-
Notifications
You must be signed in to change notification settings - Fork 0
Getting Started
Use of this module requires an import of the flowtuple module. This is the
only module requred to gain access to the libflowtuple library.
import flowtupleThe flowtuple module's starting point is to create a flowtuple.Handle
object. An example on how to create one is:
handle = flowtuple.Handle("/path/to/flowtuple/data.gz")When a flowtuple.Handle object is created and is not None, you can use the
object's .get_next() function.
Here is where this module differs from libflowtuple itself. Instead of
returning an intermediary record object to then grab the correct object from
that, .get_next() returns the correct object type. This means that if the
next record is a header, then you will get a flowtuple.Header from
.get_next() and so on.
An example of how to loop through all records in a file is to create a loop similar to this:
record = handle.get_next()
while record is not None:
...
record = handle.get_next()Here is an example of how you can determine the type of a record:
if isinstance(record, flowtuple.Header):
pass
elif isinstance(record, flowtuple.Trailer):
pass
elif isinstance(record, flowtuple.Interval):
pass
elif isinstance(record, flowtuple.Class):
pass
elif isinstance(record, flowtuple.Data):
passEach one of those blocks can be used to address an individual type of record.
Here is an example of a program that will take a flowtuple file and print the interval numbers and any source ports in the data records in the following format:
In file /path/to/file.gz:
Interval 1:
port1
port2
...
Interval 2:
port1
port2
...
...
from sys import argv
import flowtuple
handle = flowtuple.Handle(argv[1])
print("In file %s:" % (argv[1],))
is_start = True
record = handle.get_next()
while record is not None:
if isinstance(record, flowtuple.Interval):
if is_start:
print("\nInterval %u:" % (record.number,))
is_start = False
else:
is_start = True
elif isinstance(record, flowtuple.Data):
print(" %u" % (record.src_port,))
record = handle.get_next()For more information on what classes are available and what their properties are, see Classes.