Separating incoming and outgoing traffic for a more fine-grained analysis
authorrtrimana <rtrimana@uci.edu>
Wed, 8 Nov 2017 18:21:43 +0000 (10:21 -0800)
committerrtrimana <rtrimana@uci.edu>
Wed, 8 Nov 2017 18:21:43 +0000 (10:21 -0800)
parser/parse_packet_frequency.py
plot_scripts/plot_graph
run_scripts/ts_analysis_run.sh

index 5bc1a35..65ef976 100644 (file)
@@ -21,10 +21,13 @@ JSON_KEY_FRAME = "frame"
 JSON_KEY_FRAME_TIME = "frame.time"
 TABLE_HEADER_X = "Timestamp (hh:mm:ss)"
 TABLE_HEADER_Y = "Packet frequency (pps)"
+INCOMING_APPENDIX = "_incoming"
+OUTGOING_APPENDIX = "_outgoing"
+FILE_APPENDIX = ".dat"
 
 # Use this constant as a flag
 WINDOW_SIZE = 5
-USE_MOVING_AVERAGE = True
+USE_MOVING_AVERAGE = False
 
 
 def moving_average(array, window=3):
@@ -51,22 +54,23 @@ def moving_average(array, window=3):
     return retarr
 
 
-def save_to_file(tbl_header, dictionary, filename_out):
+def save_to_file(tblheader, dictionary, filenameout):
     """ Show summary of statistics of PCAP file
         Args:
-            tbl_header: header for the saved table
+            tblheader: header for the saved table
             dictionary: dictionary to be saved
             filename_out: file name to save
     """
     # Appending, not overwriting!
-    f = open(filename_out, 'a')
+    f = open(filenameout, 'a')
     # Write the table header
-    f.write("# " + TABLE_HEADER_X + " " + TABLE_HEADER_Y + "\n");
+    f.write("# " + tblheader + "\n")
+    f.write("# " + TABLE_HEADER_X + " " + TABLE_HEADER_Y + "\n")
     # Write "0 0" if dictionary is empty
     if not dictionary:
-        f.write("0 0");
+        f.write("0 0")
         f.close()
-        print "Writing zeroes to file: ", filename_out
+        print "Writing zeroes to file: ", filenameout
         return
 
     if USE_MOVING_AVERAGE:
@@ -88,7 +92,7 @@ def save_to_file(tbl_header, dictionary, filename_out):
             # Space separated
             f.write(str(key) + " " + str(dictionary[key]) + "\n")
     f.close()
-    print "Writing output to file: ", filename_out
+    print "Writing output to file: ", filenameout
 
 
 def main():
@@ -98,9 +102,15 @@ def main():
         print "Usage: python", sys.argv[0], "<input_file> <output_file> <device_name> <mac_address>"
         return
     # Parse the file for the specified MAC address
-    time_freq = parse_json(sys.argv[1], sys.argv[4])
+    timefreq_incoming = parse_json(sys.argv[1], sys.argv[4], True)
+    timefreq_outgoing = parse_json(sys.argv[1], sys.argv[4], False)
     # Write statistics into file
-    save_to_file(sys.argv[3], time_freq, sys.argv[2])
+    print "====================================================================="
+    print "==> Analyzing incoming traffic ..."
+    save_to_file(sys.argv[3] + INCOMING_APPENDIX, timefreq_incoming, sys.argv[2] + INCOMING_APPENDIX + FILE_APPENDIX)
+    print "====================================================================="
+    print "==> Analyzing outgoing traffic ..."
+    save_to_file(sys.argv[3] + OUTGOING_APPENDIX, timefreq_outgoing, sys.argv[2] + OUTGOING_APPENDIX + FILE_APPENDIX)
     print "====================================================================="
     #for time in time_freq.keys():
     #for key in sorted(time_freq):
@@ -109,15 +119,17 @@ def main():
 
 
 # Convert JSON file containing DNS traffic to a map in which a hostname points to its set of associated IPs.
-def parse_json(file_path, mac_address):
+def parse_json(filepath, macaddress, incomingoutgoing):
     """ Show summary of statistics of PCAP file
         Args:
-            file_path: path of the read file
-            mac_address: MAC address of a device to analyze
+            filepath: path of the read file
+            macaddress: MAC address of a device to analyze
+            incomingoutgoing: boolean to define whether we collect incoming or outgoing traffic
+                              True = incoming, False = outgoing
     """
     # Maps timestamps to frequencies of packets
-    time_freq = dict()
-    with open(file_path) as jf:
+    timefreq = dict()
+    with open(filepath) as jf:
         # Read JSON.
         # data becomes reference to root JSON object (or in our case json array)
         data = json.load(jf)
@@ -128,7 +140,7 @@ def parse_json(file_path, mac_address):
             layers = p[JSON_KEY_SOURCE][JSON_KEY_LAYERS]
             # Get timestamp
             frame = layers.get(JSON_KEY_FRAME, None)
-            date_time = frame.get(JSON_KEY_FRAME_TIME, None)
+            datetime = frame.get(JSON_KEY_FRAME_TIME, None)
             # Get into the Ethernet address part
             eth = layers.get(JSON_KEY_ETH, None)
             # Skip any non DNS traffic
@@ -139,19 +151,29 @@ def parse_json(file_path, mac_address):
             src = eth.get(JSON_KEY_ETH_SRC, None)
             dst = eth.get(JSON_KEY_ETH_DST, None)
             # Get just the time part
-            date_time_obj = parser.parse(date_time)
+            datetimeobj = parser.parse(datetime)
             # Remove the microsecond part
-            time_str = str(date_time_obj.time())[:8]
-            print str(time_str) + " - src:" + str(src) + " - dest:" + str(dst)
+            timestr = str(datetimeobj.time())[:8]
+            print str(timestr) + " - src:" + str(src) + " - dest:" + str(dst)
             # Get and count the traffic for the specified MAC address
-            if src == mac_address or dst == mac_address:
-                # Check if timestamp already exists in the map
-                # If yes, then just increment the frequency value...
-                if time_str in time_freq:
-                    time_freq[time_str] = time_freq[time_str] + 1
-                else: # If not, then put the value one there
-                    time_freq[time_str] = 1
-    return time_freq
+            if incomingoutgoing:           
+                if dst == macaddress:
+                    # Check if timestamp already exists in the map
+                    # If yes, then just increment the frequency value...
+                    if timestr in timefreq:
+                        timefreq[timestr] = timefreq[timestr] + 1
+                    else: # If not, then put the value one there
+                        timefreq[timestr] = 1
+            else:
+                if src == macaddress:
+                    # Check if timestamp already exists in the map
+                    # If yes, then just increment the frequency value...
+                    if timestr in timefreq:
+                        timefreq[timestr] = timefreq[timestr] + 1
+                    else: # If not, then put the value one there
+                        timefreq[timestr] = 1
+
+    return timefreq
 
 
 if __name__ == '__main__':
index 12f2065..86020f8 100644 (file)
@@ -29,122 +29,167 @@ set yrange [0:]
 # PER DEVICE SETUP  #
 # ***************** #
 # WeMo switch
-#set output 'wemo_switch.ps'
-#set output 'wemo_switch.eps'
-set output '../result/wemo_switch.png'
-set title "WeMo Switch Time Series Plot of Packets"
-plot "../result/wemo_switch.dat" using 1:2 with lines
+#set output '../result/wemo_switch_incoming.ps'
+#set output '../result/wemo_switch_incoming.eps'
+set output '../result/wemo_switch_incoming.png'
+set title "WeMo Switch Incoming Traffic"
+plot "../result/wemo_switch_incoming.dat" using 1:2 with lines
+set output '../result/wemo_switch_outgoing.png'
+set title "WeMo Switch Outgoing Traffic"
+plot "../result/wemo_switch_outgoing.dat" using 1:2 with lines
 
-#set output 'wemo_switch2.ps'
-#plot "wemo_switch.dat" using 1:2
-
-# WeMo switch
-#set output '../result/wemo_switch.ps'
-#set output '../result/wemo_switch.eps'
-set output '../result/wemo_switch.png'
-set title "WeMo Switch"
-plot "../result/wemo_switch.dat" using 1:2 with lines
 
