Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug Report: issue analyzing dumps #51

Closed
craig opened this issue Mar 16, 2022 · 0 comments · Fixed by #52
Closed

Bug Report: issue analyzing dumps #51

craig opened this issue Mar 16, 2022 · 0 comments · Fixed by #52
Assignees
@tvdhout
Labels
bug Something isn't working

Comments

@craig
Copy link
Contributor

craig commented Mar 16, 2022

Hello, I've run into a problem when analysing a pcap dump:

$ python src/main.py -f BT-20220314.pcap --summary
[INFO] 
    ____  _                     __            
   / __ \(_)____________  _____/ /_____  _____
  / / / / / ___/ ___/ _ \/ ___/ __/ __ \/ ___/
 / /_/ / (__  |__  )  __/ /__/ /_/ /_/ / /    
/_____/_/____/____/\___/\___/\__/\____/_/     

[INFO] Loading "BT-20220314.pcap"...
Traceback (most recent call last):
  File "/home/user/ddos_dissector/src/main.py", line 38, in <module>
    data: pd.DataFrame = pd.concat([read_file(f, filetype) for f in args.files])  # Read the FLOW file(s) into a dataframe
  File "/home/user/ddos_dissector/src/main.py", line 38, in <listcomp>
    data: pd.DataFrame = pd.concat([read_file(f, filetype) for f in args.files])  # Read the FLOW file(s) into a dataframe
  File "/home/user/ddos_dissector/src/reader.py", line 178, in read_file
    return read_pcap(filename)
  File "/home/user/ddos_dissector/src/reader.py", line 124, in read_pcap
    data: pd.DataFrame = pd.read_csv(output_buffer, parse_dates=['frame.time'], low_memory=False)
  File "/home/user/ddos_dissector/python-venv/lib/python3.9/site-packages/pandas/util/_decorators.py", line 311, in wrapper
    return func(*args, **kwargs)
  File "/home/user/ddos_dissector/python-venv/lib/python3.9/site-packages/pandas/io/parsers/readers.py", line 680, in read_csv
    return _read(filepath_or_buffer, kwds)
  File "/home/user/ddos_dissector/python-venv/lib/python3.9/site-packages/pandas/io/parsers/readers.py", line 581, in _read
    return parser.read(nrows)
  File "/home/user/ddos_dissector/python-venv/lib/python3.9/site-packages/pandas/io/parsers/readers.py", line 1250, in read
    index, columns, col_dict = self._engine.read(nrows)
  File "/home/user/ddos_dissector/python-venv/lib/python3.9/site-packages/pandas/io/parsers/c_parser_wrapper.py", line 230, in read
    data = self._reader.read(nrows)
  File "pandas/_libs/parsers.pyx", line 787, in pandas._libs.parsers.TextReader.read
  File "pandas/_libs/parsers.pyx", line 876, in pandas._libs.parsers.TextReader._read_rows
  File "pandas/_libs/parsers.pyx", line 1960, in pandas._libs.parsers.raise_parser_error
pandas.errors.ParserError: Error tokenizing data. C error: Expected 24 fields in line 145732, saw 25

I'm not really sure how to analyze this further. The dump loads fine in wireshark.
@tvdhout tvdhout added the bug Something isn't working label Mar 17, 2022
@tvdhout tvdhout self-assigned this Mar 17, 2022
@tvdhout tvdhout linked a pull request Mar 18, 2022 that will close this issue
Skip erroneous csv rows #52
Merged
@tvdhout tvdhout mentioned this issue Mar 18, 2022
Merged
@craig craig mentioned this issue Mar 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tvdhout tvdhout

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Skip erroneous csv rows NLADC/dissector
2 participants
@craig @tvdhout