##################################
#   TRW sin reduccion           #
#      Para Silk's Data Set     #
################################



from silk import *
startDate = "2018/08/14"
endDate = "2018/08/15"
p = 2

def Analisis():
    counter = 0 # borrar luego
    sampleHash={} #hash para contener los dip con el numero de conecciones y failed coneccciones
    flow_counter = 0
    for filename in FGlob(classname="all", type="all", start_date=startDate, end_date=endDate, site_config_file="/etc/silk/conf-v9/silk.conf", data_rootdir="/home/scratch/flow/rwflowpack/"):
        for rec in silkfile_open(filename, READ):#reading the flow file
            flow_counter += 1
            if (':' in str(rec.sip)):
				continue
	        else:
            	connection = [0] * 2 #Lista para contener los valores de conecciones failed y conecciones buenas
            	sip = str(rec.sip) #Devuelve el ip en notacion punto-decimal
            	flags = str(rec.tcpflags)
            #print sip, flags
	    #counter +=1
            	if 'A' in flags: ####arreglar
                	connection[1]=1 #good conections
                else:
                	connection [0] =1 #failed conections
            	if sip in sampleHash:
	                sampleHash[sip][0]+= connection[0]
	                sampleHash[sip][1]+= connection[1]
            	else:
                	sampleHash[sip] = [connection[0], connection[1]]
	    #print sampleHash
    #print flow_counter
    return sampleHash

sip_connections_list = Analisis()
#print sip_connections_list
sipList = {"sipList":[]}
for sip in sip_connections_list:
          if (sip_connections_list[sip][1] != 0) and ((sip_connections_list[sip][0] / sip_connections_list[sip][1])  < 1) : #si la cantidad de succesful
                                #b                #g                    #connections es mas que failed connections
                      #not scanner, ignore
                      continue
          elif (sip_connections_list[sip][1] != 0) and ((sip_connections_list[sip][0] / sip_connections_list[sip][1])  < p): #mas failed que succesful, pero no llega al threshold
                      #not scanner, ignore
                      continue                          #se debe tener en cuenta que es suspicious pero no taaanto
          elif (sip_connections_list[sip][1] == 0 and sip_connections_list[sip][0] > 10): #el ratio de failed a succesful llega al threshold pautado
                            #scanner, oh oh
                    hash = {sip:sip_connections_list[sip]}
                    sipList["sipList"].append(hash)
          else:
                            #scanner, oh oh
                    hash = {sip:sip_connections_list[sip]}
                    sipList["sipList"].append(hash)

print sipList