Last active
August 13, 2018 07:24
-
-
Save hyhilman/99a9aa3cd42f2e52386951f89afb1001 to your computer and use it in GitHub Desktop.
convert traffik from json files which generates from pcap to csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import pandas as pd | |
| import sys | |
| import glob, os | |
| def jsonToDataframe(file): | |
| classify = file.replace(".json","") | |
| print("Reading", file) | |
| with open(file, 'r') as f: | |
| json_buff = json.load(f) | |
| f.close() | |
| for i,item in enumerate(json_buff): | |
| """try: | |
| item["_source"]["layers"].pop('frame') | |
| item["_source"]["layers"].pop('_ws') | |
| item["_source"]["layers"]["ip"].pop('ip.checksum') | |
| except KeyError: pass""" | |
| dns_key = None | |
| try: | |
| dns_data = item["_source"]["layers"]["dns"] | |
| dns_key = 'dns' | |
| except KeyError: pass | |
| try: | |
| dns_data = item["_source"]["layers"]["mdns"] | |
| dns_key = 'mdns' | |
| except KeyError: pass | |
| if dns_key != None: | |
| for dnsitem_key, dnsitem_val in dns_data.items(): | |
| if dnsitem_key == 'Answers' or dnsitem_key == 'Queries' or dnsitem_key == 'Authoritative nameservers': | |
| problematic_dns = dns_data[dnsitem_key] | |
| if problematic_dns != '': | |
| for problematic_key,problematic_data in problematic_dns.items(): | |
| item["_source"]["layers"][dns_key][dnsitem_key] = {'details':problematic_data} | |
| if item["_source"]["layers"]["eth"]["eth.src"] != "ff:ff:ff:ff:ff:ff": | |
| item["_source"]["layers"]["eth"].pop('eth.src') | |
| item["_source"]["layers"]["eth"].pop('eth.src_tree') | |
| if item["_source"]["layers"]["eth"]["eth.dst"] != "ff:ff:ff:ff:ff:ff": | |
| item["_source"]["layers"]["eth"].pop('eth.dst') | |
| item["_source"]["layers"]["eth"].pop('eth.dst_tree') | |
| item["_source"]["layers"]["class"] = classify if classify.count('normal') < 1 else 'normal' | |
| json_buff[i] = item["_source"].pop('layers') | |
| data = pd.io.json.json_normalize(json_buff) | |
| cols = data.columns.tolist() | |
| cols.remove('class') | |
| cols.append('class') | |
| return data[cols] | |
| df = pd.DataFrame() | |
| for file in sorted(glob.glob("*.json")): | |
| df = df.append(jsonToDataframe(file)) | |
| df.info(verbose=False) | |
| df.replace({'\"':'','\'':''},inplace=True,regex=True) | |
| print("Finish importing all json files in current dir") | |
| cols = df.columns.tolist() | |
| cols.remove('class') | |
| cols.append('class') | |
| df[cols].to_csv(path_or_buf='out.csv', index=False, encoding='utf-8') | |
| df.info(verbose=False) | |
| print("Success compiling files into out.csv!") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment