#Port Scan without reduction

import ipaddress
import json


#Version 1
#Read all the flows and append to a hash their destination ip and destination port
#Check which flows share the same destination ip though differente dports.

x = 20
y = 60000
deletevar = []
newHash={}

PATH = '/Users/Sara/Documents/Univ Classes/Investigacion/Programas/netflows.txt'

myFile = open(PATH, 'r')
ip = myFile.read()
flow = json.loads(ip)

for i in flow["flows"]: #itera por cada elemento del diccionario de flows
    #if (i['dport'] >= 1 and i['dport'] < x) or i['dport'] > y: #verifica que sean puertos (se me fue la palabra...)
        #continue
    #else: #agrega a un hash cada puerto con su destination ip
    if i['sip'] == 2291263257:
        if i['dip'] in newHash:
            newHash[i['dip']].append(i['dport'])
        else:
            newHash[i['dip']] = [i['dport']]

#LO SIGUIENTE ESTA COMENTADO Y LO EXPLICO EN EL WORD

# for k, v in newHash.items(): #itera por cada ip address y sus puertos
#     if len(v) >= 100:
#         #print ("something suspicious...")
#         continue
#     else: #Si no tiene una cantidad considerable de puertos, agrega el ip a una lista
#         if k in deletevar:
#             continue
#         else:
#             deletevar.append(k)


#for i in deletevar: #borra todos los elementos que estan en la lista deletevar
                    #del hash con todos los ip y sus puertos
#    newHash.pop(i)

counter = 0 #Para contar total de elementos en el hash
for k, v in newHash.items(): #imprime los destination ip address con sus puertos
    counter = counter+1
    k = str(ipaddress.IPv4Address(k))
    print ("{}:{}".format(k,v))
print (counter)
print( "Done checking:")