Переглянути джерело

Add all new botnet project files

dustin.born 7 роки тому

+ 677 - 0

@@ -0,0 +1,677 @@
+from enum import Enum
+from random import randint, randrange, choice, uniform
+from collections import deque
+from scipy.stats import gamma
+from lea import Lea
+from datetime import datetime
+import os
+import sys
+import ID2TLib.libbotnetcomm as lb
+from Attack import BaseAttack
+from Attack.AttackParameters import Parameter as Param
+from Attack.AttackParameters import ParameterTypes
+from ID2TLib.Ports import PortSelectors
+class MessageType(Enum):
+    """
+    Defines possible botnet message types
+    """
+    TIMEOUT = 3
+    SALITY_NL_REPLY = 102
+    SALITY_HELLO = 103
+    def is_request(mtype):
+        return mtype in {MessageType.SALITY_HELLO, MessageType.SALITY_NL_REQUEST}
+    def is_response(mtype):
+        return mtype in {MessageType.SALITY_HELLO_REPLY, MessageType.SALITY_NL_REPLY}
+class Message():
+    """
+    Defines a compact message type that contains all necessary information.
+    """
+    def __init__(self, msg_id: int, src, dst, type_: MessageType, time: float, refer_msg_id: int=-1, line_no = -1):
+        """
+        Constructs a message with the given parameters.
+        :param msg_id: the ID of the message
+        :param src: something identifiying the source, e.g. ID or configuration
+        :param dst: something identifiying the destination, e.g. ID or configuration
+        :param type_: the type of the message
+        :param time: the timestamp of the message
+        :param refer_msg_id: the ID this message is a request for or reply to. -1 if there is no related message.
+        :param line_no: The line number this message appeared at in the original CSV file
+        """
+        self.msg_id = msg_id
+        self.src = src
+        self.dst = dst
+        self.type = type_
+        self.time = time
+        self.csv_time = time
+        self.refer_msg_id = refer_msg_id
+        self.line_no = line_no
+    def __str__(self):
+        str_ = "{0}. at {1}: {2}-->{3}, {4}, refer:{5} (line {6})".format(self.msg_id, self.time, self.src, self.dst, self.type, self.refer_msg_id, self.line_no)
+        return str_
+from ID2TLib import FileUtils, Generator
+from ID2TLib.IPv4 import IPAddress
+from ID2TLib.PcapAddressOperations import PcapAddressOperations
+from ID2TLib.CommunicationProcessor import CommunicationProcessor
+from ID2TLib.Botnet.MessageMapping import MessageMapping
+from ID2TLib.PcapFile import PcapFile
+from ID2TLib.Statistics import Statistics
+from scapy.layers.inet import IP, IPOption_Security
+class MembersMgmtCommAttack(BaseAttack.BaseAttack):
+    def __init__(self):
+        """
+        Creates a new instance of the Membership Management Communication.
+        """
+        # Initialize communication
+        super(MembersMgmtCommAttack, self).__init__("Membership Management Communication Attack (MembersMgmtCommAttack)",
+                                        "Injects Membership Management Communication", "Botnet communication")
+        # Define allowed parameters and their type
+        self.supported_params = {
+            # parameters regarding attack
+            Param.INJECT_AT_TIMESTAMP: ParameterTypes.TYPE_FLOAT,
+            Param.INJECT_AFTER_PACKET: ParameterTypes.TYPE_PACKET_POSITION,
+            Param.PACKETS_PER_SECOND: ParameterTypes.TYPE_FLOAT,
+            Param.PACKETS_LIMIT: ParameterTypes.TYPE_INTEGER_POSITIVE,
+            Param.ATTACK_DURATION: ParameterTypes.TYPE_INTEGER_POSITIVE,
+            # use num_attackers to specify number of communicating devices?
+            # input file containing botnet communication
+            Param.FILE_CSV: ParameterTypes.TYPE_FILEPATH,
+            Param.FILE_XML: ParameterTypes.TYPE_FILEPATH,
+            # the percentage of IP reuse (if total and other is specified, percentages are multiplied)
+            Param.IP_REUSE_TOTAL: ParameterTypes.TYPE_PERCENTAGE,
+            Param.IP_REUSE_LOCAL: ParameterTypes.TYPE_PERCENTAGE,
+            Param.IP_REUSE_EXTERNAL: ParameterTypes.TYPE_PERCENTAGE,
+            # the user-selected padding to add to every packet
+            Param.PACKET_PADDING: ParameterTypes.TYPE_PADDING,
+            # presence of NAT at the gateway of the network
+            Param.NAT_PRESENT: ParameterTypes.TYPE_BOOLEAN,
+            # whether the TTL distribution should be based on the input PCAP
+            # or the CAIDA dataset
+            Param.TTL_FROM_CAIDA: ParameterTypes.TYPE_BOOLEAN,
+            # whether the destination port of a response should be the ephemeral port 
+            # its request came from or a static (server)port based on a hostname
+            Param.MULTIPORT: ParameterTypes.TYPE_BOOLEAN,
+            # information about the interval selection strategy
+            Param.HIDDEN_MARK: ParameterTypes.TYPE_BOOLEAN
+        }
+        # create dict with MessageType values for fast name lookup
+        self.msg_types = {}
+        for msg_type in MessageType:
+            self.msg_types[msg_type.value] = msg_type
+    def init_params(self):
+        """
+        Initialize some parameters of this communication-attack using the user supplied command line parameters.
+        The remaining parameters are implicitly set in the provided data file. Note: the timestamps in the file
+        have to be sorted in ascending order
+        :param statistics: Reference to a statistics object.
+        """
+        # set class constants
+        self.DEFAULT_XML_PATH = "resources/MembersMgmtComm_example.xml"
+        # probability for responder ID to be local if comm_type is mixed
+        self.PROB_RESPND_IS_LOCAL = 0
+        # PARAMETERS: initialize with default values
+        # (values are overwritten if user specifies them)
+        self.add_param_value(Param.INJECT_AFTER_PACKET, 1 + randint(0, self.statistics.get_packet_count() // 5))
+        self.add_param_value(Param.PACKETS_PER_SECOND, 0)
+        self.add_param_value(Param.FILE_XML, self.DEFAULT_XML_PATH)
+        # Alternatively new attack parameter?
+        duration = int(float(self._get_capture_duration()))
+        self.add_param_value(Param.ATTACK_DURATION, duration)
+        self.add_param_value(Param.NUMBER_INITIATOR_BOTS, 1)
+        # NAT on by default
+        self.add_param_value(Param.NAT_PRESENT, True)
+        # TODO: change 1 to something better
+        self.add_param_value(Param.IP_REUSE_TOTAL, 1)
+        self.add_param_value(Param.IP_REUSE_LOCAL, 0.5)
+        self.add_param_value(Param.IP_REUSE_EXTERNAL, 0.5)
+        # add default additional padding
+        self.add_param_value(Param.PACKET_PADDING, 20)
+        # choose the input PCAP as default base for the TTL distribution
+        self.add_param_value(Param.TTL_FROM_CAIDA, False)
+        # do not use multiple ports for requests and responses
+        self.add_param_value(Param.MULTIPORT, False)
+        # interval selection strategy
+        self.add_param_value(Param.INTERVAL_SELECT_STRATEGY, "optimal")
+        self.add_param_value(Param.HIDDEN_MARK, False)
+    def generate_attack_pcap(self, context):
+        """
+        Injects the packets of this attack into a PCAP and stores it as a temporary file.
+        :param context: the context of the attack, containing e.g. files that are to be created
+        :return: a tuple of the number packets injected and the path to the temporary attack PCAP
+        """
+        # create the final messages that have to be sent, including all bot configurations
+        messages = self._create_messages(context)
+        if messages == []:
+            return 0, []
+        # Setup (initial) parameters for packet creation loop
+        BUFFER_SIZE = 1000
+        pkt_gen = Generator.PacketGenerator()
+        padding = self.get_param_value(Param.PACKET_PADDING)
+        packets = deque(maxlen=BUFFER_SIZE)
+        total_pkts = 0
+        limit_packetcount = self.get_param_value(Param.PACKETS_LIMIT)
+        limit_duration = self.get_param_value(Param.ATTACK_DURATION)
+        path_attack_pcap = None
+        overThousand = False
+        msg_packet_mapping = MessageMapping(messages, self.statistics.get_pcap_timestamp_start())
+        mark_packets = self.get_param_value(Param.HIDDEN_MARK)
+        # create packets to write to PCAP file
+        for msg in messages:
+            # retrieve the source and destination configurations
+            id_src, id_dst = msg.src["ID"], msg.dst["ID"]
+            ip_src, ip_dst = msg.src["IP"], msg.dst["IP"]
+            mac_src, mac_dst = msg.src["MAC"], msg.dst["MAC"]
+            if msg.type.is_request():
+                port_src, port_dst = int(msg.src["SrcPort"]), int(msg.dst["DstPort"])
+            else:
+                port_src, port_dst = int(msg.src["DstPort"]), int(msg.dst["SrcPort"])
+            ttl = int(msg.src["TTL"])
+            # update duration
+            duration = msg.time - messages[0].time
+            # if total number of packets has been sent or the attack duration has been exceeded, stop
+            if ((limit_packetcount is not None and total_pkts >= limit_packetcount) or
+                    (limit_duration is not None and duration >= limit_duration)):
+                break
+            # if the type of the message is a NL reply, determine the number of entries
+            nl_size = 0
+            if msg.type == MessageType.SALITY_NL_REPLY:
+                nl_size = randint(1, 25)    # what is max NL entries?
+            # create suitable IP/UDP packet and add to packets list
+            packet = pkt_gen.generate_mmcom_packet(ip_src=ip_src, ip_dst=ip_dst, ttl=ttl, mac_src=mac_src, mac_dst=mac_dst,
+                port_src=port_src, port_dst=port_dst, message_type=msg.type, neighborlist_entries=nl_size)
+            Generator.add_padding(packet, padding,True, True)
+            packet.time = msg.time
+            if mark_packets and isinstance(packet.payload, IP):  # do this only for ip-packets
+                ip_data = packet.payload
+                hidden_opt = IPOption_Security()
+                hidden_opt.option = 2  # "normal" security opt
+                hidden_opt.security = 16  # magic value indicating NSA
+                ip_data.options = hidden_opt
+            packets.append(packet)
+            msg_packet_mapping.map_message(msg, packet)
+            total_pkts += 1
+            # Store timestamp of first packet (for attack label)
+            if total_pkts <= 1:
+                self.attack_start_utime = packets[0].time
+            elif total_pkts % BUFFER_SIZE == 0: # every 1000 packets write them to the PCAP file (append)
+                if overThousand: # if over 1000 packets written, there may be a different packet-length for the last few packets 
+                    packets = list(packets)
+                    Generator.equal_length(packets, length = max_len, padding = padding, force_len = True)
+                    last_packet = packets[-1]
+                    path_attack_pcap = self.write_attack_pcap(packets, True, path_attack_pcap)
+                    packets = deque(maxlen=BUFFER_SIZE)
+                else:
+                    packets = list(packets)
+                    Generator.equal_length(packets, padding = padding)
+                    last_packet = packets[-1]
+                    max_len = len(last_packet)
+                    overThousand = True
+                    path_attack_pcap = self.write_attack_pcap(packets, True, path_attack_pcap)
+                    packets = deque(maxlen=BUFFER_SIZE)
+        # if there are unwritten packets remaining, write them to the PCAP file
+        if len(packets) > 0:
+            if overThousand:
+                packets = list(packets)
+                Generator.equal_length(packets, length = max_len, padding = padding, force_len = True)
+                path_attack_pcap = self.write_attack_pcap(packets, True, path_attack_pcap)
+                last_packet = packets[-1]
+            else:
+                packets = list(packets)
+                Generator.equal_length(packets, padding = padding)
+                path_attack_pcap = self.write_attack_pcap(packets, True, path_attack_pcap)
+                last_packet = packets[-1]
+        # write the mapping to a file
+        msg_packet_mapping.write_to(context.allocate_file("_mapping.xml"))
+        # Store timestamp of last packet
+        self.attack_end_utime = last_packet.time
+        # Return packets sorted by packet by timestamp and total number of packets (sent)
+        return total_pkts , path_attack_pcap
+    def _create_messages(self, context):
+        """
+        Creates the messages that are to be injected into the PCAP.
+        :param context: the context of the attack, containing e.g. files that are to be created
+        :return: the final messages as a list
+        """
+        def add_ids_to_config(ids_to_add: list, existing_ips: list, new_ips: list, bot_configs: dict, idtype:str="local", router_mac:str=""):
+            """
+            Creates IP and MAC configurations for the given IDs and adds them to the existing configurations object.
+            :param ids_to_add: all sorted IDs that have to be configured and added
+            :param existing_ips: the existing IPs in the PCAP file that should be assigned to some, or all, IDs
+            :param new_ips: the newly generated IPs that should be assigned to some, or all, IDs
+            :param bot_configs: the existing configurations for the bots
+            :param idtype: the locality type of the IDs
+            :param router_mac: the MAC address of the router in the PCAP
+            """
+            ids = ids_to_add.copy()
+            # macgen only needed, when IPs are new local IPs (therefore creating the object here suffices for the current callers
+            # to not end up with the same MAC paired with different IPs)
+            macgen = Generator.MacAddressGenerator()
+            # assign existing IPs and the corresponding MAC addresses in the PCAP to the IDs
+            for ip in existing_ips:
+                random_id = choice(ids)
+                mac = self.statistics.process_db_query("macAddress(IPAddress=%s)" % ip)
+                bot_configs[random_id] = {"Type": idtype, "IP": ip, "MAC": mac}
+                ids.remove(random_id)
+            # assign new IPs and for local IPs new MACs or for external IPs the router MAC to the IDs
+            for ip in new_ips:
+                random_id = choice(ids)
+                if idtype == "local":
+                    mac = macgen.random_mac()
+                elif idtype == "external":
+                    mac = router_mac
+                bot_configs[random_id] = {"Type": idtype, "IP": ip, "MAC": mac}
+                ids.remove(random_id)
+        def index_increment(number: int, max: int):
+            """
+            Number increment with rollover.
+            """
+            if number + 1 < max:
+                return number + 1
+            else:
+                return 0
+        def assign_realistic_ttls(bot_configs:list):
+            '''
+            Assigns a realisitic ttl to each bot from @param: bot_configs. Uses statistics and distribution to be able
+            to calculate a realisitc ttl.
+            :param bot_configs: List that contains all bots that should be assigned with realistic ttls.
+            '''
+            ids = sorted(bot_configs.keys())
+            for pos,bot in enumerate(ids):
+                bot_type = bot_configs[bot]["Type"]
+                # print(bot_type)
+                if(bot_type == "local"): # Set fix TTL for local Bots
+                    bot_configs[bot]["TTL"] = 128
+                    # Set TTL based on TTL distribution of IP address
+                else: # Set varying TTl for external Bots
+                    bot_ttl_dist = self.statistics.get_ttl_distribution(bot_configs[bot]["IP"])
+                    if len(bot_ttl_dist) > 0:
+                         source_ttl_prob_dict = Lea.fromValFreqsDict(bot_ttl_dist)
+                         bot_configs[bot]["TTL"] = source_ttl_prob_dict.random()
+                    else:
+                         bot_configs[bot]["TTL"] = self.statistics.process_db_query("most_used(ttlValue)")
+        def assign_realistic_timestamps(messages: list, external_ids: set, local_ids: set, avg_delay_local:float, avg_delay_external: float, zero_reference:float):
+            """
+            Assigns realistic timestamps to a set of messages
+            :param messages: the set of messages to be updated
+            :param external_ids: the set of bot ids, that are outside the network, i.e. external
+            :param local_ids: the set of bot ids, that are inside the network, i.e. local
+            :avg_delay_local: the avg_delay between the dispatch and the reception of a packet between local computers
+            :avg_delay_external: the avg_delay between the dispatch and the reception of a packet between a local and an external computer
+            :zero_reference: the timestamp which is regarded as the beginning of the pcap_file and therefore handled like a timestamp that resembles 0
+            """
+            updated_msgs = []
+            last_response = {}      # Dict, takes a tuple of 2 Bot_IDs as a key (requester, responder), returns the time of the last response, the requester received
+                                    # necessary in order to make sure, that additional requests are sent only after the response to the last one was received
+            for msg in messages:    # init
+                last_response[(msg.src, msg.dst)] = -1
+            # update all timestamps
+            for req_msg in messages:
+                if(req_msg in updated_msgs):
+                    # message already updated
+                    continue
+                # if req_msg.timestamp would be before the timestamp of the response to the last request, req_msg needs to be sent later (else branch)
+                if last_response[(req_msg.src, req_msg.dst)] == -1 or last_response[(req_msg.src, req_msg.dst)] < (zero_reference + req_msg.time - 0.05):
+                    ## update req_msg timestamp with a variation of up to 50ms
+                    req_msg.time = zero_reference + req_msg.time + uniform(-0.05, 0.05)
+                    updated_msgs.append(req_msg)
+                else:
+                    req_msg.time = last_response[(req_msg.src, req_msg.dst)] + 0.06 + uniform(-0.05, 0.05)
+                # update response if necessary
+                if req_msg.refer_msg_id != -1:
+                    respns_msg = messages[req_msg.refer_msg_id]
+                    # check for local or external communication and update response timestamp with the respective avg delay
+                    if req_msg.src in external_ids or req_msg.dst in external_ids:
+                        #external communication
+                        respns_msg.time = req_msg.time + avg_delay_external + uniform(-0.1*avg_delay_external, 0.1*avg_delay_external)
+                    else:
+                        #local communication
+                        respns_msg.time = req_msg.time + avg_delay_local + uniform(-0.1*avg_delay_local, 0.1*avg_delay_local)
+                    updated_msgs.append(respns_msg)
+                    last_response[(req_msg.src, req_msg.dst)] = respns_msg.time
+        def assign_ttls_from_caida(bot_configs):
+            """
+            Assign realistic TTL values to bots with respect to their IP, based on the CAIDA dataset.
+            If there exists an entry for a bot's IP, the TTL is chosen based on a distribution over all used TTLs by this IP.
+            If there is no such entry, the TTL is chosen based on a distribution over all used TTLs and their respective frequency.
+            :param bot_configs: the existing bot configurations
+            """
+            def get_ip_ttl_distrib():
+                """
+                Parses the CSV file containing a mapping between IP and their used TTLs.
+                :return: returns a dict with the IPs as keys and dicts for their TTL disribution as values
+                """
+                ip_based_distrib = {}
+                with open("resources/CaidaTTL_perIP.csv", "r") as file:
+                    # every line consists of: IP, TTL, Frequency
+                    next(file)  # skip CSV header line
+                    for line in file:
+                        ip_addr, ttl, freq = line.split(",")
+                        if ip_addr not in ip_based_distrib:
+                            ip_based_distrib[ip_addr] = {}  # the values for ip_based_distrib are dicts with key=TTL, value=Frequency
+                        ip_based_distrib[ip_addr][ttl] = int(freq)
+                return ip_based_distrib
+            def get_total_ttl_distrib():
+                """
+                Parses the CSV file containing an overview of all used TTLs and their respective frequency.
+                :return: returns a dict with the TTLs as keys and their frequencies as keys
+                """
+                total_ttl_distrib = {}
+                with open("resources/CaidaTTL_total.csv", "r") as file:
+                    # every line consists of: TTL, Frequency, Fraction
+                    next(file)  # skip CSV header line
+                    for line in file:
+                        ttl, freq, _ = line.split(",")
+                        total_ttl_distrib[ttl] = int(freq)
+                return total_ttl_distrib
+            # get the TTL distribution for every IP that is available in "resources/CaidaTTL_perIP.csv"
+            ip_ttl_distrib = get_ip_ttl_distrib()
+            # build a probability dict for the total TTL distribution
+            total_ttl_prob_dict = Lea.fromValFreqsDict(get_total_ttl_distrib())
+            # loop over every bot id and assign a TTL to the respective bot
+            for bot_id in sorted(bot_configs):
+                bot_type = bot_configs[bot_id]["Type"]
+                bot_ip = bot_configs[bot_id]["IP"]
+                if bot_type == "local":
+                    bot_configs[bot_id]["TTL"] = 128
+                # if there exists detailed information about the TTL distribution of this IP
+                elif bot_ip in ip_ttl_distrib:
+                    ip_ttl_freqs = ip_ttl_distrib[bot_ip]
+                    source_ttl_prob_dict = Lea.fromValFreqsDict(ip_ttl_freqs)  # build a probability dict from this IP's TTL distribution
+                    bot_configs[bot_id]["TTL"] = source_ttl_prob_dict.random()
+                # otherwise assign a random TTL based on the total TTL distribution
+                else:
+                    bot_configs[bot_id]["TTL"] = total_ttl_prob_dict.random()
+        def move_xml_to_outdir(filepath_xml: str):
+            """
+            Moves the XML file at filepath_xml to the output directory of the PCAP
+            :param filepath_xml: the filepath to the XML file
+            :return: the new filepath to the XML file
+            """
+            pcap_dir = context.get_output_dir()
+            xml_name = os.path.basename(filepath_xml)
+            if pcap_dir.endswith("/"):
+                new_xml_path = pcap_dir + xml_name
+            else:
+                new_xml_path = pcap_dir + "/" + xml_name
+            os.rename(filepath_xml, new_xml_path)
+            context.add_other_created_file(new_xml_path)
+            return new_xml_path
+        # parse input CSV or XML
+        filepath_xml = self.get_param_value(Param.FILE_XML)
+        filepath_csv = self.get_param_value(Param.FILE_CSV)
+        # use C++ communication processor for faster interval finding
+        cpp_comm_proc = lb.botnet_comm_processor();
+        # only use CSV input if the XML path is the default one
+        # --> prefer XML input over CSV input (in case both are given)
+        print_updates = False
+        if filepath_csv and filepath_xml == self.DEFAULT_XML_PATH:
+            filename = os.path.splitext(filepath_csv)[0]
+            filesize = os.path.getsize(filepath_csv) / 2**20  # get filesize in MB
+            if filesize > 10:
+                print("\nParsing input CSV file...", end=" ")
+                sys.stdout.flush()
+                print_updates = True
+            cpp_comm_proc.parse_csv(filepath_csv)
+            if print_updates:
+                print("done.")
+                print("Writing corresponding XML file...", end=" ")
+                sys.stdout.flush()
+            filepath_xml = cpp_comm_proc.write_xml(filename)
+            filepath_xml = move_xml_to_outdir(filepath_xml)
+            if print_updates: print("done.")
+        else:
+            filesize = os.path.getsize(filepath_xml) / 2**20  # get filesize in MB
+            if filesize > 10:
+                print("Parsing input XML file...", end=" ")
+                sys.stdout.flush()
+                print_updates = True
+            cpp_comm_proc.parse_xml(filepath_xml)
+            if print_updates: print("done.")
+        # find a good communication mapping in the input file that matches the users parameters
+        nat = self.get_param_value(Param.NAT_PRESENT)
+        comm_proc = CommunicationProcessor(self.msg_types, nat)
+        duration = self.get_param_value(Param.ATTACK_DURATION)
+        number_init_bots = self.get_param_value(Param.NUMBER_INITIATOR_BOTS)
+        strategy = self.get_param_value(Param.INTERVAL_SELECT_STRATEGY)
+        start_idx = self.get_param_value(Param.INTERVAL_SELECT_START)
+        end_idx = self.get_param_value(Param.INTERVAL_SELECT_END)
+        potential_long_find_time = (strategy == "optimal" and (filesize > 4 and self.statistics.get_packet_count() > 1000))
+        if print_updates or potential_long_find_time:
+            if not print_updates: print()
+            print("Selecting communication interval from input CSV/XML file...", end=" ")
+            sys.stdout.flush()
+            if potential_long_find_time:
+                print("\nWarning: Because of the large input files and the (chosen) interval selection strategy 'optimal',")
+                print("this may take a while. Consider using selection strategy 'random' or 'custom'...", end=" ")
+                sys.stdout.flush()
+            print_updates = True
+        comm_interval = comm_proc.get_comm_interval(cpp_comm_proc, strategy, number_init_bots, duration, start_idx, end_idx)
+        if not comm_interval:
+            print("Error: An interval that satisfies the input cannot be found.")
+            return []
+        if print_updates: print("done.")  # print corresponding message to interval finding message
+        # retrieve the mapping information
+        mapped_ids, packet_start_idx, packet_end_idx = comm_interval["IDs"], comm_interval["Start"], comm_interval["End"]
+        # print(mapped_ids)
+        while len(mapped_ids) > number_init_bots:
+            rm_idx = randrange(0, len(mapped_ids))
+            del mapped_ids[rm_idx]
+        if print_updates: print("Generating attack packets...", end=" ")
+        sys.stdout.flush()
+        # get the messages contained in the chosen interval
+        abstract_packets = cpp_comm_proc.get_messages(packet_start_idx, packet_end_idx);
+        comm_proc.set_mapping(abstract_packets, mapped_ids)
+        # determine ID roles and select the messages that are to be mapped into the PCAP
+        messages = comm_proc.det_id_roles_and_msgs()
+        # use the previously detetermined roles to assign the locality of all IDs
+        local_ids, external_ids = comm_proc.det_ext_and_local_ids()
+        # print start and end time of mapped interval
+        # print(abstract_packets[packet_start_idx]["Time"])
+        # print(abstract_packets[packet_end_idx]["Time"])
+        # print(mapped_ids)
+        # determine number of reused local and external IPs
+        reuse_percent_total = self.get_param_value(Param.IP_REUSE_TOTAL)
+        reuse_percent_external = self.get_param_value(Param.IP_REUSE_EXTERNAL)
+        reuse_percent_local = self.get_param_value(Param.IP_REUSE_LOCAL)
+        reuse_count_external = int(reuse_percent_total * reuse_percent_external * len(mapped_ids))
+        reuse_count_local = int(reuse_percent_total * reuse_percent_local * len(mapped_ids))
+        # create IP and MAC configurations for the IDs/Bots
+        ipgen = Generator.IPGenerator()
+        pcapops = PcapAddressOperations(self.statistics)
+        router_mac = pcapops.get_probable_router_mac()
+        bot_configs = {}
+        # retrieve and assign the IPs and MACs for the bots with respect to the given parameters
+        # (IDs are always added to bot_configs in the same order under a given seed)
+        number_local_ids, number_external_ids = len(local_ids), len(external_ids)
+        # assign addresses for local IDs
+        if number_local_ids > 0:
+            reuse_count_local = int(reuse_percent_total * reuse_percent_local * number_local_ids)
+            existing_local_ips = sorted(pcapops.get_existing_local_ips(reuse_count_local))
+            new_local_ips = sorted(pcapops.get_new_local_ips(number_local_ids - len(existing_local_ips)))
+            add_ids_to_config(sorted(local_ids), existing_local_ips, new_local_ips, bot_configs)
+        # assign addresses for external IDs
+        if number_external_ids > 0:
+            reuse_count_external = int(reuse_percent_total * reuse_percent_external * number_external_ids)
+            existing_external_ips = sorted(pcapops.get_existing_external_ips(reuse_count_external))
+            remaining = len(external_ids) - len(existing_external_ips)
+            for external_ip in existing_external_ips: ipgen.add_to_blacklist(external_ip)
+            new_external_ips = sorted([ipgen.random_ip() for _ in range(remaining)])
+            add_ids_to_config(sorted(external_ids), existing_external_ips, new_external_ips, bot_configs, idtype="external", router_mac=router_mac)
+        # this is the timestamp at which the first packet should be injected, the packets have to be shifted to the beginning of the
+        # pcap file (INJECT_AT_TIMESTAMP) and then the offset of the packets have to be compensated to start at the given point in time
+        zero_reference = self.get_param_value(Param.INJECT_AT_TIMESTAMP) - messages[0].time
+        # calculate the average delay values for local and external responses
+        avg_delay_local, avg_delay_external = self.statistics.get_avg_delay_local_ext()
+        #set timestamps
+        assign_realistic_timestamps(messages, external_ids, local_ids, avg_delay_local, avg_delay_external, zero_reference)
+        portSelector = PortSelectors.LINUX
+        reserved_ports = set(int(line.strip()) for line in open("resources/reserved_ports.txt").readlines())
+        def filter_reserved(get_port):
+            port = get_port()
+            while port in reserved_ports:
+                port = get_port()
+            return port
+        # create port configurations for the bots
+        use_multiple_ports = self.get_param_value(Param.MULTIPORT)
+        for bot in sorted(bot_configs):
+            bot_configs[bot]["SrcPort"] = filter_reserved(portSelector.select_port_udp)
+            if not use_multiple_ports:
+                bot_configs[bot]["DstPort"] = filter_reserved(Generator.gen_random_server_port)
+            else:
+                bot_configs[bot]["DstPort"] = filter_reserved(portSelector.select_port_udp)
+        # assign realistic TTL for every bot
+        if self.get_param_value(Param.TTL_FROM_CAIDA):
+            assign_ttls_from_caida(bot_configs)
+        else:
+            assign_realistic_ttls(bot_configs)
+        # put together the final messages including the full sender and receiver
+        # configurations (i.e. IP, MAC, port, ...) for easier later use
+        final_messages = []
+        messages = sorted(messages, key=lambda msg: msg.time)
+        new_id = 0
+        for msg in messages:
+            type_src, type_dst = bot_configs[msg.src]["Type"], bot_configs[msg.dst]["Type"]
+            id_src, id_dst = msg.src, msg.dst
+            # sort out messages that do not have a suitable locality setting
+            if type_src == "external" and type_dst == "external":
+                continue
+            msg.src, msg.dst = bot_configs[id_src], bot_configs[id_dst]
+            msg.src["ID"], msg.dst["ID"] = id_src, id_dst
+            msg.msg_id = new_id
+            new_id += 1
+            ### Important here to update refers, if needed later?
+            final_messages.append(msg)
+        return final_messages
+    def _get_capture_duration(self):
+        """
+        Returns the duration of the input PCAP (since statistics duration seems to be incorrect)
+        """
+        ts_date_format = "%Y-%m-%d %H:%M:%S.%f"
+        ts_first_date = datetime.strptime(self.statistics.get_pcap_timestamp_start(), ts_date_format)
+        ts_last_date = datetime.strptime(self.statistics.get_pcap_timestamp_end(), ts_date_format)
+        diff_date = ts_last_date - ts_first_date
+        duration = "%d.%d" % (diff_date.total_seconds(), diff_date.microseconds)
+        return duration