 # WeMo Insight
-#set output '../result/wemo_insight.eps'
-set output '../result/wemo_insight.png'
-set title "WeMo Insight"
-plot "../result/wemo_insight.dat" using 1:2 with lines
+#set output '../result/wemo_insight_incoming.eps'
+set output '../result/wemo_insight_incoming.png'
+set title "WeMo Insight Incoming Traffic"
+plot "../result/wemo_insight_incoming.dat" using 1:2 with lines
+set output '../result/wemo_insight_outgoing.png'
+set title "WeMo Insight Outgoing Traffic"
+plot "../result/wemo_insight_outgoing.dat" using 1:2 with lines
 
 # TP-Link switch
-#set output '../result/tplink_switch.eps'
-set output '../result/tplink_switch.png'
-set title "TP-Link Switch"
-plot "../result/tplink_switch.dat" using 1:2 with lines
+#set output '../result/tplink_switch_incoming.eps'
+set output '../result/tplink_switch_incoming.png'
+set title "TP-Link Switch Incoming Traffic"
+plot "../result/tplink_switch_incoming.dat" using 1:2 with lines
+set output '../result/tplink_switch_outgoing.png'
+set title "TP-Link Switch Outgoing Traffic"
+plot "../result/tplink_switch_outgoing.dat" using 1:2 with lines
 
 # D-Link switch
-#set output '../result/dlink_switch.eps'
-set output '../result/dlink_switch.png'
-set title "D-Link Switch"
-plot "../result/dlink_switch.dat" using 1:2 with lines
+#set output '../result/dlink_switch_incoming.eps'
+set output '../result/dlink_switch_incoming.png'
+set title "D-Link Switch Incoming Traffic"
+plot "../result/dlink_switch_incoming.dat" using 1:2 with lines
+set output '../result/dlink_switch_outgoing.png'
+set title "D-Link Switch Outgoing Traffic"
+plot "../result/dlink_switch_outgoing.dat" using 1:2 with lines
+
 
 # Amcrest camera
-#set output '../result/amcrest_camera.eps'
-set output '../result/amcrest_camera.png'
-set title "Amcrest Camera"
-plot "../result/amcrest_camera.dat" using 1:2 with lines
+#set output '../result/amcrest_camera_incoming.eps'
+set output '../result/amcrest_camera_incoming.png'
+set title "Amcrest Camera Incoming Traffic"
+plot "../result/amcrest_camera_incoming.dat" using 1:2 with lines
+set output '../result/amcrest_camera_outgoing.png'
+set title "Amcrest Camera Outgoing Traffic"
+plot "../result/amcrest_camera_outgoing.dat" using 1:2 with lines
 
 # Netgear Arlo camera
-#set output '../result/netgear_arlo_camera.eps'
-set output '../result/netgear_arlo_camera.png'
-set title "Netgear Arlo Camera"
-plot "../result/netgear_arlo_camera.dat" using 1:2 with lines
+#set output '../result/netgear_arlo_camera_incoming.eps'
+set output '../result/netgear_arlo_camera_incoming.png'
+set title "Netgear Arlo Camera Incoming Traffic"
+plot "../result/netgear_arlo_camera_incoming.dat" using 1:2 with lines
+set output '../result/netgear_arlo_camera_outgoing.png'
+set title "Netgear Arlo Camera Outgoing Traffic"
+plot "../result/netgear_arlo_camera_outgoing.dat" using 1:2 with lines
 
 # LiFX light bulb
-#set output '../result/lifx_lightbulb_1.eps'
-set output '../result/lifx_lightbulb_1.png'
-set title "LiFX Light Bulb #1"
-plot "../result/lifx_lightbulb_1.dat" using 1:2 with lines
+#set output '../result/lifx_lightbulb_1_incoming.eps'
+set output '../result/lifx_lightbulb_1_incoming.png'
+set title "LiFX Light Bulb #1 Incoming Traffic"
+plot "../result/lifx_lightbulb_1_incoming.dat" using 1:2 with lines
+set output '../result/lifx_lightbulb_1_outgoing.png'
+set title "LiFX Light Bulb #1 Outgoing Traffic"
+plot "../result/lifx_lightbulb_1_outgoing.dat" using 1:2 with lines
 
