hieunt79/dump_pcap.py

## dump_pcap.py
#from scapy.all import *
import subprocess
from datetime import datetime
import time
import sys
import csv

# python <filename.py> interface conntrack_threshold &

def dump(interface, duration=60):
    """
    Dump pcap for interface
    """
    iface = "tap{}".format(str(interface))
    #iface = "{}".format(str(interface))
    current_time = time.strftime("%d-%b-%Y-%H:%M:%S")
    dump_file = "{}-{}.pcap".format(iface, current_time)
    cmd = ["tcpdump", "-nni", iface, "-w", dump_file]
    try:
        # print("Dump pcap at {}".format(current_time))
        subprocess.run(cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL, timeout=duration)
    except subprocess.TimeoutExpired:
        # print("Stop pcap")
        return dump_file
    except Exception:
        print("Some thing wrong in Dump pcap")
        return dump_file
    finally:
        return dump_file

def check_conntrack(duration=3):
    """
    check conntrack
    """
    cmd = ["cat", "/proc/sys/net/netfilter/nf_conntrack_count"]
    try:
        result = subprocess.run(cmd, stdout=subprocess.PIPE, timeout=duration)
        conntrack = int(result.stdout)
    except subprocess.TimeoutExpired:
        # print("check conntrack timeout")
        return
    except Exception:
        print("Some thing wrong while Checking conntrack")
        return
    finally:
        return conntrack


def delete_pcap(pcap_name):
    """
    delete pcap
    """
    cmd = ["rm", "-f", pcap_name]
    try:
        result = subprocess.run(cmd)
    except Exception as e:
        raise e
    finally:
        return


if __name__ == '__main__':
    threshold = argv[2]
    index = 0
    interface = sys.argv[1]
    NUMBER_OF_PACKET = 20
    while True:
        data = []
        for i in range(NUMBER_OF_PACKET):
            file_name = dump(interface, duration=60)
            conntrack = check_conntrack()
            index += 1
            data.append([index, file_name, conntrack])
        for j in range(NUMBER_OF_PACKET):
            if data[j].count("keep"):
                continue
            if data[j][2] > threshold:
                if j >= 1:
                    if data[j-1].count("keep"):
                        pass
                    else:
                        data[j-1].append("keep")
                if j >= 2:
                    if data[j-2].count("keep"):
                        pass
                    else:
                        data[j-2].append("keep")
                data[j].append("keep")
                data[j+1].append("keep")
                data[j+2].append("keep")
            else:
                data[j].append("remove")
        for element in data:
            if element.count("remove"):
                delete_pcap(element[1])
        with open('{}_pcap_log.csv'.format(interface), mode='a') as csv_file:
            csv_writer = csv.writer(csv_file, delimiter=",", quotechar='"', quoting=csv.QUOTE_MINIMAL)
            for member in data:
                csv_writer.writerow(member)
	#from scapy.all import *
	import subprocess
	from datetime import datetime
	import time
	import sys
	import csv

	# python <filename.py> interface conntrack_threshold &

	def dump(interface, duration=60):
	"""
	Dump pcap for interface
	"""
	iface = "tap{}".format(str(interface))
	#iface = "{}".format(str(interface))
	current_time = time.strftime("%d-%b-%Y-%H:%M:%S")
	dump_file = "{}-{}.pcap".format(iface, current_time)
	cmd = ["tcpdump", "-nni", iface, "-w", dump_file]
	try:
	# print("Dump pcap at {}".format(current_time))
	subprocess.run(cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL, timeout=duration)
	except subprocess.TimeoutExpired:
	# print("Stop pcap")
	return dump_file
	except Exception:
	print("Some thing wrong in Dump pcap")
	return dump_file
	finally:
	return dump_file

	def check_conntrack(duration=3):
	"""
	check conntrack
	"""
	cmd = ["cat", "/proc/sys/net/netfilter/nf_conntrack_count"]
	try:
	result = subprocess.run(cmd, stdout=subprocess.PIPE, timeout=duration)
	conntrack = int(result.stdout)
	except subprocess.TimeoutExpired:
	# print("check conntrack timeout")
	return
	except Exception:
	print("Some thing wrong while Checking conntrack")
	return
	finally:
	return conntrack


	def delete_pcap(pcap_name):
	"""
	delete pcap
	"""
	cmd = ["rm", "-f", pcap_name]
	try:
	result = subprocess.run(cmd)
	except Exception as e:
	raise e
	finally:
	return


	if __name__ == '__main__':
	threshold = argv[2]
	index = 0
	interface = sys.argv[1]
	NUMBER_OF_PACKET = 20
	while True:
	data = []
	for i in range(NUMBER_OF_PACKET):
	file_name = dump(interface, duration=60)
	conntrack = check_conntrack()
	index += 1
	data.append([index, file_name, conntrack])
	for j in range(NUMBER_OF_PACKET):
	if data[j].count("keep"):
	continue
	if data[j][2] > threshold:
	if j >= 1:
	if data[j-1].count("keep"):
	pass
	else:
	data[j-1].append("keep")
	if j >= 2:
	if data[j-2].count("keep"):
	pass
	else:
	data[j-2].append("keep")
	data[j].append("keep")
	data[j+1].append("keep")
	data[j+2].append("keep")
	else:
	data[j].append("remove")
	for element in data:
	if element.count("remove"):
	delete_pcap(element[1])
	with open('{}_pcap_log.csv'.format(interface), mode='a') as csv_file:
	csv_writer = csv.writer(csv_file, delimiter=",", quotechar='"', quoting=csv.QUOTE_MINIMAL)
	for member in data:
	csv_writer.writerow(member)