traffic-taffy 0.8__py3-none-any.whl → 0.8.5__py3-none-any.whl

traffic_taffy/__init__.py

@@ -1 +1 @@
-__VERSION__ = "0.8"
+__VERSION__ = "0.8.5"

traffic_taffy/compare.py

@@ -3,8 +3,9 @@
 from __future__ import annotations
 from logging import debug, error
 from typing import List, TYPE_CHECKING
-import datetime as dt
 from datetime import datetime
+import datetime as dt
+import itertools
 
 if TYPE_CHECKING:
     from argparse import ArgumentParser, Namespace
@@ -102,9 +103,22 @@ class PcapCompare:
     def compare_all(self, dissections: List[Dissection]) -> List[Comparison]:
         """Compare all loaded pcaps."""
         reports = []
-        if isinstance(dissections, list) and len(dissections) > 1:
+
+        # hack to figure out if there is at least two instances of a generator
+        # without actually extracting them all
+        # (since it could be memory expensive)
+        reference = next(dissections)
+        other = None
+        multiple = True
+        try:
+            other = next(dissections)
+            dissections = itertools.chain([other], dissections)
+        except Exception as e:
+            print(e)
+            multiple = False
+
+        if multiple:
             # multiple file comparison
-            reference = next(dissections)
             for other in dissections:
                 # compare the two global summaries
 
@@ -116,7 +130,7 @@ class PcapCompare:
                 reports.append(report)
         else:
             # deal with timestamps within a single file
-            reference = list(dissections)[0].data
+            reference = reference.data
             timestamps = list(reference.keys())
             if len(timestamps) <= 2:  # just 0-summary plus a single stamp
                 error(

traffic_taffy/dissection.py

@@ -11,6 +11,23 @@ from typing import List
 from copy import deepcopy
 from pathlib import Path
 from traffic_taffy import __VERSION__ as VERSION
+from io import BytesIO
+import pkgutil
+
+# TODO(hardaker): fix to not use a global
+# note that this is designed to load only once before forking
+iana_data = None
+if not iana_data:
+    # try a local copy first
+    if Path("traffic_taffy/iana/tables.msgpakx").exists():
+        iana_data = msgpack.load(Path.open("traffic_taffy/iana/tables.msgpak", "rb"))
+    else:
+        content = pkgutil.get_data("traffic_taffy", "iana/tables.msgpak")
+        if content:
+            content = BytesIO(content)
+            iana_data = msgpack.load(content)
+        else:
+            warning("failed to load IANA data tables -- no enum expansion available")
 
 
 class PCAPDissectorLevel(Enum):
@@ -57,6 +74,7 @@ class Dissection:
         self.maximum_count = maximum_count
         self.pcap_filter = pcap_filter
         self.ignore_list = ignore_list or []
+        self.iana_data = defaultdict(dict)
 
         self.parameters = [
             "pcap_file",
@@ -421,6 +439,8 @@ class Dissection:
                     )
                 else:
                     value = "0x" + value.hex()
+            elif value_type in Dissection.ENUM_TRANSLATORS:
+                value = str(Dissection.ENUM_TRANSLATORS[value_type](value_type, value))
             else:
                 value = str(value)
         except Exception:
@@ -448,6 +468,79 @@ class Dissection:
         """Convert binary bytes to IP addresses (v4 and v6)."""
         return ipaddress.ip_address(value)
 
