This repository has been archived by the owner on Oct 23, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 26
/
tcptrace.c
2791 lines (2405 loc) · 80.1 KB
/
tcptrace.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/*
* Copyright (c) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
* 2002, 2003, 2004
* Ohio University.
*
* ---
*
* Starting with the release of tcptrace version 6 in 2001, tcptrace
* is licensed under the GNU General Public License (GPL). We believe
* that, among the available licenses, the GPL will do the best job of
* allowing tcptrace to continue to be a valuable, freely-available
* and well-maintained tool for the networking community.
*
* Previous versions of tcptrace were released under a license that
* was much less restrictive with respect to how tcptrace could be
* used in commercial products. Because of this, I am willing to
* consider alternate license arrangements as allowed in Section 10 of
* the GNU GPL. Before I would consider licensing tcptrace under an
* alternate agreement with a particular individual or company,
* however, I would have to be convinced that such an alternative
* would be to the greater benefit of the networking community.
*
* ---
*
* This file is part of Tcptrace.
*
* Tcptrace was originally written and continues to be maintained by
* Shawn Ostermann with the help of a group of devoted students and
* users (see the file 'THANKS'). The work on tcptrace has been made
* possible over the years through the generous support of NASA GRC,
* the National Science Foundation, and Sun Microsystems.
*
* Tcptrace is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Tcptrace is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Tcptrace (in the file 'COPYING'); if not, write to the
* Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
* MA 02111-1307 USA
*
* Author: Shawn Ostermann
* School of Electrical Engineering and Computer Science
* Ohio University
* Athens, OH
* ostermann@cs.ohiou.edu
* http://www.tcptrace.org/
*/
#include "tcptrace.h"
static char const GCC_UNUSED copyright[] =
"@(#)Copyright (c) 2004 -- Ohio University.\n";
static char const GCC_UNUSED rcsid[] =
"@(#)$Header$";
#include "file_formats.h"
#include "modules.h"
#include "version.h"
/* version information */
char *tcptrace_version = VERSION;
/* local routines */
static void Args(void);
static void ModulesPerNonTCPUDP(struct ip *pip, void *plast);
static void ModulesPerPacket(struct ip *pip, tcp_pair *ptp, void *plast);
static void ModulesPerUDPPacket(struct ip *pip, udp_pair *pup, void *plast);
static void ModulesPerConn(tcp_pair *ptp);
static void ModulesPerUDPConn(udp_pair *pup);
static void ModulesPerFile(char *filename);
static void DumpFlags(void);
static void ExplainOutput(void);
static void FinishModules(void);
static void Formats(void);
static void Help(char *harg);
static void Hints(void);
static void ListModules(void);
static void UsageModules(void);
static void LoadModules(int argc, char *argv[]);
static void CheckArguments(int *pargc, char *argv[]);
static void ParseArgs(char *argsource, int *pargc, char *argv[]);
static int ParseExtendedOpt(char *argsource, char *arg);
static void ParseExtendedBool(char *argsource, char *arg);
static void ParseExtendedVar(char *argsource, char *arg);
static void ProcessFile(char *filename);
static void QuitSig(int signum);
static void Usage(void);
static void BadArg(char *argsource, char *format, ...);
static void Version(void);
static char *FileToBuf(char *filename);
/* option flags and default values */
Bool colorplot = TRUE;
Bool dump_rtt = FALSE;
Bool graph_rtt = FALSE;
Bool graph_tput = FALSE;
Bool graph_tsg = FALSE;
Bool graph_segsize = FALSE;
Bool graph_owin = FALSE;
Bool graph_tline = FALSE;
Bool graph_recvwin = FALSE;
Bool hex = TRUE;
Bool ignore_non_comp = FALSE;
Bool dump_packet_data = FALSE;
Bool print_rtt = FALSE;
Bool print_owin = FALSE;
Bool printbrief = TRUE;
Bool printsuppress = FALSE;