+ 66 - 0

@@ -0,0 +1,66 @@
+import os.path
+from xml.dom.minidom import *
+import datetime
+class MessageMapping:
+    TAG_MAPPING_GROUP = "mappings"
+    TAG_MAPPING = "mapping"
+    ATTR_ID = "id"
+    ATTR_LINENO = "line_number"
+    ATTR_HAS_PACKET = "mapped"
+    ATTR_PACKET_TIME = "packet_time"
+    def __init__(self, messages, pcap_start_timestamp_str):
+        self.messages = messages
+        self.id_to_packet = {}
+        ts_date_format = "%Y-%m-%d %H:%M:%S.%f"
+        self.pcap_start_dt = datetime.datetime.strptime(pcap_start_timestamp_str, ts_date_format)
+    def map_message(self, message, packet):
+        self.id_to_packet[message.msg_id] = packet
+    def to_xml(self, ):
+        doc = Document()
+        mappings = doc.createElement(self.TAG_MAPPING_GROUP)
+        doc.appendChild(mappings)
+        for message in self.messages:
+            mapping = doc.createElement(self.TAG_MAPPING)
+            mapping.setAttribute(self.ATTR_ID, str(message.msg_id))
+            mapping.setAttribute(self.ATTR_LINENO, str(message.line_no))
+            mapping.setAttribute("Src", str(message.src["ID"]))
+            mapping.setAttribute("Dst", str(message.dst["ID"]))
+            mapping.setAttribute("Type", str(message.type.value))
+            mapping.setAttribute("CSV_XML_Time", str(message.csv_time))
+            dt = datetime.datetime.fromtimestamp(message.time)
+            dt_relative = dt - self.pcap_start_dt
+            mapping.setAttribute("PCAP_Time-Timestamp", str(message.time))
+            mapping.setAttribute("PCAP_Time-Datetime", dt.strftime("%Y-%m-%d %H:%M:%S.") + str(dt.microsecond))
+            mapping.setAttribute("PCAP_Time-Relative", "%d.%s" % (dt_relative.total_seconds(), str(dt_relative.microseconds).rjust(6, "0")))
+            packet = self.id_to_packet.get(message.msg_id)
+            mapping.setAttribute(self.ATTR_HAS_PACKET, "true" if packet is not None else "false")
+            if packet:
+                mapping.setAttribute(self.ATTR_PACKET_TIME, str(packet.time))
+            mappings.appendChild(mapping)
+        return doc
+    def write_to(self, buffer, close = True):
+        buffer.write(self.to_xml().toprettyxml())
+        if close: buffer.close()
+    def write_to_file(self, filename: str, *args, **kwargs):
+        self.write_to(open(filename, "w", *args, **kwargs))
+    def write_next_to_pcap_file(self, pcap_filename : str, mapping_ext = "_mapping.xml", *args, **kwargs):
+        pcap_base = os.path.splitext(pcap_filename)[0]
+        self.write_to_file(pcap_base + mapping_ext, *args, **kwargs)

+ 224 - 0

@@ -0,0 +1,224 @@
+from lea import Lea
+from random import randrange
+from Attack.MembersMgmtCommAttack import MessageType
+from Attack.MembersMgmtCommAttack import Message
+# needed because of machine inprecision. E.g A time difference of 0.1s is stored as >0.1s
+EPS_TOLERANCE = 1e-13  # works for a difference of 0.1, no less
+def greater_than(a: float, b: float):
+    """
+    A greater than operator desgined to handle slight machine inprecision up to EPS_TOLERANCE.
+    :return: True if a > b, otherwise False
+    """
+    return b - a < -EPS_TOLERANCE
+class CommunicationProcessor():
+    """
+    Class to process parsed input CSV/XML data and retrieve a mapping or other information.
+    """
+    def __init__(self, mtypes:dict, nat:bool):
+        """
+        Creates an instance of CommunicationProcessor.
+        :param packets: the list of abstract packets
+        :param mtypes: a dict containing an int to EnumType mapping of MessageTypes
+        :param nat: whether NAT is present in this network
+        """
+        self.packets = []
+        self.mtypes = mtypes
+        self.nat = nat
+    def set_mapping(self, packets: list, mapped_ids: dict):
+        """
+        Set the selected mapping for this communication processor.
+        :param packets: all packets contained in the mapped time frame
+        :param mapped_ids: the chosen IDs
+        """
+        self.packets = packets
+        self.local_init_ids = set(mapped_ids)
+    def get_comm_interval(self, cpp_comm_proc, strategy: str, number_ids: int, max_int_time: int, start_idx: int, end_idx: int):
+        """
+        Finds a communication interval with respect to the given strategy. The interval is maximum of the given seconds 
+        and has at least number_ids communicating initiators in it.
+        :param cpp_comm_proc: An instance of the C++ communication processor that stores all the input messages and 
+                              is responsible for retrieving the interval(s)
+        :param strategy: The selection strategy (i.e. random, optimal, custom)
+        :param number_ids: The number of initiator IDs that have to exist in the interval(s)
+        :param max_int_time: The maximum time period of the interval
+        :param start_idx: The message index the interval should start at (None if not specified)
+        :param end_idx: The message index the interval should stop at (inclusive) (None if not specified)
+        :return: A dict representing the communication interval. It contains the initiator IDs, 
+                 the start index and end index of the respective interval. The respective keys 
+                 are {IDs, Start, End}. If no interval is found, an empty dict is returned.
+        """
+        if strategy == "random":
+            # try finding not-empty interval 5 times
+            for i in range(5):
+                start_idx = randrange(0, cpp_comm_proc.get_message_count())
+                interval = cpp_comm_proc.find_interval_from_startidx(start_idx, number_ids, max_int_time)
+                if interval and interval["IDs"]:
+                    return interval
+            return {}
+        elif strategy == "optimal":
+            intervals = cpp_comm_proc.find_optimal_interval(number_ids, max_int_time)
+            if not intervals:
+                return {}
+            else:
+                for i in range(5):
+                    interval = intervals[randrange(0, len(intervals))]
+                    if interval and interval["IDs"]:
+                        return interval
+                return {}
+        elif strategy == "custom":
+            if (not start_idx) and (not end_idx):
+                print("Custom strategy was selected, but no (valid) start or end index was specified.")
+                print("Because of this, a random interval is selected.")
+                start_idx = randrange(0, cpp_comm_proc.get_message_count())
+                interval = cpp_comm_proc.find_interval_from_startidx(start_idx, number_ids, max_int_time)
+            elif (not start_idx) and end_idx:
+                end_idx -= 1  # because message indices start with 1 (for the user)
+                interval = cpp_comm_proc.find_interval_from_endidx(end_idx, number_ids, max_int_time)
+            elif start_idx and (not end_idx):
+                start_idx -= 1  # because message indices start with 1 (for the user)
+                interval = cpp_comm_proc.find_interval_from_startidx(start_idx, number_ids, max_int_time)
+            elif start_idx and end_idx:
+                start_idx -= 1; end_idx -= 1
+                ids = cpp_comm_proc.get_interval_init_ids(start_idx, end_idx)
+                if not ids:
+                    return {}
+                return {"IDs": ids, "Start": start_idx, "End": end_idx}
+            if not interval or not interval["IDs"]:
+                return {}
+            return interval
+    def det_id_roles_and_msgs(self):
+        """
+        Determine the role of every mapped ID. The role can be initiator, responder or both.
+        On the side also connect corresponding messages together to quickly find out
+        which reply belongs to which request and vice versa.
+        :return: the selected messages
+        """
+        mtypes = self.mtypes
+        # setup initial variables and their values
+        respnd_ids = set()
+        # msgs --> the filtered messages, msg_id --> an increasing ID to give every message an artificial primary key
+        msgs, msg_id = [], 0
+        # keep track of previous request to find connections
+        prev_reqs = {}
+        # used to determine whether a request has been seen yet, so that replies before the first request are skipped and do not throw an error by
+        # accessing the empty dict prev_reqs (this is not a perfect solution, but it works most of the time)
+        req_seen = False
+        local_init_ids = self.local_init_ids
+        external_init_ids = set()
+        # process every packet individually 
+        for packet in self.packets:
+            id_src, id_dst, msg_type, time = packet["Src"], packet["Dst"], int(packet["Type"]), float(packet["Time"])
+            lineno = packet.get("LineNumber", -1)
+            # if if either one of the IDs is not mapped, continue
+            if (id_src not in local_init_ids) and (id_dst not in local_init_ids):
+                continue
+            # convert message type number to enum type
+            msg_type = mtypes[msg_type]
+            # process a request
+            if msg_type in {MessageType.SALITY_HELLO, MessageType.SALITY_NL_REQUEST}:
+                if not self.nat and id_dst in local_init_ids and id_src not in local_init_ids:
+                    external_init_ids.add(id_src)
+                elif id_src not in local_init_ids:
+                    continue
+                else:
+                    # process ID's role
+                    respnd_ids.add(id_dst)
+                # convert the abstract message into a message object to handle it better
+                msg_str = "{0}-{1}".format(id_src, id_dst)
+                msg = Message(msg_id, id_src, id_dst, msg_type, time, line_no = lineno)
+                msgs.append(msg)
+                prev_reqs[msg_str] = msg_id
+                msg_id += 1
+                req_seen = True
+            # process a reply
+            elif msg_type in {MessageType.SALITY_HELLO_REPLY, MessageType.SALITY_NL_REPLY} and req_seen:
+                if not self.nat and id_src in local_init_ids and id_dst not in local_init_ids:
+                    # process ID's role
+                    external_init_ids.add(id_dst)
+                elif id_dst not in local_init_ids:
+                    continue
+                else: 
+                    # process ID's role
+                    respnd_ids.add(id_src)
+                # convert the abstract message into a message object to handle it better
+                msg_str = "{0}-{1}".format(id_dst, id_src)
+                # find the request message ID for this response and set its reference index
+                refer_idx = prev_reqs[msg_str]
+                msgs[refer_idx].refer_msg_id = msg_id
+                msg = Message(msg_id, id_src, id_dst, msg_type, time, refer_idx, lineno)
+                msgs.append(msg)
+                # remove the request to this response from storage
+                del(prev_reqs[msg_str])
+                msg_id += 1
+            elif msg_type == MessageType.TIMEOUT and id_src in local_init_ids and not self.nat:
+                # convert the abstract message into a message object to handle it better
+                msg_str = "{0}-{1}".format(id_dst, id_src)
+                # find the request message ID for this response and set its reference index
+                refer_idx = prev_reqs.get(msg_str)
+                if refer_idx is not None:
+                    msgs[refer_idx].refer_msg_id = msg_id
+                    if msgs[refer_idx].type == MessageType.SALITY_NL_REQUEST:
+                        msg = Message(msg_id, id_src, id_dst, MessageType.SALITY_NL_REPLY, time, refer_idx, lineno)
+                    else:
+                        msg = Message(msg_id, id_src, id_dst, MessageType.SALITY_HELLO_REPLY, time, refer_idx, lineno)
+                    msgs.append(msg)
+                    # remove the request to this response from storage
+                    del(prev_reqs[msg_str])
+                    msg_id += 1
+        # store the retrieved information in this object for later use
+        self.respnd_ids = sorted(respnd_ids)
+        self.external_init_ids = sorted(external_init_ids)
+        self.messages = msgs
+        # return the selected messages
+        return self.messages
+    def det_ext_and_local_ids(self, prob_rspnd_local: int=0):
+        """
+        Map the given IDs to a locality (i.e. local or external} considering the given probabilities.
+        :param comm_type: the type of communication (i.e. local, external or mixed)
+        :param prob_rspnd_local: the probabilty that a responder is local
+        """
+        external_ids = set()
+        local_ids = self.local_init_ids.copy()
+        # set up probabilistic chooser
+        rspnd_locality = Lea.fromValFreqsDict({"local": prob_rspnd_local*100, "external": (1-prob_rspnd_local)*100})
+        for id_ in self.external_init_ids:
+            external_ids.add(id_)
+        # determine responder localities
+        for id_ in self.respnd_ids:
+            if id_ in local_ids or id_ in external_ids:
+                continue 
+            pos = rspnd_locality.random() 
+            if pos == "local":
+                local_ids.add(id_)
+            elif pos == "external":
+                external_ids.add(id_)
+        self.local_ids, self.external_ids = local_ids, external_ids
+        return self.local_ids, self.external_ids

+ 58 - 0

@@ -0,0 +1,58 @@
+import xml.etree.ElementTree as ElementTree
+import csv
+import os
+def parse_xml(filepath: str):
+	'''
+	Parses an XML File
+	It is assumed, that packets are placed on the second hierarchical level and packetinformation is encoded as attributes
+	:param filepath: the path to the XML file to be parsed
+	:return: a List of Dictionaries, each Dictionary contains the information of one packet
+	'''
+	tree = ElementTree.parse(filepath)
+	root = tree.getroot()
+	#Convert Tree to List of Dictionaries
+	packets = []
+	for child in root:
+		packets.append(child.attrib)
+	return packets
+def parse_csv_to_xml(filepath: str):
+	'''
+	Converts a CSV file into an XML file. Every entry is converted to a child with respective attributes of the root node
+	:param filepath: the path to the CSV file to be parsed
+	:return: a path to the newly created XML file
+	'''
+	filename = os.path.splitext(filepath)[0]
+	# build a tree structure
+	root = ElementTree.Element("trace")
+	root.attrib["path"] = filename
+	# parse the csvFile into reader
+	with open(filepath, "rt") as csvFile:
+		reader = csv.reader(csvFile, delimiter=",")
+		# loop through the parsed file, creating packet-elements with the structure of the csvFile as attributes
+		lineno = -1 # lines start at zero
+		for line in reader:
+			lineno += 1
+			if not line:
+				continue
+			packet = ElementTree.SubElement(root, "packet")
+			for element in line:
+				element = element.replace(" ", "")
+				key, value = element.split(":")
+				packet.attrib[key] = str(value)
+			packet.attrib["LineNumber"] = str(lineno)
+	# writing the ElementTree into the .xml file
+	tree = ElementTree.ElementTree(root)
+	filepath = filename + ".xml"
+	tree.write(filepath)
+	return filepath

+ 123 - 0

@@ -0,0 +1,123 @@
+import subprocess
+import os as os
+# a function that gathers more information about a given IP Address
+def gatherInformationOfIpA(ipToCheck, keepInformation=False):
+    '''
+    This functin gathers some information of an IP Address, like Organization, Country, Source of Information
+    and the ASN. The command line funciton 'whois' is required
+    :param ipToCheck: String with the IP Address, which is checked output
+    :param keepInformation: true, if the parsed information should be stored in a file
+    '''
+    descr = []
+    country = []
+    source = []
+    autSys = []
+    nothingFound = False
+    descrFound = False
+    countryFound = False
+    sourceFound = False
+    inRange = False
+    originFound = False
+    ripe = False
+    # execute 'whois' on the command line and save output to t
+    t = subprocess.run(['whois', ipToCheck], stdout=subprocess.PIPE)
+    # save generated output of shell command to a file
+    with open("../../resources/output.txt", "w") as output:
+        output.write(t.stdout.decode('utf-8'))
+    # parse information, like Description, Country, Source and if found the ASN
+    with open("../../resources/output.txt", "r", encoding="utf-8", errors='replace') as ripeDb:
+        ipInfos = [line.split() for line in ripeDb if line.strip()]
+        # check if IP is from RIPE
+        for i, row in enumerate(ipInfos):
+            if any("RIPE" in s for s in row) or any ("Ripe" in s for s in row):
+                ripe = True
+                break
+        if ripe:
+            # parse information about ip
+            for i, row in enumerate(ipInfos):
+                if any("inetnum" in s for s in row) and not inRange:
+                    # check whether ipToCheck is in range of the current found inetnum or NetRange
+                    if ipToCheck >= row[1] and ipToCheck <= row[3]:
+                        inRange = True
+                if any("descr:" in s for s in row) and not descrFound:
+                    descr.extend(ipInfos[i][1:])
+                    descrFound = True
+                    continue
+                if any("country:" in s for s in row) and not countryFound:
+                    country.extend(ipInfos[i][1:])
+                    countryFound = True
+                    continue
+                if any("source:" in s for s in row) and not sourceFound:
+                    source.extend(ipInfos[i][1:])
+                    sourceFound = True
+                    continue
+                if any("origin" in s for s in row) and not originFound:
+                    autSys.extend(row[1:])
+                    originFound = True
+                    continue
+                if inRange and descrFound and countryFound and sourceFound and originFound:
+                    break
+        else:
+            # parse information about ip
+            for i, row in enumerate(ipInfos):
+                if any("inetnum" in s for s in row) or any("NetRange" in s for s in row) and not inRange:
+                    # check whether ipToCheck is in range of the current found inetnum or NetRange
+                    if ipToCheck >= row[1] and ipToCheck <= row[3]:
+                        inRange = True
+                if (any("descr:" in s for s in row) or any("Organization:" in s for s in row)) and not descrFound:
+                    descr.extend(ipInfos[i][1:])
+                    descrFound = True
+                    continue
+                if (any("country:" in s for s in row) or any("Country:" in s for s in row)) and not countryFound:
+                    country.extend(ipInfos[i][1:])
+                    countryFound = True
+                    continue
+                if (any("source:" in s for s in row) or any("Ref:" in s for s in row)) and not sourceFound:
+                    source.extend(ipInfos[i][1:])
+                    sourceFound = True
+                    continue
+                if (any("origin" in s for s in row) or any("OriginAS:" in s for s in row)) and not originFound:
+                    autSys.extend(row[1:])
+                    originFound = True
+                    continue
+                if inRange and descrFound and countryFound and sourceFound and originFound:
+                    break
+        if not descrFound and not countryFound and not sourceFound and not originFound and not inRange:
+            nothingFound = True
+    # print information (which use of this information is wanted? Output, Returned?)
+    if not nothingFound:
+        print("#############################################")
+        print("More Information about", ipToCheck)
+        print("Description: ", ' '.join(descr) if descr else "unknown")
+        print("Country:     ", ' '.join(country) if country else "unknown")
+        print("Source:      ", ' '.join(source) if source else "unknown")
+        print("AS Number:   ", ' '.join(autSys) if autSys else "unknown")
+        print("#############################################")
+        print("\n")
+    else:
+        print("IP-Address", ipToCheck, "is not assigned by IANA yet\n")
+    # in case it should be stored to a file
+    if keepInformation and not nothingFound:
+        with open("../../resources/information.txt", "w") as info:
+            info.write("#############################################\n")
+            info.write("More Information about" + ipToCheck + "\n")
+            info.write("Description: ")
+            info.write(' '.join(descr) + "\n" if descr else "unknown" + "\n")
+            info.write("Country:     ")
+            info.write(' '.join(country) + "\n" if country else "unknown" + "\n")
+            info.write("Source:      ")
+            info.write(' '.join(source) + "\n" if source else "unknown" + "\n")
+            info.write("AS Number:   ")
+            info.write(' '.join(autSys) + "\n" if autSys else "unknown" + "\n")
+            info.write("#############################################\n")
+    os.remove("../../resources/output.txt")

