Didier Stevens

Saturday 30 May 2020

New Tool: simple_ip_stats.py

Filed under: My Software,Networking — Didier Stevens @ 9:50

Some time ago, I created a tool to calculate the entropy of TCP data for a colleague. And a bit later, he asked me for a tool for UDP.

I have now merged these 2 tools, and added support for other protocols transported by IPv4 and IPv6. And I will no longer maintain simple_tcp_stats.py and simple_udp_stats.py.

This new tool simple_ip_stats.py is a Python program that reads pcap files and produces simple statistics for each IP connection per protocol.

For the moment, it calculates the entropy of the data (without packet reassembling) of each connection (both directions) and reports this in a CSV file:

Protocol;ConnectionID;head;Size;Entropy
TCP;96.126.103.196:80-192.168.10.10:50236;’HTTP’;493;6.73520107812
TCP;192.168.10.10:50236-96.126.103.196:80;’GET ‘;364;5.42858024035
TCP;192.168.10.10:50235-96.126.103.196:80;’GET ‘;426;5.46464090792
UDP;192.168.10.10:56372-239.255.255.250:1900;’M-SE’;173;5.35104059717
TCP;96.126.103.196:80-192.168.10.10:50235;’HTTP’;3308;6.06151478505

simple_ip_stats_V0_0_1.zip (https)
MD5: 0482F3667E4EE6444350D9B0A146F764
SHA256: 480DCF2C82030EF996A6C1C3FEFCAAB77C000EC72DECA91329298C9BCC578BAD

Blog at WordPress.com.