Skip to content

Commit

Permalink
This commit removes analyzers and switches to elasticsearch. Now, every
Browse files Browse the repository at this point in the history
packet is indexed. Also unnecessary code like slow parsers are removed.
  • Loading branch information
mkind committed Dec 17, 2017
1 parent 5ca36b4 commit 45c9aec
Show file tree
Hide file tree
Showing 6 changed files with 44 additions and 416 deletions.
Empty file removed pcapscanner/analyzers/__init__.py
Empty file.
66 changes: 0 additions & 66 deletions pcapscanner/analyzers/conversations.py

This file was deleted.

41 changes: 0 additions & 41 deletions pcapscanner/analyzers/hosts.py

This file was deleted.

32 changes: 5 additions & 27 deletions pcapscanner/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,10 @@
import time
from multiprocessing import Pool

from analyzers import hosts, conversations
import pcap

NUM_THREADS = 4

ANALYZERS = [
hosts,
conversations
]

ASCII_LOGO = """
@@@@@@@ @@@@@@@ @@@@@@ @@@@@@@ @@@@@@ @@@@@@@ @@@@@@ @@@ @@@
Expand All @@ -38,9 +32,10 @@
"""


class Main:

def __init__(self, outputdir, inputdir, parser):
def __init__(self, outputdir, inputdir):

# log files
self.outputdir = outputdir
Expand All @@ -59,12 +54,6 @@ def __init__(self, outputdir, inputdir, parser):
)
self.inputdir = inputdir

# initialize all analyzers
for a in ANALYZERS:
a.init()

self.parser = parser

def _log_errors(self):
if not self.ignoredFiles:
return
Expand All @@ -75,12 +64,9 @@ def _log_errors(self):

print("ignored {} files".format(len(self.ignoredFiles)))

def _log_results(self):
for a in ANALYZERS:
a.log(self.outputdir)

def start(self):
pcapfiles = pcap.walk(self.inputdir)
pcapfiles = pcap.walk(self.inputdir)[:3]
print(
"Collected list of {} files in {}".
format(len(pcapfiles), self.inputdir)
Expand All @@ -98,7 +84,7 @@ def start(self):
# asynchronously
pool.apply_async(
pcap.process_pcap,
(fn, [a.analyze for a in ANALYZERS], progressbar_position, self.parser)
(fn, progressbar_position)
)

# close pool
Expand All @@ -108,7 +94,6 @@ def start(self):
pool.join()

self._log_errors()
self._log_results()

# return number of pcap files
return len(pcapfiles)
Expand All @@ -128,20 +113,13 @@ def start(self):
default='.',
help='path to the output directory'
)
parser.add_argument(
'-p', '--parser',
nargs='?',
default=pcap.Parser.DPKT.name,
choices=[p.name for p in pcap.Parser]
)

args = parser.parse_args()
print(ASCII_LOGO)

scanner = Main(
outputdir=args.outputdir,
inputdir=args.inputdir,
parser=args.parser
inputdir=args.inputdir
)
# measure time
startTime = time.time()
Expand Down
Loading

0 comments on commit 45c9aec

Please sign in to comment.