Browse Source

Fix computation of relative PCAP time

Before this, when a packet was injected right at the start of the
original PCAP, the relative PCAP time in the mapping was wrong as
it was based on the timestamp of the first packet contained in the
original PCAP. Now, the computation is correctly based on the
minimum timestamp of the first original and first injected packet.
dustin.born 6 years ago
parent
commit
ff2f3f259f
1 changed files with 3 additions and 1 deletions
  1. 3 1
      code/ID2TLib/Botnet/MessageMapping.py

+ 3 - 1
code/ID2TLib/Botnet/MessageMapping.py

@@ -17,7 +17,9 @@ class MessageMapping:
         self.messages = messages
         self.messages = messages
         self.id_to_packet = {}
         self.id_to_packet = {}
         ts_date_format = "%Y-%m-%d %H:%M:%S.%f"
         ts_date_format = "%Y-%m-%d %H:%M:%S.%f"
-        self.pcap_start_dt = datetime.datetime.strptime(pcap_start_timestamp_str, ts_date_format)
+        first_msg_dt = datetime.datetime.fromtimestamp(min(messages, key=lambda msg: msg.time).time)
+        orig_pcap_start_dt = datetime.datetime.strptime(pcap_start_timestamp_str, ts_date_format)
+        self.pcap_start_dt = min(first_msg_dt, orig_pcap_start_dt)
 
 
     def map_message(self, message, packet):
     def map_message(self, message, packet):
         self.id_to_packet[message.msg_id] = packet
         self.id_to_packet[message.msg_id] = packet