initial commit

.gitignore

@@ -0,0 +1,2 @@
+/target
+/traffic/kaggle/*.pcap

Cargo.lock

@@ -0,0 +1,547 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 4
+
+[[package]]
+name = "aho-corasick"
+version = "1.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "anyhow"
+version = "1.0.100"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
+
+[[package]]
+name = "bitflags"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+
+[[package]]
+name = "bytes"
+version = "1.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3"
+
+[[package]]
+name = "cc"
+version = "1.2.50"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9f50d563227a1c37cc0a263f64eca3334388c01c5e4c4861a9def205c614383c"
+dependencies = [
+ "find-msvc-tools",
+ "shlex",
+]
+
+[[package]]
+name = "cfg-if"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
+
+[[package]]
+name = "errno"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f639046355ee4f37944e44f60642c6f3a7efa3cf6b78c78a0d989a8ce6c396a1"
+dependencies = [
+ "errno-dragonfly",
+ "libc",
+ "winapi",
+]
+
+[[package]]
+name = "errno-dragonfly"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf"
+dependencies = [
+ "cc",
+ "libc",
+]
+
+[[package]]
+name = "find-msvc-tools"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3a3076410a55c90011c298b04d0cfa770b00fa04e1e3c97d3f6c9de105a03844"
+
+[[package]]
+name = "glob"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
+
+[[package]]
+name = "ipnetwork"
+version = "0.20.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bf466541e9d546596ee94f9f69590f89473455f88372423e0008fc1a7daf100e"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "libc"
+version = "0.2.178"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "37c93d8daa9d8a012fd8ab92f088405fb202ea0b6ab73ee2482ae66af4f42091"
+
+[[package]]
+name = "libloading"
+version = "0.8.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d7c4b02199fee7c5d21a5ae7d8cfa79a6ef5bb2fc834d6e9058e89c825efdc55"
+dependencies = [
+ "cfg-if",
+ "windows-link",
+]
+
+[[package]]
+name = "memchr"
+version = "2.7.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273"
+
+[[package]]
+name = "minimal-lexical"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
+
+[[package]]
+name = "modbus-parser"
+version = "0.1.0"
+dependencies = [
+ "sawp",
+ "sawp-modbus",
+]
+
+[[package]]
+name = "network"
+version = "0.1.0"
+dependencies = [
+ "anyhow",
+ "bytes",
+ "pcap",
+ "pnet",
+ "sawp",
+ "sawp-modbus",
+]
+
+[[package]]
+name = "no-std-net"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "43794a0ace135be66a25d3ae77d41b91615fb68ae937f904090203e81f755b65"
+
+[[package]]
+name = "nom"
+version = "7.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
+dependencies = [
+ "memchr",
+ "minimal-lexical",
+]
+
+[[package]]
+name = "num_enum"
+version = "0.5.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f646caf906c20226733ed5b1374287eb97e3c2a5c227ce668c1f2ce20ae57c9"
+dependencies = [
+ "num_enum_derive",
+]
+
+[[package]]
+name = "num_enum_derive"
+version = "0.5.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dcbff9bc912032c62bf65ef1d5aea88983b420f4f839db1e9b0c281a25c9c799"
+dependencies = [
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "pcap"
+version = "2.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbd2eecc2ddc671ec563b5b39f846556aade68a65d1afb14d8fe6b30b0457d75"
+dependencies = [
+ "bitflags",
+ "errno",
+ "libc",
+ "libloading",
+ "pkg-config",
+ "regex",
+ "windows-sys",
+]
+
+[[package]]
+name = "pkg-config"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"
+
+[[package]]
+name = "pnet"
+version = "0.35.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "682396b533413cc2e009fbb48aadf93619a149d3e57defba19ff50ce0201bd0d"
+dependencies = [
+ "ipnetwork",
+ "pnet_base",
+ "pnet_datalink",
+ "pnet_packet",
+ "pnet_sys",
+ "pnet_transport",
+]
+
+[[package]]
+name = "pnet_base"
+version = "0.35.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ffc190d4067df16af3aba49b3b74c469e611cad6314676eaf1157f31aa0fb2f7"
+dependencies = [
+ "no-std-net",
+]
+
+[[package]]
+name = "pnet_datalink"
+version = "0.35.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e79e70ec0be163102a332e1d2d5586d362ad76b01cec86f830241f2b6452a7b7"
+dependencies = [
+ "ipnetwork",
+ "libc",
+ "pnet_base",
+ "pnet_sys",
+ "winapi",
+]
+
+[[package]]
+name = "pnet_macros"
+version = "0.35.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13325ac86ee1a80a480b0bc8e3d30c25d133616112bb16e86f712dcf8a71c863"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "regex",
+ "syn 2.0.111",
+]
+
+[[package]]
+name = "pnet_macros_support"
+version = "0.35.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eed67a952585d509dd0003049b1fc56b982ac665c8299b124b90ea2bdb3134ab"
+dependencies = [
+ "pnet_base",
+]
+
+[[package]]
+name = "pnet_packet"
+version = "0.35.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c96ebadfab635fcc23036ba30a7d33a80c39e8461b8bd7dc7bb186acb96560f"
+dependencies = [
+ "glob",
+ "pnet_base",
+ "pnet_macros",
+ "pnet_macros_support",
+]
+
+[[package]]
+name = "pnet_sys"
+version = "0.35.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d4643d3d4db6b08741050c2f3afa9a892c4244c085a72fcda93c9c2c9a00f4b"
+dependencies = [
+ "libc",
+ "winapi",
+]
+
+[[package]]
+name = "pnet_transport"
+version = "0.35.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f604d98bc2a6591cf719b58d3203fd882bdd6bf1db696c4ac97978e9f4776bf"
+dependencies = [
+ "libc",
+ "pnet_base",
+ "pnet_packet",
+ "pnet_sys",
+]
+
+[[package]]
+name = "proc-macro-crate"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ebace6889caf889b4d3f76becee12e90353f2b8c7d875534a71e5742f8f6f83"
+dependencies = [
+ "thiserror",
+ "toml",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.103"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5ee95bc4ef87b8d5ba32e8b7714ccc834865276eab0aed5c9958d00ec45f49e8"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.42"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a338cc41d27e6cc6dce6cefc13a0729dfbb81c262b1f519331575dd80ef3067f"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "regex"
+version = "1.12.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "843bc0191f75f3e22651ae5f1e72939ab2f72a4bc30fa80a066bd66edefc24d4"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-automata",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-automata"
+version = "0.4.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5276caf25ac86c8d810222b3dbb938e512c55c6831a10f3e6ed1c93b84041f1c"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.8.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7a2d987857b319362043e95f5353c0535c1f58eec5336fdfcf626430af7def58"
+
+[[package]]
+name = "sawp"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "78562a138ea8cc5c8b04531864e5e268ff6b02d3bac0cf4d447f8085c0b0bf02"
+dependencies = [
+ "nom",
+]
+
+[[package]]
+name = "sawp-flags"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7e73cb7499d7f375ed6928416fe81aa91b1329d86a9dffb7eccd91e475b342c8"
+dependencies = [
+ "sawp-flags-derive",
+]
+
+[[package]]
+name = "sawp-flags-derive"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "15968a3900eb621a4cc5548bb8abd2f10bc3912cec0226975c31e25e59889146"
+dependencies = [
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "sawp-modbus"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "620cb1b2194fc49c0ed48f0be97962d6ae8316b5659c06572714dfb82c984f25"
+dependencies = [
+ "nom",
+ "num_enum",
+ "sawp",
+ "sawp-flags",
+]
+
+[[package]]
+name = "serde"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
+dependencies = [
+ "serde_core",
+]
+
+[[package]]
+name = "serde_core"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.111",
+]
+
+[[package]]
+name = "shlex"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
+
+[[package]]
+name = "syn"
+version = "1.0.109"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "syn"
+version = "2.0.111"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "390cc9a294ab71bdb1aa2e99d13be9c753cd2d7bd6560c77118597410c4d2e87"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "thiserror"
+version = "1.0.69"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
+dependencies = [
+ "thiserror-impl",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "1.0.69"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.111",
+]
+
+[[package]]
+name = "toml"
+version = "0.5.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5"
+
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
+[[package]]
+name = "windows-link"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
+
+[[package]]
+name = "windows-sys"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ea04155a16a59f9eab786fe12a4a450e75cdb175f9e0d80da1e17db09f55b8d2"
+dependencies = [
+ "windows_aarch64_msvc",
+ "windows_i686_gnu",
+ "windows_i686_msvc",
+ "windows_x86_64_gnu",
+ "windows_x86_64_msvc",
+]
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9bb8c3fd39ade2d67e9874ac4f3db21f0d710bee00fe7cab16949ec184eeaa47"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "180e6ccf01daf4c426b846dfc66db1fc518f074baa793aa7d9b9aaeffad6a3b6"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2e7917148b2812d1eeafaeb22a97e4813dfa60a3f8f78ebe204bcc88f12f024"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4dcd171b8776c41b97521e5da127a2d86ad280114807d0b2ab1e462bc764d9e1"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680"

Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "modbus-parser"
+version = "0.1.0"
+edition = "2024"
+
+[workspace]
+members = ["network"]
+
+[workspace.lints.clippy]
+unwrap_usage = "deny"
+
+[dependencies]
+sawp-modbus = "0.13.1"
+sawp = "0.13.1"

network/Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "network"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+sawp-modbus = "0.13.1"
+sawp = "0.13.1"
+
+pcap = "2.2.0"
+pnet = "0.35.0"
+
+anyhow = "1.0.100"
+bytes = "1.11.0"

network/src/lib.rs

@@ -0,0 +1 @@
+pub mod types;

network/src/types/mod.rs

@@ -0,0 +1,2 @@
+pub mod tcp;
+pub mod modbus;

network/src/types/modbus.rs

@@ -0,0 +1,69 @@
+use anyhow::{Context, Error, Result, anyhow, bail};
+use bytes::Bytes;
+use sawp::error::Error as SawpError;
+use sawp::error::ErrorKind;
+use sawp::parser::{Direction, Parse};
+use sawp_modbus::{Message, Modbus};
+
+use pcap::Capture;
+use pcap::Offline;
+use pnet::packet::Packet;
+use pnet::packet::ethernet::{EtherTypes, EthernetPacket};
+use pnet::packet::ipv4::Ipv4Packet;
+use pnet::packet::ipv6::Ipv6Packet;
+use pnet::packet::tcp::TcpPacket;
+use std::collections::{HashMap, HashSet};
+
+fn parse_bytes(input: &[u8]) -> Result<&[u8]> {
+    let modbus = Modbus::default();
+    let mut bytes = input;
+    while bytes.len() > 0 {
+        // If we know that this is a request or response, change the Direction
+        // for a more accurate parsing
+        match modbus.parse(bytes, Direction::Unknown) {
+            // The parser succeeded and returned the remaining bytes and the parsed modbus message
+            Ok((rest, Some(message))) => {
+                println!("Modbus message: {:?}", message);
+                bytes = rest;
+            }
+            // The parser recognized that this might be modbus and made some progress,
+            // but more bytes are needed
+            Ok((rest, None)) => return Ok(rest),
+            // The parser was unable to determine whether this was modbus or not and more
+            // bytes are needed
+            Err(SawpError {
+                kind: ErrorKind::Incomplete(_),
+            }) => return Ok(bytes),
+            // The parser determined that this was not modbus
+            Err(e) => return Err(anyhow::Error::new(e)).context("failed to parse modbus"),
+        }
+    }
+
+    Ok(bytes)
+}
+
+fn get_tcp_data_v4(buf: Bytes) -> Result<Bytes> {
+    let ipv4 = Ipv4Packet::new(&buf[..]).ok_or_else(|| anyhow!("failed to parse ipv4"))?;
+    let ipv4_payload = ipv4.payload();
+    let tcp = TcpPacket::new(ipv4_payload).ok_or_else(|| anyhow!("failed to parse tcp"))?;
+    let tcp_payload = tcp.payload();
+
+    // slice the Bytes without copying; clone is cheap (refcount)
+    Ok(buf.slice(
+        (tcp_payload.as_ptr() as usize - buf.as_ptr() as usize)
+            ..(tcp_payload.as_ptr() as usize - buf.as_ptr() as usize + tcp_payload.len()),
+    ))
+}
+
+fn get_tcp_data_v6(buf: Bytes) -> Result<Bytes> {
+    let ipv6 = Ipv6Packet::new(&buf[..]).ok_or_else(|| anyhow!("failed to parse ipv6"))?;
+    let ipv6_payload = ipv6.payload();
+    let tcp = TcpPacket::new(ipv6_payload).ok_or_else(|| anyhow!("failed to parse tcp"))?;
+    let tcp_payload = tcp.payload();
+
+    // slice the Bytes without copying; clone is cheap (refcount)
+    Ok(buf.slice(
+        (tcp_payload.as_ptr() as usize - buf.as_ptr() as usize)
+            ..(tcp_payload.as_ptr() as usize - buf.as_ptr() as usize + tcp_payload.len()),
+    ))
+}

network/src/types/tcp.rs

@@ -0,0 +1,721 @@
+/// Parse raw tcp packets
+use pcap::Capture;
+use pcap::Offline;
+use pnet::packet::Packet;
+use pnet::packet::ethernet::{EtherTypes, EthernetPacket};
+use pnet::packet::ipv4::Ipv4Packet;
+use pnet::packet::ipv6::Ipv6Packet;
+use pnet::packet::tcp::TcpPacket;
+use std::collections::{HashMap, HashSet};
+use std::error::Error;
+use std::net::IpAddr;
+
+type ConnectionKey = (String, u16, String, u16, u32);
+type Quad = (String, u16, String, u16); // (src_ip, src_port, dst_ip, dst_port)
+
+pub struct RttStats {
+    pub count: usize,
+    pub sum: f64,
+    pub min: f64,
+    pub max: f64,
+    pub squared_sum: f64,
+}
+
+pub struct RttEstimator {
+    pub pending: HashMap<ConnectionKey, f64>,
+    pub stats: HashMap<String, RttStats>,
+}
+
+pub struct NetworkStats {
+    pub rtt_stats: RttStats,
+    pub retrans_count: u32,
+    pub fast_retrans_count: u32,
+    pub dup_ack_count: u32,
+    pub lost_segment_count: u32,
+    pub window_stats: WindowStats,
+}
+
+pub struct WindowStats {
+    pub min: u16,
+    pub max: u16,
+    pub sum: u64,
+    pub count: u32,
+}
+
+#[derive(Debug)]
+pub struct TcpFlow {
+    pub packets: Vec<TcpPacketInfo>,
+    pub state: ConnectionState,
+}
+
+#[derive(Debug, Clone)]
+pub struct TcpPacketInfo {
+    pub timestamp: f64,
+    pub direction: Direction,
+    pub flags: String,
+    pub seq: u32,
+    pub ack: u32,
+    pub payload_len: usize,
+    pub window: u16,
+}
+
+#[derive(Debug, Clone, PartialEq)]
+pub enum Direction {
+    ClientToServer,
+    ServerToClient,
+}
+
+#[derive(Debug, Clone, PartialEq)]
+pub enum ConnectionState {
+    Init,
+    SynSent,
+    SynReceived,
+    Established,
+    FinWait1,
+    Closing,
+    Closed,
+}
+
+impl RttStats {
+    pub fn new() -> Self {
+        RttStats {
+            count: 0,
+            sum: 0.0,
+            min: f64::MAX,
+            max: f64::MIN,
+            squared_sum: 0.0,
+        }
+    }
+
+    pub fn add_sample(&mut self, rtt: f64) {
+        self.count += 1;
+        self.sum += rtt;
+        self.min = self.min.min(rtt);
+        self.max = self.max.max(rtt);
+        self.squared_sum += rtt * rtt;
+    }
+
+    pub fn average(&self) -> f64 {
+        if self.count > 0 {
+            self.sum / self.count as f64
+        } else {
+            0.0
+        }
+    }
+
+    pub fn std_dev(&self) -> f64 {
+        if self.count > 1 {
+            let mean = self.average();
+            let variance = (self.squared_sum / self.count as f64) - (mean * mean);
+            variance.sqrt()
+        } else {
+            0.0
+        }
+    }
+}
+
+impl RttEstimator {
+    pub fn new() -> Self {
+        RttEstimator {
+            pending: HashMap::new(),
+            stats: HashMap::new(),
+        }
+    }
+
+    pub fn process_ipv4(&mut self, payload: &[u8], ts: f64, network_stats: &mut NetworkStats) {
+        if let Some(ipv4) = Ipv4Packet::new(payload) {
+            if let Some(tcp) = TcpPacket::new(ipv4.payload()) {
+                // Record window size
+                network_stats.record_window(tcp.get_window());
+
+                let payload_len = tcp.payload().len();
+
+                if payload_len > 0 {
+                    let src_ip = ipv4.get_source().to_string();
+                    let dst_ip = ipv4.get_destination().to_string();
+                    let seq = tcp.get_sequence();
+                    let ack_num = seq.wrapping_add(payload_len as u32);
+                    let key = (
+                        dst_ip.clone(),
+                        tcp.get_destination(),
+                        src_ip.clone(),
+                        tcp.get_source(),
+                        ack_num,
+                    );
+                    self.pending.insert(key, ts);
+                }
+
+                if parse_flags(tcp.get_flags()).contains("ACK") {
+                    let src_ip = ipv4.get_source().to_string();
+                    let dst_ip = ipv4.get_destination().to_string();
+                    let ack_num = tcp.get_acknowledgement();
+                    let key = (
+                        src_ip.clone(),
+                        tcp.get_source(),
+                        dst_ip.clone(),
+                        tcp.get_destination(),
+                        ack_num,
+                    );
+
+                    if let Some(sent_ts) = self.pending.remove(&key) {
+                        let rtt = ts - sent_ts;
+                        let (pair, _) = normalize_connection(&dst_ip, &src_ip);
+                        let entry = self.stats.entry(pair).or_insert(RttStats::new());
+                        entry.add_sample(rtt);
+                        network_stats.record_rtt(rtt);
+                    }
+                }
+            }
+        }
+    }
+
+    pub fn process_ipv6(&mut self, payload: &[u8], ts: f64, network_stats: &mut NetworkStats) {
+        if let Some(ipv6) = Ipv6Packet::new(payload) {
+            if let Some(tcp) = TcpPacket::new(ipv6.payload()) {
+                // Record window size
+                network_stats.record_window(tcp.get_window());
+
+                let payload_len = tcp.payload().len();
+
+                if payload_len > 0 {
+                    let src_ip = format!("[{}]", ipv6.get_source());
+                    let dst_ip = format!("[{}]", ipv6.get_destination());
+                    let seq = tcp.get_sequence();
+                    let ack_num = seq.wrapping_add(payload_len as u32);
+                    let key = (
+                        dst_ip.clone(),
+                        tcp.get_destination(),
+                        src_ip.clone(),
+                        tcp.get_source(),
+                        ack_num,
+                    );
+                    self.pending.insert(key, ts);
+                }
+
+                if parse_flags(tcp.get_flags()).contains("ACK") {
+                    let src_ip = format!("[{}]", ipv6.get_source());
+                    let dst_ip = format!("[{}]", ipv6.get_destination());
+                    let ack_num = tcp.get_acknowledgement();
+                    let key = (
+                        src_ip.clone(),
+                        tcp.get_source(),
+                        dst_ip.clone(),
+                        tcp.get_destination(),
+                        ack_num,
+                    );
+
+                    if let Some(sent_ts) = self.pending.remove(&key) {
+                        let rtt = ts - sent_ts;
+                        let (pair, _) = normalize_connection(&dst_ip, &src_ip);
+                        let entry = self.stats.entry(pair).or_insert(RttStats::new());
+                        entry.add_sample(rtt);
+                        network_stats.record_rtt(rtt);
+                    }
+                }
+            }
+        }
+    }
+
+    pub fn print(&self) {
+        let mut pairs: Vec<_> = self.stats.iter().collect();
+        pairs.sort_by(|a, b| b.1.count.cmp(&a.1.count));
+        println!(
+            "{:<35} {:>8} {:>10} {:>10} {:>10} {:>10}",
+            "IP Pair", "Samples", "Avg (ms)", "Min (ms)", "Max (ms)", "StdDev"
+        );
+
+        for (addr, stat) in pairs {
+            if stat.count > 0 {
+                println!(
+                    "{:<35} {:>8} {:>10.2} {:>10.2} {:>10.2} {:>10.2}",
+                    addr,
+                    stat.count,
+                    stat.average() * 1000.0,
+                    stat.min * 1000.0,
+                    stat.max * 1000.0,
+                    stat.std_dev() * 1000.0
+                );
+            }
+        }
+    }
+}
+
+impl NetworkStats {
+    pub fn new() -> Self {
+        NetworkStats {
+            rtt_stats: RttStats::new(),
+            retrans_count: 0,
+            fast_retrans_count: 0,
+            dup_ack_count: 0,
+            lost_segment_count: 0,
+            window_stats: WindowStats {
+                min: u16::MAX,
+                max: u16::MIN,
+                sum: 0,
+                count: 0,
+            },
+        }
+    }
+
+    pub fn avg_window(&self) -> f64 {
+        if self.window_stats.count > 0 {
+            self.window_stats.sum as f64 / self.window_stats.count as f64
+        } else {
+            0.0
+        }
+    }
+
+    pub fn record_rtt(&mut self, rtt: f64) {
+        self.rtt_stats.add_sample(rtt);
+    }
+
+    pub fn record_retrans(&mut self) {
+        self.retrans_count += 1;
+    }
+
+    pub fn record_fast_retrans(&mut self) {
+        self.fast_retrans_count += 1;
+    }
+
+    pub fn record_dup_ack(&mut self) {
+        self.dup_ack_count += 1;
+    }
+
+    pub fn record_lost_segment(&mut self) {
+        self.lost_segment_count += 1;
+    }
+
+    pub fn record_window(&mut self, window: u16) {
+        self.window_stats.min = self.window_stats.min.min(window);
+        self.window_stats.max = self.window_stats.max.max(window);
+        self.window_stats.sum += window as u64;
+        self.window_stats.count += 1;
+    }
+
+    pub fn print(&self) {
+        println!("Network Statistics Overview:");
+        println!("================================================");
+        println!("{:<30} {:>10}", "Metric", "Value");
+        println!("------------------------------------------------");
+        println!(
+            "{:<30} {:>10.3} ms",
+            "Average RTT",
+            self.rtt_stats.average() * 1000.0
+        );
+        println!("{:<30} {:>10}", "Retransmission Count", self.retrans_count);
+        println!(
+            "{:<30} {:>10}",
+            "Fast Retransmission Count", self.fast_retrans_count
+        );
+        println!("{:<30} {:>10}", "Duplicate ACK Count", self.dup_ack_count);
+        println!(
+            "{:<30} {:>10}",
+            "Lost Segment Count", self.lost_segment_count
+        );
+        println!("{:<30} {:>10}", "Min Window Size", self.window_stats.min);
+        println!("{:<30} {:>10}", "Max Window Size", self.window_stats.max);
+        if self.window_stats.count > 0 {
+            println!(
+                "{:<30} {:>10.1}",
+                "Avg Window Size",
+                self.window_stats.sum as f64 / self.window_stats.count as f64
+            );
+        }
+        println!("================================================");
+    }
+}
+
+/// Generate RTT estimator for tcp connections with given pcap file.
+/// When f_print set to True, it'll print the all rtt stats and reture None,
+/// otherwise it'll print nothing and reture a RttEstimator.
+pub fn gen_rtt_estimator(
+    mut cap: Capture<Offline>,
+    f_print: bool,
+) -> Result<Option<RttEstimator>, Box<dyn Error>> {
+    let mut estimator = RttEstimator::new();
+    let mut network_stats = NetworkStats::new();
+
+    while let Ok(packet) = cap.next_packet() {
+        let ts = packet.header.ts.tv_sec as f64 + packet.header.ts.tv_usec as f64 / 1_000_000.0;
+
+        if let Some(eth) = EthernetPacket::new(packet.data) {
+            match eth.get_ethertype() {
+                EtherTypes::Ipv4 => estimator.process_ipv4(eth.payload(), ts, &mut network_stats),
+                EtherTypes::Ipv6 => estimator.process_ipv6(eth.payload(), ts, &mut network_stats),
+                _ => (),
+            }
+        }
+    }
+
+    if f_print {
+        estimator.print();
+        Ok(None)
+    } else {
+        Ok(Some(estimator))
+    }
+}
+
+/// Estimate RTT for given address pair with RttEstimator, return error if given pair cannot found.
+/// When f_print set to True, it'll print the rtt stats and reture None,
+/// otherwise it'll print nothing and reture a Vec<f64>.
+/// The Vec<f64> has 5 elements, "Samples", "Avg (ms)", "Min (ms)", "Max (ms)", "StdDev" (from index 0 to 4).
+pub fn f_estimate_rtt(
+    src: &str,
+    dst: &str,
+    estimator: &RttEstimator,
+    f_print: bool,
+) -> Result<Option<Vec<f64>>, Box<dyn Error>> {
+    let (key, _) = normalize_connection(src, dst);
+
+    if let Some(stat) = estimator.stats.get(&key) {
+        if f_print {
+            println!(
+                "{:<35} {:>8} {:>10} {:>10} {:>10} {:>10}",
+                "IP Pair", "Samples", "Avg (ms)", "Min (ms)", "Max (ms)", "StdDev"
+            );
+            println!(
+                "{:<35} {:>8} {:>10.2} {:>10.2} {:>10.2} {:>10.2}",
+                key,
+                stat.count,
+                stat.average() * 1000.0,
+                stat.min * 1000.0,
+                stat.max * 1000.0,
+                stat.std_dev() * 1000.0
+            );
+            Ok(None)
+        } else {
+            let res = vec![
+                stat.count as f64,
+                stat.average() * 1000.0,
+                stat.min * 1000.0,
+                stat.max * 1000.0,
+                stat.std_dev() * 1000.0,
+            ];
+            Ok(Some(res))
+        }
+    } else {
+        Err("Address pair not found".into())
+    }
+}
+
+/// Trace a tcp connection with given pcap file.
+/// When f_print set to True, it'll print the connection and reture None,
+/// otherwise it'll print nothing and reture a HashMap.
+pub fn f_trace_tcp_conn(
+    mut cap: Capture<Offline>,
+    f_print: bool,
+) -> Option<HashMap<String, TcpFlow>> {
+    let mut connections = HashMap::new();
+
+    while let Ok(packet) = cap.next_packet() {
+        let header = packet.header;
+        let timestamp = header.ts.tv_sec as f64 + header.ts.tv_usec as f64 / 1_000_000.0;
+
+        if let Some(eth_frame) = EthernetPacket::new(packet.data) {
+            match eth_frame.get_ethertype() {
+                EtherTypes::Ipv4 => process_ipv4(eth_frame.payload(), timestamp, &mut connections),
+                EtherTypes::Ipv6 => process_ipv6(eth_frame.payload(), timestamp, &mut connections),
+                _ => (),
+            }
+        }
+    }
+
+    if f_print {
+        for (key, flow) in &connections {
+            print_connection(key, flow);
+        }
+        None
+    } else {
+        Some(connections)
+    }
+}
+
+fn process_ipv4(payload: &[u8], timestamp: f64, connections: &mut HashMap<String, TcpFlow>) {
+    if let Some(ipv4) = Ipv4Packet::new(payload) {
+        if let Some(tcp) = TcpPacket::new(ipv4.payload()) {
+            let src = format!("{}:{}", ipv4.get_source(), tcp.get_source());
+            let dst = format!("{}:{}", ipv4.get_destination(), tcp.get_destination());
+            process_tcp_packet(&src, &dst, timestamp, tcp, connections);
+        }
+    }
+}
+
+fn process_ipv6(payload: &[u8], timestamp: f64, connections: &mut HashMap<String, TcpFlow>) {
+    if let Some(ipv6) = Ipv6Packet::new(payload) {
+        if let Some(tcp) = TcpPacket::new(ipv6.payload()) {
+            let src = format!("[{}]:{}", ipv6.get_source(), tcp.get_source());
+            let dst = format!("[{}]:{}", ipv6.get_destination(), tcp.get_destination());
+            process_tcp_packet(&src, &dst, timestamp, tcp, connections);
+        }
+    }
+}
+
+fn process_tcp_packet(
+    src: &str,
+    dst: &str,
+    timestamp: f64,
+    tcp: TcpPacket,
+    connections: &mut HashMap<String, TcpFlow>,
+) {
+    let flags = parse_flags(tcp.get_flags());
+    let (conn_key, direction) = normalize_connection(src, dst);
+
+    let packet_info = TcpPacketInfo {
+        timestamp,
+        direction,
+        flags,
+        seq: tcp.get_sequence(),
+        ack: tcp.get_acknowledgement(),
+        payload_len: tcp.payload().len(),
+        window: tcp.get_window(),
+    };
+
+    let flow = connections
+        .entry(conn_key.clone())
+        .or_insert_with(|| TcpFlow {
+            packets: Vec::new(),
+            state: ConnectionState::Init,
+        });
+
+    flow.packets.push(packet_info);
+    update_connection_state(flow);
+}
+
+fn parse_flags(flags: u8) -> String {
+    let mut f = Vec::new();
+    if flags & 0x01 != 0 {
+        f.push("FIN");
+    }
+    if flags & 0x02 != 0 {
+        f.push("SYN");
+    }
+    if flags & 0x04 != 0 {
+        f.push("RST");
+    }
+    if flags & 0x08 != 0 {
+        f.push("PSH");
+    }
+    if flags & 0x10 != 0 {
+        f.push("ACK");
+    }
+    if flags & 0x20 != 0 {
+        f.push("URG");
+    }
+    if flags & 0x40 != 0 {
+        f.push("ECE");
+    }
+    if flags & 0x80 != 0 {
+        f.push("CWR");
+    }
+    f.join("|")
+}
+
+fn normalize_connection(a: &str, b: &str) -> (String, Direction) {
+    if a <= b {
+        (format!("{} <-> {}", a, b), Direction::ClientToServer)
+    } else {
+        (format!("{} <-> {}", b, a), Direction::ServerToClient)
+    }
+}
+
+fn update_connection_state(flow: &mut TcpFlow) {
+    let last_packet = flow.packets.last().unwrap();
+
+    flow.state = match (
+        &flow.state,
+        last_packet.flags.as_str(),
+        last_packet.direction.clone(),
+    ) {
+        (ConnectionState::Init, "SYN", Direction::ClientToServer) => ConnectionState::SynSent,
+        (ConnectionState::SynSent, "SYN|ACK", Direction::ServerToClient) => {
+            ConnectionState::SynReceived
+        }
+        (ConnectionState::SynReceived, "ACK", Direction::ClientToServer) => {
+            ConnectionState::Established
+        }
+        (ConnectionState::Established, "FIN", _) => ConnectionState::FinWait1,
+        (ConnectionState::FinWait1, "FIN|ACK", Direction::ServerToClient) => {
+            ConnectionState::Closing
+        }
+        (ConnectionState::Closing, "ACK", Direction::ClientToServer) => ConnectionState::Closed,
+        _ => flow.state.clone(),
+    };
+}
+
+pub fn print_connection(conn_key: &str, flow: &TcpFlow) {
+    println!("\nTCP Connection: {}", conn_key);
+    println!("State: {:?}", flow.state);
+    println!(
+        "{:<6} {:<12} {:<8} {:<10} {:<10} {:<10} {:<6}",
+        "No.", "Time", "Dir", "Flags", "Seq", "Ack", "Win"
+    );
+
+    for (i, pkt) in flow.packets.iter().enumerate() {
+        let dir = match pkt.direction {
+            Direction::ClientToServer => "-->",
+            Direction::ServerToClient => "<--",
+        };
+        println!(
+            "{:4} {:8.3} {:4} {:10} {:10} {:10} {:5} ({})",
+            i + 1,
+            pkt.timestamp,
+            dir,
+            pkt.flags,
+            pkt.seq,
+            pkt.ack,
+            pkt.window,
+            pkt.payload_len
+        );
+    }
+}
+
+/// Analyze network traffic and provide comprehensive statistics
+pub fn f_analyze_tcp_network(mut cap: Capture<Offline>) -> Result<NetworkStats, Box<dyn Error>> {
+    let mut estimator = RttEstimator::new();
+    let mut network_stats = NetworkStats::new();
+    let mut seq_tracker: HashMap<Quad, HashSet<u32>> = HashMap::new();
+    let mut ack_tracker: HashMap<Quad, u32> = HashMap::new();
+    let mut dup_ack_counts: HashMap<Quad, u32> = HashMap::new();
+
+    while let Ok(packet) = cap.next_packet() {
+        let ts = packet.header.ts.tv_sec as f64 + packet.header.ts.tv_usec as f64 / 1_000_000.0;
+
+        if let Some(eth) = EthernetPacket::new(packet.data) {
+            match eth.get_ethertype() {
+                EtherTypes::Ipv4 => {
+                    if let Some(ipv4) = Ipv4Packet::new(eth.payload()) {
+                        if let Some(tcp) = TcpPacket::new(ipv4.payload()) {
+                            let src_ip = ipv4.get_source().to_string();
+                            let dst_ip = ipv4.get_destination().to_string();
+                            let quad = (
+                                src_ip.clone(),
+                                tcp.get_source(),
+                                dst_ip.clone(),
+                                tcp.get_destination(),
+                            );
+
+                            // Detect retransmissions
+                            let seq = tcp.get_sequence();
+                            let quad_key = quad.clone();
+                            let seen_set = seq_tracker
+                                .entry(quad_key.clone())
+                                .or_insert(HashSet::new());
+
+                            if seen_set.contains(&seq) {
+                                network_stats.record_retrans();
+
+                                // Detect fast retransmissions (triggered by 3 duplicate ACKs)
+                                let rev_quad = (quad.2.clone(), quad.3, quad.0.clone(), quad.1);
+
+                                if let Some(count) = dup_ack_counts.get(&rev_quad) {
+                                    if *count >= 3 {
+                                        network_stats.record_fast_retrans();
+                                    }
+                                }
+                            } else {
+                                seen_set.insert(seq);
+                            }
+
+                            // Detect duplicate ACKs
+                            if tcp.get_flags() & 0x10 != 0 {
+                                // ACK flag set
+                                let ack_num = tcp.get_acknowledgement();
+                                let rev_quad = (quad.2.clone(), quad.3, quad.0.clone(), quad.1);
+
+                                if let Some(last_ack) = ack_tracker.get(&rev_quad) {
+                                    if *last_ack == ack_num {
+                                        network_stats.record_dup_ack();
+
+                                        // Track consecutive duplicate ACKs
+                                        let count =
+                                            dup_ack_counts.entry(rev_quad.clone()).or_insert(0);
+                                        *count += 1;
+                                    } else {
+                                        // Reset duplicate counter when new ACK arrives
+                                        dup_ack_counts.insert(rev_quad.clone(), 0);
+                                    }
+                                }
+                                ack_tracker.insert(rev_quad, ack_num);
+                            }
+
+                            // Detect lost segments (using RST as heuristic)
+                            if tcp.get_flags() & 0x04 != 0 {
+                                // RST flag
+                                network_stats.record_lost_segment();
+                            }
+                        }
+                    }
+                    estimator.process_ipv4(eth.payload(), ts, &mut network_stats);
+                }
+                EtherTypes::Ipv6 => {
+                    if let Some(ipv6) = Ipv6Packet::new(eth.payload()) {
+                        if let Some(tcp) = TcpPacket::new(ipv6.payload()) {
+                            let src_ip = format!("[{}]", ipv6.get_source());
+                            let dst_ip = format!("[{}]", ipv6.get_destination());
+                            let quad = (
+                                src_ip.clone(),
+                                tcp.get_source(),
+                                dst_ip.clone(),
+                                tcp.get_destination(),
+                            );
+
+                            // Detect retransmissions
+                            let seq = tcp.get_sequence();
+                            let quad_key = quad.clone();
+                            let seen_set = seq_tracker
+                                .entry(quad_key.clone())
+                                .or_insert(HashSet::new());
+
+                            if seen_set.contains(&seq) {
+                                network_stats.record_retrans();
+
+                                // Detect fast retransmissions
+                                let rev_quad = (quad.2.clone(), quad.3, quad.0.clone(), quad.1);
+
+                                if let Some(count) = dup_ack_counts.get(&rev_quad) {
+                                    if *count >= 3 {
+                                        network_stats.record_fast_retrans();
+                                    }
+                                }
+                            } else {
+                                seen_set.insert(seq);
+                            }
+
+                            // Detect duplicate ACKs
+                            if tcp.get_flags() & 0x10 != 0 {
+                                // ACK flag set
+                                let ack_num = tcp.get_acknowledgement();
+                                let rev_quad = (quad.2.clone(), quad.3, quad.0.clone(), quad.1);
+
+                                if let Some(last_ack) = ack_tracker.get(&rev_quad) {
+                                    if *last_ack == ack_num {
+                                        network_stats.record_dup_ack();
+
+                                        // Track consecutive duplicate ACKs
+                                        let count =
+                                            dup_ack_counts.entry(rev_quad.clone()).or_insert(0);
+                                        *count += 1;
+                                    } else {
+                                        // Reset duplicate counter
+                                        dup_ack_counts.insert(rev_quad.clone(), 0);
+                                    }
+                                }
+                                ack_tracker.insert(rev_quad, ack_num);
+                            }
+
+                            // Detect lost segments
+                            if tcp.get_flags() & 0x04 != 0 {
+                                // RST flag
+                                network_stats.record_lost_segment();
+                            }
+                        }
+                    }
+                    estimator.process_ipv6(eth.payload(), ts, &mut network_stats);
+                }
+                _ => (),
+            }
+        }
+    }
+
+    Ok(network_stats)
+}

