Python Forum

Graphic of total different connection opened by one ip (per seconds) by time (slowloris attack)

I have a network dump (PCAP file) from a "conversation" between a web server apache (192.168.1.2) and some clients:

[Image: W0UKb]




This was a simulation of slowloris attack in Apache web server.

Counting how many different connection are opened by one ip:

   /usr/sbin/tcpdump -anr myfile.pcap |
       sed 's/^.*IP \([^:]*\)192.168.1.2.80:.*/\1/p;d' |
       sort |
       uniq -c

This will show a lot of

   10 192.168.1.8.36684 >
   4 192.168.1.8.39619 >
   9 192.168.1.8.39856 >
   4 192.168.1.8.39896 >
   5 192.168.1.8.40195 >
   12 192.168.1.8.40196 >
   9 192.168.1.8.52288 >
   7 192.168.1.8.58529 >
   9 192.168.1.8.58639 >
   9 192.168.1.8.58730 >
   6 192.168.1.8.58835 >
   13 192.168.1.8.58851 >
   12 192.168.1.8.58852 >
   10 192.168.1.8.58882 >

Number of different connection are opened by one ip per second: (saida.txt)

   tcpdump -anr slowloris.pcap host 192.168.1.2 and port 80 |
       sed -une '
         s/^\(.\{8\}\).* IP \(.*\)\.[0-9]\+ > 192.168.1.2.80: Flags \[S\],.*/\1 \2/p
       ' |
       sort | uniq -c

This Python script compute the total of different connection opened by one ip per second:

   

    with open('saida.txt') as f: 
           linhas = f.readlines()
           soma = 0 
           for linha in linhas:
               soma += int(linha.strip().split(" ")[0])
   
   print(soma)

How could I plot using Python the "total of different connection opened by one ip per second" x time?