Created
September 25, 2019 01:50
-
-
Save hieunt79/995b58be89abf910c6dc004e1540205e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#from scapy.all import * | |
import subprocess | |
from datetime import datetime | |
import time | |
import sys | |
import csv | |
# python <filename.py> interface conntrack_threshold & | |
def dump(interface, duration=60): | |
""" | |
Dump pcap for interface | |
""" | |
iface = "tap{}".format(str(interface)) | |
#iface = "{}".format(str(interface)) | |
current_time = time.strftime("%d-%b-%Y-%H:%M:%S") | |
dump_file = "{}-{}.pcap".format(iface, current_time) | |
cmd = ["tcpdump", "-nni", iface, "-w", dump_file] | |
try: | |
# print("Dump pcap at {}".format(current_time)) | |
subprocess.run(cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL, timeout=duration) | |
except subprocess.TimeoutExpired: | |
# print("Stop pcap") | |
return dump_file | |
except Exception: | |
print("Some thing wrong in Dump pcap") | |
return dump_file | |
finally: | |
return dump_file | |
def check_conntrack(duration=3): | |
""" | |
check conntrack | |
""" | |
cmd = ["cat", "/proc/sys/net/netfilter/nf_conntrack_count"] | |
try: | |
result = subprocess.run(cmd, stdout=subprocess.PIPE, timeout=duration) | |
conntrack = int(result.stdout) | |
except subprocess.TimeoutExpired: | |
# print("check conntrack timeout") | |
return | |
except Exception: | |
print("Some thing wrong while Checking conntrack") | |
return | |
finally: | |
return conntrack | |
def delete_pcap(pcap_name): | |
""" | |
delete pcap | |
""" | |
cmd = ["rm", "-f", pcap_name] | |
try: | |
result = subprocess.run(cmd) | |
except Exception as e: | |
raise e | |
finally: | |
return | |
if __name__ == '__main__': | |
threshold = argv[2] | |
index = 0 | |
interface = sys.argv[1] | |
NUMBER_OF_PACKET = 20 | |
while True: | |
data = [] | |
for i in range(NUMBER_OF_PACKET): | |
file_name = dump(interface, duration=60) | |
conntrack = check_conntrack() | |
index += 1 | |
data.append([index, file_name, conntrack]) | |
for j in range(NUMBER_OF_PACKET): | |
if data[j].count("keep"): | |
continue | |
if data[j][2] > threshold: | |
if j >= 1: | |
if data[j-1].count("keep"): | |
pass | |
else: | |
data[j-1].append("keep") | |
if j >= 2: | |
if data[j-2].count("keep"): | |
pass | |
else: | |
data[j-2].append("keep") | |
data[j].append("keep") | |
data[j+1].append("keep") | |
data[j+2].append("keep") | |
else: | |
data[j].append("remove") | |
for element in data: | |
if element.count("remove"): | |
delete_pcap(element[1]) | |
with open('{}_pcap_log.csv'.format(interface), mode='a') as csv_file: | |
csv_writer = csv.writer(csv_file, delimiter=",", quotechar='"', quoting=csv.QUOTE_MINIMAL) | |
for member in data: | |
csv_writer.writerow(member) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment