There are three files, the livecapture will capture packets and give the output in a csv file with IP address, reverse DNS and protocol The offline capture is a simple sniffing. The readpcap.py will read pcap files and output a csv file with source, destination, protocol, size and hostname of the destination,tos The command line will output the uniquie IPs for each PCAP file along with their destination country if available.
sudo apt install python3-autopep8
autopep8 -i <script>.py
sudo apt-get install python3-pandas
installing pyshark
git clone https://github.com/KimiNewt/pyshark.git
cd pyshark/src
sudo python3 setup.py install
sudo apt-get install tshark
installing scapy
git clone https://github.com/secdev/scapy.git
cd scapy
sudo python3 setup.py install
git clone git@github.com:matplotlib/matplotlib.git
cd matplotlib
python3 -m pip install -e
Running
chmod +x <script>.py
sudo ./readme.py <inputfilename.pcapng> <outputname.csv> <outputmapname.html>
There is a ALM_Apriori.py file which is a Association Rule Mining w/ Apriori Algorithm code. The code extracts frequent and interesting combinations from the captured packets and then generates strong rules out of the captured packets.
The ALM_Apriori.py can also be executed using Google Colab.
pip install apriori pip install apyori
To compute support, the formula is Support(A) = (Dataset containing (A))/(Dataset).
To compute confidence, the formula is Confidence(A→B) = (Dataset containing both (A and B))/(Dataset containing A).
To compute lift, the formula is Lift(A→B) = (Confidence (A→B))/(Support (B)).