Graph of total connections per second during a denial of service attack

Question

Graph of total connections per second during a denial of service attack

Navigation

#1 by (5 votes)

4

I have a network dump (PCAP file) containing slowloris attacks:

ThefollowingscriptwillshowthenumberofconnectionspersecondtoIP192.168.1.2onport80:

tcpdump-qns0-A-r1.pcaphost192.168.91.5andport80|sed-une's/^\(.\{8\}\).*IP\(.*\)\.[0-9]\+>192.168.91.5.80:Flags\[S\],.*//p'|uniq-c

whoseoutputwillbetheoutputfile.txt:

10192.168.1.8.36684>4192.168.1.8.39619>9192.168.1.8.39856>4192.168.1.8.39896>5192.168.1.8.40195>12192.168.1.8.40196>9192.168.1.8.52288>7192.168.1.8.58529>9192.168.1.8.58639>9192.168.1.8.58730>6192.168.1.8.58835>13192.168.1.8.58851>12192.168.1.8.58852>10192.168.1.8.58882>

The1.pcapfileisatimesliceof3minutesofattack.Ihavefilesfrom1.pcapto10.pcap(eachonecorrespondsto3minutesofattacks)

ThePythonscriptbelowwillshowthetotalnumberofconnectionspersecond:

withopen('saida.txt')asf:      lines=f.readlines()

sum=0forlineinlines:      soma+=int(line.strip().split("") [0])

print (soma)

I would like to generate a graph of the total number of connections per second throughout the attack. Any suggestions using Python?

What I did:

import matplotlib.pyplot as plt

x = []
y = []

dataset = open("datasetDdos10Abril2017.csv","r") ##separacao no csv eh por virgulas
#dataset = open("dataset.csv","r")

for line in dataset:
    line = line.strip() #23,24\n -> 23,24 retira a quebra de linha
    X,Y = line.split(',') #separador eh a virgula
    x.append(X)
    y.append(Y)

dataset.close()



plt.plot(x,y)
plt.title("Gráfico do número de Conexoes por segundo")
plt.xlabel("Numero de conexões por segundo")
plt.ylabel('Tempo')


plt.show()

Not good:

datasetDates10April2017.csv:

5284,14918280004856,14918281804880,14918283604854,14918285404903,14918287204806,14918289004873,14918290804910,14918292604914,14918294404914,14918296204944,14918298004751,14918299804863,1491830160

I'veupdatedthedatesforUnixTimebecauseitdidnotworkintheformatI'dliketodisplay(example:April11,201707:50:01)

Onthex(horizontal)axis,Iwouldlikethedatestoappearin"readable" format preferably in Portuguese: 11 / April / 2017 07:50:01 And the label would be: time

On the Y (vertical) axis: the label would be: number of connections / second

I do not want a line connecting the dots on the chart, I just want the dots in black!

python matplotlib shell-script

asked by anonymous 24.05.2017 / 16:25

1 answer

Capturing StackOverFlowException Show / Hide animated information by clicking element

score 5 · Accepted Answer

I did a test here like this:

>>> import matplotlib.pyplot as plt
>>> x = [1491828000,1491828180,1491828360,1491828540,1491828720,1491828900,1491829080,1491829260,1491829440,1491829620,1491829800,1491829980,1491830160]
>>> y = [5284,4856,4880,4854,4903,4806,4873,4910,4914,4914,4944,4751,4863]
>>> plt.plot(x, y, 'ro')
[<matplotlib.lines.Line2D object at 0x000001CCE7C55A20>]
>>> plt.title("Gráfico do número de Conexoes por segundo")
<matplotlib.text.Text object at 0x000001CCE5FD6358>
>>> plt.ylabel("Numero de conexões por segundo")
<matplotlib.text.Text object at 0x000001CCE5FCBEB8>
>>> plt.xlabel('Tempo')
<matplotlib.text.Text object at 0x000001CCE7C21A20>
>>> plt.show()

The result was:

ThenIdidatestlikethis:

>>>fromdatetimeimportdatetime,timedelta>>>x1=[datetime.now()+timedelta(microseconds=d/10)fordinx]>>>plt.plot(x1,y,'ro')[<matplotlib.lines.Line2Dobjectat0x000001CCE7FE4CC0>]>>>plt.title("Gráfico do número de Conexoes por segundo")
<matplotlib.text.Text object at 0x000001CCE7FEAA58>
>>> plt.ylabel("Numero de conexões por segundo")
<matplotlib.text.Text object at 0x000001CCE7FD4438>
>>> plt.xlabel('Tempo')
<matplotlib.text.Text object at 0x000001CCE7BDE7F0>

It looks like this:

Thatdatewasugly.SoIdidthefollowing:

>>>importmatplotlib.datesasdates>>>plt.gca().xaxis.set_major_formatter(dates.DateFormatter('%m/%d/%Y%H:%M:%S'))>>>plt.plot(x1,y,'ro')[<matplotlib.lines.Line2Dobjectat0x000001CCEA13D400>]>>>plt.title("Gráfico do número de Conexoes por segundo")
<matplotlib.text.Text object at 0x000001CCEA157780>
>>> plt.ylabel("Numero de conexões por segundo")
<matplotlib.text.Text object at 0x000001CCEA142080>
>>> plt.xlabel('Tempo')
<matplotlib.text.Text object at 0x000001CCE7FD4828>
>>> plt.gcf().autofmt_xdate()
>>> plt.show()

Improved a lot:

Forthemilliseconds,Ididthefollowing(completeexample):

>>>importmatplotlib.pyplotasplt>>>x=[1491828000,1491828180,1491828360,1491828540,1491828720,1491828900,1491829080,1491829260,1491829440,1491829620,1491829800,1491829980,1491830160]>>>y=[5284,4856,4880,4854,4903,4806,4873,4910,4914,4914,4944,4751,4863]>>>importmatplotlib.datesasdates>>>fromdatetimeimportdatetime,timedelta>>>x1=[datetime.now()+timedelta(microseconds=d/10)fordinx]>>>plt.plot(x1,y,'ro')[<matplotlib.lines.Line2Dobjectat0x0000021ECFEACC18>]>>>plt.gca().xaxis.set_major_formatter(dates.DateFormatter('%m/%d/%Y%H:%M:%S.%f'))>>>plt.title("Gráfico do número de Conexoes por segundo")
<matplotlib.text.Text object at 0x0000021ECFEAE940>
>>> plt.ylabel("Numero de conexões por segundo")
<matplotlib.text.Text object at 0x0000021ECFE973C8>
>>> plt.xlabel('Tempo')
<matplotlib.text.Text object at 0x0000021ECE543EB8>
>>> plt.gcf().autofmt_xdate()
>>> plt.show()

Here I instantiate your examples:

x = [1491828000,1491828180,1491828360,1491828540,1491828720,1491828900,1491829080,1491829260,1491829440,1491829620,1491829800,1491829980,1491830160]

Convert to datetime :

x1 = [datetime.now() + timedelta(microseconds=d/10) for d in x]

I set the X axis to format datetime :

plt.gca().xaxis.set_major_formatter(dates.DateFormatter('%m/%d/%Y %H:%M:%S.%f'))

Here I make Matplot rotate the datetime 45 degrees:

plt.gcf().autofmt_xdate()