Bool printem = FALSE;
Bool printallofem = FALSE;
Bool printticks = FALSE;
Bool warn_ooo = FALSE;
Bool warn_printtrunc = FALSE;
Bool warn_printbadmbz = FALSE;
Bool warn_printhwdups = FALSE;
Bool warn_printbadcsum = FALSE;
Bool warn_printbad_syn_fin_seq = FALSE;
Bool docheck_hw_dups = TRUE;
Bool save_tcp_data = FALSE;
Bool graph_time_zero = FALSE;
Bool graph_seq_zero = FALSE;
Bool print_seq_zero = FALSE;
Bool graph_zero_len_pkts = TRUE;
Bool plot_tput_instant = TRUE;
Bool filter_output = FALSE;
Bool show_title = TRUE;
Bool show_rwinline = TRUE;
Bool do_udp = FALSE;
Bool resolve_ipaddresses = TRUE;
Bool resolve_ports = TRUE;
Bool verify_checksums = FALSE;
Bool triple_dupack_allows_data = FALSE;
Bool run_continuously = FALSE;
Bool xplot_all_files = FALSE;
Bool conn_num_threshold = FALSE;
Bool ns_hdrs = TRUE;
Bool dup_ack_handling = TRUE;
Bool csv = FALSE;
Bool tsv = FALSE;
u_long remove_live_conn_interval = REMOVE_LIVE_CONN_INTERVAL;
u_long nonreal_live_conn_interval = NONREAL_LIVE_CONN_INTERVAL;
u_long remove_closed_conn_interval = REMOVE_CLOSED_CONN_INTERVAL;
u_long update_interval = UPDATE_INTERVAL;
u_long max_conn_num = MAX_CONN_NUM;
int debug = 0;
u_long beginpnum = 0;
u_long endpnum = 0;
u_long pnum = 0;
u_long ctrunc = 0;
u_long bad_ip_checksums = 0;
u_long bad_tcp_checksums = 0;
u_long bad_udp_checksums = 0;
/* extended variables with values */
char *output_file_dir = NULL;
char *output_file_prefix = NULL;
char *xplot_title_prefix = NULL;
char *xplot_args = NULL;
char *sv = NULL;
/* globals */
struct timeval current_time;
int num_modules = 0;
char *ColorNames[NCOLORS] =
{"green", "red", "blue", "yellow", "purple", "orange", "magenta", "pink"};
char *comment;
/* locally global variables */
static u_long filesize = 0;
char **filenames = NULL;
int num_files = 0;
u_int numfiles;
char *cur_filename;
static char *progname;
char *output_filename = NULL;
static char *update_interval_st = NULL;
static char *max_conn_num_st = NULL;
static char *live_conn_interval_st = NULL;
static char *nonreal_conn_interval_st = NULL;
static char *closed_conn_interval_st = NULL;
/* for elapsed processing time */
struct timeval wallclock_start;
struct timeval wallclock_finished;
/* first and last packet timestamp */
timeval first_packet = {0,0};
timeval last_packet = {0,0};
/* extended boolean options */
static struct ext_bool_op {
char *bool_optname;
Bool *bool_popt;
Bool bool_default;
char *bool_descr;
} extended_bools[] = {
{"showsacks", &show_sacks, TRUE,
"show SACK blocks on time sequence graphs"},
{"showrexmit", &show_rexmit, TRUE,
"mark retransmits on time sequence graphs"},
{"showoutorder", &show_out_order, TRUE,
"mark out-of-order on time sequence graphs"},
{"showzerowindow", &show_zero_window, TRUE,
"mark zero windows on time sequence graphs"},
{"showurg", &show_urg, TRUE,
"mark packets with URGENT bit set on the time sequence graphs"},
{"showrttdongles", &show_rtt_dongles, TRUE,
"mark non-RTT-generating ACKs with special symbols"},
{"showdupack3", &show_triple_dupack, TRUE,
"mark triple dupacks on time sequence graphs"},
{"showzerolensegs", &graph_zero_len_pkts, TRUE,
"show zero length packets on time sequence graphs"},
{"showzwndprobes", &show_zwnd_probes, TRUE,
"show zero window probe packets on time sequence graphs"},
{"showtitle", &show_title, TRUE,
"show title on the graphs"},
{"showrwinline", &show_rwinline, TRUE,
"show yellow receive-window line in owin graphs"},
{"graphrecvwin", &graph_recvwin, TRUE,
"create recv window graph"},
{"res_addr", &resolve_ipaddresses, TRUE,
"resolve IP addresses into names (may be slow)"},
{"res_port", &resolve_ports, TRUE,
"resolve port numbers into names"},
{"checksum", &verify_checksums, TRUE,
"verify IP and TCP checksums"},
{"dupack3_data", &triple_dupack_allows_data, TRUE,
"count a duplicate ACK carrying data as a triple dupack"},
{"check_hwdups", &docheck_hw_dups, TRUE,
"check for 'hardware' dups"},
