traffic-taffy 0.9.4__py3-none-any.whl → 0.9.6__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. traffic_taffy/__init__.py +1 -1
  2. traffic_taffy/dissection.py +0 -12
  3. traffic_taffy/dissector_engine/dpkt.py +33 -4
  4. traffic_taffy/dissector_engine/scapy.py +2 -0
  5. {traffic_taffy-0.9.4.dist-info → traffic_taffy-0.9.6.dist-info}/METADATA +3 -2
  6. {traffic_taffy-0.9.4.dist-info → traffic_taffy-0.9.6.dist-info}/RECORD +9 -11
  7. {traffic_taffy-0.9.4.dist-info → traffic_taffy-0.9.6.dist-info}/WHEEL +1 -1
  8. traffic_taffy/report.py +0 -12
  9. traffic_taffy/tests/test_dpkt_engine.py +0 -15
  10. {traffic_taffy-0.9.4.dist-info → traffic_taffy-0.9.6.dist-info}/entry_points.txt +0 -0
  11. {traffic_taffy-0.9.4.dist-info → traffic_taffy-0.9.6.dist-info}/licenses/LICENSE.txt +0 -0
traffic_taffy/__init__.py CHANGED
@@ -1 +1 @@
1
- __VERSION__ = "0.9.4"
1
+ __VERSION__ = "0.9.6"
traffic_taffy/dissection.py CHANGED
@@ -134,8 +134,6 @@ class Dissection:
134
134
  # note: there should be no recorded tcpdump files from 1970 Jan 01 :-)
135
135
  self.data[0][key][value] += count
136
136
  if self.timestamp:
137
- if self.timestamp not in self.data:
138
- self.data[self.timestamp] = defaultdict(Counter)
139
137
  self.data[self.timestamp][key][value] += count
140
138
 
141
139
  def calculate_metadata(self: Dissection) -> None:
@@ -159,16 +157,6 @@ class Dissection:
159
157
  for timestamp in other_dissection.data:
160
158
  for key in other_dissection.data[timestamp]:
161
159
  for subkey in other_dissection.data[timestamp][key]:
162
- # TODO(hardaker): this is horribly inefficient
163
- if timestamp not in self.data:
164
- self.data[timestamp] = defaultdict(Counter)
165
- elif key not in self.data[timestamp]:
166
- self.data[timestamp][key] = Counter()
167
- elif (
168
- isinstance(self.data[timestamp][key], dict)
169
- and subkey not in self.data[timestamp][key]
170
- ):
171
- self.data[timestamp][key][subkey] = 0
172
160
  self.data[timestamp][key][subkey] += other_dissection.data[
173
161
  timestamp
174
162
  ][key][subkey]
traffic_taffy/dissector_engine/dpkt.py CHANGED
@@ -8,6 +8,7 @@ from traffic_taffy.dissection import Dissection, PCAPDissectorLevel
8
8
  from pcap_parallel import PCAPParallel
9
9
 
10
10
  import dpkt
11
+ import socket
11
12
 
12
13
 
13
14
  class DissectionEngineDpkt(DissectionEngine):
@@ -170,6 +171,10 @@ class DissectionEngineDpkt(DissectionEngine):
170
171
  raise ValueError("unknown link type")
171
172
 
172
173
  # TODO(hardaker): add ip6.IP6 support
174
+ next_layer = None
175
+ udp = None
176
+ tcp = None
177
+
173
178
  if isinstance(data, dpkt.ip.IP):
174
179
  ip = data
175
180
  udp = None
@@ -197,8 +202,32 @@ class DissectionEngineDpkt(DissectionEngine):
197
202
  self.incr(prefix + "version", ip.v)
198
203
  self.incr(prefix + "ttl", ip.ttl)
199
204
 
