PyPI - traffic-taffy - Versions diffs - 0.9.3__tar.gz → 0.9.5__tar.gz - Mend

traffic-taffy 0.9.3tar.gz → 0.9.5tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

{traffic_taffy-0.9.3 → traffic_taffy-0.9.5}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: traffic-taffy
-Version: 0.9.3
+Version: 0.9.5
 Summary: A tool for doing differential analysis of pcap files
 Project-URL: Homepage, https://traffic-taffy.github.io/
 Author-email: Wes Hardaker <opensource@hardakers.net>

traffic_taffy-0.9.5/traffic_taffy/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ __VERSION__ = "0.9.5"

{traffic_taffy-0.9.3 → traffic_taffy-0.9.5}/traffic_taffy/algorithms/statistical.py RENAMED Viewed

@@ -65,7 +65,7 @@ class ComparisonStatistical(ComparisonSlicesAlgorithm):
                     right_count = right_side[key][subkey]
                     left_percentage = 0.0
                     if right_side_total == 0:
-                        right_percentage = 100
+                        right_percentage = 1.0
                     else:
                         right_percentage = right_side[key][subkey] / right_side_total
                     new_right_count += 1  # this value wasn't in the left
@@ -81,12 +81,12 @@ class ComparisonStatistical(ComparisonSlicesAlgorithm):
                     )
             if right_side_total == 0:
-                right_percent = 100
+                right_percent = 1.0
             else:
                 right_percent = new_right_count / right_side_total
             if left_side_total == 0:
-                left_percent = 100
+                left_percent = 1.0
             else:
                 left_percent = new_left_count / left_side_total

{traffic_taffy-0.9.3 → traffic_taffy-0.9.5}/traffic_taffy/dissector_engine/dpkt.py RENAMED Viewed

@@ -2,12 +2,13 @@
 from __future__ import annotations
-from logging import debug
+from logging import debug, error
 from traffic_taffy.dissector_engine import DissectionEngine
 from traffic_taffy.dissection import Dissection, PCAPDissectorLevel
 from pcap_parallel import PCAPParallel
 import dpkt
+import socket
 class DissectionEngineDpkt(DissectionEngine):
@@ -20,6 +21,7 @@ class DissectionEngineDpkt(DissectionEngine):
     def __init__(self, *args: list, **kwargs: dict):
         """Create a dissection engine for quickly parsing and counting packets."""
         super().__init__(*args, **kwargs)
+        self.data_link_type = None
     def load_data(self) -> None:
         """Load the specified PCAP into memory."""
@@ -29,6 +31,9 @@ class DissectionEngineDpkt(DissectionEngine):
         else:
             # it's an open handle already
             pcap = dpkt.pcap.Reader(self.pcap_file)
+        self.data_link_type = pcap.datalink()
         if self.pcap_filter:
             pcap.setfilter(self.pcap_filter)
         pcap.dispatch(self.maximum_count, self.callback)
@@ -144,14 +149,34 @@ class DissectionEngineDpkt(DissectionEngine):
             level = level.value
         if level >= PCAPDissectorLevel.THROUGH_IP.value:
-            eth = dpkt.ethernet.Ethernet(packet)
-            # these names are designed to match scapy names
-            self.incr("Ethernet_dst", eth.dst)
-            self.incr("Ethernet_src", eth.src)
-            self.incr("Ethernet_type", eth.type)
-            if isinstance(eth.data, dpkt.ip.IP):
-                ip = eth.data
+            if self.data_link_type == 1:
+                # Ethernet based encapsulation
+                eth = dpkt.ethernet.Ethernet(packet)
+                # these names are designed to match scapy names
+                self.incr("Ethernet_dst", eth.dst)
+                self.incr("Ethernet_src", eth.src)
+                self.incr("Ethernet_type", eth.type)
+                data = eth.data
+            elif self.data_link_type == 101:
+                # Raw IP encapsulation
+                if packet[0] == 0x45:
+                    data = dpkt.ip.IP(packet)
+                elif packet[0] == 0x60:
+                    data = dpkt.ip6.IP6(packet)
+                else:
+                    error("Unknown IP version in data")
+                    raise ValueError("unknown IP version")
+            else:
+                error(f"unknown link type: {self.data_link_type}")
+                raise ValueError("unknown link type")
+            # TODO(hardaker): add ip6.IP6 support
+            next_layer = None
+            udp = None
+            tcp = None
+            if isinstance(data, dpkt.ip.IP):
+                ip = data
                 udp = None
                 tcp = None
@@ -177,8 +202,32 @@ class DissectionEngineDpkt(DissectionEngine):
                 self.incr(prefix + "version", ip.v)
                 self.incr(prefix + "ttl", ip.ttl)
-                if isinstance(ip.data, dpkt.udp.UDP):
-                    udp = ip.data
+                next_layer = ip.data
+            elif isinstance(data, dpkt.ip6.IP6):
+                ip6 = data
+                ipver = "IPv6"
+                prefix = f"Ethernet_{ipver}_"
+                # TODO(hardaker): make sure all these match scapy
+                socket.inet_ntop(
+                    socket.AF_INET6,
+                    b"\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01",
+                )
+                self.incr(prefix + "dst", socket.inet_ntop(socket.AF_INET6, ip6.dst))
+                self.incr(prefix + "src", socket.inet_ntop(socket.AF_INET6, ip6.src))
+                self.incr(prefix + "fl", ip6.flow)
+                self.incr(prefix + "hlim", ip6.hlim)
+                self.incr(prefix + "nh", ip6.nxt)
+                self.incr(prefix + "plen", ip6.plen)
+                self.incr(prefix + "tc", ip6.fc)
+                next_layer = ip6.data
+            if next_layer:
+                if isinstance(next_layer, dpkt.udp.UDP):
+                    udp = next_layer
                     self.incr(prefix + "UDP_sport", udp.sport)
                     self.incr(prefix + "UDP_dport", udp.dport)
                     self.incr(prefix + "UDP_len", udp.ulen)
@@ -186,8 +235,8 @@ class DissectionEngineDpkt(DissectionEngine):
                     # TODO(hardaker): handle DNS and others for level 3
-                elif isinstance(ip.data, dpkt.tcp.TCP):
-                    tcp = ip.data
+                elif isinstance(next_layer, dpkt.tcp.TCP):
+                    tcp = next_layer
                     self.incr(prefix + "TCP_sport", tcp.sport)
                     self.incr(prefix + "TCP_dport", tcp.dport)
                     self.incr(prefix + "TCP_seq", tcp.seq)

traffic_taffy-0.9.5/traffic_taffy/report.py ADDED Viewed

@@ -0,0 +1,12 @@
+from dataclasses import dataclass
+@dataclass
+class Report:
+    delta_percentage: float
+    delta_absolute: int
+    total: int
+    left_count: int
+    right_count: int
+    left_percentage: float
+    right_percentage: float

traffic_taffy-0.9.5/traffic_taffy/tests/test_dpkt_engine.py ADDED Viewed

@@ -0,0 +1,15 @@
+import os
+from traffic_taffy.dissection import PCAPDissectorLevel
+from traffic_taffy.dissector_engine.dpkt import DissectionEngineDpkt
+def test_dpkt_engine():
+    test_pcap = "dns.pcap"
+    test_pcap = "port53-2023-30-31_20.pcap"
+    test_pcap = "airplane-wireless.pcap"
+    if not os.path.exists(test_pcap):
+        return
+    engine = DissectionEngineDpkt(test_pcap,
+                                  dissector_level = PCAPDissectorLevel.COMMON_LAYERS)
+    dissection = engine.load()