| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 |
- # Guarda lista de puertos de cada dip por cada sip
-
- from silk import *
-
-
- startDate = "2018/09/1"
- endDate = "2018/09/30"
- #Para filtrar por puertos. Pero no queremos todavia
- #minPort = 20
- #maxPort = 5000
-
-
- def verify_type():
- x = 0
- dportHash = {} #contains amount of dport per each sip
- for filename in FGlob(classname="all", type="all", start_date=startDate, end_date=endDate, site_config_file="/etc/silk/conf-v9/silk.conf", data_rootdir="/home/scratch/flow/rwflowpack/"):
- for rec in silkfile_open(filename, READ):#reading the flow file
- sip = str(rec.sip)
- dip = str(rec.dip)
- dport = rec.dport
- if (':' in sip): #Si en el paso anterior se vio que no
- # print "heeloo", x
- # x+=1
- # #tiene el length de puertos requerido, se ignora
- continue
- else:
- if sip in dportHash:
- if dip in dportHash[sip]:
- if dport in dportHash[sip][dip]:
- dportHash[sip][dip][dport] += 1
- else:
- dportHash[sip][dip][dport] = 1
- else:
- dportHash[sip][dip] = {dport : 1}
- else:
- dportHash[sip] = { dip: {dport: 1} }
- return dportHash
-
-
- #MAIN
- otherHash = {}
- counter = 0
- files = FGlob(classname="all", type="all", start_date=startDate, end_date=endDate, site_config_file="/etc/silk/conf-v9/silk.conf", data_rootdir="/home/scratch/flow/rwflowpack/")
- files = [x for x in files]
- print "Flow", len(files)
- flowHash = verify_type()
- print "After flow", len(flowHash)
- for sips in flowHash: #se itera por todos los dip y sus counters o puertos
- for dips, dports in flowHash[sips].items():
- if len(dports) >= 100: #si la cantidad de puertos es mayor o igual a 100, nos interesan
- #y por lo tanto se guardan en un hash
- print "DIP", dips, len(dports)
- if sips in otherHash:
- otherHash[sips][dips] = dports
- else:
- otherHash[sips] = {dips: dports}
-
- for dips, dports in otherHash.items():
- counter +=1 #para contar los elementos del hash
-
- print counter
- #print otherHash
|
