scan_detector/Programas/Multiprocess/map_bruteforce_three.py

# Guarda lista de puertos de cada dip por cada sip
#ftp remote edit
from silk import *
import multiprocessing as mp


#Para filtrar por puertos. Pero no queremos todavia
#minPort = 20
#maxPort = 5000


def verify_type(filename):

    dportHash = {} #contains amount of dport per each sip
    filename = [filename]
    #print "stooy aqui"

    for file in filename:

        for rec in silkfile_open(file, READ):#reading the flow file
            sip = str(rec.sip)
            dip = str(rec.dip)
            dport = rec.dport
            if (':' in sip): #Si en el paso anterior se vio que n                                                    #tiene el length de puertos requerido, se ignora

                # x+=1
                continue
            else:
                if sip in dportHash:
                    if dip in dportHash[sip]:
                        if dport in dportHash[sip][dip]:
                            dportHash[sip][dip][dport] += 1
                        else:
                            dportHash[sip][dip][dport] = 1
                    else:
                        dportHash[sip][dip] = {dport : 1}
                else:
                    dportHash[sip] = { dip: {dport: 1} }

    return dportHash

def join_hash(list):
    complete_hash ={}
    for i in list:
        for sip, hash in i.items():
            if sip in complete_hash:
                #print "hello", sip
                for dip, dports in i[sip].items():
                    #print dip
                    if dip in complete_hash[sip]:
                        #print "wassup"
                        for number, value in dports.items():
                            if number in complete_hash[sip]:
                                print "DPORTS", number
                                complete_hash[sip][dip][number] += value
                            else:
                                complete_hash[sip][dip][number]= value
                    else:
                        complete_hash[sip][dip]= dports
            else:
                complete_hash[sip]= hash
    return complete_hash


def main():
    startDate = "2018/09/1"
    endDate = "2018/09/30"
    otherHash = {}
    counter = 0
    process_num = 8
    pool = mp.Pool(processes=process_num)
    files = FGlob(classname="all", type="all", start_date=startDate, end_date=endDate, site_config_file="/etc/silk/conf-v9/silk.conf", data_rootdir="/home/scratch/flow/rwflowpack/")

    files = [x for x in files]
    print len(files)
    fileHash = pool.map(verify_type, files) # FGlob(classname="all", type="all", start_date=startDate, end_date=endDate, site_config_file="/etc/silk/conf-v9/silk.conf", data_rootdir="/home/scratch/flow/rwflowpack/"))
    flowHash = join_hash(fileHash)
    print "FLOW", len(flowHash)
    for sips in flowHash: #se itera por todos los dip y sus counters o puertos
        #print sips
        for dips, dports in flowHash[sips].items():
            #print "Dip", dips, dports
            if len(dports) >= 100: #si la cantidad de puertos es mayor o igual a 100, nos interesan
                                #y por lo tanto se guardan en un hash
                print "DIP", dips, len(dports)
                if sips in otherHash:
                    otherHash[sips][dips] = dports
                else:
                    otherHash[sips] = {dips: dports}

    for dips, dports in otherHash.items():
        counter +=1 #para contar los elementos del hash

    print counter
#print otherHash

if __name__== "__main__":
  main()