+    UDP_PORTS: ClassVar[Dict[str, str]] = {
+        "53": "DNS",
+    }
+
+    IANA_TRANSLATORS: ClassVar[Dict[str, str]] = {
+        "Ethernet_IP_proto": "protocols",
+        "Ethernet_IPv6_proto": "protocols",
+        "Ethernet_IP_UDP_sport": "udp_ports",
+        "Ethernet_IP_UDP_dport": "udp_ports",
+        "Ethernet_IP_TCP_sport": "tcp_ports",
+        "Ethernet_IP_TCP_dport": "tcp_ports",
+        "Ethernet_IPv6_UDP_sport": "udp_ports",
+        "Ethernet_IPv6_UDP_dport": "udp_ports",
+        "Ethernet_IPv6_TCP_sport": "tcp_ports",
+        "Ethernet_IPv6_TCP_dport": "tcp_ports",
+        "Ethernet_IP_ICMP_code": "icmp_codes",
+        "Ethernet_IP_ICMP_type": "icmp_types",
+        "Ethernet_IP_ICMP_IP in ICMP_UDP in ICMP_dport": "udp_ports",
+        "Ethernet_IP_ICMP_IP in ICMP_UDP in ICMP_sport": "udp_ports",
+        "Ethernet_IP_ICMP_IP in ICMP_TCP in ICMP_dport": "tcp_ports",
+        "Ethernet_IP_ICMP_IP in ICMP_TCP in ICMP_sport": "tcp_ports",
+        "Ethernet_IP_ICMP_IP in ICMP_protoc": "protocols",
+        "Ethernet_IP_UDP_DNS_qd_qclass": "dns_classes",
+        "Ethernet_IP_UDP_DNS_ns_rclass": "dns_classes",
+        "Ethernet_IP_UDP_DNS_an_rclass": "dns_classes",
+        "Ethernet_IP_UDP_DNS_qd_qtype": "dns_rrtypes",
+        "Ethernet_IP_UDP_DNS_ns_type": "dns_rrtypes",
+        "Ethernet_IP_UDP_DNS_an_type": "dns_rrtypes",
+        "Ethernet_IP_UDP_DNS_opcode": "dns_opcodes",
+    }
+
+    @staticmethod
+    def print_iana_values(value_type: str, value: bytes) -> str:
+        """Use IANA lookup tables for converting protocol enumerations to human readable types."""
+        table_name = Dissection.IANA_TRANSLATORS.get(value_type)
+
+        if not table_name:
+            return value
+
+        table = iana_data[table_name]
+        value = str(value)
+        if value not in table:
+            return value
+
+        return f"{value} ({table[value]})"
+
+    ENUM_TRANSLATORS: ClassVar[Dict[str, callable]] = {
+        "Ethernet_IP_proto": print_iana_values,
+        "Ethernet_IPv6_proto": print_iana_values,
+        "Ethernet_IP_UDP_sport": print_iana_values,
+        "Ethernet_IP_UDP_dport": print_iana_values,
+        "Ethernet_IP_TCP_sport": print_iana_values,
+        "Ethernet_IP_TCP_dport": print_iana_values,
+        "Ethernet_IP_ICMP_IP in ICMP_UDP in ICMP_dport": print_iana_values,
+        "Ethernet_IP_ICMP_IP in ICMP_UDP in ICMP_sport": print_iana_values,
+        "Ethernet_IP_ICMP_IP in ICMP_TCP in ICMP_dport": print_iana_values,
+        "Ethernet_IP_ICMP_IP in ICMP_TCP in ICMP_sport": print_iana_values,
+        "Ethernet_IP_ICMP_IP in ICMP_proto": print_iana_values,
+        "Ethernet_IPv6_UDP_sport": print_iana_values,
+        "Ethernet_IPv6_UDP_dport": print_iana_values,
+        "Ethernet_IPv6_TCP_sport": print_iana_values,
+        "Ethernet_IPv6_TCP_dport": print_iana_values,
+        "Ethernet_IP_ICMP_code": print_iana_values,
+        "Ethernet_IP_ICMP_type": print_iana_values,
+        "Ethernet_IP_UDP_DNS_qd_qclass": print_iana_values,
+        "Ethernet_IP_UDP_DNS_ns_rclass": print_iana_values,
+        "Ethernet_IP_UDP_DNS_an_rclass": print_iana_values,
+        "Ethernet_IP_UDP_DNS_qd_qtype": print_iana_values,
+        "Ethernet_IP_UDP_DNS_ns_type": print_iana_values,
+        "Ethernet_IP_UDP_DNS_an_type": print_iana_values,
+        "Ethernet_IP_UDP_DNS_opcode": print_iana_values,
+    }
+
     # has to go at the end to pick up the above function names
     DISPLAY_TRANSFORMERS: ClassVar[Dict[str, callable]] = {
         "Ethernet_IP_src": print_ip_address,

