wireshark數據處理與繪圖[Python]

因爲實驗須要，導師讓我把wireshark的數據導出繪圖並與其餘數據比較。完成後我會把實驗記錄update至blog。

<hr />

I output the data of wireshark as csv and the content is like that:

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","0.0.0.0","255.255.255.255","DHCP","342","DHCP Discover - Transaction ID 0x8422537f"

I will draw a graph about the speed per flow , so I need to process the informations ,those are Time , Source , Destination , Protocol and Length.

I will get the instant speed by:
[mathjax]$$\frac{Length}{CurrentTime-LastTime}$$

And the instant speed is as the speed between last time and current time , I will create a array for storing these data and its struct is like these:
[mathjax]$$\begin{matrix} time-min &amp; time-max &amp; speed \end{matrix}$$

Of course , the informations of "Source","Destination" and "Protocol" are also necessary that I nedd to use those to filter the invaild packet.

So, let's complete it.

First Step:Introduce my environment.
OS:Ubuntu 14.04LTS
IDE:Eclipse(sudo apt-get install eclipse)
Language:Python2.7(sudo apt-get install python2.7)

Lib:
matplotlib (drawing graph)
numpy
re

Then we firstly open the data file and process the strings in Regular Expression Syntax:

[python]p = re.compile('\s|","|"')
file_res = open('address of your file')
y = p.split(file_res.read())[/python]

So, I get the array y:
[code]77397
45.519293
10.0.0.2
10.0.0.7
UDP
1512
49661

>

5001

Len=1470

77398
45.519356
10.0.0.2
10.0.0.7
UDP
1512
49661

>

5001

Len=1470

77399
45.520078
10.0.0.2
10.0.0.7
UDP
1512
49661

>
...
[/code]

To set the "UDP" is a reference point as point[n],point[n-2] and point[n-1] are the Source and Destination.Point[n+1] is the Length and point[n-3] is the time.
For making the process being easy,I need to reorganize the data from array y:
[python]
packet_time = [0]
packet_len = [0]
packet_flow = [0]
n=0
while 1:
try:
if y[n] == 'UDP':
packet_time.append(y[n-3])
packet_len.append(y[n+1])
packet_flow.append(y[n-1]+y[n-2])
print y[n-3]
n = n + 1

except IndexError:
break
[/python]

Then I will beginnig to process these datas and draw the graph about wireshark.There，I used plot command from matplotlib:
[python]
import matplotlib.pyplot as plt
[/python]
and plot command usage is like the following:
[python]
plt.plot(x,y)
plt.show()
[/python]

My complete program is in the following:
[python]
'''
Created on Mar 15, 2016

@author: tangjixing
'''
import matplotlib.pyplot as plt
import numpy as np
import pandas as pd
import httplib
import time
import re
from numpy import double

p = re.compile('\s|","|"')
file_res = open('/home/tangjixing/250_2500')
y = p.split(file_res.read())

print "okay"
packet_time = [0]
packet_len = [0]
packet_flow = [0]
n=0
while 1:
try:
if y[n] == 'UDP':
packet_time.append(y[n-3])
packet_len.append(y[n+1])
packet_flow.append(y[n-1]+y[n-2])
print y[n-3]
n = n + 1

except IndexError:
break

time_min = 0
time_max = 0
time_temp = 0
time_de = 0.1
time_temp = double(packet_time[1])
speed = [0]
temp_len = 0
m = 0
while time_temp < double(packet_time[1])+60:
time_min = time_temp
time_max = time_temp + time_de
n = 0
while 1:
try:
if double(packet_time[n]) <= time_max and double(packet_time[n]) >= time_min :
temp_len = temp_len + int(packet_len[n])
n = n + 1
except IndexError:
n = 0
speed.append(temp_len / time_de)
print speed[m]
print time_temp
m = m + 1
temp_len = 0
break
time_temp = time_temp + time_de

plt.plot(speed)
plt.show()

[/python]