{"warn_ooo", &warn_ooo, TRUE,
"print warnings when packets timestamps are out of order"},
{"warn_printtrunc", &warn_printtrunc, TRUE,
"print warnings when packets are too short to analyze"},
{"warn_printbadmbz", &warn_printbadmbz, TRUE,
"print warnings when MustBeZero TCP fields are NOT 0"},
{"warn_printhwdups", &warn_printhwdups, TRUE,
"print warnings for hardware duplicates"},
{"warn_printbadcsum", &warn_printbadcsum, TRUE,
"print warnings when packets with bad checksums"},
{"warn_printbad_syn_fin_seq", &warn_printbad_syn_fin_seq, TRUE,
"print warnings when SYNs or FINs rexmitted with different sequence numbers"},
{"dump_packet_data", &dump_packet_data, TRUE,
"print all packets AND dump the TCP/UDP data"},
{"continuous", &run_continuously, TRUE,
"run continuously and don't provide a summary"},
{"print_seq_zero", &print_seq_zero, TRUE,
"print sequence numbers as offset from initial sequence number"},
{"limit_conn_num", &conn_num_threshold, TRUE,
"limit the maximum number of connections kept at a time in real-time mode"},
{"xplot_all_files", &xplot_all_files, TRUE,
"display all generated xplot files at the end"},
{"ns_hdrs", &ns_hdrs, TRUE,
"assume that ns has the useHeaders_flag true (uses IP+TCP headers)"},
{"csv", &csv, TRUE,
"display the long output as comma separated values"},
{"tsv", &tsv, TRUE,
"display the long output as tab separated values"},
{"turn_off_BSD_dupack", &dup_ack_handling, FALSE,
"turn of the BSD version of the duplicate ack handling"},
};
#define NUM_EXTENDED_BOOLS (sizeof(extended_bools) / sizeof(struct ext_bool_op))
/* extended variable verification routines */
static u_long VerifyPositive(char *varname, char *value);
static void VerifyUpdateInt(char *varname, char *value);
static void VerifyMaxConnNum(char *varname, char *value);
static void VerifyLiveConnInt(char *varname, char *value);
static void VerifyNonrealLiveConnInt(char *varname, char*value);
static void VerifyClosedConnInt(char *varname, char *value);
/* extended variable options */
/* they must all be strings */
static struct ext_var_op {
char *var_optname; /* what it's called when you set it */
char **var_popt; /* the variable itself */
void (*var_verify)(char *varname,
char *value);
/* function to call to verify that the
value is OK (if non-null) */
char *var_descr; /* variable description */
} extended_vars[] = {
{"output_dir", &output_file_dir, NULL,
"directory where all output files are placed"},
{"output_prefix", &output_file_prefix, NULL,
"prefix all output files with this string"},
{"xplot_title_prefix", &xplot_title_prefix, NULL,
"prefix to place in the titles of all xplot files"},
{"update_interval", &update_interval_st, VerifyUpdateInt,
"time interval for updates in real-time mode"},
{"max_conn_num", &max_conn_num_st, VerifyMaxConnNum,
"maximum number of connections to keep at a time in real-time mode"},
{"remove_live_conn_interval", &live_conn_interval_st, VerifyLiveConnInt,
"idle time after which an open connection is removed in real-time mode"},
{"endpoint_reuse_interval", &nonreal_conn_interval_st, VerifyNonrealLiveConnInt,
"time interval of inactivity after which an open connection is considered closed"},
{"remove_closed_conn_interval", &closed_conn_interval_st, VerifyClosedConnInt,
"time interval after which a closed connection is removed in real-time mode"},
{"xplot_args", &xplot_args, NULL,
"arguments to pass to xplot, if we are calling xplot from here"},
{"sv", &sv, NULL,
"separator to use for long output with <STR>-separated-values"},
};
#define NUM_EXTENDED_VARS (sizeof(extended_vars) / sizeof(struct ext_var_op))
// Extended option verification routines
static void Ignore(char *argsource, char *opt);
static void GrabOnly(char *argsource, char *opt);
static void IgnoreUDP(char *argsource, char *opt);
static void GrabOnlyUDP(char *argsource, char *opt);
// Extended options to allow --iudp and --oudp to be able to
// specifically ignore or output UDP connections.
