Skip to content

Instantly share code, notes, and snippets.

@lessmost

lessmost/TcpSeqRetrans.lua

Created February 18, 2012 06:05
Show Gist options
  • Save lessmost/1857746 to your computer and use it in GitHub Desktop.
Save lessmost/1857746 to your computer and use it in GitHub Desktop.
Download ZIP
A simple wireshark lua script to analyze tcp retransmission and duplicated
Raw
TcpSeqRetrans.lua
-- A simple script to analyze Tcp Sequence Numbers
-- Usega: wireshark -X lua_script:TcpSeqRetrans.lua
-- open a pcap file in wireshark, and then select
-- the 'TOOLS/Tcp Sequence Analyze' menu.
-- menu function
function tsa_menu_func()
-- tsa analyze function
function tsa_do(ip1, ip2)
local results = {
-- Total
["counter"] = 0,
["dupack"] = 0,
["retrans"] = 0,
["fastretrans"] = 0,
["zerowindow"] = 0,
["windowfull"] = 0,
-- From ip1 to ip2
["counter1to2"] = 0,
["dupack1to2"] = 0,
["retrans1to2"] = 0,
["fastretrans1to2"] = 0,
["zerowindow1to2"] = 0,
["windowfull1to2"] = 0,
-- From ip2 to ip1
["counter2to1"] = 0,
["dupack2to1"] = 0,
["retrans2to1"] = 0,
["fastretrans2to1"] = 0,
["zerowindow2to1"] = 0,
["windowfull2to1"] = 0,
}
local result_win = TextWindow.new("Tcp Sequence Numbers Analyze")
local http_port = 80
-- called by tap.draw
function refresh_result()
result_win:clear()
result_win:set("Total\n")
result_win:append("\tPackets counter: " .. results["counter"] .. "\n")
result_win:append("\tDuplicate ACK: " .. results["dupack"] .. "\n")
result_win:append("\tRetransmission: " .. results["retrans"] .. "\n")
result_win:append("\tFast Retransmission: " .. results["fastretrans"] .. "\n")
result_win:append("\tZero Window: " .. results["zerowindow"] .. "\n")
result_win:append("\tWindow Full: " .. results["windowfull"] .. "\n")
result_win:append("\n")
result_win:append(ip1 .. " -> " .. ip2 .. "\n")
result_win:append("\tPackets counter: " .. results["counter1to2"] .. "\n")
result_win:append("\tDuplicate ACK: " .. results["dupack1to2"] .. "\n")
result_win:append("\tRetransmission: " .. results["retrans1to2"] .. "\n")
result_win:append("\tFast Retransmission: " .. results["fastretrans1to2"] .. "\n")
result_win:append("\tZero Window: " .. results["zerowindow1to2"] .. "\n")
result_win:append("\tWindow Full: " .. results["windowfull1to2"] .. "\n")
result_win:append("\n")
result_win:append(ip2 .. " -> " .. ip1 .. "\n")
result_win:append("\tPackets counter: " .. results["counter2to1"] .. "\n")
result_win:append("\tDuplicate ACK: " .. results["dupack2to1"] .. "\n")
result_win:append("\tRetransmission: " .. results["retrans2to1"] .. "\n")
result_win:append("\tFast Retransmission: " .. results["fastretrans2to1"] .. "\n")
result_win:append("\tZero Window: " .. results["zerowindow2to1"] .. "\n")
result_win:append("\tWindow Full: " .. results["windowfull2to1"] .. "\n")
end
-- packets counter, total
local counter_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.port == " .. http_port)
function counter_tap.reset()
results["counter"] = 0
end
function counter_tap.packet(pinfo, tvb, ip)
results["counter"] = results["counter"] + 1
end
function counter_tap.draw()
refresh_result()
end
-- dupack, total
local dupack_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.duplicate_ack" .. " && tcp.port == " .. http_port)
function dupack_tap.reset()
results["dupack"] = 0
end
function dupack_tap.packet(pinfo, tvb, ip)
results["dupack"] = results["dupack"] + 1
end
function dupack_tap.draw()
refresh_result()
end
-- retransmission, total
local retrans_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.retransmission" .. " && tcp.port == " .. http_port)
function retrans_tap.reset()
results["retrans"] = 0
end
function retrans_tap.packet(pinfo, tvb, ip)
results["retrans"] = results["retrans"] + 1
end
function retrans_tap.draw()
refresh_result()
end
-- fast retransmission, total
local fastretrans_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.fast_retransmission" .. " && tcp.port == " .. http_port)
function fastretrans_tap.reset()
results["fastretrans"] = 0
end
function fastretrans_tap.packet(pinfo, tvb, ip)
results["fastretrans"] = results["fastretrans"] + 1
end
function fastretrans_tap.draw()
refresh_result()
end
-- zero window, total
local zerowindow_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.zero_window" .. " && tcp.port == " .. http_port)
function zerowindow_tap.reset()
results["zerowindow"] = 0
end
function zerowindow_tap.packet(pinfo, tvb, ip)
results["zerowindow"] = results["zerowindow"] + 1
end
function zerowindow_tap.draw()
refresh_result()
end
-- window full, total
local windowfull_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.window_full" .. " && tcp.port == " .. http_port)
function windowfull_tap.reset()
results["windowfull"] = 0
end
function windowfull_tap.packet(pinfo, tvb, ip)
results["windowfull"] = results["windowfull"] + 1
end
function windowfull_tap.draw()
refresh_result()
end
-- packets counter, ip1 -> ip2
local counter1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.port == " .. http_port)
function counter1to2_tap.reset()
results["counter1to2"] = 0
end
function counter1to2_tap.packet(pinfo, tvb, ip)
