diff --git a/code/package_capture/src/packet_capturing.py b/code/package_capture/src/packet_capturing.py
index ab2336309af732694b237f53332de0f22bd452d1..63b4762610a5379698072f52c66d77d7ca1b80f1 100644
--- a/code/package_capture/src/packet_capturing.py
+++ b/code/package_capture/src/packet_capturing.py
@@ -132,10 +132,9 @@ def ip_rate_based_anomaly_detection(packet):
if count > syn_flood_threshold:
db_conn.update_address(connection=connection, packet=packet, is_dangerous=True, type_of_threat="SYN Flood")
print(f"Possible SYN flood from {ip}. Number of SYN Packets in last {time.time() - syn_counts_last_checked} seconds: {count}")
+ syn_counts.clear()
+ syn_counts_last_checked = time.time()
return True
- syn_counts.clear()
- syn_counts_last_checked = time.time()
-
return False
# Detect if a certain IP is sending too many echo requests, functionality mimics 'syn_flood_detection'.
diff --git a/code/package_capture/test/test_packet_capturing.py b/code/package_capture/test/test_packet_capturing.py
index b9a62dfc29840fcdec4ac2c5a2d35100922d7471..6d918fc32a8e414c9cb504f4d34db1a36a8dbf4f 100644
--- a/code/package_capture/test/test_packet_capturing.py
+++ b/code/package_capture/test/test_packet_capturing.py
@@ -37,7 +37,7 @@ class TestPacketCapturing(unittest.TestCase):
# Mockito checks if print was called
with patch('builtins.print') as mock_print:
packet_handler(packet)
- mock_print.assert_any_call(f"Packet captured: {packet[IP].src} -> {packet[IP].dst}")
+ mock_print.assert_any_call("WARNING: Suspicious packet detected.")
def test_ip_spoofing(self):
# Starts with 169.254, it's a suspicious packet
@@ -117,7 +117,6 @@ class TestPacketCapturing(unittest.TestCase):
time.sleep(1)
icmp_flood_detection(packet)
mock_print.assert_called()
- self.assertEqual({}, get_dicts()[2], "Expected the packet's IP")
def test_tcp_reset_attack(self):
packet = (IP(src="100.84.6.141", dst="192.168.1.1") /