// For sake of clarity, options --itcp and --otcp shall also be added
// to do the same job done by -i and -o options currently.
static struct ext_opt {
char *opt_name; // what it is called
void (*opt_func) (char *argsource, char *opt);
char *opt_descr;
} extended_options[] = {
{"iTCP",Ignore,"ignore specific TCP connections, same as -i"},
{"oTCP",GrabOnly,"only specific TCP connections, same as -o"},
{"iUDP",IgnoreUDP,"ignore specific UDP connections"},
{"oUDP",GrabOnlyUDP,"only specific UDP connections"}
};
#define NUM_EXTENDED_OPTIONS (sizeof(extended_options)/sizeof(struct ext_opt))
static void
Help(
char *harg)
{
if (harg && *harg && strncmp(harg,"arg",3) == 0) {
Args();
} else if (harg && *harg && strncmp(harg,"xarg",3) == 0) {
UsageModules();
} else if (harg && *harg && strncmp(harg,"filt",4) == 0) {
HelpFilter();
} else if (harg && *harg && strncmp(harg,"conf",4) == 0) {
Formats();
CompFormats();
ListModules();
} else if (harg && *harg && strncmp(harg,"out",3) == 0) {
ExplainOutput();
} else if (harg && *harg &&
((strncmp(harg,"hint",4) == 0) || (strncmp(harg,"int",3) == 0))) {
Hints();
} else {
fprintf(stderr,"\
For help on specific topics, try: \n\
-hargs tell me about the program's arguments \n\
-hxargs tell me about the module arguments \n\
-hconfig tell me about the configuration of this binary \n\
-houtput explain what the output means \n\
-hfilter output filtering help \n\
-hhints usage hints \n");
}
fprintf(stderr,"\n");
Version();
exit(0);
}
static void
BadArg(
char *argsource,
char *format,
...)
