In [None]:
from scapy.all import *
from math import log2, ceil
import matplotlib.pyplot as plt
import pandas as pd

In [None]:
# Ethertype to name dicc
ethertypeDicc = {
    '2048' : 'IPv4',
    '2054' : 'ARP',
    '34525': 'IPv6',
    '35020': 'LLDP',
    '35130': '1905.1IEEE'
}

In [None]:
# Capturar paquetes Ether de archivo
S1 = {}
num_pkts = 0

for pkt in PcapReader('/home/migue/share/paquete_3.pcapng'):
    try:
        if pkt.haslayer(Ether):
            num_pkts += 1
            dire = "BROADCAST" if pkt[Ether].dst=="ff:ff:ff:ff:ff:ff" else "UNICAST"
            proto = pkt[Ether].type # El campo type contiene el protocolo
            proto_name = ethertypeDicc[str(proto)]
            s_i = (dire, proto_name) # El simbolo de la fuente es el tipo de direccion y el protocolo
            if s_i not in S1:
                S1[s_i] = 0.0
            S1[s_i] += 1.0
    except:
        pass

In [None]:
num_pkts = 0
mostrar_fuente(S1)

In [None]:
S1 = {}
num_pkts = 0

def mostrar_fuente(S) :
    print("Numero de tramas capturadas: %d" % num_pkts)
    N = sum(S.values()) # Numero total de simbolos de la fuente (contando apariciones de cada uno)
    simbolos = sorted(S.items(), key=lambda x: -x[1])
    # k/N : probabilidad del k-esimo símbolo
    # log2(1/(k/N)) : información del k-esimo simbolo en bits (redondeado al entero mayor mas cercano)
    print("\n".join([ " %s : %.5f : %d" % (d, k/N, math.ceil(math.log2(1/(k/N)))) for d,k in simbolos]))
    # H = sum(k/N * log2(N/k)) para todo k en S es la entropía de la fuente
    H = sum(k/N * math.ceil(math.log2(1/(k/N))) for d,k in simbolos)
    print("Entropía de la fuente: %.5f" % H)
    print()
    
def callback(pkt) :
    global num_pkts
    if pkt.haslayer(Ether):
        num_pkts += 1
        dire = "BROADCAST" if pkt[Ether].dst=="ff:ff:ff:ff:ff:ff" else "UNICAST"
        proto = pkt[Ether].type # El campo type contiene el protocolo
        proto_name = ethertypeDicc[str(proto)]
        s_i = (dire, proto_name) # El simbolo de la fuente es el tipo de direccion y el protocolo
        if s_i not in S1:
            S1[s_i] = 0.0
            
        S1[s_i] += 1.0

In [None]:
# Capturar paquetes
num_pkts = 0
sniff(prn=callback, stop_filter = lambda x: num_pkts == 10000)
mostrar_fuente(S1)

In [None]:
def graficar_informacion(S) : 
    N = sum(S.values())
    simbolos = sorted(S.items(), key=lambda x: -x[1])
    
    # Codigo para graficar probabilidades de cada simbolo
    probabilidades = {} 
    for d, k in simbolos:
        simbolo = d[0] + "/" + str(d[1])
        probabilidades[simbolo] = k/N * 100
    
    df_probs = pd.DataFrame(probabilidades, index=[0])
    df_probs.plot(kind='bar', xlabel='Simbolo', ylabel='Probabilidad', title='Probabilidad de cada símbolo')
    
    # Codigo para graficar informacion de cada simbolo
    informacion = {}
    for d, k in simbolos:
        simbolo = d[0] + "/" + str(d[1])
        informacion[simbolo] = math.ceil(math.log2(1/(k/N)))
    
    df_info = pd.DataFrame(informacion, index=[0])
    ax = df_info.plot(kind='bar', xlabel='Simbolo', ylabel='Información (bits)', title='Información de cada símbolo')
    
    handles, labels = ax.get_legend_handles_labels()
    
    # agrega la entropia al grafico
    entropia = sum(k/N * math.ceil(math.log2(1/(k/N))) for d,k in simbolos)
    handleEntropia = plt.axhline(y=entropia, linewidth=1, color='black', label='Entropia',linestyle="dashed")
    
    labels.append('Entropia')
    handles.append(handleEntropia)
    
    plt.legend(handles, labels)
    plt.show()

In [None]:
# Default sniff arp con prints
def arp_display(pkt):    
    if pkt[ARP].op == 1:  # who-has (request) | BROADCAST
        return f"Request: {pkt[ARP].psrc} is asking about {pkt[ARP].pdst}"
    if pkt[ARP].op == 2:  # is-at (response) | UNICAST
        return f"*Response: {pkt[ARP].hwsrc} has address {pkt[ARP].psrc} y le aviso a {pkt[ARP].hwdst}"

sniff(prn=arp_display, filter="arp", store=0, count=10)

In [None]:
# Capturar paquetes ARP
S2 = {}
S3 = {}
file_in_arp = '/home/migue/share/arp_only_2.pcapng'

for pkt in PcapReader(file_in_arp):
    try: 
        arp_op = 'who-has' if (pkt[ARP].op == 1) else 'is-at'
        s2_i = (pkt[ARP].psrc, arp_op)
        s3_i = (pkt[ARP].psrc, pkt[ARP].pdst, arp_op)
        
        if s2_i not in S2:
            S2[s2_i] = 0.0
        if s3_i not in S3:
            S3[s3_i] = 0.0
            
        S2[s2_i] += 1.0
        S3[s3_i] += 1.0
    except:
        pass

In [None]:
mostrar_fuente(S2) 
mostrar_fuente(S3) 

In [None]:
graficar_informacion(S3)