More playing with parsing of packet traces.

Extract window size values (and handle TCP window scaling).

diff --git a/parsetrace/parse.py b/parsetrace/parse.py
index 687dd79..1255f2d 100755 (executable)
--- a/parsetrace/parse.py
+++ b/parsetrace/parse.py
@@ -1,7 +1,7 @@
 #!/usr/bin/python
 
 import impacket, pcapy, re, sys
-import impacket.ImpactDecoder
+import impacket.ImpactDecoder, impacket.ImpactPacket
 
 start_time = None
 
@@ -31,6 +31,8 @@ class Connection:
         self.times = []
         self.transfer_count = 0
         Connection.counter += 1
+        self.last_id = 0
+        self.winscale = {1: 0, -1: 0}
 
     def finish_transfer(self):
         if len(self.times) > 0:
@@ -72,6 +74,18 @@ class Connection:
         else:
             direction = 0
 
+        for o in tcp.get_options():
+            if o.get_kind() == o.TCPOPT_WINDOW:
+                self.winscale[direction] = o.get_shift_cnt()
+                print "window scale for dir %d is %d" % (direction,
+                                                         o.get_shift_cnt())
+
+        if direction < 0:
+            gap = (ip.get_ip_id() - self.last_id) & 0xffff
+            if 1 < gap < 256:
+                print "Gap of", gap, "packets on connection", self.endpoints
+            self.last_id = ip.get_ip_id()
+
         seq = (tcp.get_th_seq(), tcp.get_th_seq() + datalen)
         ack = tcp.get_th_ack()
 
@@ -104,6 +118,12 @@ class Connection:
             self.times.append(((timestamp - self.starttime) / 1e6,
                                seq[1] - self.respseq))
 
+        if self.id == 21:
+            winsize = tcp.get_th_win()
+            if not tcp.get_SYN():
+                winsize <<= self.winscale[direction]
+            print "got packet, data=%d win=%d" % (datalen, winsize)
+
 def handler(header, data):
     global start_time
     global pkt