Graphic of total different connection opened by one ip (per seconds) by time - Printable Version +- Python Forum (https://python-forum.io) +-- Forum: Python Coding (https://python-forum.io/forum-7.html) +--- Forum: General Coding Help (https://python-forum.io/forum-8.html) +--- Thread: Graphic of total different connection opened by one ip (per seconds) by time (/thread-3463.html) |
Graphic of total different connection opened by one ip (per seconds) by time - FoxModem56k - May-25-2017 Graphic of total different connection opened by one ip (per seconds) by time (slowloris attack) I have a network dump (PCAP file) from a "conversation" between a web server apache (192.168.1.2) and some clients: [Image: W0UKb] This was a simulation of slowloris attack in Apache web server. Counting how many different connection are opened by one ip: /usr/sbin/tcpdump -anr myfile.pcap | sed 's/^.*IP \([^:]*\)192.168.1.2.80:.*/\1/p;d' | sort | uniq -c This will show a lot of 10 192.168.1.8.36684 > 4 192.168.1.8.39619 > 9 192.168.1.8.39856 > 4 192.168.1.8.39896 > 5 192.168.1.8.40195 > 12 192.168.1.8.40196 > 9 192.168.1.8.52288 > 7 192.168.1.8.58529 > 9 192.168.1.8.58639 > 9 192.168.1.8.58730 > 6 192.168.1.8.58835 > 13 192.168.1.8.58851 > 12 192.168.1.8.58852 > 10 192.168.1.8.58882 > Number of different connection are opened by one ip per second: (saida.txt) tcpdump -anr slowloris.pcap host 192.168.1.2 and port 80 | sed -une ' s/^\(.\{8\}\).* IP \(.*\)\.[0-9]\+ > 192.168.1.2.80: Flags \[S\],.*/\1 \2/p ' | sort | uniq -c This Python script compute the total of different connection opened by one ip per second: with open('saida.txt') as f: linhas = f.readlines() soma = 0 for linha in linhas: soma += int(linha.strip().split(" ")[0]) print(soma)How could I plot using Python the "total of different connection opened by one ip per second" x time? |