| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 |
- import ipaddress
- import netflows
-
-
- #Para usar Silk
- #SilkFile object (represents a channel for writing to or reading from Silk flow file)
- #FGlob object (allows retireval of filenames in a silk data store.)
-
-
-
-
-
-
- x = 20
- y = 60000
- ignoreip = []
- myHash={}
- myNum = 0
- counter = 0
-
- def ipConversion(number, position):
- mystr = ''
- ipadd = (str(ipaddress.IPv4Address(number))).split(".") #Devuelve un arreglo
- for i in range(position+1):
- if i ==position:
- mystr = mystr + ipadd[i]
- else:
- mystr = mystr + ipadd[i] + '.'
- return mystr
- def PrimerAnalisis(num):
- newHash={}
- for i in netflows.flowprinter["flows"]: #itera por cada elemento del diccionario de flows
- posA = ipConversion(i["dip"], num)
- if ignoreip != [] and posA[0:4*num] in ignoreip:
- continue
- elif (i['dport'] >= 1 and i['dport'] < x) or i['dport'] > y: #verifica que sean puertos (se me fue la palabra...)
- continue
- else: #agrega a un hash cada puerto con un counter de sus destination ips
- if num ==3:
- if posA in newHash:
- newHash[posA].append(i['dport'])
- else:
- newHash[posA] = [i['dport']]
- else:
- if posA in newHash:
- newHash[posA] += 1
- #print (posA)
- else:
- newHash[posA] = 1
- #print (posA)
-
- return newHash
-
- #MAIN:
- while myNum <4:
- myHash= PrimerAnalisis(myNum)
- ignoreip =[]
- for k, v in myHash.items():
- if myNum != 3 and v >= 100:
- continue
- elif myNum == 3 and len(v)>= 100:
- continue
- else:
- ignoreip.append(k)
- myNum += 1
-
-
- for i in ignoreip:
- myHash.pop(i)
- for k, v in myHash.items():
- counter +=1
- #print (ignoreip)
- print (counter)
-
-
-
- #Si el valor de la llave es menos que 100, no me interesa.
|
