my flowaverage function wont produce an output
Question:
Part 3 – Create the Functions to Analyse a Packet
the flowaverage function wont produce an output please help – Python
.
For you to know if a packet is involved in malicious activity or not you must first identify characteristics of malicious traffic and then find a way to represent this in python. For this assignment we will use four metrics to determine if a packet is malicious or not.
Average Packet Size – This metric will accept a list of packets and gets the average payload size of all the packets. It will return a list of packets that are above the average of the list.
here is my code
` def makePacket(srcIP, dstIP, length, prt, sp, dp, sqn, pld):
return ("PK", srcIP, dstIP, [length, prt, [sp, dp], sqn, pld])
def getPacketSrc(pkt):
return pkt[1]``
def getPacketDst(pkt):
return pkt[2]
def getPacketDetails(pkt):
return pkt[3]
def isPacket(pkt):
return type(pkt[1]) != type([]) and pkt[0] == "PK" and type(pkt) == type(())
def isEmptyPkt(pkt):
return getPacketDetails(pkt) == []
def getLength(pkt):
a = getPacketDetails(pkt)
return a[0]
def getProtocol(pkt):
a = getPacketDetails(pkt)
return a[1]
def getSrcPort(pkt):
a = getPacketDetails(pkt)
b = a[2]
return b[0]
def getDstPort(pkt):
a = getPacketDetails(pkt)
b = a[2]
return b[1]
def getSqn(pkt):
a = getPacketDetails(pkt)
return a[3]
def getPayloadSize(pkt):
a= getPacketDetails(pkt)
return a[4]
def flowAverage(pkt):
packets=[]
payloads=[]
for p in pkt:
list(getPacketDetails(p)[1])
payloads.append(pkt)[1]
total=0
for p in payloads:
total=total+p
avg=total/len(payloads)
return avg
def suspPort(pkt):
if getSrcPort(pkt) > 500 or getDstPort(pkt)>500:
return True
else:
return False
def suspProto(pkt):
protoLst=["HTTP","SMTP", "UDP", "TCP", "DHCP"]
if getProtocol(pkt) not in protoLst:
return True
else:
return False
def ipBlacklist(pkt):
ipBlackList=[["213.217.236.184","444.221.232.94","149.88.83.47","223.70.250.146","169.51.6.136","229.22369.24"]]
if getPacketSrc(pkt) in IpBlackList:
return True
else:
return False
`
```
`
im expecting
Input
111.202.230.44 62.82.29.190 3 HTTP 80 3463 1562431 87
Sample Output 0
Output
Average Packet Size => [('PK', '333.230.18.207', '213.217.236.184', [56, 'IRC', [501, 5643], 1762431, 318]), ('PK', '444.221.232.94', '50.168.160.19', [1003, 'TCP', [4657, 4875], 1962431, 428])]
Suspicious Port (pkt) => True
Suspicious Port (pk3) => True
Suspicious Protocol (pkt) => False
Suspicious Protocol (pk4) => False
IP Blacklist (pkt) => False
IP Blacklist (pk5) => False
Answers:
It looks to me like you are returning early from your for loop, instead of iterating over all the packets. To get the average of the packet lengths, you could do something like this:
def flowAverage(pkt_list):
payloads = []
large_packets = []
for pkt in pkt_list:
payloads.append(getPayloadSize(pkt))
total = sum(payloads)
avg = total / len(payloads)
for pkt in pkt_list:
if getPayloadSize(pkt) > avg:
large_packets.append(pkt)
return large_packets
Part 3 – Create the Functions to Analyse a Packet
the flowaverage function wont produce an output please help – Python
.
For you to know if a packet is involved in malicious activity or not you must first identify characteristics of malicious traffic and then find a way to represent this in python. For this assignment we will use four metrics to determine if a packet is malicious or not.
Average Packet Size – This metric will accept a list of packets and gets the average payload size of all the packets. It will return a list of packets that are above the average of the list.
here is my code
` def makePacket(srcIP, dstIP, length, prt, sp, dp, sqn, pld):
return ("PK", srcIP, dstIP, [length, prt, [sp, dp], sqn, pld])
def getPacketSrc(pkt):
return pkt[1]``
def getPacketDst(pkt):
return pkt[2]
def getPacketDetails(pkt):
return pkt[3]
def isPacket(pkt):
return type(pkt[1]) != type([]) and pkt[0] == "PK" and type(pkt) == type(())
def isEmptyPkt(pkt):
return getPacketDetails(pkt) == []
def getLength(pkt):
a = getPacketDetails(pkt)
return a[0]
def getProtocol(pkt):
a = getPacketDetails(pkt)
return a[1]
def getSrcPort(pkt):
a = getPacketDetails(pkt)
b = a[2]
return b[0]
def getDstPort(pkt):
a = getPacketDetails(pkt)
b = a[2]
return b[1]
def getSqn(pkt):
a = getPacketDetails(pkt)
return a[3]
def getPayloadSize(pkt):
a= getPacketDetails(pkt)
return a[4]
def flowAverage(pkt):
packets=[]
payloads=[]
for p in pkt:
list(getPacketDetails(p)[1])
payloads.append(pkt)[1]
total=0
for p in payloads:
total=total+p
avg=total/len(payloads)
return avg
def suspPort(pkt):
if getSrcPort(pkt) > 500 or getDstPort(pkt)>500:
return True
else:
return False
def suspProto(pkt):
protoLst=["HTTP","SMTP", "UDP", "TCP", "DHCP"]
if getProtocol(pkt) not in protoLst:
return True
else:
return False
def ipBlacklist(pkt):
ipBlackList=[["213.217.236.184","444.221.232.94","149.88.83.47","223.70.250.146","169.51.6.136","229.22369.24"]]
if getPacketSrc(pkt) in IpBlackList:
return True
else:
return False
`
```
`
im expecting
Input
111.202.230.44 62.82.29.190 3 HTTP 80 3463 1562431 87
Sample Output 0
Output
Average Packet Size => [('PK', '333.230.18.207', '213.217.236.184', [56, 'IRC', [501, 5643], 1762431, 318]), ('PK', '444.221.232.94', '50.168.160.19', [1003, 'TCP', [4657, 4875], 1962431, 428])]
Suspicious Port (pkt) => True
Suspicious Port (pk3) => True
Suspicious Protocol (pkt) => False
Suspicious Protocol (pk4) => False
IP Blacklist (pkt) => False
IP Blacklist (pk5) => False
It looks to me like you are returning early from your for loop, instead of iterating over all the packets. To get the average of the packet lengths, you could do something like this:
def flowAverage(pkt_list):
payloads = []
large_packets = []
for pkt in pkt_list:
payloads.append(getPayloadSize(pkt))
total = sum(payloads)
avg = total / len(payloads)
for pkt in pkt_list:
if getPayloadSize(pkt) > avg:
large_packets.append(pkt)
return large_packets