+ 398 - 0

@@ -0,0 +1,398 @@
+from scapy.packet import Raw
+import numpy.random as random2
+import random
+import string
+from numpy.random import bytes
+from random import getrandbits
+from scapy.layers.inet import IP, Ether, UDP, TCP
+from scapy.packet import Raw
+from Attack.MembersMgmtCommAttack import MessageType
+from . import IPv4 as ip
+def add_padding(packet, bytes_padding:int = 0, user_padding:bool=True, rnd:bool = False):
+    '''
+    Adds padding to a packet with the given amount of bytes, but a maximum of 100 bytes, if called by the user.
+    :param packet: the packet that will be extended with the additional payload
+    :param bytes_padding: the amount of bytes that will be appended to the packet. Capped to 100,
+    if called by the user.
+    :param user_padding: true, if the function add_padding by the user and not within the code
+    :param rnd: adds a random padding between 0 and bytes_padding, if true
+    :return: the initial packet, extended with the wanted amount of bytes of padding
+    '''
+    if(user_padding == True and bytes_padding > 100):
+        bytes_padding = 100
+    if (rnd is True):
+        r = int(round(bytes_padding / 4))                  #sets bytes_padding to any number between 0 and bytes_padding
+        bytes_padding = random2.random_integers(0, r) * 4   #, that's dividable by 4
+    payload = generate_payload(bytes_padding)
+    packet[Raw].load += Raw(load=payload).load
+    return packet
+def equal_length(list_of_packets:list, length:int = 0, padding:int = 0, force_len:bool = False):
+    '''
+    Equals the length of all packets of a given list of packets to the given length. If the given length is smaller than the largest
+    packet, all the other packets are extended to the largest packet's length. Add additional padding
+    afterwards to create realism.
+    :param list_of_packets: The given set of packet.
+    :param length: The length each packet should have. Can be redundant, if the largest packet has more bytes
+    :param force_len: if true, all packets are forced to take on the length of param length
+    than length.
+    :return: The list of extended packets.
+    '''
+    if not force_len:
+        largest_packet = length
+        for packet in list_of_packets:
+            packet_length = len(packet)
+            if(packet_length > largest_packet):
+                largest_packet = packet_length
+    else:
+        largest_packet = length
+    for packet in list_of_packets:
+        bytes_padding = largest_packet - len(packet)
+        if(bytes_padding > 0):
+            add_padding(packet, bytes_padding, False, False) #Add padding to extend to param:length
+            add_padding(packet, padding, False, True) #Add random additional padding to create realism
+    return list_of_packets
+def generate_payload(size:int=0):
+	"""
+	Generates a payload of random bytes of the given amount
+	:param size: number of generated bytes
+    :return: the generated payload
+	"""
+	payload = bytes(size)
+	return payload
+def gen_random_server_port(offset: int=2199):
+    """
+    Generates a valid random first and last character for a bots hostname
+    and computes a port from these two characters.
+    The default offset is chosen from a Sality implementation in 2011
+    """
+    firstLetter = random.choice(string.ascii_letters);
+    lastLetter = random.choice(string.ascii_letters + string.digits);
+    return (offset + ord(firstLetter) * ord(lastLetter));
+class MacAddressGenerator:
+    def __init__(self, include_broadcast_macs=False, include_virtual_macs=False):
+        self.broadcast = include_broadcast_macs
+        self.virtual = include_virtual_macs
+        self.generated = set()
+    def random_mac(self) -> str:
+        while True:
+            mac = self._random_mac()
+            if mac not in self.generated:
+                self.generated.add(mac)
+                return mac
+    def clear(self):
+        self.generated.clear()
+    def generates_broadcast_macs(self) -> bool:
+        return self.broadcast
+    def generates_virtual_macs(self) -> bool:
+        return self.virtual
+    def set_broadcast_generation(self, broadcast: bool):
+        self.broadcast = broadcast
+    def set_virtual_generation(self, virtual: bool):
+        self.virtual = virtual
+    def _random_mac(self) -> str:
+        mac_bytes = bytearray(getrandbits(8) for i in range(6))
+        if not self.broadcast:
+            mac_bytes[0] &= ~1  # clear the first bytes' first bit
+        if not self.virtual:
+            mac_bytes[0] &= ~2  # clear the first bytes' second bit
+        return ":".join("%02X" % b for b in mac_bytes)
+class PacketGenerator():
+    """
+    Creates packets, based on the set protocol
+    """
+    def __init__(self, protocol="udp"):
+        """
+        Creates a new Packet_Generator Object
+        :param protocol: the protocol of the packets to be created, udp or tcp
+        """
+        super(PacketGenerator, self).__init__()
+        self.protocol = protocol
+    def generate_packet(self, ip_src: str = "", ip_dst: str = "",
+                        mac_src: str = "56:6D:D9:BC:70:1C",
+                        mac_dst: str = "F4:2B:95:B3:0E:1A", port_src: int = 1337, port_dst: int = 6442, ttl: int = 64,
+                        tcpflags: str = "S", payload: str = ""):
+        """
+        Creates a Packet with the specified Values for the current protocol
+        :param ip_src: the source IP address of the IP header
+        :param ip_dst the destination IP address of the IP header
+        :param mac_src: the source MAC address of the MAC header
+        :param mac_dst: the destination MAC address of the MAC header
+        :param port_src: the source port of the header
+        :param port_dst: the destination port of the header
+        :param ttl: the ttl Value of the packet
+        :param tcpflags: the TCP flags of the TCP header
+        :param payload: the payload of the packet
+        :return: the corresponding packet
+        """
+        if (self.protocol == "udp"):
+            packet = generate_udp_packet(ip_src=ip_src, ip_dst=ip_dst, mac_src=mac_src, mac_dst=mac_dst, ttl=ttl,
+                                         port_src=port_src, port_dst=port_dst, payload=payload)
+        elif (self.protocol == "tcp"):
+            packet = generate_tcp_packet(ip_src=ip_src, ip_dst=ip_dst, mac_src=mac_src, mac_dst=mac_dst, ttl=ttl,
+                                         port_src=port_src, port_dst=port_dst, tcpflags=tcpflags, payload=payload)
+        return packet
+    def generate_mmcom_packet(self, ip_src: str = "", ip_dst: str = "",
+                              mac_src: str = "56:6D:D9:BC:70:1C",
+                              mac_dst: str = "F4:2B:95:B3:0E:1A", port_src: int = 1337, port_dst: int = 6442,
+                              tcpflags: str = "S", ttl: int = 64,
+                              message_type: MessageType = MessageType.SALITY_HELLO, neighborlist_entries: int = 1):
+        """
+        Creates a Packet for Members-Management-Communication with the specified Values and the current protocol
+        :param ip_src: the source IP address of the IP header
+        :param ip_dst the destination IP address of the IP header
+        :param mac_src: the source MAC address of the MAC header
+        :param mac_dst: the destination MAC address of the MAC header
+        :param port_src: the source port of the header
+        :param port_dst: the destination port of the header
+        :param tcpflags: the TCP flags of the TCP header, if tcp is selected as protocol
+        :param ttl: the ttl Value of the packet
+        :param message_type: affects the size of the payload
+        :param neighborlist_entries: number of entries of a Neighbourlist-reply, affects the size of the payload
+        :return: the corresponding packet
+        """
+        # Determine length of the payload that has to be generated
+        if (message_type == MessageType.SALITY_HELLO):
+            payload_len = 0
+        elif (message_type == MessageType.SALITY_HELLO_REPLY):
+            payload_len = 22
+        elif (message_type == MessageType.SALITY_NL_REQUEST):
+            payload_len = 28
+        elif (message_type == MessageType.SALITY_NL_REPLY):
+            payload_len = 24 + 6 * neighborlist_entries
+        else:
+            payload_len = 0
+        payload = generate_payload(payload_len)
+        if (self.protocol == "udp"):
+            packet = generate_udp_packet(ip_src=ip_src, ip_dst=ip_dst, mac_src=mac_src, mac_dst=mac_dst, ttl=ttl,
+                                         port_src=port_src, port_dst=port_dst, payload=payload)
+        elif (self.protocol == "tcp"):
+            packet = generate_tcp_packet(ip_src=ip_src, ip_dst=ip_dst, mac_src=mac_src, mac_dst=mac_dst, ttl=ttl,
+                                         port_src=port_src, port_dst=port_dst, tcpflags=tcpflags, payload=payload)
+        else:
+            print("Error: unsupported protocol for generating Packets")
+        return packet
+def generate_tcp_packet(ip_src: str = "", ip_dst: str = "",
+                        mac_src: str = "56:6D:D9:BC:70:1C", ttl: int = 64,
+                        mac_dst: str = "F4:2B:95:B3:0E:1A", port_src: int = 1337, port_dst: int = 6442,
+                        tcpflags: str = "S", payload: str = ""):
+    """
+    Builds a TCP packet with the values specified by the caller.
+    :param ip_src: the source IP address of the IP header
+    :param ip_dst the destination IP address of the IP header
+    :param mac_src: the source MAC address of the MAC header
+    :param ttl: the ttl value of the packet
+    :param mac_dst: the destination MAC address of the MAC header
+    :param port_src: the source port of the TCP header
+    :param port_dst: the destination port of the TCP header
+    :param tcpflags: the TCP flags of the TCP header
+    :param payload: the payload of the packet
+    :return: the corresponding TCP packet
+    """
+    ether = Ether(src=mac_src, dst=mac_dst)
+    ip = IP(src=ip_src, dst=ip_dst, ttl=ttl)
+    tcp = TCP(sport=port_src, dport=port_dst, flags=tcpflags)
+    packet = ether / ip / tcp / Raw(load=payload)
+    return packet
+def generate_udp_packet(ip_src: str = "", ip_dst: str = "",
+                        mac_src: str = "56:6D:D9:BC:70:1C", ttl: int = 64,
+                        mac_dst: str = "F4:2B:95:B3:0E:1A", port_src: int = 1337, port_dst: int = 6442,
+                        payload: str = ""):
+    """
+    Builds an UDP packet with the values specified by the caller.
+    :param ip_src: the source IP address of the IP header
+    :param ip_dst the destination IP address of the IP header
+    :param mac_src: the source MAC address of the MAC header
+    :param ttl: the ttl value of the packet
+    :param mac_dst: the destination MAC address of the MAC header
+    :param port_src: the source port of the UDP header
+    :param port_dst: the destination port of the UDP header
+    :param payload: the payload of the packet
+    :return: the corresponding UDP packet
+    """
+    ether = Ether(src=mac_src, dst=mac_dst)
+    ip = IP(src=ip_src, dst=ip_dst, ttl=ttl)
+    udp = UDP(sport=port_src, dport=port_dst)
+    packet = ether / ip / udp / Raw(load=payload)
+    return packet
+class IPChooser:
+    def random_ip(self):
+        return ip.IPAddress.from_int(random.randrange(0, 1 << 32))
+    def size(self):
+        return 1 << 32
+    def __len__(self):
+        return self.size()
+class IPChooserByRange(IPChooser):
+    def __init__(self, ip_range):
+        self.range = ip_range
+    def random_ip(self):
+        start = int(self.range.first_address())
+        end = start + self.range.block_size()
+        return ip.IPAddress.from_int(random.randrange(start, end))
+    def size(self):
+        return self.range.block_size()
+class IPChooserByList(IPChooser):
+    def __init__(self, ips):
+        self.ips = list(ips)
+        if not self.ips:
+            raise ValueError("list of ips must not be empty")
+    def random_ip(self):
+        return random.choice(self.ips)
+    def size(self):
+        return len(self.ips)
+class IPGenerator:
+    def __init__(self, ip_chooser=IPChooser(),  # include all ip-addresses by default (before the blacklist)
+                 include_private_ips=False, include_localhost=False,
+                 include_multicast=False, include_reserved=False,
+                 include_link_local=False, blacklist=None):
+        self.blacklist = []
+        self.generated_ips = set()
+        if not include_private_ips:
+            for segment in ip.ReservedIPBlocks.PRIVATE_IP_SEGMENTS:
+                self.add_to_blacklist(segment)
+        if not include_localhost:
+            self.add_to_blacklist(ip.ReservedIPBlocks.LOCALHOST_SEGMENT)
+        if not include_multicast:
+            self.add_to_blacklist(ip.ReservedIPBlocks.MULTICAST_SEGMENT)
+        if not include_reserved:
+            self.add_to_blacklist(ip.ReservedIPBlocks.RESERVED_SEGMENT)
+        if not include_link_local:
+            self.add_to_blacklist(ip.ReservedIPBlocks.ZERO_CONF_SEGMENT)
+        if blacklist:
+            for segment in blacklist:
+                self.add_to_blacklist(segment)
+        self.chooser = ip_chooser
+    @staticmethod
+    def from_range(range, *args, **kwargs):
+        return IPGenerator(IPChooserByRange(range), *args, **kwargs)
+    def add_to_blacklist(self, ip_segment):
+        if isinstance(ip_segment, ip.IPAddressBlock):
+            self.blacklist.append(ip_segment)
+        else:
+            self.blacklist.append(ip.IPAddressBlock.parse(ip_segment))
+    def random_ip(self):
+        if len(self.generated_ips) == self.chooser.size():
+            raise ValueError("Exhausted the space of possible ip-addresses, no new unique ip-address can be generated")
+        while True:
+            random_ip = self.chooser.random_ip()
+            if not self._is_in_blacklist(random_ip) and random_ip not in self.generated_ips:
+                self.generated_ips.add(random_ip)
+                return str(random_ip)
+    def clear(self, clear_blacklist=True, clear_generated_ips=True):
+        if clear_blacklist: self.blacklist.clear()
+        if clear_generated_ips: self.generated_ips.clear()
+    def _is_in_blacklist(self, ip: ip.IPAddress):
+        return any(ip in block for block in self.blacklist)
+class MappingIPGenerator(IPGenerator):
+    def __init__(self, *args, **kwargs):
+        super().__init__(self, *args, **kwargs)
+        self.mapping = {}
+    def clear(self, clear_generated_ips=True, *args, **kwargs):
+        super().clear(self, clear_generated_ips=clear_generated_ips, *args, **kwargs)
+        if clear_generated_ips:
+            self.mapping = {}
+    def get_mapped_ip(self, key):
+        if key not in self.mapping:
+            self.mapping[key] = self.random_ip()
+        return self.mapping[key]
+    def __getitem__(self, item):
+        return self.get_mapped_ip(item)

+ 269 - 0

@@ -0,0 +1,269 @@
+import re
+class IPAddress:
+	"""
+	A simple class encapsulating an ip-address. An IPAddress can be constructed by string, int and 4-element-list
+	(e.g. [8, 8, 8, 8]). This is a leightweight class as it only contains string-to-ip-and-reverse-conversion
+	and some convenience methods.
+	"""
+	# a number between 0 and 255, no leading zeros
+	_IP_NUMBER_REGEXP = r"(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)"
+	# 4 numbers between 0 and 255, joined together with dots
+	IP_REGEXP = r"{0}\.{0}\.{0}\.{0}".format(_IP_NUMBER_REGEXP)
+	def __init__(self, intlist: "list[int]") -> "IPAddress":
+		"""
+		Construct an ipv4-address with a list of 4 integers, e.g. to construct the ip pass [10, 0, 0, 0]
+		"""
+		if not isinstance(intlist, list) or not all(isinstance(n, int) for n in intlist):
+			raise TypeError("The first constructor argument must be an list of ints")
+		if not len(intlist) == 4 or not all(0 <= n <= 255 for n in intlist):
+			raise ValueError("The integer list must contain 4 ints in range of 0 and 255, like an ip-address")
+		# For easier calculations store the ip as integer, e.g. is 0x0a000000
+		self.ipnum = int.from_bytes(bytes(intlist), "big")
+	@staticmethod
+	def parse(ip: str) -> "IPAddress":
+		"""
+		Parse an ip-address-string. If the string does not comply to the ipv4-format a ValueError is raised
+		:param ip: A string-representation of an ip-address, e.g. ""
+		:return: IPAddress-object describing the ip-address
+		"""
+		match = re.match("^" + IPAddress.IP_REGEXP + "$", ip)
+		if not match:
+			raise ValueError("%s is no ipv4-address" % ip)
+		# the matches we get are the numbers of the ip-address (match 0 is the whole ip-address)
+		numbers = [int(match.group(i)) for i in range(1, 5)]
+		return IPAddress(numbers)
+	@staticmethod
+	def from_int(numeric: int) -> "IPAddress":
+		if numeric not in range(1 << 32):
+			raise ValueError("numeric value must be in uint-range")
+		# to_bytes is the easiest way to split a 32-bit int into bytes
+		return IPAddress(list(numeric.to_bytes(4, "big")))
+	@staticmethod
+	def is_ipv4(ip: str) -> bool:
+		"""
+		Check if the supplied string is in ipv4-format
+		"""
+		match = re.match("^" + IPAddress.IP_REGEXP + "$", ip)
+		return True if match else False
+	def to_int(self) -> int:
+		"""
+		Convert the ip-address to a 32-bit uint, e.g. IPAddress.parse("").to_int() returns 0x0a0000ff
+		"""
+		return self.ipnum
+	def is_private(self) -> bool:
+		"""
+		Returns a boolean indicating if the ip-address lies in the private ip-segments (see ReservedIPBlocks)
+		"""
+		return ReservedIPBlocks.is_private(self)
+	def get_private_segment(self) -> bool:
+		"""
+		Return the private ip-segment the ip-address belongs to (there are several)
+		If this ip does not belong to a private ip-segment a ValueError is raised
+		:return: IPAddressBlock
+		"""
+		return ReservedIPBlocks.get_private_segment(self)
+	def is_localhost(self) -> bool:
+		"""
+		Returns a boolean indicating if the ip-address lies in the localhost-segment
+		"""
+		return ReservedIPBlocks.is_localhost(self)
+	def is_multicast(self) -> bool:
+		"""
+		Returns a boolean indicating if the ip-address lies in the multicast-segment
+		"""
+		return ReservedIPBlocks.is_multicast(self)
+	def is_reserved(self) -> bool:
+		"""
+		Returns a boolean indicating if the ip-address lies in the reserved-segment
+		"""
+		return ReservedIPBlocks.is_reserved(self)
+	def is_zero_conf(self) -> bool:
+		"""
+		Returns a boolean indicating if the ip-address lies in the zeroconf-segment
+		"""
+		return ReservedIPBlocks.is_zero_conf(self)
+	def _tuple(self) -> (int,int,int,int):
+		return tuple(self.ipnum.to_bytes(4, "big"))
+	def __repr__(self) -> str:
+		"""
+		Following the python style guide, eval(repr(obj)) should equal obj
+		"""
+		return "IPAddress([%i, %i, %i, %i])" % self._tuple()
+	def __str__(self) -> str:
+		"""
+		Return the ip-address described by this object in ipv4-format
+		"""
+		return "%i.%i.%i.%i" % self._tuple()
+	def __hash__(self) -> int:
+		return self.ipnum
+	def __eq__(self, other) -> bool:
+		if other is None:
+			return False
+		return isinstance(other, IPAddress) and self.ipnum == other.ipnum
+	def __lt__(self, other) -> bool:
+		if other is None:
+			raise TypeError("Cannot compare to None")
+		if not isinstance(other, IPAddress):
+			raise NotImplemented # maybe other can compare to self
+		return self.ipnum < other.ipnum
+	def __int__(self) -> bool:
+		return self.ipnum
+class IPAddressBlock:
+	"""
+	This class describes a block of IPv4-addresses, just as a string in CIDR-notation does.
+	It can be seen as a range of ip-addresses. To check if a block contains a ip-address
+	simply use "ip in ip_block"
+	"""
+	# this regex describes CIDR-notation (an ip-address plus "/XX", whereas XX is a number between 1 and 32)
+	CIDR_REGEXP = IPAddress.IP_REGEXP + r"(\/(3[0-2]|[12]?\d)|)?"
+	def __init__(self, ip: "Union(str, list, IPAddress)", netmask = 32) -> "IPAddressBlock":
+		"""
+		Construct a ip-block given a ip-address and a netmask. Given an ip and a netmask,
+		the constructed ip-block will describe the range ip/netmask (e.g.
+		:param ip: An ip-address, represented as IPAddress, string or 4-element-list
+		"""
+		if isinstance(ip, str):
+			ip = IPAddress.parse(ip)
+		elif isinstance(ip, list):
+			ip = IPAddress(ip)
+		if not 1 <= netmask <= 32:
+			raise ValueError("netmask must lie between 1 and 32")
+		# clear the unnecessary bits in the base-ip, e.g. this will convert to which are equivalent
+		self.ipnum = ip.to_int() & self._bitmask(netmask)
+		self.netmask = netmask
+	@staticmethod
+	def parse(cidr: str) -> "IPAddressBlock":
+		"""
+		Parse a string in cidr-notation and return a IPAddressBlock describing the ip-segment
+		If the string is not in cidr-notation a ValueError is raised
+		"""
+		match = re.match("^" + IPAddressBlock.CIDR_REGEXP + "$", cidr)
+		if not match:
+			raise ValueError("%s is no valid cidr-notation" % cidr)
+		ip = [int(match.group(i)) for i in range(1, 5)]
+		suffix = 32 if not match.group(6) else int(match.group(6))
+		return IPAddressBlock(ip, suffix)
+	def block_size(self) -> int:
+		"""
+		Return the size of the ip-address-block. E.g. the size of someip/24 is 256
+		"""
+		return 2 ** (32 - self.netmask)
+	def first_address(self) -> IPAddress:
+		"""
+		Return the first ip-address of the ip-block
+		"""
+		return IPAddress.from_int(self.ipnum)
+	def last_address(self) -> IPAddress:
+		"""
+		Return the last ip-address of the ip-block
+		"""
+		return IPAddress.from_int(self.ipnum + self.block_size() - 1)
+	def _bitmask(self, netmask: int) -> int:
+		ones = lambda x: (1 << x) - 1
+		return ones(32) ^ ones(32 - netmask)
+	def __repr__(self) -> str:
+		"""
+		Conforming to python style-guide, eval(repr(obj)) equals obj
+		"""
+		return "IPAddressBlock(%s, %i)" % (repr(IPAddress.from_int(self.ipnum)), self.netmask)
+	def __str__(self) -> str:
+		"""
+		Return a string in cidr-notation
+		"""
+		return str(IPAddress.from_int(self.ipnum)) + "/" + str(self.netmask)
+	def __contains__(self, ip: IPAddress) -> bool:
+		return (ip.to_int() & self._bitmask(self.netmask)) == self.ipnum
+class ReservedIPBlocks:
+	"""
+	To avoid magic values and save developers some research this class contains several constants
+	describing special network-segments and some is_-methods to check if an ip is in the specified segment.
+	"""
+ 	# a list of ip-addresses that can be used in private networks
+		IPAddressBlock.parse(block)
+		for block in
+		("", "", "")
+	]
+	LOCALHOST_SEGMENT = IPAddressBlock.parse("")
+	MULTICAST_SEGMENT = IPAddressBlock.parse("")
+	RESERVED_SEGMENT = IPAddressBlock.parse("")
+	ZERO_CONF_SEGMENT = IPAddressBlock.parse("")
+	@staticmethod
+	def is_private(ip: IPAddress) -> bool:
+		return any(ip in block for block in ReservedIPBlocks.PRIVATE_IP_SEGMENTS)
+	@staticmethod
+	def get_private_segment(ip: IPAddress) -> "Optional[IPAddressBlock]":
+		if not ReservedIPBlocks.is_private(ip):
+			raise ValueError("%s is not part of a private IP segment" % ip)
+		for block in ReservedIPBlocks.PRIVATE_IP_SEGMENTS:
+			if ip in block:
+				return block
+	@staticmethod
+	def is_localhost(ip: IPAddress) -> bool:
+		return ip in ReservedIPBlocks.LOCALHOST_SEGMENT
+	@staticmethod
+	def is_multicast(ip: IPAddressBlock) -> bool:
+		return ip in ReservedIPBlocks.MULTICAST_SEGMENT
+	@staticmethod
+	def is_reserved(ip: IPAddress) -> bool:
+		return ip in ReservedIPBlocks.RESERVED_SEGMENT
+	@staticmethod
+	def is_zero_conf(ip: IPAddressBlock) -> bool:
+		return ip in ReservedIPBlocks.ZERO_CONF_SEGMENT

