public async Task TestTimeWindowConversationProcessor() { var pcapPath = Path.Combine(TestEnvironment.DataPath, "testbed-32.pcap"); var sw = new Stopwatch(); sw.Start(); var observable = SharpPcapReader.CreateObservable(pcapPath).Select(TestHelperFunctions.GetPacketAndKey); var windows = observable.TimeSpanWindow(t => t.Ticks, TimeSpan.FromSeconds(60)); var windowCount = 0; var totalPackets = 0; await windows.Do(_ => windowCount++).ForEachAsync(async window => { var flowProcessor = new NetFlowProcessor(); await window.Do(_ => totalPackets++).ForEachAsync(p => flowProcessor.OnNext(p)); // Get the results: Console.WriteLine($"# Window {windowCount}"); Console.WriteLine($"Flows = {flowProcessor.Count}, Packets = {totalPackets}"); Console.WriteLine(); Console.WriteLine("| Date first seen | Duration | Proto | Src IP Addr:Port | Dst IP Addr:Port | Packets | Bytes |"); Console.WriteLine("| --------------- | -------- | ----- | ---------------- | ---------------- | ------- | ----- |"); foreach (var flow in flowProcessor.GetConversations(flowProcessor.GetConversationKey)) { Console.WriteLine($"| {new DateTime(flow.Value.Value.FirstSeen)} | {new TimeSpan(flow.Value.Value.LastSeen - flow.Value.Value.FirstSeen)} | {flow.Key.FlowKey.ProtocolType} | {flow.Key.FlowKey.SourceIpAddress}:{flow.Key.FlowKey.SourcePort} | {flow.Key.FlowKey.DestinationIpAddress}:{flow.Key.FlowKey.DestinationPort} | {flow.Value.Value.Packets} | {flow.Value.Value.Octets} |"); } Console.WriteLine(); }); }
public async Task ExportWindowedFlowsByProcessor() { var packets = SharpPcapReader.CreateObservable(dataset).Select(GetPacketAndKey); var windows = packets.TimeSpanWindow(t => t.Ticks, TimeSpan.FromMinutes(5)); var windowCount = 0; var totalPackets = 0; await windows.ForEachAsync(async window => { windowCount++; var flowProcessor = new NetFlowProcessor(); await window.Do(_ => totalPackets++).ForEachAsync(p => flowProcessor.OnNext(p)); Console.WriteLine($"Window = {windowCount}, Flows = {flowProcessor.Count}, Packets = {totalPackets}"); }); }