python wireshark_wireshark数据处理与绘图[Python]

由于实验需要，导师让我把wireshark的数据导出绘图并与其他数据比较。完成后我会把实验记录update至blog。

---

I output the data of wireshark as csv and the content is like that:

"No.","Time","Source","Destination","Protocol","Length","Info"

"1","0.000000","0.0.0.0","255.255.255.255","DHCP","342","DHCP Discover - Transaction ID 0x8422537f"

I will draw a graph about the speed per flow , so I need to process the informations ,those are Time , Source , Destination , Protocol and Length.

I will get the instant speed by:

[mathjax]$$\frac{Length}{CurrentTime-LastTime}$$

And the instant speed is as the speed between last time and current time , I will create a array for storing these data and its struct is like these:

[mathjax]$$\begin{matrix} time-min & time-max & speed \end{matrix}$$

Of course , the informations of "Source","Destination" and "Protocol" are also necessary that I nedd to use those to filter the invaild packet.

So, let's complete it.

First Step:Introduce my environment.

OS:Ubuntu 14.04LTS

IDE:Eclipse(sudo apt-get install eclipse)

Language:Python2.7(sudo apt-get install python2.7)

Lib:

matplotlib (drawing graph)

numpy

re

Then we firstly open the data file and process the strings in Regular Expression Syntax:

[python]p = re.compile('\s|","|"')

file_res = open('address of your file')

y = p.split(file_res.read())[/python]

So, I get the array y:

[code]77397

45.519293

10.0.0.2

10.0.0.7

UDP

1512

49661

>

5001

Len=1470

77398

45.519356

10.0.0.2

10.0.0.7

UDP

1512

49661

>

5001

Len=1470

77399

45.520078

10.0.0.2

10.0.0.7

UDP

1512

49661

>

...

[/code]

To set the "UDP" is a reference point as point[n],point[n-2] and point[n-1] are the Source and Destination.Point[n+1] is the Length and point[n-3] is the time.

For making the process being easy,I need to reorganize the data from array y:

[python]

packet_time = [0]

packet_len = [0]

packet_flow = [0]

n=0

while 1:

try:

if y[n] == 'UDP':

packet_time.append(y[n-3])

packet_len.append(y[n+1])

packet_flow.append(y[n-1]+y[n-2])

print y[n-3]

n = n + 1

except IndexError:

break

[/python]

Then I will beginnig to process these datas and draw the graph about wireshark.There，I used plot command from matplotlib:

[python]

import matplotlib.pyplot as plt

[/python]

and plot command usage is like the following:

[python]

plt.plot(x,y)

plt.show()

[/python]

My complete program is in the following:

[python]

'''

Created on Mar 15, 2016

@author: tangjixing

'''

import matplotlib.pyplot as plt

import numpy as np

import pandas as pd

import httplib

import time

import re

from numpy import double

p = re.compile('\s|","|"')

file_res = open('/home/tangjixing/250_2500')

y = p.split(file_res.read())

print "okay"

packet_time = [0]

packet_len = [0]

packet_flow = [0]

n=0

while 1:

try:

if y[n] == 'UDP':

packet_time.append(y[n-3])

packet_len.append(y[n+1])

packet_flow.append(y[n-1]+y[n-2])

print y[n-3]

n = n + 1

except IndexError:

break

time_min = 0

time_max = 0

time_temp = 0

time_de = 0.1

time_temp = double(packet_time[1])

speed = [0]

temp_len = 0

m = 0

while time_temp < double(packet_time[1])+60:

time_min = time_temp

time_max = time_temp + time_de

n = 0

while 1:

try:

if double(packet_time[n]) <= time_max and double(packet_time[n]) >= time_min :

temp_len = temp_len + int(packet_len[n])

n = n + 1

except IndexError:

n = 0

speed.append(temp_len / time_de)

print speed[m]

print time_temp

m = m + 1

temp_len = 0

break

time_temp = time_temp + time_de

plt.plot(speed)

plt.show()

[/python]