I want to count the duplicated packets from a pcap file. Duplicated packets are the packets whose the sequence number were already seen previously For that I extract firstly the list of the sequence number with this function:
The result is wrong. The number of the duplicated packets is wrong.
Please any help ?
def seq_list(s): v = [] a = [p['TCP'].seq if p.haslayer(TCP) else None for p in s] return aThen I check if the current sequence number has already seen previously : (I'm not sure about this function)
def is_dupl(s): v = seq_list(s) a = [] for p in s: if p.haslayer(TCP): for i in range(0, len(v)): a += v[0:i+1:1] if p[TCP].seq in a: return True return FalseAfter that I made a function to get the list of the duplicated packet: (I'm not sure about this function)
def find_dupl(s): tcpSeq = [p[TCP].seq if p.haslayer(TCP) and is_dupl(p) else None for p in s] counter = Counter(tcpSeq) #del counter[None] print("---------------------length of counter dictionary : --", counter.items()) return [[s[index] for index, seq in enumerate(tcpSeq) if seq == key] for (key, value) in counter.items() if value > 1]And finally my counter:
def duplication_pkt_count(s, s_ip, c_ip): sCount = 0 cCount = 0 duplication = find_dupl(s) for dup in duplication: for p in dup[1:]: if p.haslayer(IP): if (p[IP].src == s_ip): sCount += 1 if (p[IP].src == c_ip): cCount += 1 return (sCount, cCount)And then I called the function duplication_pkt_count in my main.py code
The result is wrong. The number of the duplicated packets is wrong.
Please any help ?