API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 6th, 2015
183
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.17 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/env python3
  2. import re, collections, sys
  3.  
  4. r_conntrack = re.compile(r"\s*(?P<type>udp|tcp)\s+\d+\s+\d+\s+(?P<cmd>[\w+\_]+\s+)?src=(?P<src>(?:\d{1,3}\.){3}\d{1,3})\s+dst=(?P<dst>(?:\d{1,3}\.){3}\d{1,3})\s+sport=(?P<src_port>\d{1,5})\s+dport=(?P<dst_port>\d{1,5})\s+packets=(?P<packets>\d+)\s+bytes=(?P<bytes>\d+)\s+src=(?P<src2>(?:\d{1,3}\.){3}\d{1,3})\s+dst=(?P<dst2>(?:\d{1,3}\.){3}\d{1,3})\s+sport=(?P<src_port2>\d{1,5})\s+dport=(?P<dst_port2>\d{1,5})\s+packets=(?P<packets2>\d+)\s+bytes=(?P<bytes2>\d+)\s+(?P<info>.+)")
  5. r_router = re.compile(r"\s*10\.3\.50\.52\s*")
  6. r_internal = re.compile(r"\s*10\.3\.1[02]\.\d{1,3}\s*")
  7.  
  8. def matches_router_ip(addr):
  9. return r_router.match(addr) != None
  10.  
  11. def matches_internal_ip(addr):
  12. return r_internal.match(addr) != None
  13.  
  14. def connection_name(m):
  15. addr1 = m.groupdict()["src"]
  16. addr2 = m.groupdict()["dst"]
  17. if addr1 < addr2:
  18. name = addr1 + " <-> " + addr2
  19. else:
  20. name = addr2 + " <-> " + addr1
  21. return name
  22.  
  23. def type_stats(matches):
  24. udp = 0
  25. tcp = 0
  26. for m in matches:
  27. if m.groupdict()["type"] == "udp":
  28. udp += 1
  29. elif m.groupdict()["type"] == "tcp":
  30. tcp += 1
  31. return {"udp": udp, "tcp": tcp}
  32.  
  33. def conn_ranking(matches, num = None):
  34. names = [connection_name(m) for m in matches]
  35. counter = collections.Counter(names)
  36. return counter.most_common(num)
  37.  
  38. def traffic_ranking(matches, num = None):
  39. keys = []
  40. values = []
  41. for m in matches:
  42. name = connection_name(m)
  43. if not name in keys:
  44. keys.append(name)
  45. values.append(0)
  46. values[keys.index(name)] += int(m.groupdict()["bytes"])+int(m.groupdict()["bytes2"])
  47.  
  48. ranking = sorted([(k, v) for k, v in zip(keys, values)], key=lambda r: r[1])[::-1]
  49. if not num:
  50. return ranking
  51. if len(ranking) <= num:
  52. return rankking
  53. return ranking[:num]
  54.  
  55. if __name__ == "__main__":
  56. if len(sys.argv) != 2:
  57. raise("Specify input file:")
  58.  
  59. internal_matches = []
  60. external_matches = []
  61.  
  62. f = open(sys.argv[1])
  63. for l in f:
  64. m = r_conntrack.match(l)
  65. if m:
  66. addr1 = m.groupdict()["src"]
  67. addr2 = m.groupdict()["dst"]
  68. addr1_internal = matches_router_ip(addr1) or matches_internal_ip(addr1)
  69. addr2_internal = matches_router_ip(addr2) or matches_internal_ip(addr2)
  70. if addr1_internal and addr2_internal:
  71. internal_matches.append(m)
  72. else:
  73. external_matches.append(m)
  74. f.close()
  75.  
  76. # traffic types
  77. print("traffic types: ", type_stats(external_matches), "")
  78.  
  79. # connection count ranking
  80. print("\n\nexternal connections (top 20):")
  81. rank = conn_ranking(external_matches, num=20)
  82. for r in rank:
  83. print(r)
  84.  
  85. print("\n\ninternal connections (top 20):")
  86. rank = conn_ranking(internal_matches, num=20)
  87. for r in rank:
  88. print(r)
  89.  
  90. # connection traffic ranking
  91. print("\n\nexternal traffic (top 20):")
  92. rank = traffic_ranking(external_matches, 20)
  93. for r in rank:
  94. print(r)
  95.  
  96. print("\n\ninternal traffic (top 20):")
  97. rank = traffic_ranking(internal_matches, 20)
  98. for r in rank:
  99. print(r)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!