 # LiFX light bulb
-#set output '../result/lifx_lightbulb_2.eps'
-set output '../result/lifx_lightbulb_2.png'
-set title "LiFX Light Bulb #2"
-plot "../result/lifx_lightbulb_2.dat" using 1:2 with lines
+#set output '../result/lifx_lightbulb_2_incoming.eps'
+set output '../result/lifx_lightbulb_2_incoming.png'
+set title "LiFX Light Bulb #2 Incoming Traffic"
+plot "../result/lifx_lightbulb_2_incoming.dat" using 1:2 with lines
+set output '../result/lifx_lightbulb_2_outgoing.png'
+set title "LiFX Light Bulb #2 Outgoing Traffic"
+plot "../result/lifx_lightbulb_2_outgoing.dat" using 1:2 with lines
 
 # Philips Hue
-#set output '../result/philips_hue.eps'
-set output '../result/philips_hue.png'
-set title "Philips Hue"
-plot "../result/philips_hue.dat" using 1:2 with lines
+#set output '../result/philips_hue_incoming.eps'
+set output '../result/philips_hue_incoming.png'
+set title "Philips Hue Incoming Traffic"
+plot "../result/philips_hue_incoming.dat" using 1:2 with lines
+set output '../result/philips_hue_outgoing.png'
+set title "Philips Hue Outgoing Traffic"
+plot "../result/philips_hue_outgoing.dat" using 1:2 with lines
 
 # TP-Link Light Bulb
-#set output '../result/tplink_lightbulb.eps'
-set output '../result/tplink_lightbulb.png'
-set title "TP-Link Light Bulb"
-plot "../result/tplink_lightbulb.dat" using 1:2 with lines
+#set output '../result/tplink_lightbulb_incoming.eps'
+set output '../result/tplink_lightbulb_incoming.png'
+set title "TP-Link Light Bulb Incoming Traffic"
+plot "../result/tplink_lightbulb_incoming.dat" using 1:2 with lines
+set output '../result/tplink_lightbulb_outgoing.png'
+set title "TP-Link Light Bulb Outgoing Traffic"
+plot "../result/tplink_lightbulb_outgoing.dat" using 1:2 with lines
 
 # Nxeco sprinkler
-#set output '../result/nxeco_sprinkler.eps'
-set output '../result/nxeco_sprinkler.png'
-set title "Nxeco Sprinkler"
-plot "../result/nxeco_sprinkler.dat" using 1:2 with lines
+#set output '../result/nxeco_sprinkler_incoming.eps'
+set output '../result/nxeco_sprinkler_incoming.png'
+set title "Nxeco Sprinkler Incoming Traffic"
+plot "../result/nxeco_sprinkler_incoming.dat" using 1:2 with lines
+set output '../result/nxeco_sprinkler_outgoing.png'
+set title "Nxeco Sprinkler Outgoing Traffic"
+plot "../result/nxeco_sprinkler_outgoing.dat" using 1:2 with lines
 
 # Blossom sprinkler
-#set output '../result/blossom_sprinkler.eps'
-set output '../result/blossom_sprinkler.png'
-set title "Blossom Sprinkler"
-plot "../result/blossom_sprinkler.dat" using 1:2 with lines
+#set output '../result/blossom_sprinkler_incoming.eps'
+set output '../result/blossom_sprinkler_incoming.png'
+set title "Blossom Sprinkler Incoming Traffic"
+plot "../result/blossom_sprinkler_incoming.dat" using 1:2 with lines
+set output '../result/blossom_sprinkler_outgoing.png'
+set title "Blossom Sprinkler Outgoing Traffic"
+plot "../result/blossom_sprinkler_outgoing.dat" using 1:2 with lines
 
 # D-Link alarm
-#set output '../result/dlink_alarm.eps'
-set output '../result/dlink_alarm.png'
-set title "D-Link Alarm"
-plot "../result/dlink_alarm.dat" using 1:2 with lines
+#set output '../result/dlink_alarm_incoming.eps'
+set output '../result/dlink_alarm_incoming.png'
+set title "D-Link Alarm Incoming Traffic"
+plot "../result/dlink_alarm_incoming.dat" using 1:2 with lines
+set output '../result/dlink_alarm_outgoing.png'
+set title "D-Link Alarm Outgoing Traffic"
+plot "../result/dlink_alarm_outgoing.dat" using 1:2 with lines
 
