Bandwidth Hogs

1. import requests
2. import xml.etree.ElementTree as ET
3. import time
4. from datetime import datetime
5. import xml.dom.minidom
6.  
7. # Configuration
8. firewall_ip = "FIREWALLIP"  # Replace with your firewall's IP address
9. api_key = "API-KEY"  # Replace with your generated API key
10. threshold = 10  # Threshold in Mbps for high bandwidth consumption
11. interval = 10  # Time interval in seconds to monitor
12. session_duration_threshold = 600  # Exclude sessions running longer than this (in seconds)
13. datetime_format = "%a %b %d %H:%M:%S %Y"  # Date format provided by the firewall
14.  
15. # Function to query the firewall for session information
16. def get_session_data():
17.     url = f"https://{firewall_ip}/api/?type=op&cmd=<show><session><all></all></session></show>&key={api_key}"
18.     response = requests.get(url, verify=False)
19.  
20.     if response.status_code == 200:
21.         return response.content
22.     else:
23.         print(f"Error: Unable to connect to the firewall. Status Code: {response.status_code}")
24.         return None
25.  
26. # Function to pretty print XML data
27. def pretty_print_xml(xml_data):
28.     parsed_xml = xml.dom.minidom.parseString(xml_data)
29.     pretty_xml = parsed_xml.toprettyxml()
30.     print("\n--- Complete XML Response ---")
31.     print(pretty_xml)
32.     print("--- End of XML Response ---\n")
33.  
34. # Function to parse XML response and identify high bandwidth consumers
35. def parse_session_data(xml_data):
36.     root = ET.fromstring(xml_data)
37.     high_bandwidth_consumers = []
38.  
39.     for entry in root.findall(".//entry"):
40.         start_time_str = entry.find("start-time").text
41.         start_time = datetime.strptime(start_time_str, datetime_format)
42.         current_time = datetime.now()
43.         duration = (current_time - start_time).total_seconds()
44.  
45.         if duration > session_duration_threshold:
46.             continue  # Skip long-running sessions
47.  
48.         source_ip = entry.find("source").text
49.         destination_ip = entry.find("dst").text
50.         username = entry.find("username").text if entry.find("username") is not None else "N/A"
51.  
52.         # Get the total bytes (since we only have total-byte-count)
53.         total_bytes_str = entry.find("total-byte-count").text if entry.find("total-byte-count") is not None else "0"
54.  
55.         # Convert to integer
56.         total_bytes = int(total_bytes_str)
57.  
58.         # Calculate current throughput in Mbps
59.         throughput_mbps = (total_bytes * 8) / (duration * 1000000)
60.  
61.         if throughput_mbps > threshold:
62.             high_bandwidth_consumers.append({
63.                 "source_ip": source_ip,
64.                 "destination_ip": destination_ip,
65.                 "username": username,
66.                 "throughput_mbps": throughput_mbps
67.             })
68.  
69.     return high_bandwidth_consumers
70.  
71. # Main loop to monitor bandwidth
72. def monitor_bandwidth():
73.     while True:
74.         xml_data = get_session_data()
75.         if xml_data:
76.             # Display the complete XML response for debugging
77.             pretty_print_xml(xml_data)
78.  
79.             high_bandwidth_consumers = parse_session_data(xml_data)
80.  
81.             if high_bandwidth_consumers:
82.                 print("High Bandwidth Consumers:")
83.                 for consumer in high_bandwidth_consumers:
84.                     print(f"Source IP: {consumer['source_ip']}, Destination IP: {consumer['destination_ip']}, Username: {consumer['username']}, Throughput: {consumer['throughput_mbps']:.2f} Mbps")
85.             else:
86.                 print("No high bandwidth consumers at this time.")
87.  
88.         time.sleep(interval)
89.  
90. # Start monitoring
91. if __name__ == "__main__":
92.     monitor_bandwidth()