+ 262 - 0

@@ -0,0 +1,262 @@
+from random import choice
+from ID2TLib import Statistics
+from ID2TLib.IPv4 import IPAddress
+is_ipv4 = IPAddress.is_ipv4
+class PcapAddressOperations():
+    def __init__(self, statistics: Statistics, uncertain_ip_mult: int=3):
+        """
+        Initializes a pcap information extractor that uses the provided statistics for its operations.
+        :param statistics: The statistics of the pcap file
+        :param uncertain_ip_mult: the mutliplier to create new address space when the remaining observed space has been drained
+        """
+        self.statistics = statistics
+        self.UNCERTAIN_IPSPACE_MULTIPLIER = uncertain_ip_mult
+        self._init_ipaddress_ops()
+    def get_probable_router_mac(self):
+        """
+        Returns the most probable router MAC address based on the most used MAC address in the statistics.
+        :return: the MAC address
+        """
+        self.probable_router_mac, count = self.statistics.process_db_query("most_used(macAddress)", print_results=False)[0]
+        return self.probable_router_mac     # and count as a measure of certainty?
+    def pcap_contains_priv_ips(self):
+        """
+        Returns if the provided traffic contains private IPs.
+        :return: True if the provided traffic contains private IPs, otherwise False
+        """
+        return self.contains_priv_ips
+    def get_local_address_range(self):
+        """
+        Returns a tuple with the start and end of the observed local IP range.
+        :return: The IP range as tuple
+        """
+        return str(self.min_local_ip), str(self.max_local_ip)
+    def get_count_rem_local_ips(self):
+        """
+        Returns the number of local IPs in the pcap file that have not aldready been returned by get_existing_local_ips.
+        :return: the not yet assigned local IPs
+        """
+        return len(self.remaining_local_ips)
+    def get_existing_local_ips(self, count: int=1):
+        """
+        Returns the given number of local IPs that are existent in the pcap file.
+        :param count: the number of local IPs to return
+        :return: the chosen local IPs
+        """
+        if count > len(self.remaining_local_ips):
+            print("Warning: There are no more {} local IPs in the .pcap file. Returning all remaining local IPs.".format(count))
+        total = min(len(self.remaining_local_ips), count)
+        retr_local_ips = []
+        local_ips = self.remaining_local_ips
+        for _ in range(0, total):
+            random_local_ip = choice(sorted(local_ips))
+            retr_local_ips.append(str(random_local_ip))
+            local_ips.remove(random_local_ip)
+        return retr_local_ips
+    def get_new_local_ips(self, count: int=1):
+        """
+        Returns in the pcap not existent local IPs that are in proximity of the observed local IPs. IPs can be returned
+        that are either between the minimum and maximum observed IP and are therefore considered certain
+        or that are above the observed maximum address, are more likely to not belong to the local network 
+        and are therefore considered uncertain.
+        :param count: the number of new local IPs to return
+        :return: the newly created local IP addresses
+        """
+        # add more unused local ips to the pool, if needed
+        while len(self.unused_local_ips) < count and self.expand_unused_local_ips() == True:
+            pass
+        unused_local_ips = self.unused_local_ips
+        uncertain_local_ips = self.uncertain_local_ips
+        count_certain = min(count, len(unused_local_ips))
+        retr_local_ips = []
+        for _ in range(0, count_certain):
+            random_local_ip = choice(sorted(unused_local_ips))
+            retr_local_ips.append(str(random_local_ip))
+            unused_local_ips.remove(random_local_ip)
+        # retrieve uncertain local ips
+        if count_certain < count:
+            count_uncertain = count - count_certain
+            # check if new uncertain IPs have to be created
+            if len(uncertain_local_ips) < count_uncertain:
+                ipspace_multiplier = self.UNCERTAIN_IPSPACE_MULTIPLIER
+                max_new_ip = self.max_uncertain_local_ip.to_int() + ipspace_multiplier * count_uncertain
+                count_new_ips = max_new_ip - self.max_uncertain_local_ip.to_int()
+                # create ipspace_multiplier * count_uncertain new uncertain local IP addresses
+                last_gen_ip = None
+                for i in range(1, count_new_ips + 1):
+                    ip = IPAddress.from_int(self.max_uncertain_local_ip.to_int() + i)
+                    # exclude the definite broadcast address
+                    if self.priv_ip_segment:
+                        if ip.to_int() >= self.priv_ip_segment.last_address().to_int():
+                            break
+                    uncertain_local_ips.add(ip)
+                    last_gen_ip = ip
+                self.max_uncertain_local_ip = last_gen_ip
+            # choose the uncertain IPs to return
+            total_uncertain = min(count_uncertain, len(uncertain_local_ips))
+            for _ in range(0, total_uncertain):
+                random_local_ip = choice(sorted(uncertain_local_ips))
+                retr_local_ips.append(str(random_local_ip))
+                uncertain_local_ips.remove(random_local_ip)
+        return retr_local_ips
+    def get_existing_external_ips(self, count: int=1):
+        """
+        Returns the given number of external IPs that are existent in the pcap file.
+        :param count: the number of external IPs to return
+        :return: the chosen external IPs
+        """
+        if not (len(self.external_ips) > 0):
+            print("Warning: .pcap does not contain any external ips.")
+            return []
+        total = min(len(self.remaining_external_ips), count)
+        retr_external_ips = []
+        external_ips = self.remaining_external_ips
+        for _ in range(0, total):
+            random_external_ip = choice(sorted(external_ips))
+            retr_external_ips.append(str(random_external_ip))
+            external_ips.remove(random_external_ip)
+        return retr_external_ips
+    def _init_ipaddress_ops(self):
+        """
+        Load and process data needed to perform functions on the IP addresses contained in the statistics
+        """
+        # retrieve local and external IPs
+        all_ips_str = set(self.statistics.process_db_query("all(ipAddress)", print_results=False))
+        external_ips_str = set(self.statistics.process_db_query("ipAddress(macAddress=%s)" % self.get_probable_router_mac(), print_results=False))  # including router
+        local_ips_str = all_ips_str - external_ips_str
+        external_ips = set()
+        local_ips = set()
+        self.contains_priv_ips = False
+        self.priv_ip_segment = None
+        # convert local IP strings to IPv4.IPAddress representation
+        for ip in local_ips_str:
+            if is_ipv4(ip):
+                ip = IPAddress.parse(ip)
+                if ip.is_private() and not self.contains_priv_ips:
+                    self.contains_priv_ips = True
+                    self.priv_ip_segment = ip.get_private_segment()
+                # exclude local broadcast address and other special addresses
+                if (not str(ip) == "") and (not ip.is_localhost()) and (not ip.is_multicast()) and (not ip.is_reserved()) and (not ip.is_zero_conf()):
+                    local_ips.add(ip)
+        # convert external IP strings to IPv4.IPAddress representation
+        for ip in external_ips_str:
+            if is_ipv4(ip):
+                ip = IPAddress.parse(ip)
+                # if router MAC can definitely be mapped to local/private IP, add it to local_ips (because at first it is stored in external_ips, see above)
+                # this depends on whether the local network is identified by a private IP address range or not.
+                if ip.is_private():
+                    local_ips.add(ip)
+                # exclude local broadcast address and other special addresses
+                elif (not str(ip) == "") and (not ip.is_localhost()) and (not ip.is_multicast()) and (not ip.is_reserved()) and (not ip.is_zero_conf()):
+                    external_ips.add(ip)
+        # save the certain unused local IPs of the network
+        # to do that, divide the unused local Addressspace into chunks of (chunks_size) Addresses
+        # initally only the first chunk will be used, but more chunks can be added to the pool of unused_local_ips if needed
+        self.min_local_ip, self.max_local_ip = min(local_ips), max(local_ips)
+        local_ip_range = (self.max_local_ip.to_int()) - (self.min_local_ip.to_int() + 1)
+        if local_ip_range < 0:
+            # for min,max pairs like (1,1), (1,2) there is no free address in between, but for (1,1) local_ip_range may be -1, because 1-(1+1)=-1
+            local_ip_range = 0
+        # chunk size can be adjusted if needed
+        self.chunk_size = 200
+        self.current_chunk = 1
+        if local_ip_range < self.chunk_size:
+            # there are not more than chunk_size unused IP Addresses to begin with
+            self.chunks = 0
+            self.chunk_remainder = local_ip_range
+        else:
+            # determine how many chunks of (chunk_size) Addresses there are and the save the remainder
+            self.chunks = local_ip_range // self.chunk_size
+            self.chunk_remainder = local_ip_range % self.chunk_size
+        # add the first chunk of IP Addresses
+        self.unused_local_ips = set()
+        self.expand_unused_local_ips()
+        # save the gathered information for efficient later use
+        self.external_ips = frozenset(external_ips)
+        self.remaining_external_ips = external_ips
+        self.max_uncertain_local_ip = self.max_local_ip
+        self.local_ips = frozenset(local_ips)
+        self.remaining_local_ips = local_ips
+        self.uncertain_local_ips = set()
+    def expand_unused_local_ips(self):
+        """
+        expands the set of unused_local_ips by one chunk_size
+        to illustrate this algorithm: suppose we have a chunksize of 100 and an Address space of 1 to 1000 (1 and 1000 are unused too), we then have 10 chunks
+        every time this method is called, one chunk (100 Addresses) is added, each chunk starts at the base_address + the number of its chunk
+        then, every chunk_amounth'th Address is added. Therefore for 10 chunks, every 10th address is added
+        For the above example for the first, second and last call, we get the following IPs, respectively:
+        first Call:  1+0,  1+10,  1+20,  1+30, ...,  1+990
+        second Call: 2+0,  2+10,  2+20,  2+30, ...,  2+990
+        ten'th Call: 10+0, 10+10, 10+20, 10+30, ..., 10+990
+        :return: False if there are no more available unusd local IP Addresses, True otherwise
+        """
+        if self.current_chunk == self.chunks+1:
+            # all chunks are used up, therefore add the remainder
+            remainder_base_addr = self.min_local_ip.to_int() + self.chunks*self.chunk_size + 1
+            for i in range(0,self.chunk_remainder):
+                ip = IPAddress.from_int(remainder_base_addr + i)
+                self.unused_local_ips.add(ip)
+            self.current_chunk = self.current_chunk + 1
+            return True
+        elif self.current_chunk <= self.chunks:
+            # add another chunk
+            # choose IPs from the whole address space, that is available
+            base_address = self.min_local_ip.to_int() + self.current_chunk
+            for i in range(0,self.chunk_size):
+                ip = IPAddress.from_int(base_address + i*self.chunks)
+                self.unused_local_ips.add(ip)
+            self.current_chunk = self.current_chunk + 1
+            return True
+        else:
+            # no free IPs remaining
+            return False

+ 251 - 0

@@ -0,0 +1,251 @@
+import random, copy
+# information taken from https://www.cymru.com/jtk/misc/ephemeralports.html
+class PortRanges:
+	# dynamic ports as listed by RFC 6056
+	DYNAMIC_PORTS = range(49152, 65536)
+	LINUX = range(32768, 61001)
+	FREEBSD = range(10000, 65536)
+	WINDOWS_XP = range(1024, 5001)
+# This class uses classes instead of functions so deepcloning works
+class PortSelectionStrategy:
+	class sequential:
+		def __init__(self):
+			self.counter = -1
+		# that function will always return a one higher counter than before,
+		# restarting from the start once it reached the highest value
+		def __call__(self, port_range, *args):
+			if self.counter == -1:
+				self.counter = port_range.start
+			port = self.counter
+			self.counter += 1
+			if self.counter == port_range.stop:
+				self.counter = port_range.start
+			return port
+	class random:
+		def __call__(self, port_range, *args):
+			return random.randrange(port_range.start, port_range.stop)
+	class linux_kernel:
+		"""
+		A port-selectioin-strategy oriented on the linux-kernel
+		The implementation follows https://github.com/torvalds/linux/blob/master/net/ipv4/inet_connection_sock.c#L173
+		as much as possible when converting from one language to another (The newest file was used
+		by the time of writing, make sure you select the correct one when following the link!)
+		"""
+		def __call__(self, port_range: range, port_selector, *args):
+			"""
+			This method is an attempt to map a c-function to python. To solve the goto-problem
+			while-true's have been added. Both of the while-true's are placed where the original
+			had a label to jump to. break's and continue's are set to preserve the original
+			control flow. Another method could have been used to rewrite the c-code, however this
+			was chosen to preserve the similarity between this and the original
+			:param port_range: the port range to choose from
+			:param port_selector: the port selector that tells which ports are in use
+			:param args: Not used for now
+			:return: A port number
+			"""
+			port = 0
+			low, high = port_range.start, port_range.stop
+			# this var tells us if we should use the upper or lower port-range-half, or the whole range if
+			# this var is None. The original was an enum of the values 0, 1 and 2. But I think an Optional[bool]
+			# is more clear
+			# None: use whole range, True: use lower half, False: use upper half
+			attempt_half = True
+			high += 1  # line 186 in the original file
+			while True:
+				if high - low < 4:
+					attempt_half = None
+				if attempt_half is not None:
+					# appearently a fast method to find a number close to the real half
+					# unless the difference between high and low is 4 (see above, note the 2-shift below)
+					# this does not work
+					half = low + (((high - low) >> 2) << 1)
+					if attempt_half:
+						high = half
+					else:
+						low = half
+				remaining = high - low
+				if remaining > 1:
+					remaining &= ~1 # flip the 1-bit
+				offset = random.randrange(0, remaining)
+				offset |= 1;
+				attempt_half_before = attempt_half # slight hack to keep track of change
+				while True:
+					port = low + offset
+					for i in range(0, remaining, 2):
+						if port >= high:
+							port -= remaining
+						if port_selector.is_port_in_use(port):
+							port += 2
+							continue
+						return port
+					offset -= 1
+					if not (offset & 1):
+						continue
+					if attempt_half:
+						attempt_half = False
+						break
+				if attempt_half_before: # we still got ports to search, attemp_half was just set to False
+					continue
+				if not attempt_half: # the port-range is exhausted
+					break
+			raise ValueError("Could not find suitable port")
+class PortSelector:
+	"""
+	This class simulates a port-selection-process. Instances keep a list of port-numbers they generated so
+	the same port-number will not be generated again.
+	"""
+	def __init__(self, port_range, select_function):
+		"""
+		Create a PortSelector given a range of ports to choose from and a function that chooses the next port
+		:param port_range: a range-object containing the range of ports to choose from
+		:param select_function: a function that receives the port_range and selects a port
+		"""
+		if len(port_range) == 0:
+			raise ValueError("cannot choose from an empty range")
+		if port_range.start not in range(1, 65536) or port_range.stop not in range(1, 65536 + 1):
+			raise ValueError("port_range is no subset of the valid port-range")
+		self.port_range = port_range
+		self._select_port = select_function
+		self.generated = []
+	def select_port(self):
+		# do this check to avoid endless loops
+		if len(self.generated) == len(self.port_range):
+			raise RuntimeError("All %i port numbers were already generated, no more can be generated" % len(self.port_range))
+		while True:
+			port = self._select_port(self.port_range, self)
+			if port not in self.generated:
+				self.generated.append(port)
+				return port
+	def is_port_in_use(self, port: int):
+		return port in self.generated
+	def undo_port_use(self, port: int):
+		if port in self.generated:
+			self.generated.remove(port)
+		else:
+			raise ValueError("Port %i is not in use and thus can not be undone" % port)
+	def reduce_size(self, size: int):
+		"""
+		Reduce the list of already generated ports to the last <size> generated.
+		If size if bigger than the number of generated ports nothing happens.
+		"""
+		self.generated = self.generated[-size:]
+	def clear(self):
+		"""
+		Clear the list of generated ports. As of now this does not reset the state of the selection-function
+		"""
+		self.generated = []
+	def clone(self):
+		return copy.deepcopy(self)
+class ProtocolPortSelector:
+	"""
+	This class contains a method to select ports for udp and tcp. It generally consists of the port-selectors, one
+	for tcp and one for udp. For convenience this class has a __getattr__-method to call methods on both selectors
+	at once. E.g, clear() does not exist for ProtocolPortSelector but it does for PortSelector, therefore
+	protocolPortSelector.clear() will call clear for both port-selectors.
+	"""
+	def __init__(self, port_range, select_tcp, select_udp = None):
+		self.tcp = PortSelector(port_range, select_tcp)
+		self.udp = PortSelector(port_range, select_udp or select_tcp)
+	def get_tcp_generator(self):
+		return self.tcp
+	def get_udp_generator(self):
+		return self.udp
+	def select_port_tcp(self):
+		return self.tcp.select_port()
+	def select_port_udp(self):
+		return self.udp.select_port()
+	def is_port_in_use_tcp(self, port):
+		return self.tcp.is_port_in_use(port)
+	def is_port_in_use_udp(self, port):
+		return self.udp.is_port_in_use(port)
+	def clone(self):
+		class Tmp: pass
+		clone = Tmp()
+		clone.__class__ = type(self)
+		clone.udp = self.udp.clone()
+		clone.tcp = self.tcp.clone()
+		return clone
+	def __getattr__(self, attr):
+		val = getattr(self.tcp, attr)
+		if callable(val): # we proprably got a method here
+			tcp_meth = val
+			udp_meth = getattr(self.udp, attr)
+			def double_method(*args, **kwargs):
+				return (tcp_meth(*args, **kwargs), udp_meth(*args, **kwargs))
+			return double_method # calling this function will call the method for both port-selectors
+		else: # we have found a simple value, return a tuple containing the attribute-value from both port-selectors
+			return (val, getattr(self.udp, attr))
+class PortSelectors:
+	"""
+	To save some time this class contains some of the port-selection-strategies found in the wild. It is recommend to use
+	.clone() to get your personal copy, otherwise two parts of your code might select ports on the same port-selector which
+	is something your might want to avoid.
+	"""
+	LINUX = ProtocolPortSelector(PortRanges.LINUX, PortSelectionStrategy.random())
+	APPLE = ProtocolPortSelector(PortRanges.DYNAMIC_PORTS,
+			PortSelectionStrategy.sequential(),
+			PortSelectionStrategy.random())
+	FREEBSD = ProtocolPortSelector(PortRanges.FREEBSD, PortSelectionStrategy.random())
+	WINDOWS = ProtocolPortSelector(PortRanges.WINDOWS_7, PortSelectionStrategy.random()) # the selection strategy is a guess as i can't find more info on it

