Skip to content

Instantly share code, notes, and snippets.

@jlliu

jlliu/parsePackets.py

Created October 24, 2019 20:09
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jlliu/6db64e749f4171b4b2e9154c986fa600 to your computer and use it in GitHub Desktop.
Save jlliu/6db64e749f4171b4b2e9154c986fa600 to your computer and use it in GitHub Desktop.
Download ZIP
Parse Packets from Wireshark's CSV export
Raw
parsePackets.py
## This is a Python program to parse packets from a Wireshark CSV export
import csv
import operator
networkIPgroup = "PUT THE BEGINNING PART OF YOUR PRIVATE NETWORK IP HERE: e.g. XXX.XXX.1. "
myComputer = "Name of your device, either your IP or the name spit out by Wireshark's name resolution"
devices = [myComputer]
sources = {}
destinations = {}
protocols = {}
with open('p.csv') as csv_file:
csv_reader = csv.reader(csv_file, delimiter=',')
line_count = 0
number_of_outgoing = 0
number_of_incoming = 0
number_of_http = 0
for row in csv_reader:
if line_count == 0:
line_count += 1
else:
number = row[0]
time = row[1]
source = row[2]
destination = row[3]
protocol = row[4]
length = row[5]
info = row[6]
line_count += 1
#Outgoing: source is some device on my network, and its destination is not on the network
if (source == myComputer or networkIPgroup in source ) and (networkIPgroup not in destination or destination != myComputer):
number_of_outgoing+= 1
#Incoming: destination is some device on my network, and source is not on network
if (networkIPgroup in destination or destination != myComputer ) and ( source != myComputer or networkIPgroup not in source ):
number_of_incoming+=1
#Count HTTP traffic
if (protocol == "HTTP"):
number_of_http+= 1
#Count protocols, sources, and destinations when we see them.
if (protocol not in protocols):
protocols[protocol] = 1
else:
protocols[protocol]+=1
if source not in sources:
sources[source] = 1
else:
sources[source]+=1
if destination not in destinations:
destinations[destination] = 1
else:
destinations[destination]+=1
if networkIPgroup in source:
if source not in devices:
devices.append(source)
#What is the total number of packets?
print("Total packets: "+ str(line_count)+"\n")
#What is the total number of HTTP Packets?
print ("HTTP Packets: "+str(number_of_http)+"\n")
#What is the total number of incoming Packets?
print ("Incoming Packets: "+str(number_of_incoming)+"\n")
#What is the total number of outgoing Packets?
print ("Outgoing Packets: "+str(number_of_outgoing)+"\n")
#What devices are on the network and how many times did we see them?
for device in devices:
seen = 0
if device in sources:
seen += sources[device]
if device in destinations:
seen += destinations[device]
print("We see device:" + str(device) +", "+ str(seen) + " times.")
sorted_sources = sorted(sources.items(), key=operator.itemgetter(1),reverse=True)
sorted_destinations = sorted(destinations.items(), key=operator.itemgetter(1),reverse=True)
sorted_protocols = sorted(protocols.items(), key=operator.itemgetter(1),reverse=True)
#What are the top 20 sources we see for packets?
print("\n"+"Top 20 Sources:"+"\n")
i=0
for (source,freq) in sorted_sources[0:20]:
i+=1
print(str(i)+". " +str(source)+ ' , '+str(freq)+"")
#What are the top 20 destinations we see for packets?
print("\n"+"Top 20 Destinations:"+"\n")
i=0
for (destination,freq) in sorted_destinations[0:20]:
i+=1
print(str(i)+". " +str(destination)+ ' , '+str(freq)+" times.")
#What are the protocols seen?
print("\n"+"Top Protocols:"+"\n")
i=0
for (protocol,freq) in sorted_protocols:
i+=1
print(str(i)+". " +str(protocol)+ ' , '+str(freq)+" times.")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment