gCS SSKrSSKrSSKrSSKrSSKrSSKrSSKrSSKJrJ r SSK J r J r J r Jr SSKJr SSKJr SSKJr SSKrSSKJr SSKJr SS KJrJrJr SS KJr SS KJr SS KJ r SS KJ!r! SSK"J#r# SSK$r$SSK%J&r&J'r'J(r( SSK)J*r* SSK+J,r,J-r-J.r.J/r/ SSK0J1r1 SSK2J3r3 SSK2J4r4 SSK5J6r6 SSK7J8r8 SSK9r9Sr:Sr;SrSSSSSSSSS.r?1Skr@SrAS\A- rBSrCSrD\8"\ES 9rFS!rGS"rHS#rI"S$S%\J5rK"S&S'\L5rMS(rNS)rO"S*S+\L5rP"S,S-\L5rQ"S.S/\L5rR"S0S1\R5rSGSS2jrTS3rUS4rVS5rW"S6S7\L5rXGSS8jrY0S9S:_S;S<_S=S<_S>S<_S?S<_S@S<_SAS:_SBS<_SCS<_SDS<_SES<_SFS<_SGS:_SHS:_SIS<_SJS:_rZ0SKSL_SMSN_SOSP_SQSR_SSST_SUSV_SWSX_SYSZ_S[S\_S]S^_S_S`_SaSb_ScSd_SeSf_SgSh_SiSj_SkSl_0SmSn_SoSp_SqSr_SsSt_SuSv_SwSx_SySz_S{S|_S}S~_SS_SS_SS_SS_SSX_SS_SSZ_SS_E0SS_SS_SS_SS_SS_SS_SS_SSl_SSn_SS_SS_SS_SS_SS_SS_SS_SS_E0SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_E0SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_SS_ESSSSSSSSS.Er[Sr\Sr]GSSjr^GSSjr_GSSjr`SraSrbGSrc\"GSGS5rdGSreGSGSjrfGSrgGSrhGSriGSGSjrjGS rkGSGS jrlGSGS jrmGS rnGS roGSrpGSGSjrq"GSGS\L5rrGSrsGSrtGSruGSrvGSrwGSrxg(N)ECHILDESRCH) OrderedDictCounter defaultdict namedtuple)query)traffic_packets)SamDB)LdbError)ClientConnection)securitydrsuapilsa)netlogon)netr_Authenticator)srvsvc)samr) drs_DsBind) CredentialsDONT_USE_KERBEROSMUST_USE_KERBEROS)system_session)UF_NORMAL_ACCOUNTUF_SERVER_TRUST_ACCOUNTUF_TRUSTED_FOR_DELEGATIONUF_WORKSTATION_TRUST_ACCOUNT) SEC_CHAN_BDC)gensec)sd_utils) get_string)get_samba_loggerga2U0*3?-?) dns0smb0x72ldapr(r-3r-2cldapr/dcerpc11r514nbnsr()r'1r-r<r-4r-5r3rAr512r513r515>r*smb2browser smb_netlogong$@)i)namecU[::aEU(d[U[RS9 g[U[ U5-[RS9 gg)a}Print a formatted debug message to standard error. :param level: The debug level, message will be printed if it is <= the currently set debug level. The debug level can be set with the -d option. :param msg: The message to be logged, can contain C-Style format specifiers :param args: The parameters required by the format specifiers fileN) DEBUG_LEVELprintsysstderrtuple)levelmsgargss 7/usr/lib/python3/dist-packages/samba/emulate/traffic.pydebugrZes9  #CJJ ' #d ##** 5 c4[R"SS9n[SUSS<SUSS<S3S[RS9 UHn[U[RS 9 M [[RS 9 [RR 5 g ) zKPrint an unformatted log message to stderr, containing the line number r#)limit rz :z )endrPrON) traceback extract_stackrRrSrTflush)rXtbas rY debug_linenorfwsv  q )B !!uQxAq 39<zz acjj! szzJJr[cn^U(a)SnUHnUS- nX-nUS-nM SSU--mU4SjnU$SnU$)zReturn a function that prints a coloured line to stderr. The colour of the line depends on a sort of hash of the integer arguments.z [38;5;%dmcl>[S:a)UH"n[T<U<S3[RS9 M$ gg)NrzrOrQrRrSrT)rXreprefixs rYprandom_colour_print..ps,QAFA6SZZHr[c\[S:a"UHn[U[RS9 M gg)NrrOrl)rXres rYrnros&QA!#**-r[)seedssxrnrms @rYrandom_colour_printrusY A GA FA HA!BF+ I H  . Hr[c\rSrSrSrg)FakePacketErrorrqN)__name__ __module__ __qualname____firstlineno____static_attributes__rqr[rYrwrwsr[rwcp\rSrSrSrSrSr\S5rSSjr Sr Sr S r S r S rS rS rSSjrSrg)PacketzDetails of a network packet timestamp ip_protocol stream_numbersrcdestprotocolopcodedescextra endpointsc XlX lX0lX@lXPlX`lXplXlXlURUR:aURUR4Ul gURUR4Ul gNr) selfrrrrrrrrrs rY__init__Packet.__init__si"&*     88dii "hh 2DN"ii2DNr[c URS5RS5nUSSunnnnnnn n USSn [U5n[U5n[U5nU"X4XVUXX5 $)N  )rstripsplitfloatint) clslinefieldsrrrrrrrrrs rY from_linePacket.from_linesT"((.      qr )$ #h4y9=tT2 2r[c SRUR5nURU-nUSUURUR=(d SUR UR URURURU4 -4$)z5Format the packet as a traffic_summary line. rz%f %s %s %d %d %s %s %s %s) joinrrrrrrrrr)r time_offsetrts rY as_summaryPacket.as_summarys~ $**% NN[ (7!!##)r   r[c :SURURURUR=(d SURUR UR URUR(a$SSRUR5-S-4 -$S4 -$)Nz:%.3f: %d -> %d; ip %s; strm %s; prot %s; op %s; desc %s %sr$«r^»r) rrrrrrrrrrrs rY__str__Packet.__str__sL499d6F6F6M###T]]DKK8< $$**--4MM NIKMM Nr[c SU-$)Nz rqrs rY__repr__Packet.