kbandla/flowcsv.py

## flowcsv.py
import dpkt
from dpkt.ip import IP
from dpkt.ethernet import Ethernet
from dpkt.arp import ARP
from pprint import pprint
import socket
import sys
import csv
from Tkinter import *
import tkMessageBox
import Tkinter
from tkFileDialog   import askopenfile

def mac_addr(mac_string):
    return ':'.join('%02x' % ord(b) for b in mac_string)
def ip_to_str(address):
    return socket.inet_ntoa(address)

class Flow(object):
    '''
    Code from Honeysnap
    https://github.com/honeynet
    '''
    def __init__(self):
        self.src = None
        self.dst = None
        self.sport = None
        self.dport = None

    def __eq__(self, other):
        return self.sport==other.sport and self.dport==other.dport and self.src==other.src and self.dst==other.dst

    def __ne__(self, other):
        return self.sport!=other.sport or self.dport!=other.dport or self.src!=other.src or self.dst!=other.dst

    def __repr__(self):
        return "%s,%s,%s,%s,%s,%s,%d"  % (self.src, self.dst, self.sport, self.dport, ip.p, ip.tos, ts)

    def isSrcSport(self, src, sport):
        if self.src == src and self.sport == sport:
            return True
        else:
            return False

flows = {}
f = askopenfile('rb')
pcap = dpkt.pcap.Reader(f)
csvfile = open(f.name+'.csv','w')
c = csv.writer(csvfile)
headers = ["Source", "Destination", "SrcPort", "DestPort", "Protocol", "TOS", "Timestamp", "Packets"]
c.writerow(headers)

for ts, buf in pcap:
  eth = dpkt.ethernet.Ethernet(buf)
  if eth.type != dpkt.ethernet.ETH_TYPE_IP:
    continue

  ip = eth.data
  if ip.p == 6 or ip.p == 17:
      tcp = ip.data
      tos = ip.tos
      flow = Flow()
      flow.src = ip_to_str(ip.src)
      flow.dst = ip_to_str(ip.dst)
      flow.sport= tcp.sport
      flow.dport = tcp.dport
      key = repr(flow)
      if not flows.has_key(key):
          flows[key] = 0
      flows[key] += 1

for flow, numpkts in flows.items():
    data  = '%s,%s'%(flow,numpkts)
    c.writerow(data.split(','))

print 'Wrote to %s'%f.name+'.csv'
	import dpkt
	from dpkt.ip import IP
	from dpkt.ethernet import Ethernet
	from dpkt.arp import ARP
	from pprint import pprint
	import socket
	import sys
	import csv
	from Tkinter import *
	import tkMessageBox
	import Tkinter
	from tkFileDialog import askopenfile

	def mac_addr(mac_string):
	return ':'.join('%02x' % ord(b) for b in mac_string)
	def ip_to_str(address):
	return socket.inet_ntoa(address)

	class Flow(object):
	'''
	Code from Honeysnap
	https://github.com/honeynet
	'''
	def __init__(self):
	self.src = None
	self.dst = None
	self.sport = None
	self.dport = None

	def __eq__(self, other):
	return self.sport==other.sport and self.dport==other.dport and self.src==other.src and self.dst==other.dst

	def __ne__(self, other):
	return self.sport!=other.sport or self.dport!=other.dport or self.src!=other.src or self.dst!=other.dst

	def __repr__(self):
	return "%s,%s,%s,%s,%s,%s,%d" % (self.src, self.dst, self.sport, self.dport, ip.p, ip.tos, ts)

	def isSrcSport(self, src, sport):
	if self.src == src and self.sport == sport:
	return True
	else:
	return False

	flows = {}
	f = askopenfile('rb')
	pcap = dpkt.pcap.Reader(f)
	csvfile = open(f.name+'.csv','w')
	c = csv.writer(csvfile)
	headers = ["Source", "Destination", "SrcPort", "DestPort", "Protocol", "TOS", "Timestamp", "Packets"]
	c.writerow(headers)

	for ts, buf in pcap:
	eth = dpkt.ethernet.Ethernet(buf)
	if eth.type != dpkt.ethernet.ETH_TYPE_IP:
	continue

	ip = eth.data
	if ip.p == 6 or ip.p == 17:
	tcp = ip.data
	tos = ip.tos
	flow = Flow()
	flow.src = ip_to_str(ip.src)
	flow.dst = ip_to_str(ip.dst)
	flow.sport= tcp.sport
	flow.dport = tcp.dport
	key = repr(flow)
	if not flows.has_key(key):
	flows[key] = 0
	flows[key] += 1

	for flow, numpkts in flows.items():
	data = '%s,%s'%(flow,numpkts)
	c.writerow(data.split(','))

	print 'Wrote to %s'%f.name+'.csv'