200
- if isinstance(ip.data, dpkt.udp.UDP):
201
- udp = ip.data
205
+ next_layer = ip.data
206
+
207
+ elif isinstance(data, dpkt.ip6.IP6):
208
+ ip6 = data
209
+
210
+ ipver = "IPv6"
211
+ prefix = f"Ethernet_{ipver}_"
212
+
213
+ # TODO(hardaker): make sure all these match scapy
214
+ socket.inet_ntop(
215
+ socket.AF_INET6,
216
+ b"\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01",
217
+ )
218
+
219
+ self.incr(prefix + "dst", socket.inet_ntop(socket.AF_INET6, ip6.dst))
220
+ self.incr(prefix + "src", socket.inet_ntop(socket.AF_INET6, ip6.src))
221
+ self.incr(prefix + "fl", ip6.flow)
222
+ self.incr(prefix + "hlim", ip6.hlim)
223
+ self.incr(prefix + "nh", ip6.nxt)
224
+ self.incr(prefix + "plen", ip6.plen)
225
+ self.incr(prefix + "tc", ip6.fc)
226
+ next_layer = ip6.data
227
+
228
+ if next_layer:
229
+ if isinstance(next_layer, dpkt.udp.UDP):
230
+ udp = next_layer
202
231
  self.incr(prefix + "UDP_sport", udp.sport)
203
232
  self.incr(prefix + "UDP_dport", udp.dport)
204
233
  self.incr(prefix + "UDP_len", udp.ulen)
@@ -206,8 +235,8 @@ class DissectionEngineDpkt(DissectionEngine):
206
235
 
207
236
  # TODO(hardaker): handle DNS and others for level 3
208
237
 
209
- elif isinstance(ip.data, dpkt.tcp.TCP):
210
- tcp = ip.data
238
+ elif isinstance(next_layer, dpkt.tcp.TCP):
239
+ tcp = next_layer
211
240
  self.incr(prefix + "TCP_sport", tcp.sport)
212
241
  self.incr(prefix + "TCP_dport", tcp.dport)
213
242
  self.incr(prefix + "TCP_seq", tcp.seq)
traffic_taffy/dissector_engine/scapy.py CHANGED
@@ -113,6 +113,8 @@ class DissectionEngineScapy(DissectionEngine):
113
113
 
114
114
  try:
115
115
  field_value = getattr(layer, field_name)
116
+ if not field_value: ## can return empty field values like []
117
+ continue
116
118
  if hasattr(field_value, "fields"):
117
119
  self.add_layer(field_value, new_prefix + "_")
118
120
  else:
{traffic_taffy-0.9.4.dist-info → traffic_taffy-0.9.6.dist-info}/METADATA RENAMED
@@ -1,10 +1,11 @@
1
- Metadata-Version: 2.1
1
+ Metadata-Version: 2.4
2
2
  Name: traffic-taffy
3
- Version: 0.9.4
3
+ Version: 0.9.6
4
4
  Summary: A tool for doing differential analysis of pcap files
5
5
  Project-URL: Homepage, https://traffic-taffy.github.io/
6
6
  Author-email: Wes Hardaker <opensource@hardakers.net>
7
7
  License-File: LICENSE.txt
8
+ Classifier: License :: OSI Approved :: Apache Software License
8
9
  Classifier: Operating System :: OS Independent
9
10
  Classifier: Programming Language :: Python :: 3
10
11
  Requires-Python: >=3.7
{traffic_taffy-0.9.4.dist-info → traffic_taffy-0.9.6.dist-info}/RECORD RENAMED
@@ -1,13 +1,12 @@
1
- traffic_taffy/__init__.py,sha256=UI1Y766LRTQsBQeHgwpMOn6l2U43AJiA2KPxg4vVPO0,22
1
+ traffic_taffy/__init__.py,sha256=9xmdbHPOaHkUt61kunVWy2yjchW2Zvmp7Ti49qS99iM,22
2
2
  traffic_taffy/compare.py,sha256=g9rU6oa_2Wy0nUJ7K6TI8JTctyGCRvYEUakDBf7blOY,8644
3
3
  traffic_taffy/comparison.py,sha256=KJxOp4UqhfRkF4LI1PMDRIefeyTm2w5sbdr7VUTS4KM,1451
4
4
  traffic_taffy/config.py,sha256=DgTu2kA1Ec4Hbwl_44kTsdyJYvxAabgJk9a7aOH2XXU,4444
5
- traffic_taffy/dissection.py,sha256=dW6UxJ_RY5oMipyh3J2CvsjP-E9Llly7IgjbPFSSTzU,24571
5
+ traffic_taffy/dissection.py,sha256=DNxcXoNyk2lpJiaSzvAq1YHwHhYPY6xtlVkHTs-eb9Q,23904
6
6
  traffic_taffy/dissectmany.py,sha256=SWFXFyERNCi0j7hiMDEeJJdPYDpa0SOlSj1V8AqpXUA,5189
7
7
  traffic_taffy/dissector.py,sha256=M5MHVPwfeMHa6s4TG8ZiiNjk7qaht65wdqm0nmRHdQ8,15682
8
8
  traffic_taffy/graph.py,sha256=EfkxH5D9PNlDpvftkh9GyUusV05EV537QGB7JOMeW4w,4730
9
9
  traffic_taffy/graphdata.py,sha256=r_QNXO3FzC7Vx4123SdCliAh7j2NCQ4Lb5uoOJnlt2M,3376
10
- traffic_taffy/report.py,sha256=Yzb27hUWcWL-RxWpSQmRyM8NyWxQGT0l0jUCGHoYDSY,224
11
10
  traffic_taffy/taffy_config.py,sha256=AmdQbWAhoiV7aTNSpV1exJfd5eA0a3sYTIjikHkMPwY,1124
12
11
  traffic_taffy/algorithms/__init__.py,sha256=A7xI2ctotBT7WgG-6ItilXE_FIWF9QWc6UjdfGyThKw,737
13
12
  traffic_taffy/algorithms/comparecorrelation.py,sha256=gakZJotZNOVj96y4_-vtt_ka8pZLBVERf44Yixtq_yE,5875
@@ -17,8 +16,8 @@ traffic_taffy/algorithms/compareslices.py,sha256=aIDhISKi-m8uD65pBd3A2naoxYD9zea
17
16
  traffic_taffy/algorithms/statistical.py,sha256=0Hr62ZUZlFCNPUh6yVBRFjNho42cTGeX_GHtbq1sbak,4281
18
17
  traffic_taffy/dissector_engine/__init__.py,sha256=Hu-UQtz7yhivmQLUP5b8tFQLEhy2bfvrRV3Q4aZp6vg,2202
19
18
  traffic_taffy/dissector_engine/dnstap.py,sha256=rBzVlB0D3YVhHOsr17cbnCIZU13g20srgR4sE7ZfNUE,4810
20
- traffic_taffy/dissector_engine/dpkt.py,sha256=9JSyKBe2Ec0GItdmwo5mpzekg4Ua5NdpLnllhiV33Jg,11753
21
- traffic_taffy/dissector_engine/scapy.py,sha256=WrZUfV_viR2Tro0kM3QKUkufIcM3RyYaZ3ncA1yZsaU,4897
19
+ traffic_taffy/dissector_engine/dpkt.py,sha256=q7cJz6WWpe9xUcEbAY_yn_cma_4loXuS3QKIVln6FHQ,12788
20
+ traffic_taffy/dissector_engine/scapy.py,sha256=S3yrUmSeDjt3oE1I07L3iLFLF8Df8XAZg535FY_eu90,5004
22
21
  traffic_taffy/hooks/__init__.py,sha256=Bvhl6RnyBqQkWuCU6TS0O_ZHe4qCQsC4HE8FELigWPw,661
23
22