__repr__s $$r[c URURURURURUR UR URURUR5 $r) __class__rrrrrrrrrrs rYcopy Packet.copysU~~dnn".."00"hh"ii"mm"kk"ii"jj* *r[c@UR<SUR<3nU$)N:rr)rrs rYas_packet_typePacket.as_packet_types}}dkk 2r[cURUR4nU[;a [U$U[;a [U*$g)zA positive number means we think it is a client; a negative number means we think it is a server. Zero means no idea. range: -1 to 1. )rr CLIENT_CLUES SERVER_CLUES)rkeys rY client_scorePacket.client_scoresB}}dkk* , $ $ ,  %% %r[c SUR<SUR<3n[[U5nURS:wa[SSUR <S U<35 [R"5nU"XU5(aJ[R"5nXv- n[ S XqR URURU4-5 gg![a4n[ SUR <SU<3[RS9 SnAgSnAff=f![aSn[R"5nXv- n[ S XqR URURX4-5 SnAgSnAff=f) zSend the packet over the network, if required. Some packets are ignored, i.e. for protocols not handled, server response messages, or messages that are generated by the protocol layer associated with other packets. packet__z Conversation(z) Missing handler rONkerberosr#z) Calling handler z%f %s %s %s %f True z%f %s %s %s %f False %s) rrgetattrr AttributeErrorrRconversation_idrSrTrZtime Exception) r conversationcontextfn_namefnestartr`durations rYplay Packet.plays?%)MM4;;? '2B ==J & !"22G= >  .$g..iik;288$--{{H../ /  //:zz #   , .))+C{H 144dmm;;-- . . .s1C 4AD D *DD  E+A E&&E+c4URUR- $rrrothers rY__cmp__Packet.__cmp__+s~~//r[NcB[URUR5$r)is_a_real_packetrr)rmissing_packet_statss rYis_really_a_packetPacket.is_really_a_packet.s t{{;;r[) rrrrrrrrrr)rr)ryrzr{r|__doc__ __slots__r classmethodrrrrrrrrrrr}rqr[rYrrsT% I3 22& N % * &.P0"(-(-"(-!(-(-(-(-(-(;  ((*r[cr[5n[SUR-UURURS9nUR UR 5[RS/S/S9n0nS/0nUHn[UR5nSRSURS555R5nURU/5n U RU5 UR!S 5(dMUSRU5 M [#UR%55Hun U S SS :waMU SS n U S SS :XaU SS n U S SS :XaM['S 5H:n U S - n X:wa'X;a"[)S U <SU <3[*R,S9 M4XJXK'M< Mw X@lXPl0UlUR UR 5[RS/SS9nSRSU55n SR5U 5UR2S'SnSH%nUSR5XR 55- nM' SR5U5UR2S'SUR2S'UR S[R6S/S9nSR5USS5UR2S'g) N ldap://%s)url session_info credentialsrzpaged_results:1:1000dn)scopecontrolsattrs invocationId,c3F# UHoR5SSv M g7f)Nr#)lstrip.0rts rY .sE}!xxz"1~}s!zCN=NTDS Settings,rLz,DCzdn_map collision r^rOz"(objectclass=groupPolicyContainer))rr expressionrc3J# UHnSRUS5v M g7f)z(distinguishedName={0})r N)format)rrWs rYrrs%XTWS6==c$iHHTWs!#z(|{0})gPCFileSysPath)zDomain Controllers,ztraffic_replay,rz(distinguishedName={0}{1})gpLinkz'(objectCategory=pKICertificateTemplate)pKIExtendedKeyUsagehighestCommittedUSN)rrz(usnChanged>={0})r usnChanged)rr rrrsearch domain_dnldb SCOPE_SUBTREEstrr rrupper setdefaultappend startswithlistkeysrangerRrSrTdn_mapattribute_clue_mapsearch_filtersr SCOPE_BASE)rsessiondbresr.r/rr patternr'krni gpos_by_dnou_strrs rYr)ReplayContext.generate_ldap_search_tabless " {T[[0 '#zzgg ii !//"8!9#f& B AQTTBhhErxx}EEKKMG##GR0C JJrN}}011">299"= fkkm$Av#2ABC&E/crFBC&E/1XU 6aka;"zz+"I  % "4 !ii c.?.?v#GIWWXTWXX 19 0K,-@B 299"llnM MFA(0(?H% 6 12 ii#..9N8OiP  & &s1v.C'D E L)r[cURR5HnXA;dM URUs $ US:Xa=[R"5UR-n[ UR U5nSU-$g)NzDC,DCz((&(sAMAccountName=%s)(objectClass=user))z(objectClass=*))r0r,randomr user_namer)rrdn_sigr rrandom_user_id account_names rYguess_search_filter!ReplayContext.guess_search_filtersu&&++-C|**3//. W #]]_t/G/GGN$T%5%5~FL= L L!r[c4/Ul/Ul/Ul/Ul/Ul/Ul/UlURUlURUlURUl URUl [URSUR-5UlURR!SUR5 URR!SUR5 URR!SUR5 URR!SS5 SUlSUR<S UR$<3UlSUR<S UR$<3UlUR+5 UR-5 g) Nzconversation-%dz private dirzlock dirzstate directoryztls verify peerno_checkz/root/ncalrpc_as_systemcn=r)ldap_connectionsdcerpc_connectionslsarpc_connectionslsarpc_connections_nameddrsuapi_connectionssrvsvc_connections samr_contexts netbios_name machinepassusernameuserpass mk_masked_dirrrrrset remoteAddressr samlogon_dnuser_dngenerate_machine_credsgenerate_user_creds)raccountrs rYgenerate_process_local_config+ReplayContext.generate_process_local_configsB(*(*(*(*%(* (*(*(/(<(<(/(;(;(/(8(8 (/(8(8 $T%8%8%6%1%A%A&BC   M4<<0  J -  %t||4  %z26#00$''; $}}dgg7  ##%   "r[cU(dBUR(a/[R"5UR:a U"U5 SnOSnU"U5nXT4$![a Nf=f)aExecute the supplied logon function, randomly choosing the bad credentials. Based on the frequency in badpassword_frequency randomly perform the function with the supplied bad credentials. If run with bad credentials, the function is re-run with the good credentials. failed_last_time is used to prevent consecutive bad credential attempts. So the over all bad credential frequency will be lower than that requested, but not significantly. TF)rr=r)rfgoodbadfailed_last_timeresults rYwith_random_bad_credentials)ReplayContext.with_random_bad_credentialssf ** $"<"<<cF $( #( 4))!sA A"!A"c>[5UlURRUR5 URR UR 5 URR UR5 URRUR5 URRUR5 URRUR5 [5UlURRUR5 URR UR 5 URR URSS5 URRUR5 URRUR5 [5UlURRUR5 URR UR 5 URR UR5 URRUR5 URR!URR#5[$R&-5 URRUR5 URR)UR*5 [5UlUR,RUR5 UR,R UR 5 UR,R URSS5 UR,RUR5 UR,R!UR,R#5[$R&-5 UR,RUR5 UR,R)UR*5 g)aGenerate the conversation specific user Credentials. Each Conversation has an associated user account used to simulate any non Administrative user traffic. Generates user credentials with good and bad passwords and ldap simple bind credentials with good and bad passwords. N)r user_credsguessrset_workstationrN set_passwordrQ set_usernamerP set_domainrset_kerberos_stateruser_creds_badsimple_bind_credsset_gensec_featuresget_gensec_featuresr FEATURE_SEAL set_bind_dnrVsimple_bind_creds_badrs rYrX!ReplayContext.generate_user_creds1s&- dgg& ''(9(9: $$T]]3 $$T]]3 ""4;;/ **4+>+>?)m !!$''* ++D,=,=> ((s);< ((7 ..t/B/BC"- $$TWW- ..t/@/@A ++DMM: ++DMM: 22  " " 6 6 86;N;N N P 11$2E2EF **4<<8%0]" ""((1 ""2243D3DE ""// cr0BC ""// > ""66  & & : : <     ! ""55d6I6IJ ""..t||[R"STR-TRU5$Nz ncacn_np:%s)rrrrrs rYconnect4ReplayContext.get_srvsvc_connection..connects)==$++!>!%!&( (r[)rLrbrfrmrr)rrrrs` rYget_srvsvc_connection#ReplayContext.get_srvsvc_connectionsw  " "3**2. . (  , ,W-1__-1-@-@-1-A-A C "D &&q)r[c ^TR(aU(dTRS$U4SjnTRUTRTRTR5unTlTRR U5 U$)Nrcr>Sn[R"STR<SU<S3TRU5$)Nzschannel,seal,sign ncacn_ip_tcp:[]rlsarpcrr)rbinding_optionsrs rYr4ReplayContext.get_lsarpc_connection..connects12O::#{{O="gg#% %r[)rIrbrwryrr)rs` rYget_lsarpc_connection#ReplayContext.get_lsarpc_connectionsy  " "3**2. . %  , ,W-1-?-?-1-C-C-1-A-A C "D &&q)r[c ^TR(aU(dTRS$U4SjnTRUTRTRTR5unTlTRR U5 U$)Nrcb>[R"STR-TRU5$rrrs rYr?ReplayContext.get_lsarpc_named_pipe_connection..connects)::mt{{;"gg#% %r[)rJrbrwryrr)rs` rY get_lsarpc_named_pipe_connection.ReplayContext.get_lsarpc_named_pipe_connectionsy  ( (004 4 %  , ,W-1-?-?-1-C-C-1-G-G I (D & %%,,Q/r[c0^TR(aU(dTRSnU$U4SjnTRUTRTRTR5unTl[ U5upgXV4nTRR U5 U$)zget a (drs, drs_handle) tuplercv>SnSTR<SU<S3n[R"UTRU5$)Nsealrrr)rrr)rrbinding_stringrs rYr:ReplayContext.get_drsuapi_connection_pair..connects/$O"kk?477EB Br[)rKrbrfrmrrr))rrunbindrrdrs drs_handlesupported_extensionss` rYget_drsuapi_connection_pair)ReplayContext.get_drsuapi_connection_pairs  # #C((,AH C  , ,W-1__-1-@-@-1-B-B D %d# .8_*     ''*r[c^TR(aU(dTRS$U4SjnU4SjnU(a;TRUTRTRTR5unTlO:TRUTR TR TR5unTlTRRU5 U$)NrcH>[STR-UTRS9$)z To run simple bind against Windows, we need to run following commands in PowerShell: Install-windowsfeature ADCS-Cert-Authority Install-AdcsCertificationAuthority -CAType EnterpriseRootCA Restart-Computer z ldaps://%sr rr rrrs rY simple_bind6ReplayContext.get_ldap_connection..simple_binds' 3%* GG% %r[cH>[STR-UTRS9$)Nr rrrs rY sasl_bind4ReplayContext.get_ldap_connection..sasl_binds%t{{2%* GG% %r[) rGrbrnrsrrfrmrr))rrsimplerrsamdbs` rYget_ldap_connection!ReplayContext.get_ldap_connections  ((, , % % 00151G1G151K1K151J1JL /UD-0015151D1D151C1CE (UD& $$U+ r[cUR(aU(aBURR[URURUR S95 URS$)N)rrr)rMr) SamrContextrrr)rrs rYget_samr_contextReplayContext.get_samr_context sK!!S    % %DKKDGG4::F H!!"%%r[c^TR(a TR$U4SjnTRUTRTRTR5unTlUTlU$)Ncb>[R"STR-TRU5$)Nzncacn_ip_tcp:%s[schannel,seal])rrrrs rYr6ReplayContext.get_netlogon_connection..connects/$$%E&*kk&3%)WW%*, ,r[)rrbrwryr)rrrs` rYget_netlogon_connection%ReplayContext.get_netlogon_connectionsf  # #++ + ,  , ,W-1-?-?-1-C-C-1-C-C E $D " $% r[cURS4$)NArrs rYguess_a_dns_lookup ReplayContext.guess_a_dns_lookup$s C  r[cURR5n[5n[US5URlUSUl[5nX#4$)N credentialr)rwnew_client_authenticatorrr+creddatar)rauthcurrent subsequents rYget_authenticatorReplayContext.get_authenticator'sR!!::<%' l!34  -') $$r[c [RRURU5n[ US5nUR 5HupE[ U<SU<3US9 M UR5 g)zWrite arbitrary key/value pairs to a file in our stats directory in order for them to be picked up later by another process working out statistics.wz: rON)ospathrropenitemsrRclose)rfilenamekwargsr]r7vs rY write_statsReplayContext.write_stats0sR77<< x8 3 LLNDA a#! ,#  r[)/r/rrrrHr.rrrKrrrrrrrrrrrrGrrIrJrwryrOrNrrrrTrUrMr0rrnrsrLrrrrfrmrVrPrQr)F)FF)ryrzr{r|rrenvironrrrrBrZrbrXrWrrrrrrrrrrrrr}rqr[rYrrZs%)'+!% x0 !*+XPFn!$#>*8,=\G2,$($.$L& $!%r[rc.\rSrSrSrSSjrSrSrSrg) ri;z5State/Context associated with a samr connection. NcSUlSUlSUlSUlSUlSUlSUlXlX lX0l gr) connectionhandle domain_handler group_handle user_handleridsrrr)rrrrs rYrSamrContext.__init__>sE!! !!!!! # " r[cUR(d<[R"SUR-URURS9UlUR$)Nzncacn_ip_tcp:%s[seal])lp_ctxr )rrrrrrs rYget_connectionSamrContext.get_connectionJs?"ii'4;;7ww JJ(DO r[cUR(d5UR5nURS[R5UlUR$r)rrConnect2rSEC_FLAG_MAXIMUM_ALLOWED)rrs rY get_handleSamrContext.get_handleSs9{{##%A**T8+L+LMDK{{r[) rrrrrrrrrrNN) ryrzr{r|rrrrr}rqr[rYrr;s #r[rc\rSrSrSrSSjrSrSrSSjrSr \ r S r S r S r S rSS jrSSjrSrSrSrg) ConversationiZzADetails of a converation between a simulated client and a server.NcXlX l/Ul[U5UlSUlX@lUHnUR"U6 M g)Nr) start_timerpacketsrurWclient_balanceradd_short_packet)rrrseqrrns rYrConversation.__init__\sE$" &y1!.A  ! !1 %r[cURcURcggURcgURUR- $)Nrrr_)rrs rYrConversation.__cmp__gsB ?? "'    #!1!111r[cUR5nURcURUlURcURUlURUR:wa'[ SUR<SUR<35eU=RUR-slUR URS:Xa$U=R UR5-slO#U=R UR5- slUR5(aURRU5 gg)zeAdd a packet object to this conversation, making a local copy with a conversation-relative timestamp.NzConversation endpoints z don't matchpacket endpoints r) rrrrrwrrrrrr))rpacketrns rY add_packetConversation.add_packetps KKM ?? "kkDO >> ![[DN ;;$.. (!#'>>1;;#@A A t& 55AKKN "   1>>#3 3    1>>#3 3    ! ! LL   " "r[c *U(a[X#5(dgUR5upxU(dXpX#4n [RU S5n [RUS5n [ XR - U SXxX#X5 n U RU RS:Xa$U=RU R5-sl O#U=RU R5- sl U R5(aURRU 5 gg)zCreate a packet from a timestamp, and 'protocol:opcode' pair, and a (possibly empty) list of extra data. If client is True, assume this packet is from the client to the server. Nr06r)rguess_client_serverOP_DESCRIPTIONSr IP_PROTOCOLSrrrrrrrrr)) rrrrrclientskip_unused_packetsrrrrrrs rYrConversation.add_short_packets '7'I'I ,,.  ""3+"&&x6  OO3[C $7 ::))!, ,   6#6#6#8 8    6#6#6#8 8   $ $ & & LL   ' 'r[cvSURURUR[UR54-$)Nz-)rrrlenrrs rYrConversation.__str__s5?%%t~~tT\\"$$ %r[c,[UR5$r)iterrrs rY__iter__Conversation.__iter__sDLL!!r[c,[UR5$r)r rrs rY__len__Conversation.__len__s4<<  r[c[UR5S:agURSRURSR- $)Nr#rr)r rrrs rY get_durationConversation.get_durations> t|| q ||B))DLLO,E,EEEr[cvURVs/sHoRUR5PM sn$s snfr)rrr)rrns rYreplay_as_summary_lines$Conversation.replay_as_summary_liness)7;||D|! T__-|DDDs$6cURn[R"5U- nXE- nU[- nUS:a[R"U5 [R"5U- U- nUR SX4-5 Sn Sn [R"5n UR Hn [R"5U - nX\R - nXi:aUn US:a^U*[- nUS:aN[R"U5 [R"5U - nXLR - U :aXLR - n U RX5 M XU 4$)zEReplay the conversation at the right time. (We're already in a fork).rzstarting %s [miss %.3f]r)rrSLEEP_OVERHEADsleeprWrrr) rrrrYrnowgap sleep_timemissmax_gapmax_sleep_missp_startrns rYreplay_with_delayConversation.replay_with_delays OOiikE!g>) > JJz " e#q( *d\9:))+A))+'C #C}Qw!TN2 >JJz* g-A;;7)*[[ FF4 !n,,r[czURup#URS:aX#4$URS:XaX:XaX#4$X24$)zXHave a go at deciding who is the server and who is the client. returns (client, server) r)rr)r server_cluerebs rYr Conversation.guess_client_serversG~~    "6M   ! # (86Mv r[cURVs/sH!o1URs=::aU::dMO MUPM# snUlUR(aURSRUlgSUlgs snf)zyPrune any packets outside the time window we're interested in :param s: start of the window :param e: end of the window rNrrr)rrsrrns rYforget_packets_outside_window*Conversation.forget_packets_outside_windowsX $(<<I!% &2#6;?(8% H"!F E!-F"N*r[rc<\rSrSrSrS SjrSrS SjrS SjrSr g) DnsHammerizKA lightweight conversation that generates a lot of dns:0 packets on the flyNc[X-5n[U5Vs/sHn[R"SU5PM snUlURR 5 XlX lSUlURUS9Ul gs snf)Nr query_file) rr-r=uniformtimessortraterr_get_query_choices query_choices)rdns_raterr4nr8s rYrDnsHammer.__init__so # $;@8D8afnnQ18D    !44 4K Es!Bc`S[UR5URUR4-$)Nz-)r r6rr8rs rYrDnsHammer.__str__s)?TZZ$--;< =r[cU(a[US5nUR5nSSS5 /nWR5HgnUR5nU(dMUR S5(aM4UR S5n[ U5S:XdeURU5 Mi U$/SQ$!,(df  N=f)z Read dns query choices from a file, or return default rname may contain format string like `{realm}` realm can be fetched from context.realm r5N#r) )r{realm}ryes)r_rCNSrD)r# *.{realm}rno)r|rFrErG) _msdcs.{realm}rrD) rIrErD) nx.realm.comrrG)rLrErG)*.nx.realm.comrrG)rOrErG)rread splitlinesstripr*rr r))rr4r]textchoicesrrXs rYr9DnsHammer._get_query_choicess j#&!vvx'G)zz|4 4 4::c?Dt9>)>NN4( * N  '&s B00 B>c U(deUR(de[R"5nURHn[R"5U- nX4- nU[- nUS:a[R"U5 [ R "UR5upxpURURS9nSn [R"5n [X5n U S:Xa[U 5(dSn [R"5nX- n[SXX4-5 M g![a Sn N#g,,#Giik-2c85UUV+   iik-2c85UUVs$#D'' D63D95D66D99+E$)rr:r8rr6r) ryrzr{r|rrrr9r_r}rqr[rYr1r1sL=BWr[r1c[[5n/nUHn[U[5(a [ U5n[ SUR <3[RS9 UHWn[RU5nURS:XaUS:waX&R==S- ss'MFURU5 MY UR5 M U(d/S4$[SU55n[!SU55n[ S [RS9 [#5n [%U5HcupU=R&U-slU R)UR*5n U c[-U S -S 9n XUR*'U R/U5 Me /n U R15H%n [3U 5S:wdMU RU 5 M' [5X- 5n [3U 5U - nXX4$) zLLoad a summary traffic summary file and generated Converations from it. z Ingesting rOr'includer_rc38# UHoRv M g7frrrrns rYr#ingest_summaries..es2'Q[['c38# UHoRv M g7frrrds rYrrefs37akk7rfz$gathering packets into conversationsr#)r)rr isinstancer&rrRrMrSrTrrrrr)rminmaxr enumeraterrrrrvaluesr r)filesdns_mode dns_countsrr]rrnr last_packet conversationsr8rconversation_listr mean_intervals rYingest_summariesrtOsS!JG  a  QA (szz:D  &AzzU"x9'<88$)$q!    1u 2'22J3733K 0szzBMM'" z!   akk * 9a!e5A)*!++ & Q #  ! ! # q6Q;  $ $Q '$[-.H &1M X AAr[c[5nUHnURUR5 M U(aURS5S$g)Nr_r)rupdater most_common)rq addressesrs rYguess_server_addressrysC I %$$Q'**r[cf0nUR5Hup#SRU5nX1U'M U$Nr)rr)rtyr7rk2s rYstringify_keysr~s4 A  YYq\" Hr[c0nUR5H,up#[[U5RS55nX1U'M. U$r{)rrUr&r)rtr|r7rrs rYunstringify_keysrs> A  #a&,,t$ %! Hr[cb\rSrSrS SjrS SjrSrSrSSjrSr S r SS jr S r g) TrafficModelict0Ul0UlXl[[5UlSUlSS/Ulg)Nrrr_)ngrams query_detailsr<rr dns_opcountscumulative_duration packet_rate)rr<s rYrTrafficModel.__init__s7 ',#& q6r[Nc Uc0nSnSn[4URS- -n[U5nUR5HupxURU==U- ss'M [ U5S:anUSR n Sn U S-n UH3n U [ U 5- n [XRSR5n M5 XRS'X- URS'UGHbn U RU5upXLR5- n[4URS- -nU GHnURU :waMURU- nURnU[:a^S[R "[SU["-55-nUR$R'U/5R)U5 USSU4-nUR+5nUR,R'U/5R)[/UR055 UR$R'U/5R)U5 USSU4-nGM GMe U=R2U- slUR$R'U/5R)[5 g)Nrr_rg?rwait:%dr%) NON_PACKETr<ryrrr rrjrrrrrrWAIT_THRESHOLDmathlog WAIT_SCALErr(r)rrrUrr)rrqrprev cum_durationrrr7rfirsttotallastrrrnelapsedrshort_ps rYlearnTrafficModel.learnsJ  L mtvvz*%m4 &&(DA   a A % ) }  !!!$//EE3;D"Q42!8!89##(  Q "&,D  Q A226:NF NN, ,L-466A:.C55F?++,{{^+$S5.s&,856=>DIIaL3,F56s'))rrrrversionr'rr#)indent)rrrdictrrrrCURRENT_MODEL_VERSIONrrhr&rjsondump)rr]rr7rrds rYsaveTrafficModel.savesKK%%'DA ! AWQZ(FI( &&,,.DA#G,856,8%8 9M / *#'#;#;++,  $$% a  Q A !q!r[c R[U[5(a [U5n[R"U5nUSnU[ :a[ SU[ 4-5eUSR5HupE[[U5RS55nURRU/5nUR5H#upxUR[U5/U-5 M% UR5 M USR5HupEURR[U5/5nUR5HXupxUS:XaURS/U-5 M"UR[[U5RS55/U-5 MZ UR5 M S U;a3US R5HupEUR U==U- ss'M US UlUS Ulg![a [ S[ -5ef=f) Nrz4the model file is version %d; version %d is requiredz=the model file lacks a version number; version %d is requiredrrrr$rqr'rr)rhr&rrloadREQUIRED_MODEL_VERSION ValueErrorKeyErrorrrUrrr(extendr7rrrr) rr]rrr7rrlrncounts rYrTrafficModel.loads a  QA IIaL ; lG// ":")+A!B"CDD0hK%%'DAc!fll4()A[[++Ar2FGGI s1vh./& KKM (o&,,.DA''223q62>FGGI8MM2$,/MM5Qd);#<"="EF & KKM/ A:%(!!!$)$)$%%:#; ]+5 ; ":"8":;; ;s #H H&c/n[4URS- -nUcUS- n[R"URR U[455nU[:XauX:aU$[R"5U:a[ SXu4-[RS9 U$S[R"SS5-n[ SU-[RS9 XR;a$[R"URU5n O/n URS S5upU S :XaF[U 5[R"5-n [R"U 5[U-- n X- nOW[R "["6n[R"U5U- n X- nUbX:aU$X:aUR%XX45 USSU4-nUS SSS :Xa#US SSS :Xa[4URS- -nGM)zEConstruct an individual conversation packet sequence from the model. r_Nz"ending after %s (persistence %.1f)rOrr ztrying %s instead of endrrzwait:r)rr<r=r}rrrRrSrT randrangerrrrexprr5NO_WAIT_LOG_TIME_RANGEr))rr hard_stop replay_speed ignore_before persistencerrrnrrr log_wait_timerlog_waits rYconstruct_conversation_sequence,TrafficModel.construct_conversation_sequences mtvvz*  %MM dkkoocJ=ABAJ,FE==?[0>#ASS"zz+>; 0 0B 770143::F&&& d&8&8&;< wwsA H6! #F fmmo = xx .*|2KL! !>>+ABxx)L8! (Y-B-HHi6ABab'QD.C2wr{g%#b'"1+*@"mtvvz2Kr[c,URup#X-U- $rr)rscalerate_nrate_ts rYscale_to_packet_rate!TrafficModel.scale_to_packet_rateOs**~&&r[c,URup#X-U- $rr)rppsrrs rYpacket_rate_to_scale!TrafficModel.packet_rate_to_scaleSs** v%%r[cSU-n[X-5n/nSnX:aq[R"U*U5n URU UUSUS9n U Hupp[ X5(dM O MPUR U 5 U[ U 5- nX:aMqURU5n[SX[ U5X4-[RS9 UR5 U$)zsearchResEntryr@)r-rz*** Unknown ***)rr8lsa_LookupNames)rrHlsa_LookupSids)r39lsa_QueryTrustedDomainInfoBySid)r40lsa_SetTrustedDomainInfo)r6lsa_OpenPolicy)r76lsa_LookupSids3)r77lsa_LookupNames4r9)r:r<)r21NetrLogonDummyRoutine1)r26NetrServerAuthenticate3)r29NetrLogonGetDomainInfo)r30NetrServerPasswordSet2)rrNetrLogonSamLogonEx)rrDsrEnumerateDomainTrusts)r45NetrLogonSamLogonWithFlags)rr?NetrServerReqChallenge)rr(Connect)rrGetAliasMembership)r17 LookupNames)r18 LookupRids)r19 OpenGroup)rr<Close)r25QueryGroupMember)r34OpenUser)r36 QueryUserInfo)rrGetGroupsForUser)rr/ QuerySecurity)rrA LookupDomain)r64Connect5)rr EnumDomains)r7 OpenDomain)r8QueryDomainInfo)r*0x04z Close (0x04))r*0x24zLocking AndX (0x24))r*0x2ezRead AndX (0x2e))r*0x32z Trans2 (0x32))r*0x71zTree Disconnect (0x71)r)zNegotiate Protocol (0x72))r*0x73zSession Setup AndX (0x73))r*0x74zLogoff AndX (0x74))r*0x75zTree Connect AndX (0x75))r*0xa2zNT Create AndX (0xa2))rIr(NegotiateProtocol)rIr6Ioctl)rIr8Find)rIrGetInfo)rIr Break)rIr< SessionSetup)rIr1 SessionLogoff)rIr/ TreeConnectTreeDisconnectCreateReadz$SAM LOGON request from client (0x12)z3SAM Active Directory Response - user unknown (0x17)NetShareGetInfo NetSrvGetInfo))rIr?)rIrA)rIr)rIr)rK0x12)rK0x17)rr)rrcURSS5upV[RXV4S5n[RUS5nXSX#XVU/n U R U5 SR U 5$)Nrr_rrr)rrrrrr) rnrrrrrrrrrs rYexpand_short_packetr:sewwsAH   12 6D""8T2K B8T JDKK 99T?r[c[RR5 [RR5 [R "S5 g)zSignal handler closes standard out and error. Triggered by a sigterm, ensures that the log messages are flushed to disk and not lost. rN)rSrTrstdoutr_exit)signalframes rYflushing_signal_handlerr@s/ JJJJHHQKr[cUS-[R"SS5-n[RR 5 [R R 5 [ R"5nUS:waU$[R"U5 XT4nSn USSn [XXS9n [R"[R[5 URX;5 [RR5 [ R"S5 [ R R#UR$SU R&-5n [)U S5n [RR5 [ R"S5 U [l[0R0"5U- nX- nU[2- nUS:a[0R4"U5 U R7UUS 9unnn[9S U-5 [9S U-5 [9S U-5 [R R5 [RR5 [ RB"U 5 g ![*a#n[,R/SU-5 S nAGNS nAff=f![:ax Sn [9S[ R<"5W 4-[R S9 [>R@"[R 5 [R R 5 GNf=f![R R5 [RR5 [ RB"W 5 f=f)z8Fork a new process and replay the conversation sequence.ri)rrzstats-conversation-%drr_stdout closing failed with %sN)rrzMaximum lag: %fz Start lag: %fzMax sleep miss: %fz*EXCEPTION in child PID %d, conversation %srO)"r=randintrSr<rcrTrforkseedrr>SIGTERMr@rZstdinrrrrrrIOErrorrinforrrr#rRrgetpidra print_excr=)csrrrY client_id server_idrFpidrstatusrrrr]rrrrmax_lag start_lagr!s rYreplay_seq_in_forkrTs t fnnQ4 4DJJJJ '')C ax * D*  qE!H 2 I fnn&=>--g9   77<< 0 02I ! 1 1323 3  = JJ    HHQK iikE!g>) > JJz "-.-@-@uIP.A.R*N ')* o )* "^34   3 = KK7!; < < =  ;ryy{A>NN:: CJJ'     sR8CJ4I( B J( J2J JJJA>LLLLAM1c[RR5 [RR5 [R "5nUS:waU$[R R5 [R"S5 [RR5 [R"S5 [RRURS5n[US5[lSn[R"[R ["5 [%XUS9nUR'US9 [RR5 [RR5 [R2"U5 g![a"n[RSU-5 SnANSnAff=f![(aW Sn[+S[R,"5-[RS 9 [.R0"[R5 Nf=f![RR5 [RR5 [R2"W5 f=f) Nrr_rCz stats-dnsrr3)rz)EXCEPTION in child PID %d, the DNS hammerrO)rSr<rcrTrrErHrrIrwarnrrrrr>rGr@r1r_rrRrKrarLr=) r;rrr4rPrrrQhammers rYdnshammer_in_forkrXRsJJJJ '')C ax IIOOHHQK9   ww||G,,k:Hh$CJ  fnn&=>8*E g &   % 9 3a7889 ( :biikJ:: CJJ' (   s?4FAG  G$GG AH*'H-)H**H--AJc [SUUU[U5S.U D6n [U5[U5:a"[S[U5[U54-5e[R"5 [U5S-n [ R "5U -n UcUSSSU-n[ SU -[RS9 [ SX|--[RS9 [ S U-[RS9 X-S -n[RS [U5U4-5 U RS [U5[S U55S9 0nU(a[XWU US9nSUU'[U5H#unnUUnUS-n[UXUU5nUUU'M% [ R "5n[ SUU - U -UU - 4-[RS9 [ R "5U:aU(a[ R "S5 [R""S[R$5unnU(aQUR-US5n[.S:a'[ SUU[U54-[RS9 U (aUS:waO"[ R "5U:a U(aMU RS[U5S9 SGHn[ S[U5U4-[RS9 UHn[R6"UU5 M [ R "S5 [ R "5S-nU(a[R""S[R$5unnWS:waUR-US5nUc`[ SU-5 [RR;5 [R<R;5 [R>"S5 [ SUU[U54-[RS9 [ R "5U:aO U(aMU(d O[ R "S5 GM U(a$[ S[U5-[RS9 [R@"SS5 g![&a!nUR([*:waeSnAGMSnAff=f![0a1 [ S[RS9 [2R4"5 GNYf=f![&a!nUR([8:waeSnAGM<SnAff=f![&a nUR([*:waeSnAGNSnAff=f![Ba [ S[RS9 gf=f!U RS[U5S9 SGHn[ S[U5U4-[RS9 UHHn[R6"UU5 M![&a nUR([8:waeSnAMBSnAff=f [ R "S5 [ R "5S-nU(Ga[R""S[R$5unnO,![&anUR([*:waeSnAOSnAff=fWS:waUR-US5nUc`[ SU-5 [RR;5 [R<R;5 [R>"S5 [ SUU[U54-[RS9 [ R "5U:aO U(aGMU(d O[ R "S5 GM U(a$[ S[U5-[RS9 [R@"SS5 f![Ba [ S[RS9 ff=f=f) N)rrrrz(we have %d accounts but %d conversationsg{Gz?rrzWe will start in %.1f secondsrOzWe will stop after %.1f secondszruntime %.1f secondsr%z6Replaying traffic for %u conversations over %d seconds intentionsc38# UHn[U5v M g7fr)r rs rYrreplay..s+M*?@AC C JJL  !D (E IIK% E$B'+A.@ )E 1zz +x/? @zz 8 +zz  S C KKH ! "H -./  .12B.C(++M7S;V>SS7T=VTV T/T**T/2 U<UU"VVA _=W,*_=, X 6X _=X ;_=(Y;:_=; Z$ Z _=Z$ $C_=-A_==__="_:7_=9_::_=c<[5n[SU-US/UUS9nU$)Nr zmodules:paged_searches)r r optionsr r)rr )rnrrr2r$s rYopenLdbrws1G K$&$12!  C Jr[c.SUUR"54-$)z(Generate an ou name from the instance idz#ou=instance-%d,ou=traffic_replay,%s)r#)r$rs rYou_namerys" 0K47MMO4E EEr[cL[X5nUR"URSS5SSS.5 UR"USS.5 U$![anURupEUS:waeSnANrr)) r$rnumberpasswordror8rNrPrYs rYgenerate_replay_accountsr;sVH 1fqj !#K3 [,&|x'/1 " Or[c[X5nSU<SU<3nS[U5-RS5nU(a[[[ -5nO[[ 5nUR"USSU-UUS.5 g) z"Create a machine account via ldap.rFr"%s" utf-16-lecomputerz%s$r r|sAMAccountNameuserAccountControl unicodePwdN)ryr!encoder&rrrr~) r$rrNrOtraffic_accountrr utf16pwaccount_controlss rYcreate_machine_accountrIs  "B#R (B ;//77 DG86 78;<GG!,..   r[c[X5nSU<SU<3nS[U5-RS5nUR"USU[ [ 5US.5 [ R"U5nURUS5 g) zCreate a user account via ldap.rFrrruserrz (A;;WP;;;PS)N) ryr!rr~r&rr SDUtils dacl_add_ace)r$rrPrQrrVrsdutilss rYcreate_user_accountrbsx  "B$b)G 8,,44[AGGG"!"34  s#G .1r[cZ[X5nSU<SU<3nUR"USUS.5 g)zCreate a group via ldap.rFrgroup)r r|rN)ryr~)r$rrMrr s rY create_grouprts2  "BR BGG r[cSX4-$)z-Generate a user name based in the instance idz STGU-%d-%drqrr8s rYr>r> ;* **r[cUR"SRU5U/S9nUVs1sHn[XB5iM sn$s snf)z(Search objectclass, return attr in a setz(objectClass={}))rr)r"rr&)r$r|attrobjsobjs rYsearch_objectclassrsC ::%,,[9f D'+ +dsC Nd ++ +sAc[USS9nSn[USS5HJn[X5nXt;dM[XXs5 US- nUS-S:XdM1[R SXR4-5 ML U$)zAdd users to the serverrr|rrr_2zCreated %u/%u users)rr-r>rrrJ)r$rrrexisting_objectsusersr8rMs rYgenerate_usersrsp)#6B E 61b !(  ' $ A QJErzQ 1UOCD " Lr[c(U(aSX4-$SX4-$)z1Generate a machine account name from instance id.z STGM-%d-%dzPC-%d-%drq)rr8rs rYrrs%{... [,,,r[c[USS9nSn[USS5HPn[XU5nUS-U;dM[XXU5 US- nUS-S:XdM7[R SXb4-5 MR U$) z"Add machine accounts to the serverrrrrrvr_rzCreated %u/%u machine accounts)rr-rrrrJ) r$rrrrraddedr8rMs rYgenerate_machine_accountsrs*#:F E 61b !KO< #:- - "3T#2 4 QJErzQ <NO" Lr[cSX4-$)z'Generate a group name from instance id.z STGG-%d-%drqrs rY group_namerrr[c[USS9nSn[USS5HJn[X5nXc;dM[XU5 US- nUS-S:XdM1[R SXB4-5 ML U$)z3Create the required number of groups on the server.rrrrr_rBzCreated %u/%u groups)rr-rrrrJ)r$rrrgroupsr8rMs rYgenerate_groupsrsr)#7C F 61b !+)  ' 4 0 aKF}! 2f5EEF " Mr[c[X5nUR"US/5 g![anURupEUS:waeSnAgSnAff=f)z7Remove the created accounts and groups from the server.z tree_delete:1 N)rydeleter rXrs rYclean_up_accountsrsL  "B 2() ff  R<  s" A AA c 4Sn Sn Sn [X5 [RS5 [XX25n [RS5 [ XXrU5n US:a![RS5 [ XU5n US:aV[RS5 [ UU UU UU5n [RS5 [XU 5 U R5n U S:a U S:XaXJ:wa[RS5 [RSXU U 4-5 g ) zMGenerate the required users and groups, allocating the users to those groups.rzGenerating dummy user accountsz!Generating dummy machine accountszGenerating dummy groupszAssigning users to groupszAdding users to groupsz(The added groups will contain no membersz:Added %d users (%d machines), %d groups and %d membershipsN) rrrJrrrGroupAssignmentsadd_users_to_groupsrwarning)r$rrnumber_of_usersnumber_of_groupsgroup_memberships max_membersmachine_accountstraffic_accountsmemberships_added groups_addedcomputers_added users_added assignmentss rYgenerate_users_and_groupsrs LO c KK01 ?MK KK34/0@0@BO! -.&s9IJ 1 /0&'7'3'6'2'8'2 4  ,-Ck:'--/q[A-'AB KKL|"$$%r[cV\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rg)ri cSUlURU5 URX55 X`l[ [ 5UlURXUXE5 g)Nr)rgenerate_group_distributiongenerate_user_distributionrrr+r assign_groups)rrrrrrrs rYrGroupAssignments.__init__ sQ  (()9: ''K&&t, +?& ;r[cr/n[U5nUS:XagSnUHnXE- nURXC- 5 M U$)Nrr)rdr))rweightsdistr cumulative probabilitys rYcumulative_distribution(GroupAssignments.cumulative_distributionsI G  A: "K  %J KK * +# r[cUS:aSnOUS:aSnO US:aSnOSn/n[SUS-5H*n[R"U5nURU5 M, UR U5Ulg ) zAProbability distribution of a user belonging to a group. i@KLg@ig@ig@g?r_N)r-r= paretovariater)r user_dist)r num_usersnum_membershipsshaperrtrns rYr+GroupAssignments.generate_user_distribution'sz W $E w &E v %EEq)a-(A$$U+A NN1 ) 55g>r[c/n[SUS-5HnSUS-- nURU5 M X lURU5Ulg)z6Probability distribution of a group containing a user.r_g?N)r-r) group_weightsr group_dist)rr<rrtrns rYr,GroupAssignments.generate_group_distributionAsP q!a%AQV A NN1 ! %66w?r[c[R"UR[R"55n[R"UR[R"55nX4$)z2Returns a randomly generated user-group membership)bisectrr=rrrrs rYgenerate_random_membership+GroupAssignments.generate_random_membershipOs@}}T^^V]]_= doov}}?{r[c URU$r)r)rrs rYusers_in_groupGroupAssignments.users_in_group[s&&r[c6URR5$r)rr,rs rY get_groupsGroupAssignments.get_groups^s$$&&r[c[URU5nX2:aX[RSR X55 SUR US- 'UR UR 5nX@lgg)z?Prevent the group's membership from exceeding the max specifiedzGroup {0} has {1} membersrr_N)r rrrJrrrr)rrr num_membersnew_dists rYcap_group_membership%GroupAssignments.cap_group_membershipask$**512  % KK3::5N O-.D  uqy )33D4F4FGH&O &r[cXRU;a3URURU5 U=RS- slUR(aUR X R5 gg)Nr_)rr)rrrrs rYadd_assignmentGroupAssignments.add_assignmentms_ ''. .   