#Extract network features from pcap files using python pyshark and storing them in SQL LITE DB
Features
- session_ttl_min : return min ttl value. ttl is extracted using pkt.ip.ttl as ttl is part of ip header
- session_packets : returns total number of packets in that session.
- session_packet_size_avg : returns avg length of packets in that session . Calculate using pkt.length (part of frame) of each packet added divided by total packets (using feature 2)
- session_tcp_analysis_retransmission : returns number of retransmission packets per session. retramission is property of tcp analysis thus is calculated by finding number of packets with "analysis_retransmission" in pkt.tcp.field_names
- session_tcp_analysis_duplicate_ack : returns number of duplicate ack packets per session. duplicate ack is also property of tcp analysis thus is calculated by finding number of packets with "analysis_duplicate_ack" in pkt.tcp.field_names
Files used
- iot1_new.pcap : number of packets 5000 :329 session
- iot2_new.pcap : number of packets 5000 : 275 session
Libraries used numpy, pandas, pyshark (tshark's python wrapper), splite3( for sql lite db), statistics, os, nest_asyncia
Functions
- create_connection(db_file) : to create a db
- create_table(conn, table) : to create db table
- create_entry(conn,task) : to insert data values in db