zenon/netsec-lab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
netsec-lab/ex2/README.md
Günter Windsperger 4d695a9755 Add script for rep-12
2021-05-07 14:27:16 +02:00

89 lines
2.0 KiB
Markdown
Raw Blame History

# Exercise 2
## From pcap to packets
Login via `ssh` to the Lab Environment and `cd working_directory`.
### rep-10
Run the following command inside `working_directory`:
`tcpdump -tt -c 10 -nr Ex2_team13.pcap`
* `-tt` for timestamps
* `-c 10` for showing the first 10 packets
* `-n` for not converting addresses to names
* `-r` for reading from pcap
Last line (10th packet) says:
`1546318980.014549 IP 203.74.52.109 > 200.130.97.12: ICMP echo request, id 16190, seq 4544, length 12`
### rep-11
After running the command
`go-flows run features pcap2pkts.json export csv Ex2_team13.csv source libpcap Ex2_team13.pcap`
we get the file `Ex2_team13.csv`.
The following python script quickly extracts the `protocolIdentifier` and their occurrences:
```python
import numpy as np
import pandas as pd
df = pd.read_csv(r'./Ex2_team13.csv')
print(df['protocolIdentifier'].value_counts(sort=True))
```
Output:
```
6 889752
1 761985
17 124772
47 107355
58 1308
50 66
103 15
41 2
Name: protocolIdentifier, dtype: int64
```
### rep-12
After running the command
`go-flows run features pcap2flows.json export csv Ex2flows_team13.csv source libpcap Ex2_team13.pcap`
we get the file `Ex2flows_team13.csv`.
The following python script quickly extracts the
percentage of sources communicating with one or more than ten destinations:
```python
import pandas as pd
df = pd.read_csv(r'../data/Ex2flows_team13.csv')
dataLength = len(df)
singleDestinationFilter = df['distinct(destinationIPAddress)'] == 1
moreThan10DestinationsFilter = df['distinct(destinationIPAddress)'] > 10
percentageOfSingleDst = len(df[singleDestinationFilter]) / dataLength * 100
percentageOfMoreThan10Dst = len(df[moreThan10DestinationsFilter]) / dataLength * 100
print("Single Destination: {} %".format(round(percentageOfSingleDst, 3)))
print("More than 10 destinations: {} %".format(round(percentageOfMoreThan10Dst, 3)))
```
Output:
```
Length of dataset: 209434
Single Destination: 94.901 %
More than 10 destinations: 0.796 %
```
Reference in New Issue View Git Blame Copy Permalink