  traffic_taffy/hooks/ip2asn.py,sha256=7UA52L6jej0RYBptzP9izO0yXMcqH7wcp2ocDRUN5dg,2216
24
23
  traffic_taffy/hooks/labels.py,sha256=5jHXq3-kxDQj9PRYgak-gDzE8dvSUiCEq9mBs9nE014,1933
@@ -35,7 +34,6 @@ traffic_taffy/reports/correlationreport.py,sha256=9PdL_53mxfO619PFSoeRsTEm63L1J_
35
34
  traffic_taffy/tests/test_compare_results.py,sha256=iLcS9wvEqxgKszIspLtD2Zw8Qk5JxOCurQwWYzhtOkM,2318
36
35
  traffic_taffy/tests/test_config.py,sha256=UCqSJXVwpFFchcIbyFzLqjVF-wgEV755KlQ7thommro,4284
37
36
  traffic_taffy/tests/test_dict_merge.py,sha256=t3rZSQQ0AlBxRKfLborx9SxYN53cCAQQzZ2w-__WT2Y,1429
38
- traffic_taffy/tests/test_dpkt_engine.py,sha256=512Wfq7D1qVkfhGwf1u2QSgZooWqZQWV9L4OhpAr4AE,489
39
37
  traffic_taffy/tests/test_global_config.py,sha256=kjr1wy1cXWagVLb0OnQYH0vz2htxLs944Xo42lNsir4,597
40
38
  traffic_taffy/tests/test_hooks.py,sha256=amjEbtMwOZZCg_RCJ0wQR7aOqNfwz3IG3WY-9CwjSF4,1260
41
39
  traffic_taffy/tests/test_normalize.py,sha256=sKHyiV8YXcKKcWqsbZP94nu_g5oEMJzzj6umeHxwa64,2638
@@ -51,8 +49,8 @@ traffic_taffy/tools/dissect.py,sha256=B-7e7aqEOWtJ-0P2Y-mzmrzoDqVrDCJ2JzGR45Qtuu
51
49
  traffic_taffy/tools/explore.py,sha256=gUcOfAgangJJI1si1gLPUoWRUKmWUAXSP0oTD2JJygw,24149
52
50
  traffic_taffy/tools/export.py,sha256=9zBBGhZK95b4ZiLJ8XK30GPsaBjgR84Sk1HoPIxRpTI,2844
53
51
  traffic_taffy/tools/graph.py,sha256=KiKDY9R8JLT5-JouANoi_1WGcdFMhXsLnYlhPsFRWpM,2316
54
- traffic_taffy-0.9.4.dist-info/METADATA,sha256=JTazabFuUmC4sejWSCl5ib4E5A_iVEO8z7WuRnWGhHc,2241
55
- traffic_taffy-0.9.4.dist-info/WHEEL,sha256=TJPnKdtrSue7xZ_AVGkp9YXcvDrobsjBds1du3Nx6dc,87
56
- traffic_taffy-0.9.4.dist-info/entry_points.txt,sha256=F0lqjvw94nQ3hY4eerN7faT9aKhhGUHbqBhuEr9q1r8,361
57
- traffic_taffy-0.9.4.dist-info/licenses/LICENSE.txt,sha256=hiV1DJgDQeSM1r7P-ez5oxily11S5nsCedU0jKzKKzo,11338
58
- traffic_taffy-0.9.4.dist-info/RECORD,,
52
+ traffic_taffy-0.9.6.dist-info/METADATA,sha256=pc-nZx_uzZb6DSBR1ZWCbDrKnHPVlkB6EhlSU4T9SWc,2304
53
+ traffic_taffy-0.9.6.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
54
+ traffic_taffy-0.9.6.dist-info/entry_points.txt,sha256=F0lqjvw94nQ3hY4eerN7faT9aKhhGUHbqBhuEr9q1r8,361
55
+ traffic_taffy-0.9.6.dist-info/licenses/LICENSE.txt,sha256=hiV1DJgDQeSM1r7P-ez5oxily11S5nsCedU0jKzKKzo,11338
56
+ traffic_taffy-0.9.6.dist-info/RECORD,,
{traffic_taffy-0.9.4.dist-info → traffic_taffy-0.9.6.dist-info}/WHEEL RENAMED
@@ -1,4 +1,4 @@
1
1
  Wheel-Version: 1.0
2
- Generator: hatchling 1.21.1
2
+ Generator: hatchling 1.27.0
3
3
  Root-Is-Purelib: true
4
4
  Tag: py3-none-any
traffic_taffy/report.py DELETED
@@ -1,12 +0,0 @@
1
- from dataclasses import dataclass
2
-
3
-
4
- @dataclass
5
- class Report:
6
- delta_percentage: float
7
- delta_absolute: int
8
- total: int
9
- left_count: int
10
- right_count: int
11
- left_percentage: float
12
- right_percentage: float
traffic_taffy/tests/test_dpkt_engine.py DELETED
@@ -1,15 +0,0 @@
1
- import os
2
- from traffic_taffy.dissection import PCAPDissectorLevel
3
- from traffic_taffy.dissector_engine.dpkt import DissectionEngineDpkt
4
-
5
- def test_dpkt_engine():
6
- test_pcap = "dns.pcap"
7
- test_pcap = "port53-2023-30-31_20.pcap"
8
- test_pcap = "airplane-wireless.pcap"
9
- if not os.path.exists(test_pcap):
10
- return
11
-
12
- engine = DissectionEngineDpkt(test_pcap,
13
- dissector_level = PCAPDissectorLevel.COMMON_LAYERS)
14
- dissection = engine.load()
15
-