How to Pair two index in Multi-dimensional List and Match with others

Question

By using tcpdump output data I want to create a script that it summarizes source-destination IP, start-stop time, how many packets found, what sum of packet length

Currently, to accomplish this I created a multi-dimensional list which have the data like following and extracted from tcpdump

[['10.247.15.39', '172.217.2.161', '13:25:31', '46'], ['10.247.15.39', '172.217.2.163', '13:25:31', '46'], ['172.217.2.161', '10.247.15.39', '13:25:31', '0'],...

There are over 3000 entry

Now I need the find other entries which have same source and destination IP then when match found let's say 10 matches found it will for that specific pair

I want it to summarize like this

Desired Output:

Source: 151.101.125.140     dest: 10.247.15.39  start:13:25:31 
stop:13:25:35 package amount:10  total length: 1965482

Start and stop time determined based on find and last package found time

And I want it to keep repeat same process for every pair of source and destination IP so basically it will create a summary list for me to take look at it and view if there is too much traffic happened between two IP

But I don't have any idea how I can pair two indexes and search for matches in the list.

I thought doing something like

filtered_list = []
i = 0
i_2 = 1
try:
    while i <= len(parse_output):
        if parse_output[i][0] == parse_output[i_2][0]:
            print("source ip same")
            if parse_output[i][1] == parse_output[i_2][1]:
                print("destination same")
        i = i + 1
        i_2 = i + 1
except IndexError:

But just my brain stopped if you can help me I would be glad

Welcome to Stack Overflow! Please read the [help pages](https://stackoverflow.com/help), take the [SO tour](https://stackoverflow.com/tour), read about [how to ask good questions](https://stackoverflow.com/help/how-to-ask), as well as this [question checklist](https://codeblog.jonskeet.uk/2012/11/24/stack-overflow-question-checklist/). Also please learn how to create a [minimal reproducible example](https://stackoverflow.com/help/minimal-reproducible-example). What is your question here? Can you provide desired output next to actual output? — Ross Jacobs, Oct 25 '19 at 02:50
Sorry just fixed it , the reason why ı am saying packet this informations in list extracted from tcpdump — nem0n, Oct 25 '19 at 16:53
I don't understand what this means: "I need to find all of them then based on that find start and finish time" — Ross Jacobs, Oct 25 '19 at 16:57
So each 4 value connected to each other and have time and same ip pattern can appear more than one because thats indicator communication continues so I need tl detect first and last packet and get first packet time as start time and get last packet time as finish time — nem0n, Oct 25 '19 at 17:00
I am a network automation engineer and would be glad to help. What is the file extension type? I will build out the code for you. — Yepram Yeransian, Oct 25 '19 at 17:19
Yepram, thank you so much for your help offer. So file extension type is txt which is output of tcpdump — nem0n, Oct 25 '19 at 18:12

Ross Jacobs · Answer 1 · 2019-10-25T18:30:52.087

Problem

Reposting the (modified) code you had in your initial question, as it's relevant here:

parse_output = [
    '10.247.15.39', '172.217.2.161', '13:25:31', '46',
    '10.247.15.39', '172.217.2.163', '13:25:31', '46',
    '172.217.2.161', '10.247.15.39', '13:25:31', '0'
]
for i in range(0, len(parse_output), 4):
    newlist = []
    newlist.append("source: " + parse_output[i] +
        " destination: " + parse_output[i + 1] +
        " time: " + parse_output[i + 2] + 
        " package size: "+ parse_output[i + 3])
    print(newlist)

Which produces this output:

['source: 10.247.15.39 destination: 172.217.2.161 time: 13:25:31 package size: 46']
['source: 10.247.15.39 destination: 172.217.2.163 time: 13:25:31 package size: 46']
['source: 172.217.2.161 destination: 10.247.15.39 time: 13:25:31 package size: 0']

The target is ['source: 10.247.15.39 destination: 172.217.2.161 time: 13:25:31 number of packet:5 total packet size: 46'], which includes the two IPs, timestamp, number of packets and total packet size of the first packet.

Solution

All of the information we need except for the length is present in the first packet, so there is no need for a for loop. There are 4 pieces of data per packet, so the number of packets can be got by dividing the length of parse_input by 4. In this example, create 12 "packets" as input data.

packet = ['10.247.15.39', '172.217.2.161', '13:25:31', '46']
parse_output = 12*packet
number_of_packets = int(len(parse_output)/4)
total_packet_size = sum([int(i) for i in parse_output[3::4]])
newlist = [
    "source: " + parse_output[0] +
    " destination: " + parse_output[1] +
    " start: " + parse_output[2] +
    " stop: " + parse_output[-2] +
    " number of packets:" + str(number_of_packets) +
    " total packet size: " + str(total_packet_size)
]
print(newlist)

You should change your question (i.e. add parts of these comments) so it is clear what you mean — Ross Jacobs, Oct 25 '19 at 18:42
Just rewrite it I hope it's clear now thank you Ross for your help — nem0n, Oct 25 '19 at 19:00

How to Pair two index in Multi-dimensional List and Match with others

1 Answers1

Problem

Solution