public async Task TestTimeWindowConversationProcessor()
{
var pcapPath = Path.Combine(TestEnvironment.DataPath, "testbed-32.pcap");
var sw = new Stopwatch();
sw.Start();
var observable = SharpPcapReader.CreateObservable(pcapPath).Select(TestHelperFunctions.GetPacketAndKey);
var windows = observable.TimeSpanWindow(t => t.Ticks, TimeSpan.FromSeconds(60));
var windowCount = 0;
var totalPackets = 0;
await windows.Do(_ => windowCount++).ForEachAsync(async window =>
{
var flowProcessor = new NetFlowProcessor();
await window.Do(_ => totalPackets++).ForEachAsync(p => flowProcessor.OnNext(p));
// Get the results:
Console.WriteLine($"# Window {windowCount}");
Console.WriteLine($"Flows = {flowProcessor.Count}, Packets = {totalPackets}");
Console.WriteLine();
Console.WriteLine("| Date first seen | Duration | Proto | Src IP Addr:Port | Dst IP Addr:Port | Packets | Bytes |");
Console.WriteLine("| --------------- | -------- | ----- | ---------------- | ---------------- | ------- | ----- |");
foreach (var flow in flowProcessor.GetConversations(flowProcessor.GetConversationKey))
{
Console.WriteLine($"| {new DateTime(flow.Value.Value.FirstSeen)} | {new TimeSpan(flow.Value.Value.LastSeen - flow.Value.Value.FirstSeen)} | {flow.Key.FlowKey.ProtocolType} | {flow.Key.FlowKey.SourceIpAddress}:{flow.Key.FlowKey.SourcePort} | {flow.Key.FlowKey.DestinationIpAddress}:{flow.Key.FlowKey.DestinationPort} | {flow.Value.Value.Packets} | {flow.Value.Value.Octets} |");
}
Console.WriteLine();
});
}
public async Task ExportWindowedFlowsByProcessor()
{
var packets = SharpPcapReader.CreateObservable(dataset).Select(GetPacketAndKey);
var windows = packets.TimeSpanWindow(t => t.Ticks, TimeSpan.FromMinutes(5));
var windowCount = 0;
var totalPackets = 0;
await windows.ForEachAsync(async window =>
{
windowCount++;
var flowProcessor = new NetFlowProcessor();
await window.Do(_ => totalPackets++).ForEachAsync(p => flowProcessor.OnNext(p));
Console.WriteLine($"Window = {windowCount}, Flows = {flowProcessor.Count}, Packets = {totalPackets}");
});
}
