how to add a counter on live packets sniffing

Question

I want that every time a same packet arrives then it update count and print

# from collections import Counter

capture = pyshark.LiveCapture(interface='wlo2', bpf_filter='arp')
capture.sniff(timeout=5)

keys = {}

e_mac = '00:00:00:00:00:00' or 'ff:ff:ff:ff:ff:ff'
already_seen = []
count = 0

for packet in capture:
    keys['ip'] = packet.arp.dst_proto_ipv4
    keys['mac'] = packet.arp.dst_hw_mac
    seen = keys['mac'], keys['ip']
    
    if keys['mac'] != e_mac:
        if seen not in already_seen:
            already_seen.append(seen)

            print(packet.sniff_time, keys['mac'], keys['ip'])

currently this output i received

2021-12-06 18:59:55.325859 28:d1:27:1a:12:c0 192.168.1.3
2021-12-06 18:59:58.704726 f8:c4:f3:56:a3:70 192.168.1.1
2021-12-06 19:00:02.286922 ff:ff:ff:ff:ff:ff 192.168.1.1
2021-12-06 19:02:15.854700 44:af:28:2c:6d:6b 192.168.1.195
2021-12-06 19:07:02.440235 90:e8:68:f2:00:c1 192.168.1.13

Dec 06 16:07:45  2(i.e. times i received) 28:d1:27:1a:12:c0 192.168.1.3

Dec 06 16:08:01  4 f8:c4:f3:56:a3:70 192.168.1.1

actual output i want is like count will update only for a specific packet how many times i received it, if a new mac comes then it will maintain separate counter of that packet:

you always create new `Counter` in every loop but you have to create empty `Counter()` before `for`-loop` and later update values in this counter. — furas, Dec 06 '21 at 13:33
`e_mac = '00:00:00:00:00:00' or 'ff:ff:ff:ff:ff:ff'` is totally wrong idea. You should create list or tuple `e_mac = ('00:00:00:00:00:00', 'ff:ff:ff:ff:ff:ff')` and later check `if keys['mac'] not int e_mac:` — furas, Dec 06 '21 at 14:34

furas · Accepted Answer · 2021-12-06T14:39:30.297

1

You have to create empty Counter() before for-loop and later update this counter inside for-loop`

Minimla working code:

Instead of YOUR_MAC, YOUR_IP you have to get values from package.

from collections import Counter

# --- before loop ---

count = Counter()

# --- loop ---

for x in range(5):
    mac = 'YOUR_MAC'
    ip  = 'YOUR_IP'
    count.update( [(mac, ip)] )  # it has to be list with tuple
    print(count[ (mac, ip) ], mac, ip)

Result:

1 YOUR_MAC YOUR_IP
2 YOUR_MAC YOUR_IP
3 YOUR_MAC YOUR_IP
4 YOUR_MAC YOUR_IP
5 YOUR_MAC YOUR_IP

edited Dec 06 '21 at 14:39

answered Dec 06 '21 at 13:35

furas

134,197
12
106
148

i'm updating my question, that will clear how i want result – roXx Dec 06 '21 at 13:44
check it @furas – roXx Dec 06 '21 at 14:16
solution is the same. You have to only format results using `c["A"]` to get value only for current object. – furas Dec 06 '21 at 14:25
that's working fine but due to stopping duplicates mac counter remains 1. So is there any method which updates counter only with existing mac. like if i receiving same mac address again so it just update counter 1 to counter 2 only in existing count @furas – roXx Dec 07 '21 at 06:23
I don't know what you want to couunt - only `mac` or pairs `mac,ip`?. If you want to count only mac then use `update( mac )` instead of `update( [(mac,ip)] )` - and it will update `count[mac]` from `1` to `2. You can't use `counter = 0` to count values for different mac because it can keep only one value. You have to use `Counter()` or `dictionary` to keep results for different `mac`s – furas Dec 07 '21 at 09:30
I'm counting every packet in which mac and ip returns. check this @ furas https://stackoverflow.com/questions/70256781/how-can-i-update-counter-on-live-packets – roXx Dec 07 '21 at 09:57

how to add a counter on live packets sniffing

1 Answers1