 # D-Link alarm
-#set output '../result/dlink_alarm.eps'
-set output '../result/dlink_alarm.png'
-set title "D-Link Alarm"
-plot "../result/dlink_alarm.dat" using 1:2 with lines
+#set output '../result/dlink_alarm_incoming.eps'
+set output '../result/dlink_alarm_incoming.png'
+set title "D-Link Alarm Incoming Traffic"
+plot "../result/dlink_alarm_incoming.dat" using 1:2 with lines
+set output '../result/dlink_alarm_outgoing.png'
+set title "D-Link Alarm Outgoing Traffic"
+plot "../result/dlink_alarm_outgoing.dat" using 1:2 with lines
 
 # D-Link motion sensor
-#set output '../result/dlink_motion_sensor.eps'
-set output '../result/dlink_motion_sensor.png'
-set title "D-Link Motion Sensor"
-plot "../result/dlink_motion_sensor.dat" using 1:2 with lines
+#set output '../result/dlink_motion_sensor_incoming.eps'
+set output '../result/dlink_motion_sensor_incoming.png'
+set title "D-Link Motion Sensor Incoming Traffic"
+plot "../result/dlink_motion_sensor_incoming.dat" using 1:2 with lines
+set output '../result/dlink_motion_sensor_outgoing.png'
+set title "D-Link Motion Sensor Outgoing"
+plot "../result/dlink_motion_sensor_outgoing.dat" using 1:2 with lines
 
 # Nest Thermostat
-#set output '../result/nest_thermostat.eps'
-set output '../result/nest_thermostat.png'
-set title "Nest Thermostat"
-plot "../result/nest_thermostat.dat" using 1:2 with lines
+#set output '../result/nest_thermostat_incoming.eps'
+set output '../result/nest_thermostat_incoming.png'
+set title "Nest Thermostat Incoming Traffic"
+plot "../result/nest_thermostat_incoming.dat" using 1:2 with lines
+set output '../result/nest_thermostat_outgoing.png'
+set title "Nest Thermostat Outgoing Traffic"
+plot "../result/nest_thermostat_outgoing.dat" using 1:2 with lines
 
 # Amazon Echo Dot
-#set output '../result/amazon_echo_dot.eps'
-set output '../result/amazon_echo_dot.png'
-set title "Amazon Ech Odit"
-plot "../result/amazon_echo_dot.dat" using 1:2 with lines
+#set output '../result/amazon_echo_dot_incoming.eps'
+set output '../result/amazon_echo_dot_incoming.png'
+set title "Amazon Echo Dot Incoming Traffic"
+plot "../result/amazon_echo_dot_incoming.dat" using 1:2 with lines
+set output '../result/amazon_echo_dot_outgoing.png'
+set title "Amazon Echo Dot Outgoing Traffic"
+plot "../result/amazon_echo_dot_outgoing.dat" using 1:2 with lines
 
 # SmartThings hub
-#set output '../result/smartthings_hub.eps'
-set output '../result/smartthings_hub.png'
-set title "SmartThings Hub"
-plot "../result/smartthings_hub.dat" using 1:2 with lines
-
+#set output '../result/smartthings_hub_incoming.eps'
+set output '../result/smartthings_hub_incoming.png'
+set title "SmartThings Hub Incoming Traffic"
+plot "../result/smartthings_hub_incoming.dat" using 1:2 with lines
+set output '../result/smartthings_hub_outgoing.png'
+set title "SmartThings Hub Outgoing Traffic"
+plot "../result/smartthings_hub_outgoing.dat" using 1:2 with lines
 
index a1fc157..1a57d4d 100755 (executable)
@@ -11,21 +11,21 @@ fi
 [ -d $2 ] || mkdir $2
 