src/main.rs

@@ -0,0 +1,3 @@
+fn main() {
+    println!("Hello, world!");
+}

traffic/kaggle/attacker_machine_summary.csv

@@ -0,0 +1,75 @@
+attack,startStamp,endStamp,startTime,endTime,attackerMAC,attackerIP,description
+port-scan,1663323340.037197,1663323357.237416,2022-09-16 12:15:40.037197,2022-09-16 12:15:57.237416,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+ip-scan,1663323387.256531,1663323392.238291,2022-09-16 12:16:27.256531,2022-09-16 12:16:32.238291,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+mitm,1663323422.26987,1663323460.084713,2022-09-16 12:17:02.269870,2022-09-16 12:17:40.084713,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+port-scan,1663323490.117125,1663323507.658349,2022-09-16 12:18:10.117125,2022-09-16 12:18:27.658349,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+mitm,1663323537.688795,1663323575.245281,2022-09-16 12:18:57.688795,2022-09-16 12:19:35.245281,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+ip-scan,1663323605.261597,1663323609.653921,2022-09-16 12:20:05.261597,2022-09-16 12:20:09.653921,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+port-scan,1663323639.682191,1663323658.148022,2022-09-16 12:20:39.682191,2022-09-16 12:20:58.148022,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+ip-scan,1663323688.162703,1663323691.924437,2022-09-16 12:21:28.162703,2022-09-16 12:21:31.924437,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+replay,1663323721.956062,1663323788.628023,2022-09-16 12:22:01.956062,2022-09-16 12:23:08.628023,02:42:c0:a8:00:29,192.168.0.41,replay-scapy
+port-scan,1663323818.664018,1663323834.054557,2022-09-16 12:23:38.664018,2022-09-16 12:23:54.054557,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+mitm,1663323864.077909,1663323901.170764,2022-09-16 12:24:24.077909,2022-09-16 12:25:01.170764,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+replay,1663323931.20369,1663323997.725604,2022-09-16 12:25:31.203690,2022-09-16 12:26:37.725604,02:42:c0:a8:00:29,192.168.0.41,replay-scapy
+ip-scan,1663324027.749945,1663324031.726382,2022-09-16 12:27:07.749945,2022-09-16 12:27:11.726382,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+ip-scan,1663324061.754457,1663324065.854494,2022-09-16 12:27:41.754457,2022-09-16 12:27:45.854494,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+port-scan,1663324095.88335,1663324111.480555,2022-09-16 12:28:15.883350,2022-09-16 12:28:31.480555,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+ip-scan,1663324141.510523,1663324145.862148,2022-09-16 12:29:01.510523,2022-09-16 12:29:05.862148,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+ip-scan,1663324175.876822,1663324180.079462,2022-09-16 12:29:35.876822,2022-09-16 12:29:40.079462,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+ip-scan,1663324210.097367,1663324214.588024,2022-09-16 12:30:10.097367,2022-09-16 12:30:14.588024,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+mitm,1663324244.623348,1663324281.459447,2022-09-16 12:30:44.623348,2022-09-16 12:31:21.459447,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+ip-scan,1663324311.489755,1663324315.702803,2022-09-16 12:31:51.489755,2022-09-16 12:31:55.702803,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+ip-scan,1663324345.736131,1663324349.694858,2022-09-16 12:32:25.736131,2022-09-16 12:32:29.694858,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+replay,1663324379.72999,1663324446.76358,2022-09-16 12:32:59.729990,2022-09-16 12:34:06.763580,02:42:c0:a8:00:29,192.168.0.41,replay-scapy
+ddos,1663324481.797273,1663324543.422627,2022-09-16 12:34:41.797273,2022-09-16 12:35:43.422627,02:42:c0:a8:00:29,192.168.0.41,ddos
+ip-scan,1663324573.45661,1663324578.081705,2022-09-16 12:36:13.456610,2022-09-16 12:36:18.081705,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+mitm,1663324608.102702,1663324645.571148,2022-09-16 12:36:48.102702,2022-09-16 12:37:25.571148,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+replay,1663324675.60743,1663324743.089952,2022-09-16 12:37:55.607430,2022-09-16 12:39:03.089952,02:42:c0:a8:00:29,192.168.0.41,replay-scapy
+port-scan,1663324773.121386,1663324788.063005,2022-09-16 12:39:33.121386,2022-09-16 12:39:48.063005,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+port-scan,1663324818.088043,1663324834.276518,2022-09-16 12:40:18.088043,2022-09-16 12:40:34.276518,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+port-scan,1663324864.309232,1663324879.436226,2022-09-16 12:41:04.309232,2022-09-16 12:41:19.436226,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+port-scan,1663324909.461373,1663324925.89928,2022-09-16 12:41:49.461373,2022-09-16 12:42:05.899280,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+replay,1663324955.931092,1663325023.627465,2022-09-16 12:42:35.931092,2022-09-16 12:43:43.627465,02:42:c0:a8:00:29,192.168.0.41,replay-scapy
+ip-scan,1663325053.663163,1663325058.037643,2022-09-16 12:44:13.663163,2022-09-16 12:44:18.037643,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+port-scan,1663325088.071256,1663325104.166713,2022-09-16 12:44:48.071256,2022-09-16 12:45:04.166713,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+mitm,1663325134.200121,1663325170.851311,2022-09-16 12:45:34.200121,2022-09-16 12:46:10.851311,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+ip-scan,1663325200.869612,1663325204.674767,2022-09-16 12:46:40.869612,2022-09-16 12:46:44.674767,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+port-scan,1663325234.703106,1663325249.294216,2022-09-16 12:47:14.703106,2022-09-16 12:47:29.294216,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+ip-scan,1663325279.325353,1663325283.441031,2022-09-16 12:47:59.325353,2022-09-16 12:48:03.441031,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+replay,1663325313.473362,1663325380.967199,2022-09-16 12:48:33.473362,2022-09-16 12:49:40.967199,02:42:c0:a8:00:29,192.168.0.41,replay-scapy