+ 571 - 0

@@ -0,0 +1,571 @@
+#include "botnet_comm_processor.h"
+ * Creates a new botnet_comm_processor object. 
+ * The abstract python messages are converted to easier-to-handle C++ data structures.
+ * @param messages_pyboost The abstract communication messages 
+ *    represented as (python) list containing (python) dicts.
+ */
+botnet_comm_processor::botnet_comm_processor(const py::list &messages_pyboost){
+    set_messages(messages_pyboost);
+ * Creates a new and empty botnet_comm_processor object.
+ */
+ * Set the messages of this communication processor.
+ * @param messages_pyboost The abstract communication messages
+ *    represented as (python) list containing (python) dicts.
+ */
+void botnet_comm_processor::set_messages(const py::list &messages_pyboost){
+    messages.clear();
+    for (int i = 0; i < len(messages_pyboost); i++){
+        py::dict msg_pyboost = py::extract<py::dict>(messages_pyboost[i]);
+        unsigned int src_id = std::stoi(py::extract<std::string>(msg_pyboost["Src"]));
+        unsigned int dst_id = std::stoi(py::extract<std::string>(msg_pyboost["Dst"]));
+        unsigned short type = (unsigned short) std::stoi(py::extract<std::string>(msg_pyboost["Type"]));
+        double time = std::stod(py::extract<std::string>(msg_pyboost["Time"]));
+        int line_no = std::stoi(py::extract<std::string>(msg_pyboost.get("LineNumber", "-1")));
+        abstract_msg msg = {src_id, dst_id, type, time, line_no};
+        messages.push_back(std::move(msg));
+    }
+ * Retrieve input information about message count.
+ * @return the number of existing messages.
+ */
+int botnet_comm_processor::get_message_count(){
+    return messages.size();
+ * Processes an XML attribute assignment. The result is reflected in the respective change of the given message.
+ * @param msg The message this attribute refers to.
+ * @param assignment The XML attribute assignment in notation: attribute="value"
+ */
+void botnet_comm_processor::process_xml_attrib_assign(abstract_msg &msg, const std::string &assignment) {
+    std::size_t split_pos = assignment.find("=");
+    if (split_pos != std::string::npos){
+        std::string key = assignment.substr(0, split_pos);
+        std::string value = assignment.substr(split_pos + 2, assignment.length() - 1);
+        process_kv(msg, key, value);
+    }
+ * Processes a key-value pair. The result is reflected in the respective change of the given message.
+ * @param msg The message this kv pair refers to.
+ * @param key The key of the attribute.
+ * @param value The value of the attribute.
+ */
+void botnet_comm_processor::process_kv(abstract_msg &msg, const std::string &key, const std::string &value){
+    if (key == "Src")
+        msg.src = std::stoi(value);
+    else if (key == "Dst")
+        msg.dst = std::stoi(value);
+    else if (key == "Type")
+        msg.type = (unsigned short) std::stoi(value);
+    else if (key == "Time")
+        msg.time = std::stod(value);
+    else if (key == "LineNumber")
+        msg.line_no = std::stoi(value);
+ * Parses the packets contained in the given CSV to program structure.
+ * @param filepath The filepath where the CSV is located.
+ * @return The number of messages (or lines) contained in the CSV file.
+ */
+unsigned int botnet_comm_processor::parse_csv(const std::string &filepath){
+    std::ifstream input(filepath);
+    int line_no = 1;  // the first line has number 1
+    messages.clear();
+    // iterate over every line
+    for (std::string line; std::getline(input, line); ){
+        std::istringstream line_stream(line);
+        abstract_msg cur_msg;
+        cur_msg.line_no = line_no;
+        // iterate over every key:value entry
+        for (std::string pair; std::getline(line_stream, pair, ','); ){
+            boost::replace_all(pair, " ", "");
+            std::size_t split_pos = pair.find(":");
+            if (split_pos != std::string::npos){
+                std::string key = pair.substr(0, split_pos);
+                std::string value = pair.substr(split_pos + 1, pair.length());
+                process_kv(cur_msg, key, value);
+            }
+        }
+        messages.push_back(std::move(cur_msg));
+        line_no++;
+    }
+    return messages.size();
+ * Parses the packets contained in the given XML to program structure.
+ * @param filepath The filepath where the XML is located.
+ * @return The number of messages contained in the XML file.
+ */
+unsigned int botnet_comm_processor::parse_xml(const std::string &filepath){
+    std::ifstream input(filepath);
+    std::string cur_word = "";
+    abstract_msg cur_msg;
+    char c;
+    int read_packet_open = 0, read_slash = 0;
+    messages.clear();
+    // iterate over every character
+    while (input.get(c)){
+        if(c == '/')  // hints ending of tag
+            read_slash = 1;
+        else if (c == '>'){  // definitely closes tag
+            if (read_packet_open && read_slash){  // handle oustanding attribute
+                read_slash = 0;
+                process_xml_attrib_assign(cur_msg, cur_word);
+                messages.push_back(cur_msg);
+                read_packet_open = 0;
+            }
+            cur_word = "";
+        }
+        else if (c == ' '){
+            if (read_packet_open && cur_word != ""){  // handle new attribute
+                process_xml_attrib_assign(cur_msg, cur_word);
+            }
+            else if (cur_word == "<packet")
+                read_packet_open = 1;
+            cur_word = "";
+        }
+        else
+            cur_word += c;
+    }
+    return messages.size();
+ * Writes the communication messages contained in the class member messages into an XML file (with respective notation).
+ * @param filename The name the file should have (without extension).
+ * @return The filepath of the written XML file.
+ */
+std::string botnet_comm_processor::write_xml(const std::string &filename){
+    std::string filepath = filename + ".xml";
+    std::ofstream xml_file;
+    xml_file.open(filepath);
+    // set number of digits after dot to 11
+    xml_file << std::fixed << std::setprecision(11);
+    xml_file << "<trace name=\"" << filename << "\">";
+    for (const auto &msg : messages){
+        xml_file << "<packet ";
+        xml_file << "Src=\"" << msg.src << "\" Dst=\"" << msg.dst << "\" ";
+        xml_file << "Type=\"" << msg.type << "\" Time=\"" << msg.time << "\" ";
+        xml_file << "LineNumber=\"" << msg.line_no << "\" />";
+    }
+    xml_file << "</trace>";
+    xml_file.close();
+    return filepath;
+ * Retrieves all messages contained in the interval between start_idx and end_idx in Python representation.
+ * @param start_idx The inclusive first index of the interval.
+ * @param end_idx The inclusive last index of the interval.
+ * @return A (Python) list of (Python) dicts containing the desired information.
+ */
+py::list botnet_comm_processor::get_messages(unsigned int start_idx, unsigned int end_idx){
+    py::list py_messages;
+    for (std::size_t i = start_idx; i <= end_idx; i++){
+        if (i >= messages.size())
+            break;
+        py::dict py_msg;
+        py_msg["Src"] = messages[i].src;
+        py_msg["Dst"] = messages[i].dst;
+        py_msg["Type"] = messages[i].type;
+        py_msg["Time"] = messages[i].time;
+        py_msg["LineNumber"] = messages[i].line_no;
+        py_messages.append(py_msg);
+    }
+    return py_messages;
+ * Finds the time interval(s) of maximum the given seconds with the most overall communication
+ * (i.e. requests and responses) that has at least number_ids communicating initiators in it. 
+ * @param number_ids The number of initiator IDs that have to exist in the interval(s).
+ * @param max_int_time The maximum time period of the interval.
+ * @return A (python) list of (python) dicts, where each dict (keys: 'IDs', Start', 'End') represents an interval with its
+ * list of initiator IDs, a start index and an end index. The indices are with respect to the first abstract message.
+ */
+py::list botnet_comm_processor::find_optimal_interval(int number_ids, double max_int_time){
+    unsigned int logical_thread_count = std::thread::hardware_concurrency();
+    std::vector<std::thread> threads;
+    std::vector<std::future<std::vector<comm_interval> > > futures;
+    // create as many threads as can run concurrently and assign them respective sections
+    for (std::size_t i = 0; i < logical_thread_count; i++){
+        unsigned int start_idx = (i * messages.size() / logical_thread_count);
+        unsigned int end_idx = (i + 1) * messages.size() / logical_thread_count;
+        std::promise<std::vector<comm_interval> > p;  // use promises to retrieve return values
+        futures.push_back(p.get_future());
+        threads.push_back(std::thread(&botnet_comm_processor::find_optimal_interval_helper, this, std::move(p), number_ids, max_int_time, start_idx, end_idx));
+    }
+    // synchronize all threads
+    for (auto &t : threads){
+        t.join();
+    }
+    // accumulate results
+    std::vector<std::vector<comm_interval> > acc_possible_intervals;
+    for (auto &f : futures){
+        acc_possible_intervals.push_back(f.get());
+    }
+    // find overall most communicative interval
+    std::vector<comm_interval> possible_intervals;
+    unsigned int cur_highest_sum = 0;
+    for (const auto &single_poss_interval : acc_possible_intervals){
+        if (single_poss_interval.size() > 0 && single_poss_interval[0].comm_sum >= cur_highest_sum){
+            // if there is more than one interval, all of them have the same comm_sum
+            if (single_poss_interval[0].comm_sum > cur_highest_sum){
+                cur_highest_sum = single_poss_interval[0].comm_sum;
+                possible_intervals.clear();
+            }
+            for (const auto &interval : single_poss_interval){
+                possible_intervals.push_back(std::move(interval));
+            }
+        }
+    }
+    // return the result converted into python data structures
+    return convert_intervals_to_py_repr(possible_intervals);
+ * Finds the time interval(s) of maximum the given seconds within the given start and end index having the most 
+ * overall communication (i.e. requests and responses) as well as at least number_ids communicating initiators in it. 
+ * @param p An rvalue to a promise to return the found intervals.
+ * @param number_ids The number of initiator IDs that have to exist in the interval(s).
+ * @param max_int_time The maximum time period of the interval.
+ * @param start_idx The index of the first message to process with respect to the class member 'messages'.
+ * @param end_idx The upper index boundary where the search is stopped at (i.e. exclusive index).
+ */
+void botnet_comm_processor::find_optimal_interval_helper(std::promise<std::vector<comm_interval> > && p, int number_ids, double max_int_time, int start_idx, int end_idx){
+    // setup initial variables
+    unsigned int idx_low = start_idx, idx_high = start_idx;  // the indices spanning the interval
+    unsigned int comm_sum = 0;  // the communication sum of the current interval
+    unsigned int cur_highest_sum = 0;  // the highest communication sum seen so far
+    double cur_int_time = 0;  // the time of the current interval
+    std::deque<unsigned int> init_ids;  // the initiator IDs seen in the current interval in order of appearance
+    std::vector<comm_interval> possible_intervals;  // all intervals that have cur_highest_sum of communication and contain enough IDs
+    // Iterate over all messages from start to finish and process the info of each message.
+    // Similar to a Sliding Window approach.
+    while (1){
+        if (idx_high < messages.size())
+            cur_int_time = messages[idx_high].time - messages[idx_low].time;
+        // if current interval time exceeds maximum time period or all messages have been processed, 
+        // process information of the current interval
+        if (greater_than(cur_int_time, max_int_time) || idx_high >= messages.size()){
+            std::set<unsigned int> interval_ids;
+            for (std::size_t i = 0; i < init_ids.size(); i++) 
+                interval_ids.insert(init_ids[i]);
+            // if the interval contains enough initiator IDs, add it to possible_intervals
+            if (interval_ids.size() >= (unsigned int) number_ids){
+                comm_interval interval = {interval_ids, comm_sum, idx_low, idx_high - 1};
+                // reset possible intervals if new maximum of communication is found
+                if (comm_sum > cur_highest_sum){
+                    possible_intervals.clear();
+                    possible_intervals.push_back(std::move(interval));
+                    cur_highest_sum = comm_sum;
+                }
+                // append otherwise
+                else if (comm_sum == cur_highest_sum)
+                    possible_intervals.push_back(std::move(interval));
+            }
+            // stop if all messages have been processed
+            if (idx_high >= messages.size())
+                break;
+        }
+        // let idx_low "catch up" so that the current interval time fits into the maximum time period again
+        while (greater_than(cur_int_time, max_int_time)){
+            if (idx_low >= (unsigned int) end_idx)
+                goto end; 
+            abstract_msg &cur_msg = messages[idx_low];
+            // if message was not a timeout, delete the first appearance of the initiator ID 
+            // of this message from the initiator list and update comm_sum
+            if (cur_msg.type != TIMEOUT){
+                comm_sum--;
+                init_ids.pop_front();
+            }
+            idx_low++;
+            cur_int_time = messages[idx_high].time - messages[idx_low].time;
+        }
+        // consume the new message at idx_high and process its information
+        abstract_msg &cur_msg = messages[idx_high];
+        // if message is request, add src to initiator list
+        if (msgtype_is_request(cur_msg.type)){
+            init_ids.push_back(cur_msg.src);
+            comm_sum++;
+        }
+        // if message is response, add dst to initiator list
+        else if (msgtype_is_response(cur_msg.type)){
+            init_ids.push_back(cur_msg.dst);
+            comm_sum++;
+        }
+        idx_high++;
+    }
+    end: p.set_value(possible_intervals);
+ * Finds the time interval of maximum the given seconds starting at the given index. If it does not have at least number_ids 
+ * communicating initiators in it or the index is out of bounds, an empty dict is returned.
+ * @param start_idx the starting index of the returned interval
+ * @param number_ids The number of initiator IDs that have to exist in the interval.
+ * @param max_int_time The maximum time period of the interval.
+ * @return A (python) dict (keys: 'IDs', Start', 'End'), which represents an interval with its list of initiator IDs, 
+ * a start index and an end index. The indices are with respect to the first abstract message.
+ */
+py::dict botnet_comm_processor::find_interval_from_startidx(int start_idx, int number_ids, double max_int_time){
+    // setup initial variables
+    unsigned int cur_idx = start_idx;  // the current iteration index
+    double cur_int_time = 0;  // the time of the current interval
+    std::deque<unsigned int> init_ids;  // the initiator IDs seen in the current interval in order of appearance
+    py::dict comm_interval_py;  // the communication interval that is returned
+    if ((unsigned int) start_idx >= messages.size()){
+        return comm_interval_py;
+    }
+    // Iterate over all messages starting at start_idx until the duration or the current index exceeds a boundary
+    while (1){
+        if (cur_idx < messages.size())
+            cur_int_time = messages[cur_idx].time - messages[start_idx].time;
+        // if current interval time exceeds maximum time period or all messages have been processed, 
+        // process information of the current interval
+        if (greater_than(cur_int_time, max_int_time) || cur_idx >= messages.size()){
+            std::set<unsigned int> interval_ids;
+            for (std::size_t i = 0; i < init_ids.size(); i++) 
+                interval_ids.insert(init_ids[i]);
+            // if the interval contains enough initiator IDs, convert it to python representation and return it
+            if (interval_ids.size() >= (unsigned int) number_ids){
+                py::list py_ids;
+                for (const auto &id : interval_ids){
+                    py_ids.append(id);
+                }
+                comm_interval_py["IDs"] = py_ids;
+                comm_interval_py["Start"] = start_idx;
+                comm_interval_py["End"] = cur_idx - 1;
+                return comm_interval_py;
+            }
+            else {
+                return comm_interval_py;
+            }
+        }
+        // consume the new message at cur_idx and process its information
+        abstract_msg &cur_msg = messages[cur_idx];
+        // if message is request, add src to initiator list
+        if (msgtype_is_request(cur_msg.type))
+            init_ids.push_back(cur_msg.src);
+        // if message is response, add dst to initiator list
+        else if (msgtype_is_response(cur_msg.type))
+            init_ids.push_back(cur_msg.dst);
+        cur_idx++;
+    }
+ * Finds the time interval of maximum the given seconds ending at the given index. If it does not have at least number_ids 
+ * communicating initiators in it or the index is out of bounds, an empty dict is returned.
+ * @param end_idx the ending index of the returned interval (inclusive)
+ * @param number_ids The number of initiator IDs that have to exist in the interval.
+ * @param max_int_time The maximum time period of the interval.
+ * @return A (python) dict (keys: 'IDs', Start', 'End'), which represents an interval with its list of initiator IDs, 
+ * a start index and an end index. The indices are with respect to the first abstract message.
+ */
+py::dict botnet_comm_processor::find_interval_from_endidx(int end_idx, int number_ids, double max_int_time){
+    // setup initial variables
+    int cur_idx = end_idx;  // the current iteration index
+    double cur_int_time = 0;  // the time of the current interval
+    std::deque<unsigned int> init_ids;  // the initiator IDs seen in the current interval in order of appearance
+    py::dict comm_interval_py;  // the communication interval that is returned
+    if (end_idx < 0){
+        return comm_interval_py;
+    }
+    // Iterate over all messages starting at end_idx until the duration or the current index exceeds a boundary
+    while (1){
+        if (cur_idx >= 0)
+            cur_int_time = messages[end_idx].time - messages[cur_idx].time;
+        // if current interval time exceeds maximum time period or all messages have been processed, 
+        // process information of the current interval
+        if (greater_than(cur_int_time, max_int_time) || cur_idx < 0){
+            std::set<unsigned int> interval_ids;
+            for (std::size_t i = 0; i < init_ids.size(); i++) 
+                interval_ids.insert(init_ids[i]);
+            // if the interval contains enough initiator IDs, convert it to python representation and return it
+            if (interval_ids.size() >= (unsigned int) number_ids){
+                py::list py_ids;
+                for (const auto &id : interval_ids){
+                    py_ids.append(id);
+                }
+                comm_interval_py["IDs"] = py_ids;
+                comm_interval_py["Start"] = cur_idx + 1;
+                comm_interval_py["End"] = end_idx;
+                return comm_interval_py;
+            }
+            else {
+                return comm_interval_py;
+            }
+        }
+        // consume the new message at cur_idx and process its information
+        abstract_msg &cur_msg = messages[cur_idx];
+        // if message is request, add src to initiator list
+        if (msgtype_is_request(cur_msg.type))
+            init_ids.push_back(cur_msg.src);
+        // if message is response, add dst to initiator list
+        else if (msgtype_is_response(cur_msg.type))
+            init_ids.push_back(cur_msg.dst);
+        cur_idx--;
+    }
+ * Finds all initiator IDs contained in the interval spanned by the two indices.
+ * @param start_idx The start index of the interval.
+ * @param end_idx The last index of the interval (inclusive).
+ * @return A (python) list containing all initiator IDs of the interval.
+ */
+py::list botnet_comm_processor::get_interval_init_ids(int start_idx, int end_idx){
+    // setup initial variables
+    unsigned int cur_idx = start_idx;  // the current iteration index
+    std::set<unsigned int> interval_ids;
+    py::list py_ids;  // the communication interval that is returned
+    if ((unsigned int) start_idx >= messages.size()){
+        return py_ids;
+    }
+    // Iterate over all messages starting at start_idx until the duration or the current index exceeds a boundary
+    while (1){
+        // if messages have been processed
+        if (cur_idx >= messages.size() || cur_idx > (unsigned int) end_idx){
+            for (const auto &id : interval_ids)
+                py_ids.append(id);
+            return py_ids;
+        }
+        // consume the new message at cur_idx and process its information
+        abstract_msg &cur_msg = messages[cur_idx];
+        // if message is request, add src to initiator list
+        if (msgtype_is_request(cur_msg.type))
+            interval_ids.insert(cur_msg.src);
+        // if message is response, add dst to initiator list
+        else if (msgtype_is_response(cur_msg.type))
+            interval_ids.insert(cur_msg.dst);
+        cur_idx++;
+    }
+ * Checks whether the given message type corresponds to a request.
+ * @param mtype The message type to check.
+ * @return true(1) if the message type is a request, false(0) otherwise.
+ */
+int botnet_comm_processor::msgtype_is_request(unsigned short mtype){
+    return mtype == SALITY_HELLO || mtype == SALITY_NL_REQUEST;
+ * Checks whether the given message type corresponds to a response.
+ * @param mtype The message type to check.
+ * @return true(1) if the message type is a response, false(0) otherwise.
+ */
+int botnet_comm_processor::msgtype_is_response(unsigned short mtype){
+    return mtype == SALITY_HELLO_REPLY || mtype == SALITY_NL_REPLY;
+ * Converts the given vector of communication intervals to a python representation 
+ * using (python) lists and (python) tuples.
+ * @param intervals The communication intervals to convert.
+ * @return A boost::python::list containing the same interval information using boost::python::dict for each interval.
+ */
+py::list botnet_comm_processor::convert_intervals_to_py_repr(const std::vector<comm_interval> &intervals){
+    py::list py_intervals;
+    for (const auto &interval : intervals){
+        py::list py_ids;
+        for (const auto &id : interval.ids){
+            py_ids.append(id);
+        }
+        py::dict py_interval;
+        py_interval["IDs"] = py_ids;
+        py_interval["Start"] = interval.start_idx;
+        py_interval["End"] = interval.end_idx;
+        py_intervals.append(py_interval);
+    }
+    return py_intervals;
+// void botnet_comm_processor::print_message(const abstract_msg &message){
+//     std::cout << "Src: " << message.src << "   Dst: " << message.dst << "   Type: " << message.type << "   Time: " << message.time << "   LineNumber: " << message.line_no << std::endl;
+// }
+ * Comment out if executable should be build & run
+ * Comment in if library should be build
+ */
+using namespace boost::python;
+BOOST_PYTHON_MODULE (libbotnetcomm) {
+    class_<botnet_comm_processor>("botnet_comm_processor")
+            .def(init<list>())
+            .def(init<>())
+            .def("find_interval_from_startidx", &botnet_comm_processor::find_interval_from_startidx)
+            .def("find_interval_from_endidx", &botnet_comm_processor::find_interval_from_endidx)
+            .def("find_optimal_interval", &botnet_comm_processor::find_optimal_interval)
+            .def("get_interval_init_ids", &botnet_comm_processor::get_interval_init_ids)
+            .def("get_messages", &botnet_comm_processor::get_messages)
+            .def("get_message_count", &botnet_comm_processor::get_message_count)
+            .def("parse_csv", &botnet_comm_processor::parse_csv)
+            .def("parse_xml", &botnet_comm_processor::parse_xml)
+            .def("set_messages", &botnet_comm_processor::set_messages)
+            .def("write_xml", &botnet_comm_processor::write_xml);

+ 153 - 0

@@ -0,0 +1,153 @@
+ * Class for processing messages containing abstract Membership Management Communication.
+ * A message has to consist of (namely): Src, Dst, Type, Time.
+ */
+#include <iostream>
+#include <boost/python.hpp>
+#include <boost/algorithm/string/replace.hpp>
+#include <vector>
+#include <thread>
+#include <deque>
+#include <set>
+#include <future>
+#include <fstream>
+#include <string>
+#include <istream>
+#include <iomanip>
+ * Botnet communication types (equal to the ones contained in the MessageType class in MembersMgmtCommAttack.py)
+ */
+#define TIMEOUT 3
+#define SALITY_NL_REQUEST 101
+#define SALITY_NL_REPLY 102
+#define SALITY_HELLO 103
+ * Needed because of machine inprecision. E.g a time difference of 0.1s is stored as >0.1s
+ */
+#define EPS_TOLERANCE 1e-12  // works for a difference of 0.1
+ * For quick usage
+ */
+namespace py = boost::python;
+ * Definition of structs
+ */
+ * Struct used as data structure to represent an abstract communication message:
+ * - Source ID
+ * - Destination ID
+ * - Message type
+ * - Time of message
+ */
+struct abstract_msg {
+    // necessary constructors to have default values
+    abstract_msg (unsigned int src, unsigned int dst, unsigned short type, double time, int line_no) :
+    src(src), dst(dst), type(type), time(time), line_no(line_no) {}
+    abstract_msg () {}
+    // members
+    unsigned int src = 0;
+    unsigned int dst = 0;
+    unsigned short type = 0; 
+    double time = 0.0;
+    int line_no = -1;
+ * Struct used as data structure to represent an interval of communication:
+ * - A set of all initiator IDs contained in the interval
+ * - The number of messages sent in the interval (excluding timeouts)
+ * - The start index of the interval with respect to the member variable 'packets'
+ * - The end index of the interval with respect to the member variable 'packets'
+ */
+struct comm_interval {
+    std::set<unsigned int> ids;
+    unsigned int comm_sum;
+    unsigned int start_idx;
+    unsigned int end_idx; 
+ * A greater than operator desgined to handle slight machine inprecision up to EPS_TOLERANCE.
+ * @param a The first number
+ * @param b The second number
+ * @return true (1) if a > b, otherwise false(0)
+int greater_than(double a, double b){
+    return b - a < -1 * EPS_TOLERANCE;
+class botnet_comm_processor {
+    /*
+    * Class constructor
+    */
+    botnet_comm_processor();
+    botnet_comm_processor(const py::list &messages_pyboost);
+    /*
+     * Methods
+     */
+    py::dict find_interval_from_startidx(int start_idx, int number_ids, double max_int_time);
+    py::dict find_interval_from_endidx(int end_idx, int number_ids, double max_int_time);
+    py::list find_optimal_interval(int number_ids, double max_int_time);
+    py::list get_interval_init_ids(int start_idx, int end_idx);
+    py::list get_messages(unsigned int start_idx, unsigned int end_idx);
+    int get_message_count();
+    unsigned int parse_csv(const std::string &);
+    unsigned int parse_xml(const std::string &);
+    void set_messages(const py::list &messages_pyboost);
+    std::string write_xml(const std::string &);
+    /*
+     * Methods
+     */
+    py::list convert_intervals_to_py_repr(const std::vector<comm_interval>& intervals);
+    void find_optimal_interval_helper(std::promise<std::vector<comm_interval> > && p, int number_ids, double max_int_time, int start_idx, int end_idx);
+    int msgtype_is_request(unsigned short mtype);
+    int msgtype_is_response(unsigned short mtype);
+    // void print_message(const abstract_msg &message);
+    void process_csv_attrib(abstract_msg &msg, const std::string &cur_word);
+    void process_kv(abstract_msg &msg, const std::string &key, const std::string &value);
+    void process_xml_attrib_assign(abstract_msg &msg, const std::string &cur_word);
+    /*
+     * Attributes
+     */
+    std::vector<abstract_msg> messages;