 # Run the analysis
-python ../parser/parse_packet_frequency.py $1 $2/wemo_switch.dat WeMo_Switch 94:10:3e:36:60:09
-python ../parser/parse_packet_frequency.py $1 $2/wemo_insight.dat WeMo_Insight 14:91:82:25:10:77
-python ../parser/parse_packet_frequency.py $1 $2/tplink_switch.dat TPLink_Switch 50:c7:bf:33:1f:09
-python ../parser/parse_packet_frequency.py $1 $2/dlink_switch.dat DLink_Switch 90:8d:78:e3:81:0c
-python ../parser/parse_packet_frequency.py $1 $2/amcrest_camera.dat Amcrest_Camera 3c:ef:8c:6f:79:5a
-python ../parser/parse_packet_frequency.py $1 $2/netgear_arlo_camera.dat Netgear_Arlo_Camera 40:5d:82:2f:50:2a
-python ../parser/parse_packet_frequency.py $1 $2/lifx_lightbulb_1.dat Lifx_LightBulb_1 d0:73:d5:12:8e:30
-python ../parser/parse_packet_frequency.py $1 $2/lifx_lightbulb_2.dat Lifx_LightBulb_2 d0:73:d5:02:41:da
-python ../parser/parse_packet_frequency.py $1 $2/philips_hue.dat Philips_Hue 00:17:88:69:ee:e4
-python ../parser/parse_packet_frequency.py $1 $2/tplink_lightbulb.dat TPLink_LightBulb 50:c7:bf:59:d5:84
-python ../parser/parse_packet_frequency.py $1 $2/nxeco_sprinkler.dat Nxeco_Sprinkler ac:cf:23:5a:9c:e2
-python ../parser/parse_packet_frequency.py $1 $2/blossom_sprinkler.dat Blossom_Sprinkler e4:95:6e:b0:20:39
-python ../parser/parse_packet_frequency.py $1 $2/dlink_alarm.dat DLink_Alarm c4:12:f5:de:38:20
-python ../parser/parse_packet_frequency.py $1 $2/dlink_motion_sensor.dat DLink_Motion_Sensor c4:12:f5:e3:dc:17
-python ../parser/parse_packet_frequency.py $1 $2/nest_thermostat.dat Nest_Thermostat 18:b4:30:bf:34:7e
-python ../parser/parse_packet_frequency.py $1 $2/amazon_echo_dot.dat Amazon_Echo_Dot 68:37:e9:d2:26:0d
-python ../parser/parse_packet_frequency.py $1 $2/smartthings_hub.dat SmartThings_Hub d0:52:a8:a3:60:0f
+python ../parser/parse_packet_frequency.py $1 $2/wemo_switch WeMo_Switch 94:10:3e:36:60:09
+python ../parser/parse_packet_frequency.py $1 $2/wemo_insight WeMo_Insight 14:91:82:25:10:77
+python ../parser/parse_packet_frequency.py $1 $2/tplink_switch TPLink_Switch 50:c7:bf:33:1f:09
+python ../parser/parse_packet_frequency.py $1 $2/dlink_switch DLink_Switch 90:8d:78:e3:81:0c
+python ../parser/parse_packet_frequency.py $1 $2/amcrest_camera Amcrest_Camera 3c:ef:8c:6f:79:5a
+python ../parser/parse_packet_frequency.py $1 $2/netgear_arlo_camera Netgear_Arlo_Camera 40:5d:82:2f:50:2a
+python ../parser/parse_packet_frequency.py $1 $2/lifx_lightbulb_1 Lifx_LightBulb_1 d0:73:d5:12:8e:30
+python ../parser/parse_packet_frequency.py $1 $2/lifx_lightbulb_2 Lifx_LightBulb_2 d0:73:d5:02:41:da
+python ../parser/parse_packet_frequency.py $1 $2/philips_hue Philips_Hue 00:17:88:69:ee:e4
+python ../parser/parse_packet_frequency.py $1 $2/tplink_lightbulb TPLink_LightBulb 50:c7:bf:59:d5:84
+python ../parser/parse_packet_frequency.py $1 $2/nxeco_sprinkler Nxeco_Sprinkler ac:cf:23:5a:9c:e2
+python ../parser/parse_packet_frequency.py $1 $2/blossom_sprinkler Blossom_Sprinkler e4:95:6e:b0:20:39
+python ../parser/parse_packet_frequency.py $1 $2/dlink_alarm DLink_Alarm c4:12:f5:de:38:20
+python ../parser/parse_packet_frequency.py $1 $2/dlink_motion_sensor DLink_Motion_Sensor c4:12:f5:e3:dc:17
+python ../parser/parse_packet_frequency.py $1 $2/nest_thermostat Nest_Thermostat 18:b4:30:bf:34:7e
+python ../parser/parse_packet_frequency.py $1 $2/amazon_echo_dot Amazon_Echo_Dot 68:37:e9:d2:26:0d
+python ../parser/parse_packet_frequency.py $1 $2/smartthings_hub SmartThings_Hub d0:52:a8:a3:60:0f