From 60d80ab6540858aafc554e380def389251c3b9c3 Mon Sep 17 00:00:00 2001
From: Tobias Eidelpes <tobias@eidelpes.info>
Date: Thu, 22 Apr 2021 15:42:10 +0200
Subject: [PATCH] Add description for Ex2 and report

---
 ex2/README.md              | 53 ++++++++++++++++++++++++++++++++++++++
 ex2/countingIdentifiers.py |  6 +++++
 2 files changed, 59 insertions(+)
 create mode 100644 ex2/README.md
 create mode 100644 ex2/countingIdentifiers.py

diff --git a/ex2/README.md b/ex2/README.md
new file mode 100644
index 0000000..55d38f9
--- /dev/null
+++ b/ex2/README.md
@@ -0,0 +1,53 @@
+# Exercise 2
+
+## From pcap to packets
+
+Login via `ssh` to the Lab Environment and `cd working_directory`.
+
+### rep-10
+
+Run the following command inside `working_directory`:
+
+`tcpdump -tt -c 10 -nr Ex2_team13.pcap`
+
+* `-tt` for timestamps
+* `-c 10` for showing the first 10 packets
+* `-n` for not converting addresses to names
+* `-r` for reading from pcap
+
+Last line (10th packet) says:
+
+`1546318980.014549 IP 203.74.52.109 > 200.130.97.12: ICMP echo request, id 16190, seq 4544, length 12`
+
+### rep-11
+
+After running the command
+
+`go-flows run features pcap2pkts.json export csv Ex2_team13.csv source libpcap Ex2_team13.pcap`
+
+we get the file `Ex2_team13.csv`.
+
+The following python script quickly extracts the `protocolIdentifier` and their occurrences:
+
+```python
+import numpy as np
+import pandas as pd
+
+df = pd.read_csv(r'./Ex2_team13.csv')
+
+print(df['protocolIdentifier'].value_counts(sort=True))
+```
+
+Output:
+
+```
+6      889752
+1      761985
+17     124772
+47     107355
+58       1308
+50         66
+103        15
+41          2
+Name: protocolIdentifier, dtype: int64
+```
diff --git a/ex2/countingIdentifiers.py b/ex2/countingIdentifiers.py
new file mode 100644
index 0000000..c063ec3
--- /dev/null
+++ b/ex2/countingIdentifiers.py
@@ -0,0 +1,6 @@
+import numpy as np
+import pandas as pd
+
+df = pd.read_csv(r'./Ex2_team13.csv')
+
+print(df['protocolIdentifier'].value_counts(sort=True))