+ 50842 - 0

@@ -0,0 +1,50842 @@

+ 257 - 0

@@ -0,0 +1,257 @@

Різницю між файлами не показано, бо вона завелика
+ 0 - 0

+ 483 - 0

@@ -0,0 +1,483 @@


+ 430 - 0

@@ -0,0 +1,430 @@
+Src: 1, Dst: 2, Type: 103, Time: 756.1045
+Src: 1, Dst: 3, Type: 103, Time: 756.1045
+Src: 2, Dst: 1, Type: 104, Time: 756.2045
+Src: 3, Dst: 1, Type: 104, Time: 756.3045
+Src: 1, Dst: 10, Type: 103, Time: 756.4045
+Src: 1, Dst: 15, Type: 103, Time: 756.4045
+Src: 1, Dst: 28, Type: 103, Time: 756.4045
+Src: 1, Dst: 12, Type: 103, Time: 756.4045
+Src: 1, Dst: 39, Type: 103, Time: 756.4045
+Src: 1, Dst: 159, Type: 103, Time: 756.4045
+Src: 10, Dst: 1, Type: 104, Time: 756.5045
+Src: 15, Dst: 1, Type: 104, Time: 756.5045
+Src: 28, Dst: 1, Type: 104, Time: 756.5045
+Src: 12, Dst: 1, Type: 104, Time: 756.5045
+Src: 39, Dst: 1, Type: 104, Time: 756.5045
+Src: 159, Dst: 1, Type: 3, Time: 756.8045
+Src: 2, Dst: 45, Type: 103, Time: 756.5045
+Src: 2, Dst: 81, Type: 103, Time: 756.5045
+Src: 2, Dst: 57, Type: 103, Time: 756.5045
+Src: 2, Dst: 64, Type: 103, Time: 756.5045
+Src: 2, Dst: 52, Type: 103, Time: 756.5045
+Src: 2, Dst: 11, Type: 103, Time: 756.5045
+Src: 45, Dst: 2, Type: 104, Time: 756.6045
+Src: 81, Dst: 2, Type: 104, Time: 756.6045
+Src: 57, Dst: 2, Type: 104, Time: 756.6045
+Src: 64, Dst: 2, Type: 104, Time: 756.6045
+Src: 52, Dst: 2, Type: 104, Time: 756.6045
+Src: 11, Dst: 2, Type: 3, Time: 756.9045
+Src: 3, Dst: 73, Type: 103, Time: 756.6045
+Src: 3, Dst: 219, Type: 103, Time: 756.6045
+Src: 3, Dst: 142, Type: 103, Time: 756.6045
+Src: 3, Dst: 232, Type: 103, Time: 756.6045
+Src: 3, Dst: 115, Type: 103, Time: 756.6045
+Src: 3, Dst: 94, Type: 103, Time: 756.6045
+Src: 73, Dst: 3, Type: 104, Time: 756.7045
+Src: 219, Dst: 3, Type: 104, Time: 756.7045
+Src: 142, Dst: 3, Type: 104, Time: 756.7045
+Src: 232, Dst: 3, Type: 104, Time: 756.7045
+Src: 115, Dst: 3, Type: 104, Time: 756.7045
+Src: 94, Dst: 3, Type: 3, Time: 757.0045
+Src: 1, Dst: 136, Type: 103, Time: 756.7045
+Src: 136, Dst: 1, Type: 104, Time: 756.8045
+Src: 1, Dst: 31, Type: 103, Time: 756.7045
+Src: 31, Dst: 1, Type: 104, Time: 756.8045
+Src: 2, Dst: 252, Type: 103, Time: 756.7045
+Src: 252, Dst: 2, Type: 104, Time: 756.8045
+Src: 2, Dst: 43, Type: 103, Time: 756.7045
+Src: 43, Dst: 2, Type: 104, Time: 756.8045
+Src: 3, Dst: 177, Type: 103, Time: 756.7045
+Src: 177, Dst: 3, Type: 104, Time: 756.8045
+Src: 3, Dst: 5, Type: 103, Time: 756.7045
+Src: 5, Dst: 3, Type: 104, Time: 756.8045
+Src: 10, Dst: 111, Type: 103, Time: 756.8045
+Src: 111, Dst: 10, Type: 104, Time: 756.9045
+Src: 10, Dst: 79, Type: 103, Time: 756.8045
+Src: 79, Dst: 10, Type: 104, Time: 756.9045
+Src: 15, Dst: 137, Type: 103, Time: 756.8045
+Src: 137, Dst: 15, Type: 104, Time: 756.9045
+Src: 15, Dst: 170, Type: 103, Time: 756.8045
+Src: 170, Dst: 15, Type: 104, Time: 756.9045
+Src: 28, Dst: 119, Type: 103, Time: 756.9045
+Src: 119, Dst: 28, Type: 104, Time: 757.0045
+Src: 28, Dst: 171, Type: 103, Time: 756.9045
+Src: 171, Dst: 28, Type: 104, Time: 757.0045
+Src: 12, Dst: 128, Type: 103, Time: 756.9045
+Src: 128, Dst: 12, Type: 104, Time: 757.0045
+Src: 12, Dst: 251, Type: 103, Time: 756.9045
+Src: 251, Dst: 12, Type: 104, Time: 757.0045
+Src: 39, Dst: 179, Type: 103, Time: 757.0045
+Src: 179, Dst: 39, Type: 104, Time: 757.1045
+Src: 39, Dst: 22, Type: 103, Time: 757.0045
+Src: 22, Dst: 39, Type: 104, Time: 757.1045
+Src: 45, Dst: 242, Type: 103, Time: 757.0045
+Src: 242, Dst: 45, Type: 104, Time: 757.1045
+Src: 45, Dst: 87, Type: 103, Time: 757.0045
+Src: 87, Dst: 45, Type: 104, Time: 757.1045
+Src: 81, Dst: 80, Type: 103, Time: 757.1045
+Src: 80, Dst: 81, Type: 104, Time: 757.2045
+Src: 81, Dst: 166, Type: 103, Time: 757.1045
+Src: 166, Dst: 81, Type: 104, Time: 757.2045
+Src: 57, Dst: 65, Type: 103, Time: 757.1045
+Src: 65, Dst: 57, Type: 104, Time: 757.2045
+Src: 57, Dst: 223, Type: 103, Time: 757.1045
+Src: 223, Dst: 57, Type: 104, Time: 757.2045
+Src: 64, Dst: 235, Type: 103, Time: 757.1045
+Src: 235, Dst: 64, Type: 104, Time: 757.2045
+Src: 64, Dst: 44, Type: 103, Time: 757.1045
+Src: 44, Dst: 64, Type: 104, Time: 757.2045
+Src: 52, Dst: 66, Type: 103, Time: 757.1045
+Src: 66, Dst: 52, Type: 104, Time: 757.2045
+Src: 52, Dst: 215, Type: 103, Time: 757.1045
+Src: 215, Dst: 52, Type: 104, Time: 757.2045
+Src: 73, Dst: 184, Type: 103, Time: 757.1045
+Src: 184, Dst: 73, Type: 104, Time: 757.2045
+Src: 73, Dst: 114, Type: 103, Time: 757.1045
+Src: 114, Dst: 73, Type: 104, Time: 757.2045
+Src: 219, Dst: 156, Type: 103, Time: 757.1045
+Src: 156, Dst: 219, Type: 104, Time: 757.2045
+Src: 219, Dst: 239, Type: 103, Time: 757.1045
+Src: 239, Dst: 219, Type: 104, Time: 757.2045
+Src: 142, Dst: 100, Type: 103, Time: 757.1045
+Src: 100, Dst: 142, Type: 104, Time: 757.2045
+Src: 142, Dst: 181, Type: 103, Time: 757.1045
+Src: 181, Dst: 142, Type: 104, Time: 757.2045
+Src: 232, Dst: 61, Type: 103, Time: 757.1045
+Src: 61, Dst: 232, Type: 104, Time: 757.2045
+Src: 232, Dst: 209, Type: 103, Time: 757.1045
+Src: 209, Dst: 232, Type: 104, Time: 757.2045
+Src: 115, Dst: 140, Type: 103, Time: 757.2045
+Src: 140, Dst: 115, Type: 104, Time: 757.3045
+Src: 115, Dst: 160, Type: 103, Time: 757.2045
+Src: 160, Dst: 115, Type: 104, Time: 757.3045
+Src: 1, Dst: 2, Type: 103, Time: 757.3045
+Src: 1, Dst: 3, Type: 103, Time: 757.3045
+Src: 1, Dst: 10, Type: 103, Time: 757.3045
+Src: 1, Dst: 15, Type: 103, Time: 757.3045
+Src: 1, Dst: 28, Type: 103, Time: 757.3045
+Src: 1, Dst: 12, Type: 103, Time: 757.3045
+Src: 1, Dst: 39, Type: 103, Time: 757.3045
+Src: 1, Dst: 136, Type: 103, Time: 757.3045
+Src: 1, Dst: 31, Type: 103, Time: 757.3045
+Src: 2, Dst: 1, Type: 104, Time: 757.4045
+Src: 3, Dst: 1, Type: 104, Time: 757.4045
+Src: 10, Dst: 1, Type: 104, Time: 757.4045
+Src: 15, Dst: 1, Type: 104, Time: 757.4045
+Src: 28, Dst: 1, Type: 104, Time: 757.4045
+Src: 12, Dst: 1, Type: 104, Time: 757.4045
+Src: 39, Dst: 1, Type: 104, Time: 757.4045
+Src: 136, Dst: , Type: 104, Time: 757.4045
+Src: 31, Dst: , Type: 104, Time: 757.4045
+Src: 2, Dst: 45, Type: 103, Time: 757.4045
+Src: 2, Dst: 81, Type: 103, Time: 757.4045
+Src: 2, Dst: 57, Type: 103, Time: 757.4045
+Src: 2, Dst: 64, Type: 103, Time: 757.4045
+Src: 2, Dst: 52, Type: 103, Time: 757.4045
+Src: 2, Dst: 252, Type: 103, Time: 757.4045
+Src: 2, Dst: 43, Type: 103, Time: 757.4045
+Src: 45, Dst: 2, Type: 104, Time: 757.5045
+Src: 81, Dst: 2, Type: 104, Time: 757.5045
+Src: 57, Dst: 2, Type: 104, Time: 757.5045
+Src: 64, Dst: 2, Type: 104, Time: 757.5045
+Src: 52, Dst: 2, Type: 104, Time: 757.5045
+Src: 252, Dst: 2, Type: 104, Time: 757.5045
+Src: 43, Dst: 2, Type: 104, Time: 757.5045
+Src: 3, Dst: 73, Type: 103, Time: 757.4045
+Src: 3, Dst: 219, Type: 103, Time: 757.4045
+Src: 3, Dst: 142, Type: 103, Time: 757.4045
+Src: 3, Dst: 232, Type: 103, Time: 757.4045
+Src: 3, Dst: 115, Type: 103, Time: 757.4045
+Src: 3, Dst: 177, Type: 103, Time: 757.4045
+Src: 3, Dst: 5, Type: 103, Time: 757.4045
+Src: 73, Dst: 3, Type: 104, Time: 757.5045
+Src: 219, Dst: 3, Type: 104, Time: 757.5045
+Src: 142, Dst: 3, Type: 104, Time: 757.5045
+Src: 232, Dst: 3, Type: 104, Time: 757.5045
+Src: 115, Dst: 3, Type: 104, Time: 757.5045
+Src: 94, Dst: 3, Type: 104, Time: 757.5045
+Src: 177, Dst: 3, Type: 104, Time: 757.5045
+Src: 10, Dst: 111, Type: 103, Time: 757.5045
+Src: 10, Dst: 79, Type: 103, Time: 757.5045
+Src: 111, Dst: 10, Type: 104, Time: 757.6045
+Src: 79, Dst: 10, Type: 104, Time: 757.6045
+Src: 15, Dst: 137, Type: 103, Time: 757.5045
+Src: 15, Dst: 170, Type: 103, Time: 757.5045
+Src: 137, Dst: 15, Type: 104, Time: 757.6045
+Src: 170, Dst: 15, Type: 104, Time: 757.6045
+Src: 28, Dst: 119, Type: 103, Time: 757.6045
+Src: 28, Dst: 171, Type: 103, Time: 757.6045
+Src: 119, Dst: 28, Type: 104, Time: 757.7045
+Src: 171, Dst: 28, Type: 104, Time: 757.7045
+Src: 12, Dst: 128, Type: 103, Time: 757.6045
+Src: 12, Dst: 251, Type: 103, Time: 757.6045
+Src: 128, Dst: 12, Type: 104, Time: 757.7045
+Src: 251, Dst: 12, Type: 104, Time: 757.7045
+Src: 39, Dst: 179, Type: 103, Time: 757.7045
+Src: 39, Dst: 22, Type: 103, Time: 757.7045
+Src: 179, Dst: 39, Type: 104, Time: 757.8045
+Src: 22, Dst: 39, Type: 104, Time: 757.8045
+Src: 45, Dst: 242, Type: 103, Time: 757.7045
+Src: 45, Dst: 87, Type: 103, Time: 757.7045
+Src: 242, Dst: 45, Type: 104, Time: 757.8045
+Src: 87, Dst: 45, Type: 104, Time: 757.8045
+Src: 81, Dst: 80, Type: 103, Time: 757.7045
+Src: 81, Dst: 166, Type: 103, Time: 757.7045
+Src: 80, Dst: 81, Type: 104, Time: 757.8045
+Src: 166, Dst: 81, Type: 104, Time: 757.8045
+Src: 57, Dst: 65, Type: 103, Time: 757.7045
+Src: 57, Dst: 223, Type: 103, Time: 757.7045
+Src: 65, Dst: 57, Type: 104, Time: 757.8045
+Src: 223, Dst: 57, Type: 104, Time: 757.8045
+Src: 64, Dst: 235, Type: 103, Time: 757.6045
+Src: 64, Dst: 44, Type: 103, Time: 757.6045
+Src: 235, Dst: 64, Type: 104, Time: 757.7045
+Src: 44, Dst: 64, Type: 104, Time: 757.7045
+Src: 52, Dst: 66, Type: 103, Time: 757.6045
+Src: 52, Dst: 215, Type: 103, Time: 757.6045
+Src: 66, Dst: 52, Type: 104, Time: 757.7045
+Src: 215, Dst: 52, Type: 104, Time: 757.7045
+Src: 73, Dst: 184, Type: 103, Time: 757.9045
+Src: 73, Dst: 114, Type: 103, Time: 757.9045
+Src: 184, Dst: 73, Type: 104, Time: 758.0045
+Src: 114, Dst: 73, Type: 104, Time: 758.0045
+Src: 219, Dst: 156, Type: 103, Time: 757.9045
+Src: 219, Dst: 239, Type: 103, Time: 757.9045
+Src: 156, Dst: 219, Type: 104, Time: 758.0045
+Src: 239, Dst: 219, Type: 104, Time: 758.0045
+Src: 142, Dst: 100, Type: 103, Time: 757.9045
+Src: 142, Dst: 181, Type: 103, Time: 757.9045
+Src: 100, Dst: 142, Type: 104, Time: 758.0045
+Src: 181, Dst: 142, Type: 104, Time: 758.0045
+Src: 232, Dst: 61, Type: 103, Time: 758.0045
+Src: 232, Dst: 209, Type: 103, Time: 758.0045
+Src: 61, Dst: 232, Type: 104, Time: 758.1045
+Src: 209, Dst: 232, Type: 104, Time: 758.1045
+Src: 115, Dst: 140, Type: 103, Time: 758.0045
+Src: 115, Dst: 160, Type: 103, Time: 758.0045
+Src: 140, Dst: 115, Type: 104, Time: 758.1045
+Src: 160, Dst: 115, Type: 104, Time: 758.1045
+Src: 1, Dst: 2, Type: 103, Time: 600757.3045
+Src: 1, Dst: 3, Type: 103, Time: 600757.3045
+Src: 1, Dst: 10, Type: 103, Time: 600757.3045
+Src: 1, Dst: 15, Type: 103, Time: 600757.3045
+Src: 1, Dst: 28, Type: 103, Time: 600757.3045
+Src: 1, Dst: 12, Type: 103, Time: 600757.3045
+Src: 1, Dst: 39, Type: 103, Time: 600757.3045
+Src: 1, Dst: 136, Type: 103, Time: 600757.3045
+Src: 1, Dst: 31, Type: 103, Time: 600757.3045
+Src: 2, Dst: 1, Type: 104, Time: 600757.4045
+Src: 3, Dst: 1, Type: 104, Time: 600757.4045
+Src: 10, Dst: 1, Type: 104, Time: 600757.4045
+Src: 15, Dst: 1, Type: 104, Time: 600757.4045
+Src: 28, Dst: 1, Type: 104, Time: 600757.4045
+Src: 12, Dst: 1, Type: 104, Time: 600757.4045
+Src: 39, Dst: 1, Type: 104, Time: 600757.4045
+Src: 136, Dst: , Type: 104, Time: 600757.4045
+Src: 31, Dst: , Type: 104, Time: 600757.4045
+Src: 1, Dst: 2, Type: 101, Time: 600757.5045
+Src: 1, Dst: 3, Type: 101, Time: 600757.5045
+Src: 1, Dst: 10, Type: 101, Time: 600757.5045
+Src: 1, Dst: 15, Type: 101, Time: 600757.5045
+Src: 1, Dst: 28, Type: 101, Time: 600757.5045
+Src: 1, Dst: 12, Type: 101, Time: 600757.5045
+Src: 1, Dst: 39, Type: 101, Time: 600757.5045
+Src: 1, Dst: 136, Type: 101, Time: 600757.5045
+Src: 1, Dst: 31, Type: 101, Time: 600757.5045
+Src: 2, Dst: 1, Type: 102, Time: 600757.6045
+Src: 3, Dst: 1, Type: 102, Time: 600757.6045
+Src: 10, Dst: 1, Type: 102, Time: 600757.6045
+Src: 15, Dst: 1, Type: 102, Time: 600757.6045
+Src: 28, Dst: 1, Type: 102, Time: 600757.6045
+Src: 12, Dst: 1, Type: 102, Time: 600757.6045
+Src: 39, Dst: 1, Type: 102, Time: 600757.6045
+Src: 136, Dst: , Type: 102, Time: 600757.6045
+Src: 31, Dst: , Type: 102, Time: 600757.6045
+Src: 2, Dst: 45, Type: 103, Time: 600757.4045
+Src: 2, Dst: 81, Type: 103, Time: 600757.4045
+Src: 2, Dst: 57, Type: 103, Time: 600757.4045
+Src: 2, Dst: 64, Type: 103, Time: 600757.4045
+Src: 2, Dst: 52, Type: 103, Time: 600757.4045
+Src: 2, Dst: 252, Type: 103, Time: 600757.4045
+Src: 2, Dst: 43, Type: 103, Time: 600757.4045
+Src: 45, Dst: 2, Type: 104, Time: 600757.5045
+Src: 81, Dst: 2, Type: 104, Time: 600757.5045
+Src: 57, Dst: 2, Type: 104, Time: 600757.5045
+Src: 64, Dst: 2, Type: 104, Time: 600757.5045
+Src: 52, Dst: 2, Type: 104, Time: 600757.5045
+Src: 252, Dst: 2, Type: 104, Time: 600757.5045
+Src: 43, Dst: 2, Type: 104, Time: 600757.5045
+Src: 2, Dst: 45, Type: 101, Time: 600757.6045
+Src: 2, Dst: 81, Type: 101, Time: 600757.6045
+Src: 2, Dst: 57, Type: 101, Time: 600757.6045
+Src: 2, Dst: 64, Type: 101, Time: 600757.6045
+Src: 2, Dst: 52, Type: 101, Time: 600757.6045
+Src: 2, Dst: 252, Type: 101, Time: 600757.6045
+Src: 2, Dst: 43, Type: 101, Time: 600757.6045
+Src: 45, Dst: 2, Type: 102, Time: 600757.7045
+Src: 81, Dst: 2, Type: 102, Time: 600757.7045
+Src: 57, Dst: 2, Type: 102, Time: 600757.7045
+Src: 64, Dst: 2, Type: 102, Time: 600757.7045
+Src: 52, Dst: 2, Type: 102, Time: 600757.7045
+Src: 252, Dst: 2, Type: 102, Time: 600757.7045
+Src: 43, Dst: 2, Type: 102, Time: 600757.7045
+Src: 3, Dst: 73, Type: 103, Time: 600757.4045
+Src: 3, Dst: 219, Type: 103, Time: 600757.4045
+Src: 3, Dst: 142, Type: 103, Time: 600757.4045
+Src: 3, Dst: 232, Type: 103, Time: 600757.4045
+Src: 3, Dst: 115, Type: 103, Time: 600757.4045
+Src: 3, Dst: 177, Type: 103, Time: 600757.4045
+Src: 3, Dst: 5, Type: 103, Time: 600757.4045
+Src: 73, Dst: 3, Type: 104, Time: 600757.5045
+Src: 219, Dst: 3, Type: 104, Time: 600757.5045
+Src: 142, Dst: 3, Type: 104, Time: 600757.5045
+Src: 232, Dst: 3, Type: 104, Time: 600757.5045
+Src: 115, Dst: 3, Type: 104, Time: 600757.5045
+Src: 94, Dst: 3, Type: 104, Time: 600757.5045
+Src: 177, Dst: 3, Type: 104, Time: 600757.5045
+Src: 3, Dst: 73, Type: 101, Time: 600757.6045
+Src: 3, Dst: 219, Type: 101, Time: 600757.6045
+Src: 3, Dst: 142, Type: 101, Time: 600757.6045
+Src: 3, Dst: 232, Type: 101, Time: 600757.6045
+Src: 3, Dst: 115, Type: 101, Time: 600757.6045
+Src: 3, Dst: 177, Type: 101, Time: 600757.6045
+Src: 3, Dst: 5, Type: 101, Time: 600757.6045
+Src: 73, Dst: 3, Type: 102, Time: 600757.7045
+Src: 219, Dst: 3, Type: 102, Time: 600757.7045
+Src: 142, Dst: 3, Type: 102, Time: 600757.7045
+Src: 232, Dst: 3, Type: 102, Time: 600757.7045
+Src: 115, Dst: 3, Type: 102, Time: 600757.7045
+Src: 94, Dst: 3, Type: 102, Time: 600757.7045
+Src: 177, Dst: 3, Type: 102, Time: 600757.7045
+Src: 10, Dst: 111, Type: 103, Time: 600757.5045
+Src: 10, Dst: 79, Type: 103, Time: 600757.5045
+Src: 111, Dst: 10, Type: 104, Time: 600757.6045
+Src: 79, Dst: 10, Type: 104, Time: 600757.6045
+Src: 10, Dst: 111, Type: 101, Time: 600757.7045
+Src: 10, Dst: 79, Type: 101, Time: 600757.7045
+Src: 111, Dst: 10, Type: 102, Time: 600757.8045
+Src: 79, Dst: 10, Type: 102, Time: 600757.8045
+Src: 15, Dst: 137, Type: 103, Time: 600757.5045
+Src: 15, Dst: 170, Type: 103, Time: 600757.5045
+Src: 137, Dst: 15, Type: 104, Time: 600757.6045
+Src: 170, Dst: 15, Type: 104, Time: 600757.6045
+Src: 15, Dst: 137, Type: 101, Time: 600757.7045
+Src: 15, Dst: 170, Type: 101, Time: 600757.7045
+Src: 137, Dst: 15, Type: 102, Time: 600757.8045
+Src: 170, Dst: 15, Type: 102, Time: 600757.8045
+Src: 28, Dst: 119, Type: 103, Time: 600757.6045
+Src: 28, Dst: 171, Type: 103, Time: 600757.6045
+Src: 119, Dst: 28, Type: 104, Time: 600757.7045
+Src: 171, Dst: 28, Type: 104, Time: 600757.7045
+Src: 28, Dst: 119, Type: 101, Time: 600757.8045
+Src: 28, Dst: 171, Type: 101, Time: 600757.8045
+Src: 119, Dst: 28, Type: 102, Time: 600757.9045
+Src: 171, Dst: 28, Type: 102, Time: 600757.9045
+Src: 12, Dst: 128, Type: 103, Time: 600757.6045
+Src: 12, Dst: 251, Type: 103, Time: 600757.6045
+Src: 128, Dst: 12, Type: 104, Time: 600757.7045
+Src: 251, Dst: 12, Type: 104, Time: 600757.7045
+Src: 12, Dst: 128, Type: 101, Time: 600757.8045
+Src: 12, Dst: 251, Type: 101, Time: 600757.8045
+Src: 128, Dst: 12, Type: 102, Time: 600757.9045
+Src: 251, Dst: 12, Type: 102, Time: 600757.9045
+Src: 39, Dst: 179, Type: 103, Time: 600757.7045
+Src: 39, Dst: 22, Type: 103, Time: 600757.7045
+Src: 179, Dst: 39, Type: 104, Time: 600757.8045
+Src: 22, Dst: 39, Type: 104, Time: 600757.8045
+Src: 39, Dst: 179, Type: 101, Time: 600757.9045
+Src: 39, Dst: 22, Type: 101, Time: 600757.9045
+Src: 179, Dst: 39, Type: 102, Time: 600758.0045
+Src: 22, Dst: 39, Type: 102, Time: 600758.0045
+Src: 45, Dst: 242, Type: 103, Time: 600757.7045
+Src: 45, Dst: 87, Type: 103, Time: 600757.7045
+Src: 242, Dst: 45, Type: 104, Time: 600757.8045
+Src: 87, Dst: 45, Type: 104, Time: 600757.8045
+Src: 45, Dst: 242, Type: 101, Time: 600757.9045
+Src: 45, Dst: 87, Type: 101, Time: 600757.9045
+Src: 242, Dst: 45, Type: 102, Time: 600758.0045
+Src: 87, Dst: 45, Type: 102, Time: 600758.0045
+Src: 81, Dst: 80, Type: 103, Time: 600757.7045
+Src: 81, Dst: 166, Type: 103, Time: 600757.7045
+Src: 80, Dst: 81, Type: 104, Time: 600757.8045
+Src: 166, Dst: 81, Type: 104, Time: 600757.8045
+Src: 81, Dst: 80, Type: 101, Time: 600757.9045
+Src: 81, Dst: 166, Type: 101, Time: 600757.9045
+Src: 80, Dst: 81, Type: 102, Time: 600758.0045
+Src: 166, Dst: 81, Type: 102, Time: 600758.0045
+Src: 57, Dst: 65, Type: 103, Time: 600757.7045
+Src: 57, Dst: 223, Type: 103, Time: 600757.7045
+Src: 65, Dst: 57, Type: 104, Time: 600757.8045
+Src: 223, Dst: 57, Type: 104, Time: 600757.8045
+Src: 57, Dst: 65, Type: 101, Time: 600757.9045
+Src: 57, Dst: 223, Type: 101, Time: 600757.9045
+Src: 65, Dst: 57, Type: 102, Time: 600758.0045
+Src: 223, Dst: 57, Type: 102, Time: 600758.0045
+Src: 64, Dst: 235, Type: 103, Time: 600757.6045
+Src: 64, Dst: 44, Type: 103, Time: 600757.6045
+Src: 235, Dst: 64, Type: 104, Time: 600757.7045
+Src: 44, Dst: 64, Type: 104, Time: 600757.7045
+Src: 64, Dst: 235, Type: 101, Time: 600757.8045
+Src: 64, Dst: 44, Type: 101, Time: 600757.8045
+Src: 235, Dst: 64, Type: 102, Time: 600757.9045
+Src: 44, Dst: 64, Type: 102, Time: 600757.9045
+Src: 52, Dst: 66, Type: 103, Time: 600757.6045
+Src: 52, Dst: 215, Type: 103, Time: 600757.6045
+Src: 66, Dst: 52, Type: 104, Time: 600757.7045
+Src: 215, Dst: 52, Type: 104, Time: 600757.7045
+Src: 52, Dst: 66, Type: 101, Time: 600757.8045
+Src: 52, Dst: 215, Type: 101, Time: 600757.8045
+Src: 66, Dst: 52, Type: 102, Time: 600757.9045
+Src: 215, Dst: 52, Type: 102, Time: 600757.9045
+Src: 73, Dst: 184, Type: 103, Time: 600757.9045
+Src: 73, Dst: 114, Type: 103, Time: 600757.9045
+Src: 184, Dst: 73, Type: 104, Time: 600758.0045
+Src: 114, Dst: 73, Type: 104, Time: 600758.0045
+Src: 73, Dst: 184, Type: 101, Time: 600757.1045
+Src: 73, Dst: 114, Type: 101, Time: 600757.1045
+Src: 184, Dst: 73, Type: 102, Time: 600758.2045
+Src: 114, Dst: 73, Type: 102, Time: 600758.2045
+Src: 219, Dst: 156, Type: 103, Time: 600757.9045
+Src: 219, Dst: 239, Type: 103, Time: 600757.9045
+Src: 156, Dst: 219, Type: 104, Time: 600758.0045
+Src: 239, Dst: 219, Type: 104, Time: 600758.0045
+Src: 219, Dst: 156, Type: 101, Time: 600758.1045
+Src: 219, Dst: 239, Type: 101, Time: 600758.1045
+Src: 156, Dst: 219, Type: 102, Time: 600758.2045
+Src: 239, Dst: 219, Type: 102, Time: 600758.2045
+Src: 142, Dst: 100, Type: 103, Time: 600757.9045
+Src: 142, Dst: 181, Type: 103, Time: 600757.9045
+Src: 100, Dst: 142, Type: 104, Time: 600758.0045
+Src: 181, Dst: 142, Type: 104, Time: 600758.0045
+Src: 142, Dst: 100, Type: 101, Time: 600758.0045
+Src: 142, Dst: 181, Type: 101, Time: 600758.0045
+Src: 100, Dst: 142, Type: 102, Time: 600758.1045
+Src: 181, Dst: 142, Type: 102, Time: 600758.1045
+Src: 232, Dst: 61, Type: 103, Time: 600758.0045
+Src: 232, Dst: 209, Type: 103, Time: 600758.0045
+Src: 61, Dst: 232, Type: 104, Time: 600758.1045
+Src: 209, Dst: 232, Type: 104, Time: 600758.1045
+Src: 232, Dst: 61, Type: 101, Time: 600758.2045
+Src: 232, Dst: 209, Type: 101, Time: 600758.2045
+Src: 61, Dst: 232, Type: 102, Time: 600758.3045
+Src: 209, Dst: 232, Type: 102, Time: 600758.3045
+Src: 115, Dst: 140, Type: 103, Time: 600758.0045
+Src: 115, Dst: 160, Type: 103, Time: 600758.0045
+Src: 140, Dst: 115, Type: 104, Time: 600758.1045
+Src: 160, Dst: 115, Type: 104, Time: 600758.1045
+Src: 115, Dst: 140, Type: 101, Time: 600758.2045
+Src: 115, Dst: 160, Type: 101, Time: 600758.2045
+Src: 140, Dst: 115, Type: 102, Time: 600758.3045
+Src: 160, Dst: 115, Type: 102, Time: 600758.3045

