From 0e76979181d1e7b7bbaf24e7b196b58cea5d7879 Mon Sep 17 00:00:00 2001 From: Michael Vrable Date: Wed, 28 Apr 2010 15:06:50 -0700 Subject: [PATCH] More playing with parsing of packet traces. Extract window size values (and handle TCP window scaling). --- parsetrace/parse.py | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/parsetrace/parse.py b/parsetrace/parse.py index 687dd79..1255f2d 100755 --- a/parsetrace/parse.py +++ b/parsetrace/parse.py @@ -1,7 +1,7 @@ #!/usr/bin/python import impacket, pcapy, re, sys -import impacket.ImpactDecoder +import impacket.ImpactDecoder, impacket.ImpactPacket start_time = None @@ -31,6 +31,8 @@ class Connection: self.times = [] self.transfer_count = 0 Connection.counter += 1 + self.last_id = 0 + self.winscale = {1: 0, -1: 0} def finish_transfer(self): if len(self.times) > 0: @@ -72,6 +74,18 @@ class Connection: else: direction = 0 + for o in tcp.get_options(): + if o.get_kind() == o.TCPOPT_WINDOW: + self.winscale[direction] = o.get_shift_cnt() + print "window scale for dir %d is %d" % (direction, + o.get_shift_cnt()) + + if direction < 0: + gap = (ip.get_ip_id() - self.last_id) & 0xffff + if 1 < gap < 256: + print "Gap of", gap, "packets on connection", self.endpoints + self.last_id = ip.get_ip_id() + seq = (tcp.get_th_seq(), tcp.get_th_seq() + datalen) ack = tcp.get_th_ack() @@ -104,6 +118,12 @@ class Connection: self.times.append(((timestamp - self.starttime) / 1e6, seq[1] - self.respseq)) + if self.id == 21: + winsize = tcp.get_th_win() + if not tcp.get_SYN(): + winsize <<= self.winscale[direction] + print "got packet, data=%d win=%d" % (datalen, winsize) + def handler(header, data): global start_time global pkt -- 2.20.1