From deed27cbefd10fa0fd8d8c670b781d7418c1dc4e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 15 Dec 2019 23:35:43 +0100 Subject: Implemented nDPI timeline visualizer --- example/ndpi2timeline.py | 136 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100755 example/ndpi2timeline.py (limited to 'example/ndpi2timeline.py') diff --git a/example/ndpi2timeline.py b/example/ndpi2timeline.py new file mode 100755 index 000000000..c7af7aa70 --- /dev/null +++ b/example/ndpi2timeline.py @@ -0,0 +1,136 @@ +#!/usr/bin/env python +# +# Copyright (C) 2019 - ntop.org +# +# nDPI is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# nDPI is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with nDPI. If not, see . +# + +# +# Usage +# +# 1) Generate a CSV file using the ndpiReader tool. Example: +# ./ndpiReader -C sample.json -i sample.pcap +# +# 2) Open Google Chrome and type in the URL 'chrome://tracing/' +# +# 3) Inside Chrome click on 'Load' or drop sample.json in the +# Chrome window to visualize the output +# + +import sys +import json + +protos = {} +lastId = 1 + +def get_timestamp(seen): + tok = seen.split(".") + return int(tok[0]) * 1000 + int(tok[1]) + +def get_record(toks, csv_fields): + global protos + global lastId + + if len(toks) < 11: + return None + + record = dict() + ndpiProtocol = toks[10] + + ndpi_protos = ndpiProtocol.split(".") + if(len(ndpi_protos) == 1): + app_proto = ndpi_protos[0] + else: + app_proto = ndpi_protos[1] + + id = protos.get(ndpiProtocol) + if(id == None): + lastId = lastId + 1 + protos[ndpiProtocol] = lastId + id = lastId + #print(ndpiProtocol+"="+str(id)) + + ip_address = toks[5] + server_name = toks[11] + record["cat"] = "flow" + record["pid"] = ip_address + record["tid"] = ndpiProtocol # id + record["ts"] = get_timestamp(toks[2]) + record["ph"] = "X" + record["name"] = app_proto + + if(server_name == ""): + args = {} + else: + args = { "name": server_name } + record["args"] = args + record["dur"] = get_timestamp(toks[3]) - record["ts"] + + # if we do not have the legend we just return + if csv_fields is None: + return record + + # Otherwise we just add everything we find as a string + if(0): + idx = 0 + for tok in toks: + name = csv_fields[idx] + idx += 1 + record["args"][name] = str(tok) + + return record + +def get_record_dict(filename): + csv_fields = None + records = [] + fin = open(filename, "r"); + for line in fin: + line = line.replace("\n","") + + # Get the legend if present + if line[0] == '#': + csv_fields = [] + line = line.replace("#", "") + toks = line.split(",") + for tok in toks: + csv_fields.append(tok) + continue + + toks = line.split(",") + flow_id = int(toks[0]) + record = get_record(toks, csv_fields) + if record is None: + print("Error while parsing " + line) + continue + + records.append(record) + + json_dict = dict() + json_dict["traceEvents"] = records + + return json_dict + +if __name__ == "__main__": + if len(sys.argv) != 3: + print("ndpi2json ") + sys.exit(0) + + record_dict = get_record_dict(sys.argv[1]) + #print(record_dict) + #json_string = json.dumps(json_dict) + #print(json_string) + + with open(sys.argv[2], 'w') as fp: + json.dump(record_dict, fp) + print("Written " + str(len(record_dict["traceEvents"])) + " records") -- cgit v1.2.3