+ 664 - 0

@@ -0,0 +1,664 @@
+Source, Destination, Type, Time
+// 3 Bots initiate contact
+Src: 1, Des: 2, Type: 103, Time: 756.1045
+Src: 1, Des: 3, Type: 103, Time: 756.1045
+Src: 2, Des: 1, Type: 104, Time: 756.2045
+Src: 3, Des: 1, Type: 104, Time: 756.3045
+// 5 additional bots contacted by Bot 1
+Src: 1, Des: 10, Type: 103, Time: 756.4045
+Src: 1, Des: 15, Type: 103, Time: 756.4045
+Src: 1, Des: 28, Type: 103, Time: 756.4045
+Src: 1, Des: 12, Type: 103, Time: 756.4045
+Src: 1, Des: 39, Type: 103, Time: 756.4045
+Src: 1, Des: 159, Type: 103, Time: 756.4045 // will not reply
+// answers of additional bots for bot 1
+Src: 10, Des: 1, Type: 104, Time: 756.5045
+Src: 15, Des: 1, Type: 104, Time: 756.5045
+Src: 28, Des: 1, Type: 104, Time: 756.5045
+Src: 12, Des: 1, Type: 104, Time: 756.5045
+Src: 39, Des: 1, Type: 104, Time: 756.5045
+Src: 159, Des: 1, Type: 3, Time: 756.8045 // timeout
+// 5 additional bots contacted by Bot 2
+Src: 2, Des: 45, Type: 103, Time: 756.5045
+Src: 2, Des: 81, Type: 103, Time: 756.5045
+Src: 2, Des: 57, Type: 103, Time: 756.5045
+Src: 2, Des: 64, Type: 103, Time: 756.5045
+Src: 2, Des: 52, Type: 103, Time: 756.5045
+Src: 2, Des: 11, Type: 103, Time: 756.5045 // will not reply
+// answers of additional bots for bot 2
+Src: 45, Des: 2, Type: 104, Time: 756.6045
+Src: 81, Des: 2, Type: 104, Time: 756.6045
+Src: 57, Des: 2, Type: 104, Time: 756.6045
+Src: 64, Des: 2, Type: 104, Time: 756.6045
+Src: 52, Des: 2, Type: 104, Time: 756.6045
+Src: 11, Des: 2, Type: 3, Time: 756.9045 // timeout
+// 5 additional bots contacted by Bot 3
+Src: 3, Des: 73, Type: 103, Time: 756.6045
+Src: 3, Des: 219, Type: 103, Time: 756.6045
+Src: 3, Des: 142, Type: 103, Time: 756.6045
+Src: 3, Des: 232, Type: 103, Time: 756.6045
+Src: 3, Des: 115, Type: 103, Time: 756.6045
+Src: 3, Des: 94, Type: 103, Time: 756.6045 // will not reply
+// answers of additional bots for bot 3
+Src: 73, Des: 3, Type: 104, Time: 756.7045
+Src: 219, Des: 3, Type: 104, Time: 756.7045
+Src: 142, Des: 3, Type: 104, Time: 756.7045
+Src: 232, Des: 3, Type: 104, Time: 756.7045
+Src: 115, Des: 3, Type: 104, Time: 756.7045
+Src: 94, Des: 3, Type: 3, Time: 757.0045 // timeout
+// 2 additional external Bots contacted by all bots
+// and answers of the 2 additional external Bots
+Src: 1, Des: 136, Type: 103, Time: 756.7045
+Src: 136, Des: 1, Type: 104, Time: 756.8045
+Src: 1, Des: 31, Type: 103, Time: 756.7045
+Src: 31, Des: 1, Type: 104, Time: 756.8045
+Src: 2, Des: 252, Type: 103, Time: 756.7045
+Src: 252, Des: 2, Type: 104, Time: 756.8045
+Src: 2, Des: 43, Type: 103, Time: 756.7045
+Src: 43, Des: 2, Type: 104, Time: 756.8045
+Src: 3, Des: 177, Type: 103, Time: 756.7045
+Src: 177, Des: 3, Type: 104, Time: 756.8045
+Src: 3, Des: 5, Type: 103, Time: 756.7045
+Src: 5, Des: 3, Type: 104, Time: 756.8045
+Src: 10, Des: 111, Type: 103, Time: 756.8045
+Src: 111, Des: 10, Type: 104, Time: 756.9045
+Src: 10, Des: 79, Type: 103, Time: 756.8045
+Src: 79, Des: 10, Type: 104, Time: 756.9045
+Src: 15, Des: 137, Type: 103, Time: 756.8045
+Src: 137, Des: 15, Type: 104, Time: 756.9045
+Src: 15, Des: 170, Type: 103, Time: 756.8045
+Src: 170, Des: 15, Type: 104, Time: 756.9045
+Src: 28, Des: 119, Type: 103, Time: 756.9045
+Src: 119, Des: 28, Type: 104, Time: 757.0045
+Src: 28, Des: 171, Type: 103, Time: 756.9045
+Src: 171, Des: 28, Type: 104, Time: 757.0045
+Src: 12, Des: 128, Type: 103, Time: 756.9045
+Src: 128, Des: 12, Type: 104, Time: 757.0045
+Src: 12, Des: 251, Type: 103, Time: 756.9045
+Src: 251, Des: 12, Type: 104, Time: 757.0045
+Src: 39, Des: 179, Type: 103, Time: 757.0045
+Src: 179, Des: 39, Type: 104, Time: 757.1045
+Src: 39, Des: 22, Type: 103, Time: 757.0045
+Src: 22, Des: 39, Type: 104, Time: 757.1045
+Src: 45, Des: 242, Type: 103, Time: 757.0045
+Src: 242, Des: 45, Type: 104, Time: 757.1045
+Src: 45, Des: 87, Type: 103, Time: 757.0045
+Src: 87, Des: 45, Type: 104, Time: 757.1045
+Src: 81, Des: 80, Type: 103, Time: 757.1045
+Src: 80, Des: 81, Type: 104, Time: 757.2045
+Src: 81, Des: 166, Type: 103, Time: 757.1045
+Src: 166, Des: 81, Type: 104, Time: 757.2045
+Src: 57, Des: 65, Type: 103, Time: 757.1045
+Src: 65, Des: 57, Type: 104, Time: 757.2045
+Src: 57, Des: 223, Type: 103, Time: 757.1045
+Src: 223, Des: 57, Type: 104, Time: 757.2045
+Src: 64, Des: 235, Type: 103, Time: 757.1045
+Src: 235, Des: 64, Type: 104, Time: 757.2045
+Src: 64, Des: 44, Type: 103, Time: 757.1045
+Src: 44, Des: 64, Type: 104, Time: 757.2045
+Src: 52, Des: 66, Type: 103, Time: 757.1045
+Src: 66, Des: 52, Type: 104, Time: 757.2045
+Src: 52, Des: 215, Type: 103, Time: 757.1045
+Src: 215, Des: 52, Type: 104, Time: 757.2045
+Src: 73, Des: 184, Type: 103, Time: 757.1045
+Src: 184, Des: 73, Type: 104, Time: 757.2045
+Src: 73, Des: 114, Type: 103, Time: 757.1045
+Src: 114, Des: 73, Type: 104, Time: 757.2045
+Src: 219, Des: 156, Type: 103, Time: 757.1045
+Src: 156, Des: 219, Type: 104, Time: 757.2045
+Src: 219, Des: 239, Type: 103, Time: 757.1045
+Src: 239, Des: 219, Type: 104, Time: 757.2045
+Src: 142, Des: 100, Type: 103, Time: 757.1045
+Src: 100, Des: 142, Type: 104, Time: 757.2045
+Src: 142, Des: 181, Type: 103, Time: 757.1045
+Src: 181, Des: 142, Type: 104, Time: 757.2045
+Src: 232, Des: 61, Type: 103, Time: 757.1045
+Src: 61, Des: 232, Type: 104, Time: 757.2045
+Src: 232, Des: 209, Type: 103, Time: 757.1045
+Src: 209, Des: 232, Type: 104, Time: 757.2045
+Src: 115, Des: 140, Type: 103, Time: 757.2045
+Src: 140, Des: 115, Type: 104, Time: 757.3045
+Src: 115, Des: 160, Type: 103, Time: 757.2045
+Src: 160, Des: 115, Type: 104, Time: 757.3045
+// #############################################
+// First round start - only 103 + reply(104)
+// initiator #1
+Src: 1, Des: 2, Type: 103, Time: 757.3045
+Src: 1, Des: 3, Type: 103, Time: 757.3045
+Src: 1, Des: 10, Type: 103, Time: 757.3045
+Src: 1, Des: 15, Type: 103, Time: 757.3045
+Src: 1, Des: 28, Type: 103, Time: 757.3045
+Src: 1, Des: 12, Type: 103, Time: 757.3045
+Src: 1, Des: 39, Type: 103, Time: 757.3045
+Src: 1, Des: 136, Type: 103, Time: 757.3045
+Src: 1, Des: 31, Type: 103, Time: 757.3045
+// reply for initiator #1
+Src: 2, Des: 1, Type: 104, Time: 757.4045
+Src: 3, Des: 1, Type: 104, Time: 757.4045
+Src: 10, Des: 1, Type: 104, Time: 757.4045
+Src: 15, Des: 1, Type: 104, Time: 757.4045
+Src: 28, Des: 1, Type: 104, Time: 757.4045
+Src: 12, Des: 1, Type: 104, Time: 757.4045
+Src: 39, Des: 1, Type: 104, Time: 757.4045
+Src: 136, Des: , Type: 104, Time: 757.4045
+Src: 31, Des: , Type: 104, Time: 757.4045
+// initiator #2
+Src: 2, Des: 45, Type: 103, Time: 757.4045
+Src: 2, Des: 81, Type: 103, Time: 757.4045
+Src: 2, Des: 57, Type: 103, Time: 757.4045
+Src: 2, Des: 64, Type: 103, Time: 757.4045
+Src: 2, Des: 52, Type: 103, Time: 757.4045
+Src: 2, Des: 252, Type: 103, Time: 757.4045
+Src: 2, Des: 43, Type: 103, Time: 757.4045
+// reply for initiator #2
+Src: 45, Des: 2, Type: 104, Time: 757.5045
+Src: 81, Des: 2, Type: 104, Time: 757.5045
+Src: 57, Des: 2, Type: 104, Time: 757.5045
+Src: 64, Des: 2, Type: 104, Time: 757.5045
+Src: 52, Des: 2, Type: 104, Time: 757.5045
+Src: 252, Des: 2, Type: 104, Time: 757.5045
+Src: 43, Des: 2, Type: 104, Time: 757.5045
+// initiator #3 + reply
+Src: 3, Des: 73, Type: 103, Time: 757.4045
+Src: 3, Des: 219, Type: 103, Time: 757.4045
+Src: 3, Des: 142, Type: 103, Time: 757.4045
+Src: 3, Des: 232, Type: 103, Time: 757.4045
+Src: 3, Des: 115, Type: 103, Time: 757.4045
+Src: 3, Des: 177, Type: 103, Time: 757.4045
+Src: 3, Des: 5, Type: 103, Time: 757.4045
+// reply for initiator #3
+Src: 73, Des: 3, Type: 104, Time: 757.5045
+Src: 219, Des: 3, Type: 104, Time: 757.5045
+Src: 142, Des: 3, Type: 104, Time: 757.5045
+Src: 232, Des: 3, Type: 104, Time: 757.5045
+Src: 115, Des: 3, Type: 104, Time: 757.5045
+Src: 94, Des: 3, Type: 104, Time: 757.5045
+Src: 177, Des: 3, Type: 104, Time: 757.5045
+// initiator #10 + reply
+Src: 10, Des: 111, Type: 103, Time: 757.5045
+Src: 10, Des: 79, Type: 103, Time: 757.5045
+Src: 111, Des: 10, Type: 104, Time: 757.6045
+Src: 79, Des: 10, Type: 104, Time: 757.6045
+// initiator #15 + reply
+Src: 15, Des: 137, Type: 103, Time: 757.5045
+Src: 15, Des: 170, Type: 103, Time: 757.5045
+Src: 137, Des: 15, Type: 104, Time: 757.6045
+Src: 170, Des: 15, Type: 104, Time: 757.6045
+// initiator #28 + reply
+Src: 28, Des: 119, Type: 103, Time: 757.6045
+Src: 28, Des: 171, Type: 103, Time: 757.6045
+Src: 119, Des: 28, Type: 104, Time: 757.7045
+Src: 171, Des: 28, Type: 104, Time: 757.7045
+// initiator #12 + reply
+Src: 12, Des: 128, Type: 103, Time: 757.6045
+Src: 12, Des: 251, Type: 103, Time: 757.6045
+Src: 128, Des: 12, Type: 104, Time: 757.7045
+Src: 251, Des: 12, Type: 104, Time: 757.7045
+// initiator #39 + reply
+Src: 39, Des: 179, Type: 103, Time: 757.7045
+Src: 39, Des: 22, Type: 103, Time: 757.7045
+Src: 179, Des: 39, Type: 104, Time: 757.8045
+Src: 22, Des: 39, Type: 104, Time: 757.8045
+// initiator #45 + reply
+Src: 45, Des: 242, Type: 103, Time: 757.7045
+Src: 45, Des: 87, Type: 103, Time: 757.7045
+Src: 242, Des: 45, Type: 104, Time: 757.8045
+Src: 87, Des: 45, Type: 104, Time: 757.8045
+// initiator #81 + reply
+Src: 81, Des: 80, Type: 103, Time: 757.7045
+Src: 81, Des: 166, Type: 103, Time: 757.7045
+Src: 80, Des: 81, Type: 104, Time: 757.8045
+Src: 166, Des: 81, Type: 104, Time: 757.8045
+// initiator #57 + reply
+Src: 57, Des: 65, Type: 103, Time: 757.7045
+Src: 57, Des: 223, Type: 103, Time: 757.7045
+Src: 65, Des: 57, Type: 104, Time: 757.8045
+Src: 223, Des: 57, Type: 104, Time: 757.8045
+// initiator #64 + reply
+Src: 64, Des: 235, Type: 103, Time: 757.6045
+Src: 64, Des: 44, Type: 103, Time: 757.6045
+Src: 235, Des: 64, Type: 104, Time: 757.7045
+Src: 44, Des: 64, Type: 104, Time: 757.7045
+// initiator #52 + reply
+Src: 52, Des: 66, Type: 103, Time: 757.6045
+Src: 52, Des: 215, Type: 103, Time: 757.6045
+Src: 66, Des: 52, Type: 104, Time: 757.7045
+Src: 215, Des: 52, Type: 104, Time: 757.7045
+// initiator #73 + reply
+Src: 73, Des: 184, Type: 103, Time: 757.9045
+Src: 73, Des: 114, Type: 103, Time: 757.9045
+Src: 184, Des: 73, Type: 104, Time: 758.0045
+Src: 114, Des: 73, Type: 104, Time: 758.0045
+// initiator #219 + reply
+Src: 219, Des: 156, Type: 103, Time: 757.9045
+Src: 219, Des: 239, Type: 103, Time: 757.9045
+Src: 156, Des: 219, Type: 104, Time: 758.0045
+Src: 239, Des: 219, Type: 104, Time: 758.0045
+// initiator #142 + reply
+Src: 142, Des: 100, Type: 103, Time: 757.9045
+Src: 142, Des: 181, Type: 103, Time: 757.9045
+Src: 100, Des: 142, Type: 104, Time: 758.0045
+Src: 181, Des: 142, Type: 104, Time: 758.0045
+// initiator #232 + reply
+Src: 232, Des: 61, Type: 103, Time: 758.0045
+Src: 232, Des: 209, Type: 103, Time: 758.0045
+Src: 61, Des: 232, Type: 104, Time: 758.1045
+Src: 209, Des: 232, Type: 104, Time: 758.1045
+// initiator #115 + reply
+Src: 115, Des: 140, Type: 103, Time: 758.0045
+Src: 115, Des: 160, Type: 103, Time: 758.0045
+Src: 140, Des: 115, Type: 104, Time: 758.1045
+Src: 160, Des: 115, Type: 104, Time: 758.1045
+// ############################################
+// first round end
+// now wait 10min
+// #############################################
+// Second round start - only 103 + reply(104) followed by 101+reply(102)
+// initiator #1
+Src: 1, Des: 2, Type: 103, Time: 600757.3045
+Src: 1, Des: 3, Type: 103, Time: 600757.3045
+Src: 1, Des: 10, Type: 103, Time: 600757.3045
+Src: 1, Des: 15, Type: 103, Time: 600757.3045
+Src: 1, Des: 28, Type: 103, Time: 600757.3045
+Src: 1, Des: 12, Type: 103, Time: 600757.3045
+Src: 1, Des: 39, Type: 103, Time: 600757.3045
+Src: 1, Des: 136, Type: 103, Time: 600757.3045
+Src: 1, Des: 31, Type: 103, Time: 600757.3045
+// reply for initiator #1
+Src: 2, Des: 1, Type: 104, Time: 600757.4045
+Src: 3, Des: 1, Type: 104, Time: 600757.4045
+Src: 10, Des: 1, Type: 104, Time: 600757.4045
+Src: 15, Des: 1, Type: 104, Time: 600757.4045
+Src: 28, Des: 1, Type: 104, Time: 600757.4045
+Src: 12, Des: 1, Type: 104, Time: 600757.4045
+Src: 39, Des: 1, Type: 104, Time: 600757.4045
+Src: 136, Des: , Type: 104, Time: 600757.4045
+Src: 31, Des: , Type: 104, Time: 600757.4045
+// initiator #1 101
+Src: 1, Des: 2, Type: 101, Time: 600757.5045
+Src: 1, Des: 3, Type: 101, Time: 600757.5045
+Src: 1, Des: 10, Type: 101, Time: 600757.5045
+Src: 1, Des: 15, Type: 101, Time: 600757.5045
+Src: 1, Des: 28, Type: 101, Time: 600757.5045
+Src: 1, Des: 12, Type: 101, Time: 600757.5045
+Src: 1, Des: 39, Type: 101, Time: 600757.5045
+Src: 1, Des: 136, Type: 101, Time: 600757.5045
+Src: 1, Des: 31, Type: 101, Time: 600757.5045
+// reply 102 for initiator #1
+Src: 2, Des: 1, Type: 102, Time: 600757.6045
+Src: 3, Des: 1, Type: 102, Time: 600757.6045
+Src: 10, Des: 1, Type: 102, Time: 600757.6045
+Src: 15, Des: 1, Type: 102, Time: 600757.6045
+Src: 28, Des: 1, Type: 102, Time: 600757.6045
+Src: 12, Des: 1, Type: 102, Time: 600757.6045
+Src: 39, Des: 1, Type: 102, Time: 600757.6045
+Src: 136, Des: , Type: 102, Time: 600757.6045
+Src: 31, Des: , Type: 102, Time: 600757.6045
+// initiator #2
+Src: 2, Des: 45, Type: 103, Time: 600757.4045
+Src: 2, Des: 81, Type: 103, Time: 600757.4045
+Src: 2, Des: 57, Type: 103, Time: 600757.4045
+Src: 2, Des: 64, Type: 103, Time: 600757.4045
+Src: 2, Des: 52, Type: 103, Time: 600757.4045
+Src: 2, Des: 252, Type: 103, Time: 600757.4045
+Src: 2, Des: 43, Type: 103, Time: 600757.4045
+// reply for initiator #2
+Src: 45, Des: 2, Type: 104, Time: 600757.5045
+Src: 81, Des: 2, Type: 104, Time: 600757.5045
+Src: 57, Des: 2, Type: 104, Time: 600757.5045
+Src: 64, Des: 2, Type: 104, Time: 600757.5045
+Src: 52, Des: 2, Type: 104, Time: 600757.5045
+Src: 252, Des: 2, Type: 104, Time: 600757.5045
+Src: 43, Des: 2, Type: 104, Time: 600757.5045
+// initiator #2
+Src: 2, Des: 45, Type: 101, Time: 600757.6045
+Src: 2, Des: 81, Type: 101, Time: 600757.6045
+Src: 2, Des: 57, Type: 101, Time: 600757.6045
+Src: 2, Des: 64, Type: 101, Time: 600757.6045
+Src: 2, Des: 52, Type: 101, Time: 600757.6045
+Src: 2, Des: 252, Type: 101, Time: 600757.6045
+Src: 2, Des: 43, Type: 101, Time: 600757.6045
+// reply for initiator #2
+Src: 45, Des: 2, Type: 102, Time: 600757.7045
+Src: 81, Des: 2, Type: 102, Time: 600757.7045
+Src: 57, Des: 2, Type: 102, Time: 600757.7045
+Src: 64, Des: 2, Type: 102, Time: 600757.7045
+Src: 52, Des: 2, Type: 102, Time: 600757.7045
+Src: 252, Des: 2, Type: 102, Time: 600757.7045
+Src: 43, Des: 2, Type: 102, Time: 600757.7045
+// initiator #3 + reply
+Src: 3, Des: 73, Type: 103, Time: 600757.4045
+Src: 3, Des: 219, Type: 103, Time: 600757.4045
+Src: 3, Des: 142, Type: 103, Time: 600757.4045
+Src: 3, Des: 232, Type: 103, Time: 600757.4045
+Src: 3, Des: 115, Type: 103, Time: 600757.4045
+Src: 3, Des: 177, Type: 103, Time: 600757.4045
+Src: 3, Des: 5, Type: 103, Time: 600757.4045
+// reply for initiator #3
+Src: 73, Des: 3, Type: 104, Time: 600757.5045
+Src: 219, Des: 3, Type: 104, Time: 600757.5045
+Src: 142, Des: 3, Type: 104, Time: 600757.5045
+Src: 232, Des: 3, Type: 104, Time: 600757.5045
+Src: 115, Des: 3, Type: 104, Time: 600757.5045
+Src: 94, Des: 3, Type: 104, Time: 600757.5045
+Src: 177, Des: 3, Type: 104, Time: 600757.5045
+// initiator #3 101
+Src: 3, Des: 73, Type: 101, Time: 600757.6045
+Src: 3, Des: 219, Type: 101, Time: 600757.6045
+Src: 3, Des: 142, Type: 101, Time: 600757.6045
+Src: 3, Des: 232, Type: 101, Time: 600757.6045
+Src: 3, Des: 115, Type: 101, Time: 600757.6045
+Src: 3, Des: 177, Type: 101, Time: 600757.6045
+Src: 3, Des: 5, Type: 101, Time: 600757.6045
+// reply 102 for initiator #3
+Src: 73, Des: 3, Type: 102, Time: 600757.7045
+Src: 219, Des: 3, Type: 102, Time: 600757.7045
+Src: 142, Des: 3, Type: 102, Time: 600757.7045
+Src: 232, Des: 3, Type: 102, Time: 600757.7045
+Src: 115, Des: 3, Type: 102, Time: 600757.7045
+Src: 94, Des: 3, Type: 102, Time: 600757.7045
+Src: 177, Des: 3, Type: 102, Time: 600757.7045
+// initiator #10 + reply
+Src: 10, Des: 111, Type: 103, Time: 600757.5045
+Src: 10, Des: 79, Type: 103, Time: 600757.5045
+Src: 111, Des: 10, Type: 104, Time: 600757.6045
+Src: 79, Des: 10, Type: 104, Time: 600757.6045
+// initiator #10 + reply
+Src: 10, Des: 111, Type: 101, Time: 600757.7045
+Src: 10, Des: 79, Type: 101, Time: 600757.7045
+Src: 111, Des: 10, Type: 102, Time: 600757.8045
+Src: 79, Des: 10, Type: 102, Time: 600757.8045
+// initiator #15 + reply
+Src: 15, Des: 137, Type: 103, Time: 600757.5045
+Src: 15, Des: 170, Type: 103, Time: 600757.5045
+Src: 137, Des: 15, Type: 104, Time: 600757.6045
+Src: 170, Des: 15, Type: 104, Time: 600757.6045
+// initiator #15 + reply
+Src: 15, Des: 137, Type: 101, Time: 600757.7045
+Src: 15, Des: 170, Type: 101, Time: 600757.7045
+Src: 137, Des: 15, Type: 102, Time: 600757.8045
+Src: 170, Des: 15, Type: 102, Time: 600757.8045
+// initiator #28 + reply
+Src: 28, Des: 119, Type: 103, Time: 600757.6045
+Src: 28, Des: 171, Type: 103, Time: 600757.6045
+Src: 119, Des: 28, Type: 104, Time: 600757.7045
+Src: 171, Des: 28, Type: 104, Time: 600757.7045
+// initiator #28 + reply
+Src: 28, Des: 119, Type: 101, Time: 600757.8045
+Src: 28, Des: 171, Type: 101, Time: 600757.8045
+Src: 119, Des: 28, Type: 102, Time: 600757.9045
+Src: 171, Des: 28, Type: 102, Time: 600757.9045
+// initiator #12 + reply
+Src: 12, Des: 128, Type: 103, Time: 600757.6045
+Src: 12, Des: 251, Type: 103, Time: 600757.6045
+Src: 128, Des: 12, Type: 104, Time: 600757.7045
+Src: 251, Des: 12, Type: 104, Time: 600757.7045
+// initiator #12 + reply
+Src: 12, Des: 128, Type: 101, Time: 600757.8045
+Src: 12, Des: 251, Type: 101, Time: 600757.8045
+Src: 128, Des: 12, Type: 102, Time: 600757.9045
+Src: 251, Des: 12, Type: 102, Time: 600757.9045
+// initiator #39 + reply
+Src: 39, Des: 179, Type: 103, Time: 600757.7045
+Src: 39, Des: 22, Type: 103, Time: 600757.7045
+Src: 179, Des: 39, Type: 104, Time: 600757.8045
+Src: 22, Des: 39, Type: 104, Time: 600757.8045
+// initiator #39 + reply
+Src: 39, Des: 179, Type: 101, Time: 600757.9045
+Src: 39, Des: 22, Type: 101, Time: 600757.9045
+Src: 179, Des: 39, Type: 102, Time: 600758.0045
+Src: 22, Des: 39, Type: 102, Time: 600758.0045
+// initiator #45 + reply
+Src: 45, Des: 242, Type: 103, Time: 600757.7045
+Src: 45, Des: 87, Type: 103, Time: 600757.7045
+Src: 242, Des: 45, Type: 104, Time: 600757.8045
+Src: 87, Des: 45, Type: 104, Time: 600757.8045
+// initiator #45 + reply
+Src: 45, Des: 242, Type: 101, Time: 600757.9045
+Src: 45, Des: 87, Type: 101, Time: 600757.9045
+Src: 242, Des: 45, Type: 102, Time: 600758.0045
+Src: 87, Des: 45, Type: 102, Time: 600758.0045
+// initiator #81 + reply
+Src: 81, Des: 80, Type: 103, Time: 600757.7045
+Src: 81, Des: 166, Type: 103, Time: 600757.7045
+Src: 80, Des: 81, Type: 104, Time: 600757.8045
+Src: 166, Des: 81, Type: 104, Time: 600757.8045
+// initiator #81 + reply
+Src: 81, Des: 80, Type: 101, Time: 600757.9045
+Src: 81, Des: 166, Type: 101, Time: 600757.9045
+Src: 80, Des: 81, Type: 102, Time: 600758.0045
+Src: 166, Des: 81, Type: 102, Time: 600758.0045
+// initiator #57 + reply
+Src: 57, Des: 65, Type: 103, Time: 600757.7045
+Src: 57, Des: 223, Type: 103, Time: 600757.7045
+Src: 65, Des: 57, Type: 104, Time: 600757.8045
+Src: 223, Des: 57, Type: 104, Time: 600757.8045
+// initiator #57 + reply
+Src: 57, Des: 65, Type: 101, Time: 600757.9045
+Src: 57, Des: 223, Type: 101, Time: 600757.9045
+Src: 65, Des: 57, Type: 102, Time: 600758.0045
+Src: 223, Des: 57, Type: 102, Time: 600758.0045
+// initiator #64 + reply
+Src: 64, Des: 235, Type: 103, Time: 600757.6045
+Src: 64, Des: 44, Type: 103, Time: 600757.6045
+Src: 235, Des: 64, Type: 104, Time: 600757.7045
+Src: 44, Des: 64, Type: 104, Time: 600757.7045
+// initiator #64 + reply
+Src: 64, Des: 235, Type: 101, Time: 600757.8045
+Src: 64, Des: 44, Type: 101, Time: 600757.8045
+Src: 235, Des: 64, Type: 102, Time: 600757.9045
+Src: 44, Des: 64, Type: 102, Time: 600757.9045
+// initiator #52 + reply
+Src: 52, Des: 66, Type: 103, Time: 600757.6045
+Src: 52, Des: 215, Type: 103, Time: 600757.6045
+Src: 66, Des: 52, Type: 104, Time: 600757.7045
+Src: 215, Des: 52, Type: 104, Time: 600757.7045
+// initiator #52 + reply
+Src: 52, Des: 66, Type: 101, Time: 600757.8045
+Src: 52, Des: 215, Type: 101, Time: 600757.8045
+Src: 66, Des: 52, Type: 102, Time: 600757.9045
+Src: 215, Des: 52, Type: 102, Time: 600757.9045
+// initiator #73 + reply
+Src: 73, Des: 184, Type: 103, Time: 600757.9045
+Src: 73, Des: 114, Type: 103, Time: 600757.9045
+Src: 184, Des: 73, Type: 104, Time: 600758.0045
+Src: 114, Des: 73, Type: 104, Time: 600758.0045
+// initiator #73 + reply
+Src: 73, Des: 184, Type: 101, Time: 600757.1045
+Src: 73, Des: 114, Type: 101, Time: 600757.1045
+Src: 184, Des: 73, Type: 102, Time: 600758.2045
+Src: 114, Des: 73, Type: 102, Time: 600758.2045
+// initiator #219 + reply
+Src: 219, Des: 156, Type: 103, Time: 600757.9045
+Src: 219, Des: 239, Type: 103, Time: 600757.9045
+Src: 156, Des: 219, Type: 104, Time: 600758.0045
+Src: 239, Des: 219, Type: 104, Time: 600758.0045
+// initiator #219 + reply
+Src: 219, Des: 156, Type: 101, Time: 600758.1045
+Src: 219, Des: 239, Type: 101, Time: 600758.1045
+Src: 156, Des: 219, Type: 102, Time: 600758.2045
+Src: 239, Des: 219, Type: 102, Time: 600758.2045
+// initiator #142 + reply
+Src: 142, Des: 100, Type: 103, Time: 600757.9045
+Src: 142, Des: 181, Type: 103, Time: 600757.9045
+Src: 100, Des: 142, Type: 104, Time: 600758.0045
+Src: 181, Des: 142, Type: 104, Time: 600758.0045
+// initiator #142 + reply
+Src: 142, Des: 100, Type: 101, Time: 600758.0045
+Src: 142, Des: 181, Type: 101, Time: 600758.0045
+Src: 100, Des: 142, Type: 102, Time: 600758.1045
+Src: 181, Des: 142, Type: 102, Time: 600758.1045
+// initiator #232 + reply
+Src: 232, Des: 61, Type: 103, Time: 600758.0045
+Src: 232, Des: 209, Type: 103, Time: 600758.0045
+Src: 61, Des: 232, Type: 104, Time: 600758.1045
+Src: 209, Des: 232, Type: 104, Time: 600758.1045
+// initiator #232 + reply
+Src: 232, Des: 61, Type: 101, Time: 600758.2045
+Src: 232, Des: 209, Type: 101, Time: 600758.2045
+Src: 61, Des: 232, Type: 102, Time: 600758.3045
+Src: 209, Des: 232, Type: 102, Time: 600758.3045
+// initiator #115 + reply
+Src: 115, Des: 140, Type: 103, Time: 600758.0045
+Src: 115, Des: 160, Type: 103, Time: 600758.0045
+Src: 140, Des: 115, Type: 104, Time: 600758.1045
+Src: 160, Des: 115, Type: 104, Time: 600758.1045
+// initiator #115 + reply
+Src: 115, Des: 140, Type: 101, Time: 600758.2045
+Src: 115, Des: 160, Type: 101, Time: 600758.2045
+Src: 140, Des: 115, Type: 102, Time: 600758.3045
+Src: 160, Des: 115, Type: 102, Time: 600758.3045
+// ############################################
+// second round end

