notebook.community

Edit and run

How to use the metrics utility to monitor network traffic

Author: Kris Stern

Intro: The metrics utility is located at the syft/generic directory. In it is defined the NetworkMonitor class, with get_packets and read_packet as two separate static methods. The get_packets function is the go-to tool for sniffing on the network with pyshark, which is a Python wrapper for TShark/Wireshark, itself a free and open-source packet analyzer. Further info regarding pyshark can be found at https://github.com/KimiNewt/pyshark, whereas more info regarding Wireshark can be found at the official Wiki at https://wiki.wireshark.org/FrontPage. So get_packets yields the capture and length objects, where capture is a LiveCapture generated by pyshark, and where length is the number of packets in capture. Furthermore, the read_packet is a convenience function designed to read a single packet given the LiveCapture output from get_packets and an index which is between 0 and length - 1 (complying with Python indexing convention which starts from 0).

1. How to use get_packets to sniff on a network





In [ ]:



    


from syft.generic.metrics import NetworkMonitor

Say we are sniffing on a WiFi network with interface 'en0', timeout of 60 seconds, and display filter 'tcp.port == 8777' (i.e. suppose Alice's port is 8777):





In [ ]:



    


capture, length = NetworkMonitor.get_packets(interface='en0', timeout=60, display_filter = 'tcp.port == 8777')

To investigate each individual packet in the LiveCapture object called capture, we can do the following:





In [ ]:



    


packet0 = capture[0]

Then we can do many things with this packet0 object, including the following:

  1. captured length
  2. eth
  3. frame_info
  4. get_multiple_layers
  5. get_raw_packet
  6. highest_layer
  7. interface_captured
  8. ip
  9. layers
  10. length
  11. number
  12. pretty_print
  13. show
  14. sniff_time
  15. sniff_timestamp
  16. tcp
  17. transport_layer

For example:





In [ ]:



    


packet0.tcp.pretty_print()  # This is essentially a `<bound method Layer.pretty_print of <TCP Layer>>`.



    











In [ ]:



    


packet0.show()  # This is simply the `<bound method Packet.pretty_print of <TCP Packet>>`.



    











In [ ]:



    


packet0.layers  # To show the layers in the packet.

To check on how many packets have been captured in the event during timeout:





In [ ]:



    


print(length)

2. How to use read_packet to read packets obtained with get_packets individually

As a convenience function, the read_packet method has been introduced to be used in tandem with the get_packets method to show individual packet info.

Say if there are 999 packets in capture, then we can do the following right after the above steps to generate a pretty_print output of all four layers - ETH, IP, and TCP, TLS - of the packet:





In [ ]:



    


NetworkMonitor.read_packet(index=13, capture_input=capture)

Content source: OpenMined/PySyft

Similar notebooks:

notebook.community | gallery | about