# Guarda lista de puertos de cada dip por cada sip #ftp remote edit from silk import * import multiprocessing as mp #Para filtrar por puertos. Pero no queremos todavia #minPort = 20 #maxPort = 5000 def verify_type(filename): dportHash = {} #contains amount of dport per each sip filename = [filename] #print "stooy aqui" for file in filename: for rec in silkfile_open(file, READ):#reading the flow file sip = str(rec.sip) dip = str(rec.dip) dport = rec.dport if (':' in sip): #Si en el paso anterior se vio que n #tiene el length de puertos requerido, se ignora # x+=1 continue else: if sip in dportHash: if dip in dportHash[sip]: if dport in dportHash[sip][dip]: dportHash[sip][dip][dport] += 1 else: dportHash[sip][dip][dport] = 1 else: dportHash[sip][dip] = {dport : 1} else: dportHash[sip] = { dip: {dport: 1} } return dportHash def join_hash(list): complete_hash ={} for i in list: for sip, hash in i.items(): if sip in complete_hash: #print "hello", sip for dip, dports in i[sip].items(): #print dip if dip in complete_hash[sip]: #print "wassup" for number, value in dports.items(): if number in complete_hash[sip]: print "DPORTS", number complete_hash[sip][dip][number] += value else: complete_hash[sip][dip][number]= value else: complete_hash[sip][dip]= dports else: complete_hash[sip]= hash return complete_hash def main(): startDate = "2018/09/1" endDate = "2018/09/30" otherHash = {} counter = 0 process_num = 8 pool = mp.Pool(processes=process_num) files = FGlob(classname="all", type="all", start_date=startDate, end_date=endDate, site_config_file="/etc/silk/conf-v9/silk.conf", data_rootdir="/home/scratch/flow/rwflowpack/") files = [x for x in files] print len(files) fileHash = pool.map(verify_type, files) # FGlob(classname="all", type="all", start_date=startDate, end_date=endDate, site_config_file="/etc/silk/conf-v9/silk.conf", data_rootdir="/home/scratch/flow/rwflowpack/")) flowHash = join_hash(fileHash) print "FLOW", len(flowHash) for sips in flowHash: #se itera por todos los dip y sus counters o puertos #print sips for dips, dports in flowHash[sips].items(): #print "Dip", dips, dports if len(dports) >= 100: #si la cantidad de puertos es mayor o igual a 100, nos interesan #y por lo tanto se guardan en un hash print "DIP", dips, len(dports) if sips in otherHash: otherHash[sips][dips] = dports else: otherHash[sips] = {dips: dports} for dips, dports in otherHash.items(): counter +=1 #para contar los elementos del hash print counter #print otherHash if __name__== "__main__": main()