diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-11-21 12:01:45 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-11-21 12:01:45 +0100 |
| commit | a35fc1d5ea8570609cc0c8cf6edadc81f8f5bb76 (patch) | |
| tree | 10b832574f92492c692be039d1d180b1f5946f8e /examples | |
| parent | cfecf3e11017142193428e8830d8e0e8562d795b (diff) | |
Removed py-flow-undetected-to-pcap and py-risky-flow-to-pcap. Done by c-captured anyway.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'examples')
| -rwxr-xr-x | examples/py-flow-undetected-to-pcap/flow-undetected-to-pcap.py | 65 | ||||
| -rwxr-xr-x | examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py | 54 |
2 files changed, 0 insertions, 119 deletions
diff --git a/examples/py-flow-undetected-to-pcap/flow-undetected-to-pcap.py b/examples/py-flow-undetected-to-pcap/flow-undetected-to-pcap.py deleted file mode 100755 index fcefe847f..000000000 --- a/examples/py-flow-undetected-to-pcap/flow-undetected-to-pcap.py +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/bin/env python3 - -import os -import sys - -sys.path.append(os.path.dirname(sys.argv[0]) + '/../share/nDPId') -sys.path.append(os.path.dirname(sys.argv[0]) + '/../usr/share/nDPId') -try: - import nDPIsrvd - from nDPIsrvd import nDPIsrvdSocket, TermColor -except ImportError: - sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies') - import nDPIsrvd - from nDPIsrvd import nDPIsrvdSocket, TermColor - -def onJsonLineRecvd(json_dict, current_flow, global_user_data): - if current_flow is None: - - if 'packet_event_name' in json_dict and json_dict['packet_event_name'] == 'packet': - fake_flow = Flow() - fake_flow.pkt = PcapPacket() - PcapPacket.handleJSON(json_dict, fake_flow) - fake_flow.pkt.doDump() - fake_flow.pkt.setSuffix('packet_undetected') - fake_flow.pkt.fin() - - return True - - PcapPacket.handleJSON(json_dict, current_flow) - - if 'flow_event_name' in json_dict and PcapPacket.isInitialized(current_flow) and \ - (json_dict['flow_event_name'] == 'guessed' or json_dict['flow_event_name'] == 'not-detected'): - - current_flow.pcap_packet.doDump() - if json_dict['flow_event_name'] == 'guessed': - current_flow.pcap_packet.setSuffix('guessed') - - try: - if current_flow.pcap_packet.fin() is True: - print('Guessed flow with id {}, dumped'.format(current_flow.flow_id)) - except RuntimeError as err: - print('Guessed flow with id {} excepted: {}'.format(current_flow.flow_id, str(err))) - - else: - current_flow.pcap_packet.setSuffix('undetected') - - try: - if current_flow.pcap_packet.fin() is True: - print('Not-detected flow with id {}, dumped'.format(current_flow.flow_id)) - except RuntimeError as err: - print('Not-detected flow with id {} excepted: {}'.format(current_flow.flow_id, str(err))) - - return True - -if __name__ == '__main__': - argparser = nDPIsrvd.defaultArgumentParser() - args = argparser.parse_args() - address = nDPIsrvd.validateAddress(args) - - sys.stderr.write('Recv buffer size: {}\n'.format(nDPIsrvd.NETWORK_BUFFER_MAX_SIZE)) - sys.stderr.write('Connecting to {} ..\n'.format(address[0]+':'+str(address[1]) if type(address) is tuple else address)) - - nsock = nDPIsrvdSocket() - nsock.connect(address) - nsock.loop(onJsonLineRecvd, None) diff --git a/examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py b/examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py deleted file mode 100755 index cdf4257c1..000000000 --- a/examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/env python3 - -import base64 -import os -import sys - -sys.path.append(os.path.dirname(sys.argv[0]) + '/../share/nDPId') -sys.path.append(os.path.dirname(sys.argv[0]) + '/../usr/share/nDPId') -try: - import nDPIsrvd - from nDPIsrvd import nDPIsrvdSocket, TermColor -except ImportError: - sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies') - import nDPIsrvd - from nDPIsrvd import nDPIsrvdSocket, TermColor - -def onJsonLineRecvd(json_dict, current_flow, global_user_data): - if current_flow is None: - return True - - PcapPacket.handleJSON(json_dict, current_flow) - - if 'flow_event_name' in json_dict and PcapPacket.isInitialized(current_flow) and \ - 'ndpi' in json_dict and 'flow_risk' in json_dict['ndpi'] and not hasattr(current_flow, 'is_risky_flow'): - - current_flow.pcap_packet.doDump() - current_flow.pcap_packet.setSuffix('risky') - current_flow.is_risky_flow = True - print('Risky flow with id {} marked for dumping.'.format(current_flow.flow_id)) - - if hasattr(current_flow, 'is_risky_flow') and \ - (current_flow.pcap_packet.current_packet < current_flow.pcap_packet.max_packets or \ - ('flow_event_name' in json_dict and \ - (json_dict['flow_event_name'] == 'end' or json_dict['flow_event_name'] == 'idle'))): - - try: - if current_flow.pcap_packet.fin() is True: - print('Risky flow with id {} dumped.'.format(current_flow.flow_id)) - except RuntimeError as err: - pass - - return True - -if __name__ == '__main__': - argparser = nDPIsrvd.defaultArgumentParser() - args = argparser.parse_args() - address = nDPIsrvd.validateAddress(args) - - sys.stderr.write('Recv buffer size: {}\n'.format(nDPIsrvd.NETWORK_BUFFER_MAX_SIZE)) - sys.stderr.write('Connecting to {} ..\n'.format(address[0]+':'+str(address[1]) if type(address) is tuple else address)) - - nsock = nDPIsrvdSocket() - nsock.connect(address) - nsock.loop(onJsonLineRecvd, None) |