May-25-2017, 03:27 PM
(This post was last modified: May-25-2017, 03:28 PM by FoxModem56k.)
Graphic of total different connection opened by one ip (per seconds) by time (slowloris attack)
I have a network dump (PCAP file) from a "conversation" between a web server apache (192.168.1.2) and some clients:
[Image: W0UKb]
This was a simulation of slowloris attack in Apache web server.
Counting how many different connection are opened by one ip:
/usr/sbin/tcpdump -anr myfile.pcap |
sed 's/^.*IP \([^:]*\)192.168.1.2.80:.*/\1/p;d' |
sort |
uniq -c
This will show a lot of
10 192.168.1.8.36684 >
4 192.168.1.8.39619 >
9 192.168.1.8.39856 >
4 192.168.1.8.39896 >
5 192.168.1.8.40195 >
12 192.168.1.8.40196 >
9 192.168.1.8.52288 >
7 192.168.1.8.58529 >
9 192.168.1.8.58639 >
9 192.168.1.8.58730 >
6 192.168.1.8.58835 >
13 192.168.1.8.58851 >
12 192.168.1.8.58852 >
10 192.168.1.8.58882 >
Number of different connection are opened by one ip per second: (saida.txt)
tcpdump -anr slowloris.pcap host 192.168.1.2 and port 80 |
sed -une '
s/^\(.\{8\}\).* IP \(.*\)\.[0-9]\+ > 192.168.1.2.80: Flags \[S\],.*/\1 \2/p
' |
sort | uniq -c
This Python script compute the total of different connection opened by one ip per second:
I have a network dump (PCAP file) from a "conversation" between a web server apache (192.168.1.2) and some clients:
[Image: W0UKb]
This was a simulation of slowloris attack in Apache web server.
Counting how many different connection are opened by one ip:
/usr/sbin/tcpdump -anr myfile.pcap |
sed 's/^.*IP \([^:]*\)192.168.1.2.80:.*/\1/p;d' |
sort |
uniq -c
This will show a lot of
10 192.168.1.8.36684 >
4 192.168.1.8.39619 >
9 192.168.1.8.39856 >
4 192.168.1.8.39896 >
5 192.168.1.8.40195 >
12 192.168.1.8.40196 >
9 192.168.1.8.52288 >
7 192.168.1.8.58529 >
9 192.168.1.8.58639 >
9 192.168.1.8.58730 >
6 192.168.1.8.58835 >
13 192.168.1.8.58851 >
12 192.168.1.8.58852 >
10 192.168.1.8.58882 >
Number of different connection are opened by one ip per second: (saida.txt)
tcpdump -anr slowloris.pcap host 192.168.1.2 and port 80 |
sed -une '
s/^\(.\{8\}\).* IP \(.*\)\.[0-9]\+ > 192.168.1.2.80: Flags \[S\],.*/\1 \2/p
' |
sort | uniq -c
This Python script compute the total of different connection opened by one ip per second:
with open('saida.txt') as f: linhas = f.readlines() soma = 0 for linha in linhas: soma += int(linha.strip().split(" ")[0]) print(soma)How could I plot using Python the "total of different connection opened by one ip per second" x time?