Hello, I am sorry if this doesnt belong in this sub, but the struggle is making me post this in any related sub I find.
I am working on a project that involves python, networking and a bit of machine learning. Project: Parse a .pcap file into a script and read certain information such as the protocol, length, source and destination. Use these features to create a pattern and detect a DoS/DDoS attack. My approach is to compare the length of current packet to the length of the previous packet. If lets say 200 packets have the same length in a row then something must be off. Question 1: Is there a way I can compare the value of current iteration to that of the previous one. Question 2: Is there any way to read the sequence number of each packet to identify and compare them, I went through several documentations for packages like dpkt(which i am using now), pyshark, scapy, pypcap,sockets. but I couldn't find anything.
Attempt at solution: I was thinking of using the length to compare the value and completely ignore the sequence number. Each time dpkt reads a packet, it changes the length of variable x to that of the packet. So If i compare the length to variable x before changing it to the next variable I should be able to follow the pattern. The problem? The initial value, since it will be 0 or unknown, I cant compare it and the condition will never be met. I am sorry for the long post, but If anyone has any experience with python and networking that could direct me to the right package, Id really appreciate it, been stuck on this for days. Thanks for reading.
No comments:
Post a Comment