Created
October 14, 2011 07:32
-
-
Save Visgean/1286474 to your computer and use it in GitHub Desktop.
Parsing kismet dumps
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re # import python regexp library | |
| with open("dumpfile.txt", "r") as file: # open the file | |
| lines = file.readlines() # read lines from file | |
| # at first I thought you want to parse even more parameters | |
| # regular expression | |
| pattern = "(?P<date>.*) IP (?P<senderIP>[\.\d]*)\.(?P<senderPort>\d*) \> (?P<reciverIP>[\.\d]*)\.(?P<recieverPort>\d*): Flags \[(?P<flags>.*)\],.*" | |
| Pkts = {} # {uniqueIP:number of packets associated} | |
| for line in lines: # go trought every line and | |
| result = re.match(pattern, line) # match line for every line | |
| if not Pkts.has_key(result.group("senderIP")): # if this ip was not used then we will set the result to 1 | |
| Pkts[result.group("senderIP")] = 1 | |
| else: # in other case we will just add 1 | |
| Pkts[result.group("senderIP")] += 1 | |
| if not Pkts.has_key(result.group("reciverIP")): # same as previous only this time we check for receiver ip adress | |
| Pkts[result.group("reciverIP")] = 1 | |
| else: | |
| Pkts[result.group("reciverIP")] += 1 | |
| for ip in Pkts.keys(): | |
| print ip, "Number of packets recived/sent:", Pkts[ip] # just printing the result |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment