Hi,
Some time ago, I tried to write some python code in order to grab each unique IP from my traffic logs and trying to trace it so that We can find similar nodes which were used for the jumps.
This is also a good exercise in order to improve the basic dataframe information and a good baseline for some explorations.
I will put here the code so that it is available for me as reference and also maybe for you if you want to take pieces of it.
I know that it is not optimised, but you can modify it or maybe use a chatbot to improve it.
import pymongo
import scapy.all as scapy
myclient = pymongo.MongoClient("mongodb://localhost:27017/")
db = myclient["mydatabase"]
read_col = db["unique_ip"]
write_col = db["unique_ip_trace_tcp"]
lastid = 0
index_last_ip = write_col.find().sort([('_id', -1)]).limit(1)
for doc in index_last_ip:
doc['source_ip']
index_id = read_col.find({"payload":doc['source_ip']})
for elem in index_id:
lastid=elem['id']
print(lastid)
for i in range(lastid, read_col.count_documents({})):
mydoc = read_col.find({ "id": i })
for x in mydoc:
try:
for element in x['payload']:
response = {}
ans, unans = scapy.traceroute(element)
response['source_ip'] = element
payload = {}
for sdr,rcv in ans:
payload[str(sdr.ttl)]= rcv.src
response['payload'] = payload
write_col.insert_one(response)
except Exception as e:
print(e)
continueThat would be all.
Cheers!