+mitm,1663325410.982325,1663325448.257283,2022-09-16 12:50:10.982325,2022-09-16 12:50:48.257283,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+ddos,1663325483.293036,1663325544.115677,2022-09-16 12:51:23.293036,2022-09-16 12:52:24.115677,02:42:c0:a8:00:29,192.168.0.41,ddos
+mitm,1663325574.154651,1663325611.31379,2022-09-16 12:52:54.154651,2022-09-16 12:53:31.313790,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+port-scan,1663325641.347372,1663325657.38667,2022-09-16 12:54:01.347372,2022-09-16 12:54:17.386670,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+ip-scan,1663325687.425491,1663325691.448518,2022-09-16 12:54:47.425491,2022-09-16 12:54:51.448518,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+mitm,1663325721.481164,1663325758.422321,2022-09-16 12:55:21.481164,2022-09-16 12:55:58.422321,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+mitm,1663325788.4539,1663325825.207777,2022-09-16 12:56:28.453900,2022-09-16 12:57:05.207777,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+ddos,1663325860.23789,1663325919.448899,2022-09-16 12:57:40.237890,2022-09-16 12:58:39.448899,02:42:c0:a8:00:29,192.168.0.41,ddos
+ip-scan,1663325949.478008,1663325953.298735,2022-09-16 12:59:09.478008,2022-09-16 12:59:13.298735,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+replay,1663325983.331182,1663326049.883553,2022-09-16 12:59:43.331182,2022-09-16 13:00:49.883553,02:42:c0:a8:00:29,192.168.0.41,replay-scapy
+ip-scan,1663326079.91708,1663326084.147224,2022-09-16 13:01:19.917080,2022-09-16 13:01:24.147224,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+mitm,1663326114.179078,1663326150.915196,2022-09-16 13:01:54.179078,2022-09-16 13:02:30.915196,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+ddos,1663326185.950452,1663326244.61297,2022-09-16 13:03:05.950452,2022-09-16 13:04:04.612970,02:42:c0:a8:00:29,192.168.0.41,ddos
+port-scan,1663326274.645374,1663326289.082632,2022-09-16 13:04:34.645374,2022-09-16 13:04:49.082632,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+ddos,1663326324.101532,1663326385.16259,2022-09-16 13:05:24.101532,2022-09-16 13:06:25.162590,02:42:c0:a8:00:29,192.168.0.41,ddos
+ip-scan,1663326415.173679,1663326419.266583,2022-09-16 13:06:55.173679,2022-09-16 13:06:59.266583,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+ip-scan,1663326449.301227,1663326453.206467,2022-09-16 13:07:29.301227,2022-09-16 13:07:33.206467,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+ip-scan,1663326483.235563,1663326487.224567,2022-09-16 13:08:03.235563,2022-09-16 13:08:07.224567,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+ip-scan,1663326517.260435,1663326521.62575,2022-09-16 13:08:37.260435,2022-09-16 13:08:41.625750,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+port-scan,1663326551.645295,1663326569.418924,2022-09-16 13:09:11.645295,2022-09-16 13:09:29.418924,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+port-scan,1663326599.449394,1663326616.164342,2022-09-16 13:09:59.449394,2022-09-16 13:10:16.164342,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+replay,1663326646.167486,1663326714.065312,2022-09-16 13:10:46.167486,2022-09-16 13:11:54.065312,02:42:c0:a8:00:29,192.168.0.41,replay-scapy
+ddos,1663326749.097969,1663326810.857478,2022-09-16 13:12:29.097969,2022-09-16 13:13:30.857478,02:42:c0:a8:00:29,192.168.0.41,ddos
+mitm,1663326840.868831,1663326878.858058,2022-09-16 13:14:00.868831,2022-09-16 13:14:38.858058,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+mitm,1663326908.880814,1663326945.907028,2022-09-16 13:15:08.880814,2022-09-16 13:15:45.907028,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+ddos,1663326980.941835,1663327042.68097,2022-09-16 13:16:20.941835,2022-09-16 13:17:22.680970,02:42:c0:a8:00:29,192.168.0.41,ddos
+port-scan,1663327072.721641,1663327089.578817,2022-09-16 13:17:52.721641,2022-09-16 13:18:09.578817,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+ddos,1663327124.609621,1663327186.625437,2022-09-16 13:18:44.609621,2022-09-16 13:19:46.625437,02:42:c0:a8:00:29,192.168.0.41,ddos
+ip-scan,1663327216.66865,1663327221.029595,2022-09-16 13:20:16.668650,2022-09-16 13:20:21.029595,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+mitm,1663327251.071219,1663327288.258252,2022-09-16 13:20:51.071219,2022-09-16 13:21:28.258252,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+port-scan,1663327318.27895,1663327332.398867,2022-09-16 13:21:58.278950,2022-09-16 13:22:12.398867,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+ip-scan,1663327362.442066,1663327366.943252,2022-09-16 13:22:42.442066,2022-09-16 13:22:46.943252,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+port-scan,1663327396.975495,1663327412.083532,2022-09-16 13:23:16.975495,2022-09-16 13:23:32.083532,02:42:c0:a8:00:29,192.168.0.41,scan-nmap
+ip-scan,1663327442.101229,1663327446.342917,2022-09-16 13:24:02.101229,2022-09-16 13:24:06.342917,02:42:c0:a8:00:29,192.168.0.41,scan-scapy
+mitm,1663327476.358949,1663327513.877576,2022-09-16 13:24:36.358949,2022-09-16 13:25:13.877576,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy
+mitm,1663327543.888534,1663327581.195362,2022-09-16 13:25:43.888534,2022-09-16 13:26:21.195362,02:42:c0:a8:00:29,192.168.0.41,mitm-scapy

traffic/kaggle/attacker_summary.csv

@@ -0,0 +1 @@
+attack,startStamp,endStamp,startTime,endTime,attackerMAC,attackerIP,description