如何获取在不到给定时间内发送超过 X 个数据包的 IP
本文关键字:IP 数据包 定时间 获取 何获取 | 更新日期: 2023-09-27 18:35:36
我有一个C#程序,可以检测任何给定以太网设备上传入的TCP/IP数据包。每个数据包都按以下结构处理:
struct Packet{
String sourceIp;
DateTime arrivalDate;
}
如果我有一个每个传入数据包的列表(列表),如何在不到 Y 秒(比如 1 秒)内获取那些超过 X 个数据包的 IP?
我不知道如何处理这个问题,任何帮助/提示将不胜感激。
使用 Linq,它将是这样的:
List<Packet> allPackets =
new List<Packet>
{
new Packet {arrivalDate = DateTime.Parse("2000-01-01 0:00:00"), sourceIp = "a"},
new Packet {arrivalDate = DateTime.Parse("2000-01-01 0:00:01"), sourceIp = "a"},
new Packet {arrivalDate = DateTime.Parse("2000-01-01 0:00:01"), sourceIp = "a"},
new Packet {arrivalDate = DateTime.Parse("2000-01-01 0:01:00"), sourceIp = "a"},
new Packet {arrivalDate = DateTime.Parse("2000-01-01 0:00:00"), sourceIp = "b"},
new Packet {arrivalDate = DateTime.Parse("2000-01-01 0:01:00"), sourceIp = "b"},
new Packet {arrivalDate = DateTime.Parse("2000-01-01 0:02:00"), sourceIp = "b"},
new Packet {arrivalDate = DateTime.Parse("2000-01-01 0:03:00"), sourceIp = "b"},
};
var xPackets = 2;
var interval = TimeSpan.FromSeconds(15);
// We group all the packets by ip, then within that, order the packets by date.
var ips =
allPackets
.GroupBy(
p => p.sourceIp,
(ip, packets) => new
{
ip,
packets = packets.OrderBy(p => p.arrivalDate).ToList()
})
.ToList();
// Build a list of IPs with at least x packets in y interval.
var rapidIps = new List<string>();
foreach (var ipPacket in ips)
{
for (int i = 0, j = xPackets; j < ipPacket.packets.Count; i++, j++)
{
if (ipPacket.packets[i].arrivalDate + interval >= ipPacket.packets[j].arrivalDate)
{
rapidIps.Add((ipPacket.ip));
break;
}
}
}
最后,rapidIps包含[a]。