U # * *4 0 JJ!OJ     % %e-=-= > r[cUS::ag[R"[U5[U5[U5- -5nUR(a[ UURU-5nX4- S- nX- S- nUR 5U:aKUR 5upX:dX:aURUS-U S-5 UR 5U:aMJgg)zAllocate users to groups. The intention is to have a few users that belong to most groups, while the majority of users belong to a few groups. A few groups will contain most users, with the remaining only having a few users. rNr_)rceilrrrirrr) rrrrrrexisting_usersexisting_groupsrrs rYrGroupAssignments.assign_groupsys  ! !II # $ ; %"8 8 :;    #$5$($4$47G$G!I *8A=*9A=jjl..99;KD&$*?##D1Heai8 jjl..r[cUR$rrrs rYrGroupAssignments.totals zzr[)rrrrrrN)ryrzr{r|rrrrrrrrrrrr}rqr[rYrr s; ;"?4 @ '' ' ?9Br[rclUR5nSnSnUR5HnURU5n[U5S:XaM%[ S[U5S5HMnXxUS-n [ XXi5 U[U 5- nUS- nUS-S:XdM4[ RSXS4-5 MO M g)zDTakes the assignments of users to groups and applies them to the DB.rrBr_rzAdded %u/%u membershipsN)rrrr r-add_group_membersrrJ) r3rrrrrrrchunkchunk_of_userss rYrrs    E E E'')$33E: ~ ! #  1c.148E+%$,?N bu E S( (E QJErzQ 5FG9*r[cl^ [X5m U 4SjnU"[X55n[R"5n[R"X5UlUHJnU"[ X55nS[U5-n [R"U[RS5Xi'ML URU5 g)z(Adds the given users to group specified.c>SU<ST<3$)NrFrrq)rMrs rYbuild_dn#add_group_members..build_dns!2&'r[zmember-memberN) ryrr$MessageDnr r>r&MessageElement FLAG_MOD_ADDmodify) r3rrrrgroup_dnmrrVidxrs @rYrrs  !B( ;67H A 66" AD9[78#d)###GS-=-=xH IIaLr[c\[RRnSnSnSn0n[5n[ 5nUb UR n OSn U "S5 SSSS.n SSSS.n [ R"U5GHn [ RRX 5n [U S5nUHnURS5RS 5nUS nUS nUS n[US 5n[US5n[UU- U5n[UU5nUU4nURU/5R!U5 USS:XaUS - nOUS - nUU==S - ss'UR#U5 U "U5 M SSS5 GM X2- nUS:XaSnOUU- nUS:XaSnOUU- n[/U5n[+SU-5 [+SUU4-5 [+SUU4-5 [1U R355H)unn[+SUR5SS5S-U4-5 M+ [1U R355H)unn[+SUR5SS5S-U4-5 M+ [+S5 0nUH-unnUU;a [ 5UU'UUR#U5 M/ [1UR755n U Hn[1UU[8S9n!U!HnUU4nUUn"[1U"5n"[/U"5n#UUn[;U"5U#- n$[=U"S5n%[=U"S5n&U"SU"S- n'U"Sn([>RAUS5n)[+SUUU)U#UU$U%U&U'U(4 -5 M M g![$[&4a SU;a{URSS 5unnUU ;a[[U5U U5U U'GMUU ;a[[)U5U U5U U'GM9[+U[R,S9 GMU[+U[R,S9 GMqf=f!,(df  GM=f) z/Generate and print the summary stats for a run.rNcgrrq)rts rYtwgenerate_stats..tws r[z2time conv protocol type duration successful error )z Maximum lagz Start lagzMax sleep miss)r]r^r`r5rrr_r#r|rBrTruerrOzTotal conversations: %10dz-Successful operations: %10d (%.3f per second)z-Failed operations: %10d (%.3f per second)z%-28s %frr^z%-28s %dzProtocol Op Code Description Count Failed Mean Median 95% Range Max)rrbgffffff?rrz?%-12s %4s %-35s %12d %12d %12.6f %12.6f %12.6f %12.6f %12.6f)!rS float_inforjrrSwriterlistdirrrrrrrrir(r)r~r IndexErrorrrRrTr sortedrreplacer, opcode_keyrdcalc_percentilerr)*r timing_filerr successfulfailed latenciesfailuresunique_conversationsr float_values int_valuesrrr]rrrr packet_typelatencyropr7rr success_rate failure_raterqopsprotor protocols packet_typesrlrmeanmedian percentilerngmaxvrs* rYgenerate_statsr/sb##EDJFIH5    BCL "#$%J JJx(ww||H/ $_"5#';;t#4#:#:4#@F#)!9L#)!9H#)!9K#(#3GfQi(A#&q7{E#:E#&q$q//CLO*_,/A0:1 -?JqM"$SZZ8d4 5/_sV#P*CM*/P*A P 6P:!P PP 7P;P PP P P+ cDS[U5-$![a Us$f=f)zCSort key for the operation code to ensure that it sorts numericallyz%03d)rr)rs rYrrL s)A s  cU(dg[U5S- U-n[R"U5n[R"U5nX4:XaU[ U5$U[ U5XB- -nU[ U5X#- -nXV-$)zlCalculate the specified percentile from the list of values. Assumes the list is sorted in ascending order. rr_)r rfloorrr)rlr,r7r]rd0d1s rYrrT sx  VqJ&A 1 A ! Avc!f~ A15 !B A15 !B 7Nr[c[RR"U6n[R"S5n[R"U5 [R"U5 U$)zqIn a testenv we end up with 0777 directories that look an alarming green colour with ls. Use umask to avoid that.?)rrrumaskmkdir)rrmasks rYrRrRf s>  dA 88E?DHHQKHHTN Hr[r)r_r#)r_r) NNNNrNNr%F)T)rr)yrrr=rrrSr>rhrr collectionsrrrr dns.resolverr rX samba.emulater samba.samdbr r$r samba.dcerpcr rrrrsamba.dcerpc.netlogonrrrsamba.drs_utilsrrasamba.credentialsrrr samba.authr samba.dsdbrrrrsamba.dcerpc.miscrsambarr samba.commonr! samba.loggerr"rrrrrrrrrrrrQryrrZrfrurrwobjectrrrrrrr1rtryr~rrrrrr:r@rTrXr_rwryrrrrrrr>rrrrrrrrrrrr/rrrRrqr[rYrIsM( EE+) )//!4&OO% +#)      ?   "" x (6$  0 i Od*6d*NKW KW\2Bj+  _6_D 4D 4   D   D  T d D d 4ttD d  D! &_3_6_:_9 _ ? _ ; _O_O_Y_f_j_j_o_*_g_ Z!_"'#_$*%_&h'_(~)_**+_,j-_.o/_0&1_2+3_4%5_6b7_8=9_:>;_<?=_>??_@#A_B?C_D#E_F'G_H&I_J7K_L0M_N%O_P'Q_R(S_T7U_V:W_X4Y_Z5[_\4]_^4__`1a_b6c_d8e_f3g_hIi_j(k_lMm_nLo_pKq_r7s_t&u_vJw_xOy_z&{_|?}_~>_@JA_B=C_Dg_h?i_j=k_l$D 5'%}_D<~F"P7fE :""8#/0 ,0 22$ + ,  - /3"+  BF*%ZQvQhH0(D$ r[