{traffic_taffy-0.8.dist-info → traffic_taffy-0.8.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: traffic-taffy
-Version: 0.8
+Version: 0.8.5
 Summary: A tool for doing differential analysis of pcap files
 Project-URL: Homepage, https://traffic-taffy.github.io/
 Author-email: Wes Hardaker <opensource@hardakers.net>

{traffic_taffy-0.8.dist-info → traffic_taffy-0.8.5.dist-info}/RECORD

@@ -1,7 +1,7 @@
-traffic_taffy/__init__.py,sha256=rSli_H1CNuvL_e1rmtF9vux7IpylSjpepysxJbNv5gg,20
-traffic_taffy/compare.py,sha256=MBmNLRdALgPiabwRg1NGnf6Gfb0vKpJc3jhMe2wsgZs,8269
+traffic_taffy/__init__.py,sha256=n9FymgbxpXu3w9gvFFmFbdtHDu-QOLvIWAMihAIPlcs,22
+traffic_taffy/compare.py,sha256=4T25Ygp6rQw7J3syn4Tam6tEw3ieSzl-lELPARvNnVw,8641
 traffic_taffy/comparison.py,sha256=MmCxK7E3RbVLS8gJ_JJOdqa2MHQ7np1Pq_VB0Scir8U,933
-traffic_taffy/dissection.py,sha256=-jXt4PYCi_lvPh86KC_84VywRZqhZ1cGgLdV2glCQC8,17390
+traffic_taffy/dissection.py,sha256=6Ex0zkUCvl-nMNg44CYkSL7JFqi6O7_T690bFzTj0A8,21567
 traffic_taffy/dissectmany.py,sha256=kJO2XF8QzOmLDsKDjZIkQBmxC97wFpi-IisCURLOmfU,4700
 traffic_taffy/dissector.py,sha256=JHewf3vhvYjE6CGuRzO6_SnR5QuHZjzx-hZjpkAPHl4,11685
 traffic_taffy/graph.py,sha256=lH20RjnY3rMU8g2zyOkpS5pfvgCcYa4GCtO22uArzs8,4510
@@ -16,13 +16,13 @@ traffic_taffy/dissector_engine/scapy.py,sha256=5lE6y4wzULfULTFcTAo6qINazqoBVwzbR
 traffic_taffy/hooks/__init__.py,sha256=Bvhl6RnyBqQkWuCU6TS0O_ZHe4qCQsC4HE8FELigWPw,661
 traffic_taffy/hooks/ip2asn.py,sha256=8KyqwKTY3YK9GZEDW_3PM_6zuvrzkDAzIceIodNAepY,1765
 traffic_taffy/hooks/psl.py,sha256=6Xmbl2OigDIe17ChumU35iuE0B6Q7ttBp2iBruxWFg4,1529
+traffic_taffy/iana/tables.msgpak,sha256=d-R5Xw9yG9t4RqGJRrpE6cjH4YfaxQBwQiBhNjKZbwI,172825
 traffic_taffy/output/__init__.py,sha256=dSpW9xDno3nKaYOwThS2fVkcIHJVAJE9DlEiLfdHXfg,4555
 traffic_taffy/output/console.py,sha256=Ziq4MKtzSdP9oVaZrWHiw0Bpsm2Dj9QFLJtDK38mxaY,2911
 traffic_taffy/output/fsdb.py,sha256=po--ldHeRPTXVTkP68qtI_BYV2cEOab-kFVWv0ymj5M,1704
 traffic_taffy/output/memory.py,sha256=86tgJ-jMt3UVX31eP6U02YbbYRoqbYhhR4kXJQmYzO4,1870
 traffic_taffy/tests/test_compare_results.py,sha256=LRAAsel2vwSLZmSGxzdGurga77dhBsLkTCMRjybb10A,1921
 traffic_taffy/tests/test_dict_merge.py,sha256=t3rZSQQ0AlBxRKfLborx9SxYN53cCAQQzZ2w-__WT2Y,1429
