# Guarda lista de puertos de cada dip por cada sip from silk import * startDate = "2018/09/1" endDate = "2018/09/30" #Para filtrar por puertos. Pero no queremos todavia #minPort = 20 #maxPort = 5000 def verify_type(): x = 0 dportHash = {} #contains amount of dport per each sip for filename in FGlob(classname="all", type="all", start_date=startDate, end_date=endDate, site_config_file="/etc/silk/conf-v9/silk.conf", data_rootdir="/home/scratch/flow/rwflowpack/"): for rec in silkfile_open(filename, READ):#reading the flow file sip = str(rec.sip) dip = str(rec.dip) dport = rec.dport if (':' in sip): #Si en el paso anterior se vio que no # print "heeloo", x # x+=1 # #tiene el length de puertos requerido, se ignora continue else: if sip in dportHash: if dip in dportHash[sip]: if dport in dportHash[sip][dip]: dportHash[sip][dip][dport] += 1 else: dportHash[sip][dip][dport] = 1 else: dportHash[sip][dip] = {dport : 1} else: dportHash[sip] = { dip: {dport: 1} } return dportHash #MAIN otherHash = {} counter = 0 files = FGlob(classname="all", type="all", start_date=startDate, end_date=endDate, site_config_file="/etc/silk/conf-v9/silk.conf", data_rootdir="/home/scratch/flow/rwflowpack/") files = [x for x in files] print "Flow", len(files) flowHash = verify_type() print "After flow", len(flowHash) for sips in flowHash: #se itera por todos los dip y sus counters o puertos for dips, dports in flowHash[sips].items(): if len(dports) >= 100: #si la cantidad de puertos es mayor o igual a 100, nos interesan #y por lo tanto se guardan en un hash print "DIP", dips, len(dports) if sips in otherHash: otherHash[sips][dips] = dports else: otherHash[sips] = {dips: dports} for dips, dports in otherHash.items(): counter +=1 #para contar los elementos del hash print counter #print otherHash