Coder Social home page Coder Social logo

internet-packet-analysis's Introduction

TCP PCap Analysis

This project implements a pcap file parser to parse tcp segments and analyse them.

Programming Language: Python

External libraries used

  • dpkt==1.9.7.2
  • pickle
  • base64
  • struct

Project structure

  • analysis_components/: Folder containing processed pcap files serialized and stored in pickle format
  • PartA/part_a.py: Analysis program for part A
  • PartB/part_b.py: Analysis program for part B
  • PartC/part_c.py: Analysis program for part C
  • PartA/part_a.rtf: Analysis for part A
  • PartB/part_b.rtf: Analysis for part B
  • PartC/part_c.rtf: Analysis for part C
  • PartD/part_d.rtf: Analysis for part D
  • pcap/: Folder which stores all the pcap files used in the analysis
  • analysis_pcap_tcp.py Provides classes to analyze tcp segments in the pcap files
  • analysis_pcap_http.py: Provides classes to analyze http packets in the pcap files
  • utils.py: Provides basic utilities for printing results and unpacking binary data from the pcap files
  • documentation.pdf: Documentation for the high level overview of analysis_pcap_tcp.py and analysis_pcap_http.py

Installation and setup

$ pip3 install -r requirements.txt

Usage

For running the files for different parts, use the following commands:

$ python3 ./PartA/part_a.py
$ python3 ./PartB/part_b.py
$ python3 ./PartC/part_c.py

analysis_pcap_tcp.py and analysis_pcap_http.py provides some classes and functions which are used in each of the four parts for the analysis

Usage for analysis_pcap_tcp.py

from analysis_pcap_tcp.py import *

pcap_file = "" # pcap file name

# get the components required for analysis from the pcap_file
# you can form components only for packets with specific source and destination, 
# by specifying it in src_ip and dst_ip parameters
components = TCPPCapAnalyzer.process_pcap(pcap_file=pcap_file, src_ip=src_ip, dst_ip=dst_ip)

# print tcp segment to see its contents
print(components.tcp_segments[0])

# output
"""
========================================================
| TCP SEGMENT                                          |
| src-ip: 130.245.145.12                               |
| dest-ip: 128.208.2.198                               |
| src-port: 43498                                      |
| dest-port: 80                                        |
| sequence-num: 705669102                              |
| ack: 0                                               |
| data-offset: 10                                      |
| reserved: 0                                          |
| flags:                                               |
| - ns: 0                                              |
| - cwr: 0                                             |
| - ece: 0                                             |
| - urg: 0                                             |
| - ack: 0                                             |
| - psh: 0                                             |
| - rst: 0                                             |
| - syn: 1                                             |
| - fin: 0                                             |
| window-size: 42340 bytes                             |
| checksum: 63936                                      |
| urgent-ptr: 0                                        |
| payload-size: 20 bytes                               |
| timestamp: 1487361393.534537                         |
| base64-encoded-payload: AgQFtAEBCAoObomWAAAAAAEDAw4= |
========================================================

# get throughput for every connection
empirical_throughput = TCPPCapAnalyzer.get_empirical_throughput(components.tcp_connections)
theoretical_throughputs = TCPPCapAnalyzer.get_theoretical_throughput(connections=components.tcp_connections, src_ip=src_ip, dst_ip=dst_ip)

# get loss rate for every connection
loss_rates = TCPPCapAnalyzer.get_loss_rate(connections=components.tcp_connections, src_ip=src_ip, dst_ip=dst_ip)

# get avg rtt for every connection
rtts = TCPPCapAnalyzer.get_rtt(connections=components.tcp_connections)

# get retransmissions due to triple dup acks, timeout and total retransmissions as a tuple for every connection
retransmissions = TCPPCapAnalyzer.num_retransmissions(components.tcp_connections, src_ip=src_ip, dst_ip=dst_ip)

# get congestion window sizes for every connection
cwnd_sizes = TCPPCapAnalyzer.congestion_window_sizes(components.tcp_connections, src_ip=src_ip, dst_ip=dst_ip)
"""

Usage for analysis_pcap_tcp.py

from analysis_pcap_tcp import *
from analysis_pcap_http import *

pcap_file = "" # pcap file name

# get analysis components for all packets with any source or destination
components = TCPPCapAnalyzer.process_pcap(pcap_file=pcap_files[0], src_ip=None, dst_ip=None)

# get request and responses for http
request_responses = HTTPPCapAnalyzer.reassemble_http_non_pipelined_request_responses(components.tcp_connections)

Usage for utils.py

from utils import PrettyPrint

d = [ ["Mark", 12, 95],
     ["Jay", 11, 88],
     ["Jack", 14, 90]]
h = ["name", "age", "score"]
PrettyPrint.print_in_tabular_format(d,h, table_header="DATA")

# output
"""
======================================
|                DATA                |
|------------------------------------|
|  Sr.No  |  name  |  age  |  score  |  
|====================================|
|  1      |  Mark  |  12   |  95     |  
|  2      |  Jay   |  11   |  88     |  
|  3      |  Jack  |  14   |  90     |  
======================================
"""

Exceptions

  • NoTCPTransactions: Raised when a connection has no packet transactions after the setup

internet-packet-analysis's People

Contributors

dbagal avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.