-traffic_taffy/tests/test_dpkt_engine.py,sha256=512Wfq7D1qVkfhGwf1u2QSgZooWqZQWV9L4OhpAr4AE,489
 traffic_taffy/tests/test_hooks.py,sha256=amjEbtMwOZZCg_RCJ0wQR7aOqNfwz3IG3WY-9CwjSF4,1260
 traffic_taffy/tests/test_normalize.py,sha256=k5y3XmYitnF1aTkB-9dZ7WZPQB__l_iEzC6atKKywfw,2601
 traffic_taffy/tests/test_pcap_dissector.py,sha256=sxJJ3seO9pjzilM0b6iu_ggQbUI4E7WbMFdwm4m9Gz0,2027
@@ -36,8 +36,8 @@ traffic_taffy/tools/dissect.py,sha256=Z_5JJ92E4168_GZM_9Iu-m6lDfETBt8Gv-vD_Mu3Cf
 traffic_taffy/tools/explore.py,sha256=Hb4x9HZkFoYnR8BJKF5OLwZWKGR3RX3MdZhX4Oo-NDU,24180
 traffic_taffy/tools/export.py,sha256=BuAnZcOszj9ZpMxHmRjDqptR15dMRigOhp2-BFJHgWA,2707
 traffic_taffy/tools/graph.py,sha256=gARv5-7N5MUBSJJ8Uj5XLx4xEonXgIMADKwN573jxyk,2555
-traffic_taffy-0.8.dist-info/METADATA,sha256=Ipy4XE9_pCJwre7SPOvA8Q1yCJtMTT0PAsDeKuLmlhU,1931
-traffic_taffy-0.8.dist-info/WHEEL,sha256=TJPnKdtrSue7xZ_AVGkp9YXcvDrobsjBds1du3Nx6dc,87
-traffic_taffy-0.8.dist-info/entry_points.txt,sha256=ySz30b1Cu03CtCGMRqqg0NZJpzrVI91T5HjbEaTNnpQ,314
-traffic_taffy-0.8.dist-info/licenses/LICENSE.txt,sha256=hiV1DJgDQeSM1r7P-ez5oxily11S5nsCedU0jKzKKzo,11338
-traffic_taffy-0.8.dist-info/RECORD,,
+traffic_taffy-0.8.5.dist-info/METADATA,sha256=h_i-wO4muRSfeswpfjQddlpyinLnYJfYc2wLGnr_SN4,1933
+traffic_taffy-0.8.5.dist-info/WHEEL,sha256=TJPnKdtrSue7xZ_AVGkp9YXcvDrobsjBds1du3Nx6dc,87
+traffic_taffy-0.8.5.dist-info/entry_points.txt,sha256=ySz30b1Cu03CtCGMRqqg0NZJpzrVI91T5HjbEaTNnpQ,314
+traffic_taffy-0.8.5.dist-info/licenses/LICENSE.txt,sha256=hiV1DJgDQeSM1r7P-ez5oxily11S5nsCedU0jKzKKzo,11338
+traffic_taffy-0.8.5.dist-info/RECORD,,

traffic_taffy/tests/test_dpkt_engine.py

@@ -1,15 +0,0 @@
-import os
-from traffic_taffy.dissection import PCAPDissectorLevel
-from traffic_taffy.dissector_engine.dpkt import DissectionEngineDpkt
-
-def test_dpkt_engine():
-    test_pcap = "dns.pcap"
-    test_pcap = "port53-2023-30-31_20.pcap"
-    test_pcap = "airplane-wireless.pcap"
-    if not os.path.exists(test_pcap):
-        return
-
-    engine = DissectionEngineDpkt(test_pcap,
-                                  dissector_level = PCAPDissectorLevel.COMMON_LAYERS)
-    dissection = engine.load()
-