I am trying to recreate a paper concerning website fingerprinting. I have downloaded their dataset from their github and in the github it says that data consists of requests and each requests has some data for example the protocol(quic or tcp), the request_url and the packets received from the request.
The packets are encoded base64 pcap files (as mentioned in their github) and when i am analyzing these i get strange results. For example when i run the code below it prints out 17 for every packet in the pcap (17 is code for the UDP protocol). This is not right as i explicitly check that the protocol of the pcap is of the form tcp. Why does my code not read the tcp packets of the pcap?
The paper is published in the Network Security group of ETH Zurich so I am sure that the mistake is on my side, but after countless hours i cannot find my mistake.
Any help would be appreciated!
with open(path, 'r') as file:
# Read each line and load JSON data
for request in file:
request_data = json.loads(request)
if request_data["status"] != "success":
continue
if request_data["protocol"] != "tcp":
continue
base64_content = request_data["packets"]
binary_content = base64.b64decode(base64_content)
pcap = dpkt.pcap.Reader(io.BytesIO(binary_content))
for timestamp, buf in pcap:
# Decode the packet
eth = dpkt.ethernet.Ethernet(buf) #ethernet frame
print(eth.data.p)`
I tried reading the pcap files with another pcap library but this had the same result and also only read udp files.