results["counter1to2"] = results["counter1to2"] + 1
end
function counter1to2_tap.draw()
refresh_result()
end
-- dupack, ip1 -> ip2
local dupack1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.duplicate_ack" .. " && tcp.port == " .. http_port)
function dupack1to2_tap.reset()
results["dupack1to2"] = 0
end
function dupack1to2_tap.packet(pinfo, tvb, ip)
results["dupack1to2"] = results["dupack1to2"] + 1
end
function dupack1to2_tap.draw()
refresh_result()
end
-- retransmission, ip1 -> ip2
local retrans1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.retransmission" .. " && tcp.port == " .. http_port)
function retrans1to2_tap.reset()
results["retrans1to2"] = 0
end
function retrans1to2_tap.packet(pinfo, tvb, ip)
results["retrans1to2"] = results["retrans1to2"] + 1
end
function retrans1to2_tap.draw()
refresh_result()
end
-- fast retransmission, ip1 -> ip2
local fastretrans1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.fast_retransmission" .. " && tcp.port == " .. http_port)
function fastretrans1to2_tap.reset()
results["fastretrans1to2"] = 0
end
function fastretrans1to2_tap.packet(pinfo, tvb, ip)
results["fastretrans1to2"] = results["fastretrans1to2"] + 1
end
function fastretrans1to2_tap.draw()
refresh_result()
end
-- zero window, ip1 -> ip2
local zerowindow1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.zero_window" .. " && tcp.port == " .. http_port)
function zerowindow1to2_tap.reset()
results["zerowindow1to2"] = 0
end
function zerowindow1to2_tap.packet(pinfo, tvb, ip)
results["zerowindow1to2"] = results["zerowindow1to2"] + 1
end
function zerowindow1to2_tap.draw()
refresh_result()
end
-- window full, ip1 -> ip2
local windowfull1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.window_full" .. " && tcp.port == " .. http_port)
function windowfull1to2_tap.reset()
results["windowfull1to2"] = 0
end
function windowfull1to2_tap.packet(pinfo, tvb, ip)
results["windowfull1to2"] = results["windowfull1to2"] + 1
end
function windowfull1to2_tap.draw()
refresh_result()
end
-- packets counter, ip2 -> ip1
local counter2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.port == " .. http_port)
function counter2to1_tap.reset()
results["counter2to1"] = 0
end
function counter2to1_tap.packet(pinfo, tvb, ip)
results["counter2to1"] = results["counter2to1"] + 1
end
function counter2to1_tap.draw()
refresh_result()
end
-- dupack, ip2 -> ip1
local dupack2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.duplicate_ack" .. " && tcp.port == " .. http_port)
function dupack2to1_tap.reset()
results["dupack2to1"] = 0
end
function dupack2to1_tap.packet(pinfo, tvb, ip)
results["dupack2to1"] = results["dupack2to1"] + 1
end
function dupack2to1_tap.draw()
refresh_result()
end
-- retransmission, ip2 -> ip1
local retrans2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.retransmission" .. " && tcp.port == " .. http_port)
function retrans2to1_tap.reset()
results["retrans2to1"] = 0
end
function retrans2to1_tap.packet(pinfo, tvb, ip)
results["retrans2to1"] = results["retrans2to1"] + 1
end
function retrans2to1_tap.draw()
refresh_result()
end
-- fast retransmission, ip2 -> ip1
local fastretrans2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.fast_retransmission" .. " && tcp.port == " .. http_port)
function fastretrans2to1_tap.reset()
results["fastretrans2to1"] = 0
end
function fastretrans2to1_tap.packet(pinfo, tvb, ip)
results["fastretrans2to1"] = results["fastretrans2to1"] + 1
end
function fastretrans2to1_tap.draw()
refresh_result()
end
-- zero window, ip2 -> ip1
local zerowindow2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.zero_window" .. " && tcp.port == " .. http_port)
function zerowindow2to1_tap.reset()
results["zerowindow2to1"] = 0
end
function zerowindow2to1_tap.packet(pinfo, tvb, ip)
results["zerowindow2to1"] = results["zerowindow2to1"] + 1
end
function zerowindow2to1_tap.draw()
refresh_result()
end
-- window full, ip2 -> ip1
local windowfull2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.window_full" .. " && tcp.port == " .. http_port)
function windowfull2to1_tap.reset()
results["windowfull2to1"] = 0
end
function windowfull2to1_tap.packet(pinfo, tvb, ip)
results["windowfull2to1"] = results["windowfull2to1"] + 1
end
function windowfull2to1_tap.draw()
refresh_result()
end
function remove_alltap()
counter_tap:remove()
dupack_tap:remove()
retrans_tap:remove()
fastretrans_tap:remove()
zerowindow_tap:remove()
windowfull_tap:remove()
counter1to2_tap:remove()
dupack1to2_tap:remove()
retrans1to2_tap:remove()
fastretrans1to2_tap:remove()
zerowindow1to2_tap:remove()
windowfull1to2_tap:remove()
counter2to1_tap:remove()
dupack2to1_tap:remove()
retrans2to1_tap:remove()
fastretrans2to1_tap:remove()
zerowindow2to1_tap:remove()
windowfull2to1_tap:remove()
end
result_win:set_atclose(remove_alltap)
-- retap all the packets, then all the listeners begin to work.
retap_packets()
end
-- Prompt for ip address
new_dialog("Please input the address pair", tsa_do, "ip address 1:", "ip address 2:")
end
-- register the menu
register_menu("Tcp Sequence Numbers Analyze", tsa_menu_func, MENU_TOOLS_UNSORTED)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment