diff options
| author | Luca Deri <deri@ntop.org> | 2024-10-16 23:55:21 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2024-10-16 23:55:21 +0200 |
| commit | 1c4ae434ab03e1178133ad697bde0e9caff9dd19 (patch) | |
| tree | 2e37f18aaa2894e42aa8e86ae03c95d1366b239b | |
| parent | afc4d9e34d61a45c5daeffcdcc187bc0b105ef3e (diff) | |
Improved statistics
| -rwxr-xr-x | utils/parse_reader_json.py | 79 |
1 files changed, 69 insertions, 10 deletions
diff --git a/utils/parse_reader_json.py b/utils/parse_reader_json.py index 19eaf6929..b930b3187 100755 --- a/utils/parse_reader_json.py +++ b/utils/parse_reader_json.py @@ -17,7 +17,13 @@ if(len(sys.argv) != 2): fname = sys.argv[1] -fingeprints = {} +#shorten_ja4 = True +shorten_ja4 = False +use_domainame = True + +client_fingerprints = {} +hostname_fingerprints = {} +fingerprints = {} # Open and read the JSON file with open(fname, 'r') as file: @@ -30,23 +36,76 @@ with open(fname, 'r') as file: and ('hostname' in data['ndpi']) and ('ja4' in data['ndpi']['tls']) ): + src_ip = data['src_ip'] tcp_fingerprint = data['tcp_fingerprint'] ja4 = data['ndpi']['tls']['ja4'] - domainame = data['ndpi']['domainame'] - hostname = data['ndpi']['hostname'] + if(shorten_ja4): + items = ja4.split("_") + ja4 = items[1] + "_" + items[2] + + if(use_domainame): + hostname = data['ndpi']['domainame'] + else: + hostname = data['ndpi']['hostname'] + key = tcp_fingerprint+"-"+ja4 - if(not(key in fingeprints)): - fingeprints[key] = {} + if(not(src_ip in client_fingerprints)): + client_fingerprints[src_ip] = {} + + if(not(key in client_fingerprints[src_ip])): + client_fingerprints[src_ip][key] = {} value = hostname - fingeprints[key][value] = True + client_fingerprints[src_ip][key][value] = True + + ##################### + + if(not(key in fingerprints)): + fingerprints[key] = {} + + fingerprints[key][src_ip] = hostname + + ##################### + + if(not(hostname in hostname_fingerprints)): + hostname_fingerprints[hostname] = {} + + hostname_fingerprints[hostname][key] = True + +#################### + +for host in client_fingerprints.keys(): + print(host+" [" + str(len(client_fingerprints[host].keys())) + " fingerprints]") + for k in client_fingerprints[host].keys(): + print(k, end =" [ ") + + for client in client_fingerprints[host][k]: + print(client, end =" ") + print("]") -for k in fingeprints.keys(): - print(k, end =" [ ") + print("") - for host in fingeprints[k]: - print(host, end =" ") +print("------------------------") + +for key in fingerprints: + print(key, end =" [ ") + + for client in fingerprints[key]: + print(client, end =" ") print("]") + +sys.exit(0) + +print("------------------------") + +for hostname in hostname_fingerprints: + print(hostname, end ="\n[ ") + + for f_print in hostname_fingerprints[hostname]: + print(f_print, end =" ") + + print("]\n") + |