CSLab
/
scan_detector


			
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950
							# Guarda lista de puertos de cada dip por cada sip

from silk import *


startDate = "2009/04/20"
endDate = "2009/04/22"
#Para filtrar por puertos. Pero no queremos todavia
#minPort = 20
#maxPort = 5000


def verify_type():
    dportHash = {} #contains amount of dport per each sip
    for filename in FGlob(classname="all", type="all", start_date=startDate, end_date=endDate, site_config_file="/data/silk.conf", data_rootdir="/data"):
        for rec in silkfile_open(filename, READ):#reading the flow file
            sip = str(rec.sip)
            dip = str(rec.dip)
            dport = rec.dport
            if (':' in sip): #Si en el paso anterior se vio que no
                                                                #tiene el length de puertos requerido, se ignora
                continue
            else:
                if sip in dportHash:
                    if dip in dportHash[sip]:
                        dportHash[sip][dip].append(dport)
                    else:
                        dportHash[sip][dip] = [dport]
                else:
                    dportHash[sip] = { dip: [dport] }
    return dportHash


#MAIN
otherHash = {}
counter = 0
flowHash = verify_type()
for sips in flowHash: #se itera por todos los dip y sus counters o puertos
    for dips, dports in flowHash[sips].items():
        if len(dports) >= 100: #si la cantidad de puertos es mayor o igual a 100, nos interesan
                                #y por lo tanto se guardan en un hash
            if sips in otherHash:
                otherHash[sips][dips] = dports
            else:
                otherHash[sips] = {dips: dports}

for dips, dports in otherHash.items():
    counter +=1 #para contar los elementos del hash

print (counter)