In [5]:
import dpkt
import time
import socket
import os
import pandas as pd
import numpy as np
from IPython.display import display

### constants
g_dataDir = '../iot_data/'
g_dataExtension = '.pcap'
g_testfile = '../iot_data/16-09-27.pcap'
columns = ['local ip', 'local port', 'remote ip', 'remote port', 'direction', 'tcp data len', 'tcp seq num']

### initialization
devices = {}
start = time.time()
dataFiles = []
for fileName in os.listdir(g_dataDir):
    if fileName.endswith(g_dataExtension):
        dataFiles.append(os.path.join(g_dataDir, fileName))

### parse pcap files
for fileName in dataFiles:
    file = open(fileName,'rb')
    for ts, pkt in dpkt.pcapng.Reader(file):
        eth = dpkt.ethernet.Ethernet(pkt)
        if eth.type != dpkt.ethernet.ETH_TYPE_IP:
            continue

        ip = eth.data
        if ip.p != dpkt.ip.IP_PROTO_TCP:
            continue

        # only tcp traffic is analyzed
        tcp = ip.data
        srcIp = socket.inet_ntoa(ip.src)
        dstIp = socket.inet_ntoa(ip.dst)
        if srcIp.startswith('192.168.'):
            localIp = srcIp
            localPort = tcp.sport
            remoteIp = dstIp
            remotePort = tcp.dport
            direction = 'out'
        else:
            localIp = dstIp
            localPort = tcp.dport
            remoteIp = srcIp
            remotePort = tcp.sport
            direction = 'in'

        # check if dataframe is created for this ip
        if localIp not in devices:
            devices[localIp] = pd.DataFrame(columns = columns)

        # save data to corresponding device's dataframe
        df = devices[localIp]
        df.loc[df.shape[0]] = [
            localIp, localPort, remoteIp, remotePort, 
            direction, len(tcp.data), tcp.seq
        ]
        if df.shape[0] >= 100:
            break

print ("Time elapsed: " + str(time.time() - start))
for key, value in devices.items():
    display(key)

{'d0:52:a8:00:67:5e': ['Smart Things', 'Wired'],
 '44:65:0d:56:cc:d3': ['Amazon Echo', 'Wireless'],
 '70:ee:50:18:34:43': ['Netatmo Welcome', 'Wireless'],
 'f4:f2:6d:93:51:f1': ['TP-Link Day Night Cloud camera', 'Wireless'],
 '00:16:6c:ab:6b:88': ['Samsung SmartCam', 'Wireless'],
 '30:8c:fb:2f:e4:b2': ['Dropcam', 'Wireless'],
 '00:62:6e:51:27:2e': ['Insteon Camera', 'Wired '],
 'e8:ab:fa:19:de:4f': ['Wireless'],
 '00:24:e4:11:18:a8': ['Withings Smart Baby Monitor', 'Wired'],
 'ec:1a:59:79:f4:89': ['Belkin Wemo switch', 'Wireless'],
 '50:c7:bf:00:56:39': ['TP-Link Smart plug', 'Wireless'],
 '74:c6:3b:29:d7:1d': ['iHome', 'Wireless'],
 'ec:1a:59:83:28:11': ['Belkin wemo motion sensor', 'Wireless'],
 '18:b4:30:25:be:e4': ['NEST Protect smoke alarm', 'Wireless'],
 '70:ee:50:03:b8:ac': ['Netatmo weather station', 'Wireless'],
 '00:24:e4:1b:6f:96': ['Withings Smart scale', 'Wireless'],
 '74:6a:89:00:2e:25': ['Blipcare Blood Pressure meter', 'Wireless'],
 '00:24:e4:20:28:c6': ['Withings Aura 

Time elapsed: 1.4476616382598877


'192.168.1.106'

'192.168.1.236'

'192.168.1.166'

'192.168.1.196'

'192.168.1.112'

'192.168.1.249'

'192.168.1.240'

'192.168.1.143'

'192.168.1.120'

'192.168.1.156'

'192.168.1.239'

'192.168.1.227'