+ 332 - 0

@@ -0,0 +1,332 @@
+import logging
+from scapy.all import rdpcap, wrpcap
+from scapy.all import IP, Ether, TCP, UDP
+import sys
+file_tel = "telnet-raw.pcap"
+from scapy.utils import PcapWriter
+def change_pcap(filepath):
+    packets = rdpcap(filepath)
+    split_filepath = filepath.split(".")
+    new_filename = ".".join(split_filepath[:-1]) + "_new." + split_filepath[-1]
+    #pktdump = PcapWriter(new_filename, append=True)
+    for pkt in packets:
+        """
+        if pkt is packets[-1]:
+            # test ethernet
+            pkt[Ether].src = "AA:AA:AA:AA:AA:AA"
+            pkt[Ether].dst = "BB:BB:BB:BB:BB:BB"
+            #pkt[Ether].type = 0x1000
+            pkt[IP].src = ""
+            pkt[IP].dst = ""
+            #pkt[IP].version = 0x1000
+            #pkt[IP].ihl = 10
+            pkt[IP].tos = 127
+            #pkt[IP].len = 200
+            # pkttwo = pkt
+            #print(pkt.show)
+            wrpcap(new_filename, pkt, append=True)
+            #print("OK")
+            #pktdump.write(pkt)
+        """
+        if pkt is packets[0]:
+            wrpcap(new_filename, pkt)
+        elif not pkt is packets[-1]:
+            wrpcap(new_filename, pkt, append=True)
+    ethernet = Ether(src="AA:AA:AA:AA:AA:AA", dst="BB:BB:BB:BB:BB:BB")
+    ip = IP(src="", dst="", tos=127)
+    tcp = TCP(sport=80, dport=50000, flags="SAF")
+    pkt = ethernet/ip/tcp
+    pkt.time = packets[-1].time
+    wrpcap(new_filename, pkt, append=True)
+    #print("OK")
+    #pktdump.write(pkt)
+def check_l2_diff(idx, payload_one, payload_two):
+    # assumes that the L2 protocol of both packets are the same
+    # assumes Ethernet as L2 protocol
+    err_msg = ""
+    if payload_one.name == "Ethernet":
+        if payload_one[Ether].src != payload_two[Ether].src:
+            err_msg += "Reason: the packets at index %d have a different source MAC address.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (payload_one[Ether].src.upper(), payload_two[Ether].src.upper())
+        if payload_one[Ether].dst != payload_two[Ether].dst:
+            err_msg += "Reason: the packets at index %d have a different destination MAC address.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (payload_one[Ether].dst.upper(), payload_two[Ether].dst.upper())
+        if payload_one[Ether].type != payload_two[Ether].type:
+            err_msg += "Reason: the packets at index %d have a different Ethernet type.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (payload_one[Ether].type, payload_two[Ether].type)
+        if err_msg == "":
+            return False, err_msg
+        return True, err_msg
+    else:
+        return False, ""
+def check_l3_diff(idx, payload_one, payload_two):
+    # assumes that the L3 protocol of both packets are the same
+    # assumes IPv4 as L3 protocol
+    err_msg = ""
+    if payload_one.name == "IP":
+        ip_one, ip_two = payload_one[IP], payload_two[IP]
+        if ip_one.src != ip_two.src:
+            err_msg += "Reason: the packets at index %d have a different source IP address.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.src, ip_two.src)
+        if ip_one.dst != ip_two.dst:
+            err_msg += "Reason: the packets at index %d have a different destination IP address.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.dst, ip_two.dst)
+        if ip_one.version != ip_two.version:
+            err_msg += "Reason: the packets at index %d have a different IP version.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.version, ip_two.version)
+        if ip_one.ihl != ip_two.ihl:
+            err_msg += "Reason: the packets at index %d have a different IP IHL.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.ihl, ip_two.ihl)
+        if ip_one.tos != ip_two.tos:
+            err_msg += "Reason: the packets at index %d have a different IP TOS.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.tos, ip_two.tos)
+        if ip_one.len != ip_two.len:
+            err_msg += "Reason: the packets at index %d have a different length.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.len, ip_two.len)
+        if ip_one.id != ip_two.id:
+            err_msg += "Reason: the packets at index %d have a different IP ID.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.id, ip_two.id)
+        if ip_one.flags != ip_two.flags:
+            err_msg += "Reason: the packets at index %d have different IP flags.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.flags, ip_two.flags)
+        if ip_one.frag != ip_two.frag:
+            err_msg += "Reason: the packets at index %d have a different IP fragmentation offset.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.frag, ip_two.frag)
+        if ip_one.ttl != ip_two.ttl:
+            err_msg += "Reason: the packets at index %d have a different TTL.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.ttl, ip_two.ttl)
+        if ip_one.proto != ip_two.proto:
+            err_msg += "Reason: the packets at index %d have a different IP protocol field value.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.proto, ip_two.proto)
+        if ip_one.chksum != ip_two.chksum:
+            err_msg += "Reason: the packets at index %d have a different IP checksum.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.chksum, ip_two.chksum)
+        if ip_one.options != ip_two.options:
+            err_msg += "Reason: the packets at index %d have different IP options.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (ip_one.options, ip_two.options)
+        if err_msg == "":
+            return False, err_msg
+        return True, err_msg
+    else:
+        return False, ""
+def check_l4_diff(idx, payload_one, payload_two):
+    # assumes that the L4 protocol of both packets are the same
+    # assumes UDP or TCP as L4 protocol
+    err_msg = ""
+    if payload_one.name == "UDP":
+        udp_one, udp_two = payload_one[UDP], payload_two[UDP]
+        if udp_one.sport != udp_two.sport:
+            err_msg += "Reason: the packets at index %d have a different source port.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (udp_one.sport, udp_two.sport)
+        if udp_one.dport != udp_two.dport:
+            err_msg += "Reason: the packets at index %d have a different destination port.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (udp_one.dport, udp_two.dport)
+        if udp_one.len != udp_two.len:
+            err_msg += "Reason: the packets at index %d have a different length.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (udp_one.len, udp_two.len)
+        if udp_one.chksum != udp_two.chksum:
+            err_msg += "Reason: the packets at index %d have a different UDP checksum.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (udp_one.chksum, udp_two.chksum)
+        if err_msg == "":
+            return False, err_msg
+        return True, err_msg
+    elif payload_one.name == "TCP":
+        tcp_one, tcp_two = payload_one[TCP], payload_two[TCP]
+        if tcp_one.sport != tcp_two.sport:
+            err_msg += "Reason: the packets at index %d have a different source port.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (tcp_one.sport, tcp_two.sport)
+        if tcp_one.dport != tcp_two.dport:
+            err_msg += "Reason: the packets at index %d have a different destination port.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (tcp_one.dport, tcp_two.dport)
+        if tcp_one.seq != tcp_two.seq:
+            err_msg += "Reason: the packets at index %d have a different TCP sequence number.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (tcp_one.seq, tcp_two.seq)
+        if tcp_one.ack != tcp_two.ack:
+            err_msg += "Reason: the packets at index %d have a different TCP acknowledge number.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (tcp_one.ack, tcp_two.ack)
+        if tcp_one.dataofs != tcp_two.dataofs:
+            err_msg += "Reason: the packets at index %d have a different TCP data offset.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (tcp_one.dataofs, tcp_two.dataofs)
+        if tcp_one.reserved != tcp_two.reserved:
+            err_msg += "Reason: the packets at index %d have a different TCP reserved value.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (tcp_one.reserved, tcp_two.reserved)
+        if tcp_one.flags != tcp_two.flags:
+            err_msg += "Reason: the packets at index %d have different TCP flags.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (tcp_one.flags, tcp_two.flags)
+        if tcp_one.window != tcp_two.window:
+            err_msg += "Reason: the packets at index %d have a different advertised window size.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (tcp_one.window, tcp_two.window)
+        if tcp_one.chksum != tcp_two.chksum:
+            err_msg += "Reason: the packets at index %d have a different TCP checksum.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (tcp_one.chksum, tcp_two.chksum)
+        if tcp_one.urgptr != tcp_two.urgptr:
+            err_msg += "Reason: the packets at index %d have a different TCP urgent pointer.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (tcp_one.urgptr, tcp_two.urgptr)
+        if tcp_one.options != tcp_two.options:
+            err_msg += "Reason: the packets at index %d have different TCP options.\n" % (idx+1)
+            err_msg += "Packet 1: %s \t Packet 2: %s\n\n" % (tcp_one.options, tcp_two.options)
+        if err_msg == "":
+            return False, err_msg
+        return True, err_msg
+    else:
+        return False, err_msg
+def check_payload_diff(idx, payload_one, payload_two):
+    if payload_one != payload_two:
+        err_msg = "Reason: the packets at index %d have different payloads.\n" % (idx+1)
+        err_msg += "Packet 1:\n===================\n"
+        if payload_one.load is not None:
+            err_msg += str(payload_one.load)
+        else:
+            err_msg += "None"
+        err_msg += "\n\n"
+        err_msg += "Packet 2:\n===================\n"
+        if payload_two.load is not None:
+            err_msg += str(payload_two.load)
+        else:
+            err_msg += "None"
+        return True, err_msg
+    else:
+        return False, ""
+def check_different_layers(idx, layer_num, payload_one, payload_two):
+    if payload_one.name != payload_two.name:
+        err_msg = "Reason: the packets at index %d have a different layer %d protocol.\n" % (idx+1, layer_num)
+        err_msg += "Packet 1: %s \t Packet 2: %s\n" % (payload_one.name, payload_two.name)
+        return True, err_msg
+    else:
+        return False, ""
+def find_detailed_diff(idx, pkt_one, pkt_two):
+    def check_reason(check_func, check_same_layer=False):
+        nonlocal printed_result
+        nonlocal layer_num
+        if not check_same_layer:
+            status, msg = check_func(idx, payload_one, payload_two)
+        else:
+            status, msg = check_func(idx, layer_num, payload_one, payload_two)
+        if status:
+            if not printed_result:
+                print("Result: the two PCAPs are not equal.")
+                print("============================================")
+                printed_result = True
+            print("Layer %d:" % layer_num)
+            print(msg)
+        return status
+    payload_one, payload_two = pkt_one, pkt_two
+    printed_result = False
+    layer_num = 2
+    status = check_reason(check_different_layers, True)
+    if not status:
+        check_reason(check_l2_diff)
+    while len(payload_one.payload) != 0:
+        layer_num += 1
+        payload_one = payload_one.payload
+        payload_two = payload_two.payload
+        if len(payload_two) == 0:
+            if not printed_result:
+                print("Result: the two PCAPs are not equal.")
+                print("============================================")
+                printed_result = True
+            print("Reason: the packets at index %d have a different number of layers.\n" % (idx+1))
+            return
+        status = check_reason(check_different_layers, True)
+        if not status:
+            if layer_num == 3:
+                check_reason(check_l3_diff)
+            elif layer_num == 4:
+                check_reason(check_l4_diff)
+            elif layer_num > 4:
+                check_reason(check_payload_diff)
+    if printed_result:
+        return
+    if len(payload_one) == 0 and len(payload_two) != 0:
+        if not printed_result:
+            print("Result: the two PCAPs are not equal.")
+            print("============================================")
+        print("Reason: the packets at index %d have a different number of layers.\n" % (idx+1))
+        return
+    print("Result: the two PCAPs are not equal.")
+    print("============================================")
+    print("Reason: could not automatically find a detailed reason.")
+def do_rough_comparison(filepath_one, filepath_two):
+    packets_one = rdpcap(filepath_one)
+    packets_two = rdpcap(filepath_two)
+    if len(packets_one) != len(packets_two):
+        print("Result: the two PCAPs are not equal.")
+        print("============================================")
+        print("Reason: they contain a different number of packets.")
+        return
+    for i, pkt_one in enumerate(packets_one):
+        pkt_two = packets_two[i]
+        # print(pkt_one.payload.payload.payload.name)
+        # print()
+        # print(pkt_one.show())
+        if pkt_one.time != pkt_two.time:
+            print("Result: the two PCAPs are not equal.")
+            print("============================================")
+            print("Reason: the packets at index %d have a different timestamp." % (i+1))
+            return
+        if pkt_one != pkt_two:
+            #print("Result: the two PCAPs are not equal.")
+            #print("Reason: the packets at index %d have different contents." % (i+1))
+            find_detailed_diff(i, pkt_one, pkt_two)
+            return
+    print("Success")
+    print("There are no differences between %s and %s" % (filepath_one, filepath_two))
+def init_comparison():
+    if len(sys.argv) != 3:
+        print("Error: you need to specify two files to compare.\nCannot accept %d argument(s)" % (len(sys.argv)-1))
+    filepath_one, filepath_two = sys.argv[1], sys.argv[2]
+    #filepath_one, filepath_two = file_tel, file_tel
+    #filepath_one, filepath_two = "shortcap.pcap", "shortcap.pcap"
+    #filepath_one, filepath_two = "file1.pcap", "file3_new.pcap"
+    print("Comparing %s and %s.\n" % (filepath_one, filepath_two))
+    do_rough_comparison(filepath_one, filepath_two)

+ 64 - 0

@@ -0,0 +1,64 @@
+import scapy.all
+import scapy.packet
+# You could compare pcaps by byte or by hash too, but this class tells you
+# where exactly pcaps differ
+class PcapComparator:
+    def compare_files(self, file: str, other_file: str):
+        self.compare_captures(scapy.all.rdpcap(file), scapy.all.rdpcap(other_file))
+    def compare_captures(self, packetsA, packetsB):
+        if len(packetsA) != len(packetsB):
+            self.fail("Both pcap's have to have the same amount of packets")
+        for i in range(len(packetsA)):
+            p, p2 = packetsA[i], packetsB[i]
+            if abs(p.time - p2.time) > (10 ** -7):
+                self.fail("Packets no %i in the pcap's don't appear at the same time" % (i + 1))
+            self.compare_packets(p, p2, i + 1)
+    def compare_packets(self, p: scapy.packet.BasePacket, p2: scapy.packet.BasePacket, packet_number: int):
+        if p == p2:
+            return
+        while type(p) != scapy.packet.NoPayload or type(p2) != scapy.packet.NoPayload:
+            if type(p) != type(p2):
+                self.fail("Packets %i are of incompatible types: %s and %s" % (packet_number, type(p).__name__, type(p2).__name__))
+            for field in p.fields:
+                if p.fields[field] != p2.fields[field]:
+                    packet_type = type(p).__name__
+                    v, v2 = p.fields[field], p2.fields[field]
+                    self.fail("Packets %i differ in field %s.%s: %s != %s" %
+                                (packet_number, packet_type, field, v, v2))
+            p = p.payload
+            p2 = p2.payload
+    def fail(self, message: str):
+        raise AssertionError(message)
+if __name__ == "__main__":
+    import sys
+    if len(sys.argv) < 3:
+        print("Usage: %s one.pcap other.pcap" % sys.argv[0])
+        exit(0)
+    try:
+        PcapComparator().compare_files(sys.argv[1], sys.argv[2])
+        print("The given pcaps are equal")
+    except AssertionError as e:
+        print("The given pcaps are not equal")
+        print("Error message:", *e.args)
+        exit(1)
+    except Exception as e:
+        print("During the comparison an unexpected error happened")
+        print(type(e).__name__ + ":", *e.args)
+        exit(1)

+ 0 - 0

+ 43 - 0

@@ -0,0 +1,43 @@
+from ID2TLib.OldLibs.IPGenerator import IPGenerator
+import unittest
+class IPGeneratorTestCase(unittest.TestCase):
+	@classmethod
+	def setUpClass(cls):
+		cls.IP_GENERATOR = IPGenerator()
+		cls.IP_SAMPLES = [cls.IP_GENERATOR.random_ip() for _ in range(cls.IP_SAMPLES_NUM)]
+	def test_valid_ips(self):
+		ip = None
+		try:
+			for ip in self.IP_SAMPLES:
+				parts = ip.split(".")
+				self.assertTrue(len(parts) == 4)
+				numbers = [int(i) for i in parts]
+				self.assertTrue(all(n in range(256) for n in numbers))
+		except:
+			self.fail("%s is not a valid IPv4" % ip)
+	def test_generates_localhost_ip(self):
+		self.assertFalse(any(ip.startswith("127.") for ip in self.IP_SAMPLES))
+	def test_generates_private_ip(self):
+		def private_ip(ip):
+			private_starts = ["10.", "192.168."] + ["172.%i." % i for i in range(16, 32)]
+			return any(ip.startswith(start) for start in private_starts)
+		self.assertFalse(any(map(private_ip, self.IP_SAMPLES)))
+	def test_unique_ips(self):
+		self.assertTrue(len(self.IP_SAMPLES) == len(set(self.IP_SAMPLES)))
+	def test_blacklist(self):
+		generator = IPGenerator(blacklist = [""])
+		self.assertFalse(any(generator.random_ip().startswith("42.") for _ in range(self.IP_SAMPLES_NUM)))

+ 171 - 0

@@ -0,0 +1,171 @@
+import sys, os
+import subprocess, shlex
+import time
+import unittest
+import random
+import scapy.all
+from TestUtil import PcapComparator
+# this dictionary holds the generators (functions) for the parameters
+# that will be passed to the MembershipMgmtCommAttack
+# items need the parameter-name as key and a function that will be called
+# without parameters and returns a valid value for that parameter as value
+# WARNING: parameters will be passed via command line, make sure your values
+# get converted to string correctly
+_random_bool = lambda: random.random() < 0.5
+    "bots.count": lambda: random.randint(3, 6),
+#    "file.csv":,
+#    "file.xml":,
+    "hidden_mark": _random_bool,
+#    "interval.selection.end":,
+#    "interval.selection.start":,
+#    "interval.selection.strategy":,
+#    "ip.reuse.external":,
+#    "ip.reuse.local":,
+#    "ip.reuse.total":,
+    "multiport": _random_bool,
+    "nat.present": _random_bool,
+    "packet.padding": lambda: random.randint(0, 100),
+    "packets.limit": lambda: random.randint(50, 150),
+    "packets.per-second": lambda: random.randint(1000, 2000) / 100,
+    "ttl.from.caida": _random_bool,
+class PcapComparison(unittest.TestCase):
+    ID2T_PATH = ".."
+    ID2T_LOCATION = ID2T_PATH + "/" + "id2t"
+    DEFAULT_PCAP = "resources/telnet-raw.pcap"
+    DEFAULT_SEED = "42"
+    OUTPUT_FILES_PREFIX_LINE = "Output files created:"
+    def __init__(self, *args, **kwargs):
+        unittest.TestCase.__init__(self, *args, **kwargs)
+        # params to call id2t with, as a list[list[str]]
+        # do a round of testing for each list[str] we get
+        # if none generate some params itself
+        self.id2t_params = None
+    def set_id2t_params(self, params: "list[list[str]]"):
+        self.id2t_params = params
+    def setUp(self):
+        self.generated_files = []
+        self.keep_files = []
+    def test_determinism(self):
+        input_pcap = os.environ.get(self.PCAP_ENVIRONMENT_VALUE, self.DEFAULT_PCAP)
+        seed = os.environ.get(self.SEED_ENVIRONMENT_VALUE, self.DEFAULT_SEED)
+        if self.id2t_params is None:
+            self.id2t_params = self.random_id2t_params()
+        for params in self.id2t_params:
+            self.do_test_round(input_pcap, seed, params)
+    def do_test_round(self, input_pcap, seed, additional_params):
+        command_args = [self.ID2T_LOCATION, "-i", input_pcap, "--seed", seed, "-a", "MembersMgmtCommAttack"] + additional_params
+        command = " ".join(map(shlex.quote, command_args))
+        self.print_warning("The command that gets executed is:", command)
+        generated_pcap = None
+        for i in range(self.NUM_ITERATIONS_PER_PARAMS):
+            retcode, output = subprocess.getstatusoutput(command)
+            self.print_warning(output)
+            self.assertEqual(retcode, 0, "For some reason id2t completed with an error")
+            files = self.parse_files(output)
+            self.generated_files.extend(files)
+            pcap = self.find_pcap(files)
+            if generated_pcap is not None:
+                try:
+                    self.compare_pcaps(generated_pcap, pcap)
+                except AssertionError as e:
+                    self.keep_files = [generated_pcap, pcap]
+                    raise e
+            else:
+                generated_pcap = pcap
+            self.print_warning()
+            time.sleep(1)  # let some time pass between calls because files are based on the time
+    def tearDown(self):
+        self.print_warning("Cleaning up files generated by the test-calls...")
+        for file in self.generated_files:
+            if file in self.keep_files: continue
+            self.print_warning(file)
+            os.remove(self.ID2T_PATH + os.path.sep + file)
+        self.print_warning("Done")
+        self.print_warning("The following files have been kept: " + ", ".join(self.keep_files))
+    def parse_files(self, program_output: str) -> "list[str]":
+        lines = program_output.split(os.linesep)
+        self.assertIn(self.OUTPUT_FILES_PREFIX_LINE, lines,
+                "The magic string is not in the program output anymore, has the program output structure changed?")
+        index = lines.index(self.OUTPUT_FILES_PREFIX_LINE)
+        return lines[index + 1:]
+    def find_pcap(self, files: "list[str]") -> str:
+        return next(file for file in files if file.endswith(".pcap"))
+    def compare_pcaps(self, one: str, other: str):
+        PcapComparator().compare_files(self.ID2T_PATH + "/" + one, self.ID2T_PATH + "/" + other)
+    def print_warning(self, *text):
+        print(*text, file=sys.stderr)
+    def random_id2t_params(self):
+        """
+        :return: A list of parameter-lists for id2t, useful if you want several
+        iterations
+        """
+        param_list = []
+        for i in range(self.NUM_ITERATIONS):
+            param_list.append(self.random_id2t_param_set())
+        return param_list
+    def random_id2t_param_set(self):
+        """
+        Create a list of parameters to call the membersmgmtcommattack with
+        :return: a list of command-line parameters
+        """
+        param = lambda key, val: "%s=%s" % (str(key), str(val))
+        number_of_keys = min(random.randint(2, 5), len(ID2T_PARAMETER_GENERATORS))
+        keys = random.sample(list(ID2T_PARAMETER_GENERATORS), number_of_keys)
+        params = []
+        for key in keys:
+            generator = ID2T_PARAMETER_GENERATORS[key]
+            params.append(param(key, generator()))
+        return params
+if __name__ == "__main__":
+    import sys
+    # parameters for this program are interpreted as id2t-parameters
+    id2t_args = sys.argv[1:]
+    comparison = PcapComparison("test_determinism")
+    if id2t_args: comparison.set_id2t_params([id2t_args])
+    suite = unittest.TestSuite()
+    suite.addTest(comparison)
+    unittest.TextTestRunner().run(suite)

Деякі файли не було показано, через те що забагато файлів було змінено