_values(value_type: str, value: bytes) -> str:
|
|
504
|
+
"""Use IANA lookup tables for converting protocol enumerations to human readable types."""
|
|
505
|
+
table_name = Dissection.IANA_TRANSLATORS.get(value_type)
|
|
506
|
+
|
|
507
|
+
if not table_name:
|
|
508
|
+
return value
|
|
509
|
+
|
|
510
|
+
table = iana_data[table_name]
|
|
511
|
+
value = str(value)
|
|
512
|
+
if value not in table:
|
|
513
|
+
return value
|
|
514
|
+
|
|
515
|
+
return f"{value} ({table[value]})"
|
|
516
|
+
|
|
517
|
+
ENUM_TRANSLATORS: ClassVar[Dict[str, callable]] = {
|
|
518
|
+
"Ethernet_IP_proto": print_iana_values,
|
|
519
|
+
"Ethernet_IPv6_proto": print_iana_values,
|
|
520
|
+
"Ethernet_IP_UDP_sport": print_iana_values,
|
|
521
|
+
"Ethernet_IP_UDP_dport": print_iana_values,
|
|
522
|
+
"Ethernet_IP_TCP_sport": print_iana_values,
|
|
523
|
+
"Ethernet_IP_TCP_dport": print_iana_values,
|
|
524
|
+
"Ethernet_IP_ICMP_IP in ICMP_UDP in ICMP_dport": print_iana_values,
|
|
525
|
+
"Ethernet_IP_ICMP_IP in ICMP_UDP in ICMP_sport": print_iana_values,
|
|
526
|
+
"Ethernet_IP_ICMP_IP in ICMP_TCP in ICMP_dport": print_iana_values,
|
|
527
|
+
"Ethernet_IP_ICMP_IP in ICMP_TCP in ICMP_sport": print_iana_values,
|
|
528
|
+
"Ethernet_IP_ICMP_IP in ICMP_proto": print_iana_values,
|
|
529
|
+
"Ethernet_IPv6_UDP_sport": print_iana_values,
|
|
530
|
+
"Ethernet_IPv6_UDP_dport": print_iana_values,
|
|
531
|
+
"Ethernet_IPv6_TCP_sport": print_iana_values,
|
|
532
|
+
"Ethernet_IPv6_TCP_dport": print_iana_values,
|
|
533
|
+
"Ethernet_IP_ICMP_code": print_iana_values,
|
|
534
|
+
"Ethernet_IP_ICMP_type": print_iana_values,
|
|
535
|
+
"Ethernet_IP_UDP_DNS_qd_qclass": print_iana_values,
|
|
536
|
+
"Ethernet_IP_UDP_DNS_ns_rclass": print_iana_values,
|
|
537
|
+
"Ethernet_IP_UDP_DNS_an_rclass": print_iana_values,
|
|
538
|
+
"Ethernet_IP_UDP_DNS_qd_qtype": print_iana_values,
|
|
539
|
+
"Ethernet_IP_UDP_DNS_ns_type": print_iana_values,
|
|
540
|
+
"Ethernet_IP_UDP_DNS_an_type": print_iana_values,
|
|
541
|
+
"Ethernet_IP_UDP_DNS_opcode": print_iana_values,
|
|
542
|
+
}
|
|
543
|
+
|
|
451
544
|
# has to go at the end to pick up the above function names
|
|
452
545
|
DISPLAY_TRANSFORMERS: ClassVar[Dict[str, callable]] = {
|
|
453
546
|
"Ethernet_IP_src": print_ip_address,
|
|
Binary file
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
__VERSION__ = "0.8.1"
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
import os
|
|
2
|
-
from traffic_taffy.dissection import PCAPDissectorLevel
|
|
3
|
-
from traffic_taffy.dissector_engine.dpkt import DissectionEngineDpkt
|
|
4
|
-
|
|
5
|
-
def test_dpkt_engine():
|
|
6
|
-
test_pcap = "dns.pcap"
|
|
7
|
-
test_pcap = "port53-2023-30-31_20.pcap"
|
|
8
|
-
test_pcap = "airplane-wireless.pcap"
|
|
9
|
-
if not os.path.exists(test_pcap):
|
|
10
|
-
return
|
|
11
|
-
|
|
12
|
-
engine = DissectionEngineDpkt(test_pcap,
|
|
13
|
-
dissector_level = PCAPDissectorLevel.COMMON_LAYERS)
|
|
14
|
-
dissection = engine.load()
|
|
15
|
-
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|