Store and lookup IP Packet header fields in Python

211 views Asked by At

I want to create a simple table (using python) in which I can store/search IP packet header fields i.e.,

source IP, Destination IP, Source Port, Destination port, count

I want to achieve the following when I get new packet header fields:

Lookup in the table to see if a packet with these fields is already added, if true then update the count.

If the packet is not already present in the table create a new entry and so on.

Through my search so far I have two options:

  1. Create a list of dictionaries, with each dictionary having the five fields mentioned above. (Python list of dictionaries search)

  2. Use SQLite.

I want to ask what is an optimal approach (or best option) for creating an packet/flow lookup table. The expected size of table is 100-500 entries.

1

There are 1 answers

0
bioinfoboy On BEST ANSWER

You could use defaultdict(list) from collections to store your data. I assume you would want to search based on the source IP so you would keep the source IP as key.

from collections import defaultdict
testDictionary = defaultdict(list)
testDictionary["192.168.0.1"] = ["10.10.10.1", 22, 8080, 0]
if testDictionary[sourceIP]:
    testDictionary[sourceIP][-1] += 1

Since you are saying that you only have a table with 100-500 entries, you could search for destination IPs also using

for sourceIP, otherHeader in testDictionary.items():
    if otherHeader[0] == destinationIP:
        testDictionary[sourceIP][-1] += 1

I do not know whether both the source IP and the destination IP would be unique in all the cases. For that, you can decided what to choose. The advantage of defaultdict(list) is that you can append things also without overwriting the previous values.

for sourceIP, otherHeader in testDictionary.items():
    if otherHeader[0] != destinationIP:
        testDictionary[sourceIP].append(["10.10.10.2", 22, 8080, 1])
    else:
        testDictionary[sourceIP][-1] += 1

I am not sure this is exactly what you are looking for but I have tried to understand your data type according to description.

Hope that helps.