{
va_list ap;
fprintf(stderr,"Argument error");
if (argsource)
fprintf(stderr," (from %s)", argsource);
fprintf(stderr,": ");
va_start(ap,format);
vfprintf(stderr,format,ap);
va_end(ap);
Usage();
}
static void
Usage(void)
{
fprintf(stderr,"usage: %s [args...]* dumpfile [more files]*\n",
progname);
Help(NULL);
exit(-2);
}
static void
ExplainOutput(void)
{
fprintf(stderr,"\n\
OK, here's a sample output (using -l) and what each line means:\n\
\n\
1 connection traced:\n\
#### how many distinct TCP connections did I see pieces of\n\
13 packets seen, 13 TCP packets traced\n\
#### how many packets did I see, how many did I trace\n\
connection 1:\n\
#### I'll give you a separate block for each connection,\n\
#### here's the first one\n\
host a: 132.235.3.133:1084\n\
host b: 132.235.1.2:79 \n\
#### Each connection has two hosts. To shorten output\n\
#### and file names, I just give them letters.\n\
#### Connection 1 has hosts 'a' and 'b', connection 2\n\
#### has hosts 'c' and 'd', etc.\n\
complete conn: yes\n\
#### Did I see the starting FINs and closing SYNs? Was it reset?\n\
first packet: Wed Jul 20 16:40:30.688114\n\
#### At what time did I see the first packet from this connection?\n\
last packet: Wed Jul 20 16:40:41.126372\n\
#### At what time did I see the last packet from this connection?\n\
elapsed time: 0:00:10.438257\n\
#### Elapsed time, first packet to last packet\n\
total packets: 13\n\
#### total packets this connection\n\
\n\
#### ... Now, there's two columns of output (TCP is\n\
#### duplex) one for each direction of packets.\n\
#### I'll just explain one column...\n\
a->b: b->a:\n\
total packets: 7 total packets: 6\n\
#### packets sent in each direction\n\
ack pkts sent: 6 ack pkts sent: 6\n\
#### how many of the packets contained a valid ACK\n\
unique bytes sent: 11 unique bytes sent: 1152\n\
#### how many data bytes were sent (not counting retransmissions)\n\
actual data pkts: 2 actual data pkts: 1\n\
#### how many packets did I see that contained any amount of data\n\
actual data bytes: 11 actual data bytes: 1152\n\
#### how many data bytes did I see (including retransmissions)\n\
rexmt data pkts: 0 rexmt data pkts: 0\n\
#### how many data packets were retransmissions\n\
rexmt data bytes: 0 rexmt data bytes: 0\n\
#### how many bytes were retransmissions\n\
outoforder pkts: 0 outoforder pkts: 0\n\
#### how many packets were out of order (or I didn't see the first transmit!)\n\
SYN/FIN pkts sent: 1/1 SYN/FIN pkts sent: 1/1\n\
#### how many SYNs and FINs were sent in each direction\n\
mss requested: 1460 bytes mss requested: 1460 bytes\n\
#### What what the requested Maximum Segment Size\n\
max segm size: 9 bytes max segm size: 1152 bytes\n\
#### What was the largest segment that I saw\n\
min segm size: 2 bytes min segm size: 1152 bytes\n\
#### What was the smallest segment that I saw\n\
avg segm size: 5 bytes avg segm size: 1150 bytes\n\
#### What was the average segment that I saw\n\
max win adv: 4096 bytes max win adv: 4096 bytes\n\
#### What was the largest window advertisement that I sent\n\
min win adv: 4096 bytes min win adv: 4085 bytes\n\
#### What was the smallest window advertisement that I sent\n\
zero win adv: 0 times zero win adv: 0 times\n\
#### How many times did I sent a zero-sized window advertisement\n\
avg win adv: 4096 bytes avg win adv: 4092 bytes\n\
#### What was the average window advertisement that I sent\n\
initial window: 9 bytes initial window: 1152 bytes\n\
#### How many bytes in the first window (before the first ACK)\n\
initial window: 1 pkts initial window: 1 pkts\n\
#### How many packets in the first window (before the first ACK)\n\
throughput: 1 Bps throughput: 110 Bps\n\
#### What was the data throughput (Bytes/second)\n\
ttl stream length: 11 bytes ttl stream length: 1152 bytes\n\
#### What was the total length of the stream (from FIN to SYN)\n\
#### Note that this might be larger than unique data bytes because\n\
#### I might not have captured every segment!!!\n\
missed data: 0 bytes missed data: 0 bytes\n\
#### How many bytes of data were in the stream that I didn't see?\n\
RTT samples: 2 RTT samples: 1\n\
#### How many ACK's could I use to get an RTT sample\n\
RTT min: 45.9 ms RTT min: 19.4 ms\n\
#### What was the smallest RTT that I saw\n\
RTT max: 199.0 ms RTT max: 19.4 ms\n\
#### What was the largest RTT that I saw\n\
RTT avg: 122.5 ms RTT avg: 19.4 ms\n\
#### What was the average RTT that I saw\n\
RTT stdev: 0.0 ms RTT stdev: 0.0 ms\n\
#### What was the standard deviation of the RTT that I saw\n\
segs cum acked: 0 segs cum acked: 0\n\
#### How many segments were cumulatively ACKed (the ACK that I saw\n\
#### was for a later segment. Might be a lost ACK or a delayed ACK\n\
duplicate acks: 2 duplicate acks: 0\n\
#### How many duplicate ACKs did I see\n\
max # retrans: 0 max # retrans: 0\n\
#### What was the most number of times that a single segment\n\
#### was retransmitted\n\
min retr time: 0.0 ms min retr time: 0.0 ms\n\
#### What was the minimum time between retransmissions of a\n\
#### single segment\n\
max retr time: 0.0 ms max retr time: 0.0 ms\n\
#### What was the maximum time between retransmissions of a\n\
#### single segment\n\
avg retr time: 0.0 ms avg retr time: 0.0 ms\n\
#### What was the average time between retransmissions of a\n\
#### single segment\n\
sdv retr time: 0.0 ms sdv retr time: 0.0 ms\n\
#### What was the stdev between retransmissions of a\n\
#### single segment\n\
");
}
static void
Hints(void)
{
fprintf(stderr,"\n\
Hints (in no particular order):\n\
For the first run through a file, just use \"tcptrace file\" to see\n\
what's there\n\
For large files, use \"-t\" and I'll give you progress feedback as I go\n\
If there's a lot of hosts, particularly if they're non-local, use \"-n\"\n\
to disable address to name mapping which can be very slow\n\
If you're graphing results and only want the information for a few conns,\n\
from a large file, use the -o flag, as in \"tcptrace -o3,4,5 -o8-11\" to\n\
only process connections 3,4,5, and 8 through 11.\n\
Alternately, the '-oFILE' option allows you to write the connection\n\
list into a file using some other program (or the file PF from -f)\n\
Make sure the snap length in the packet grabber is big enough.\n\
Ethernet headers are 14 bytes, as are several others\n\
IPv4 headers are at least 20 bytes, but can be as large as 64 bytes\n\
TCP headers are at least 20 bytes, but can be as large as 64 bytes\n\
Therefore, if you want to be SURE that you see all of the options,\n\
make sure that you set the snap length to 14+64+64=142 bytes. If\n\
I'm not sure, I usually use 128 bytes. If you're SURE that there are no\n\
options (TCP usually has some), you still need at least 54 bytes.\n\
Compress trace files using gzip, I can uncompress them on the fly\n\
Stuff arguments that you always use into either the tcptrace resource file\n\
($HOME/%s) or the envariable %s. If you need to turn\n\
them off again from the command line, you can use\n\
the \"+\" option flag.\n\
", TCPTRACE_RC_FILE, TCPTRACE_ENVARIABLE);
}
static void
Args(void)
{
int i;
fprintf(stderr,"\n\
Note: these options are first read from the file $HOME/%s\n\
(if it exists), and then from the environment variable %s\n\
(if it exists), and finally from the command line\n\
", TCPTRACE_RC_FILE, TCPTRACE_ENVARIABLE);
fprintf(stderr,"\n\
Output format options\n\
-b brief output format\n\
-l long output format\n\
-r print rtt statistics (slower for large files)\n\
-W report on estimated congestion window (not generally useful)\n\
-q no output (if you just want modules output)\n\
Graphing options\n\
-T create throughput graph[s], (average over 10 segments, see -A)\n\
-R create rtt sample graph[s]\n\
-S create time sequence graph[s]\n\
-N create owin graph[s] (_o_utstanding data on _N_etwork)\n\
-F create segsize graph[s]\n\
-L create time line graph[s]\n\
-G create ALL graphs\n\
Output format detail options\n\
-D print in decimal\n\
-X print in hexadecimal\n\
-n don't resolve host or service names (much faster)\n\
-s use short names (list \"picard.cs.ohiou.edu\" as just \"picard\")\n\
Connection filtering options\n\
-iN ignore connection N (can use multiple times)\n\
-oN[-M] only connection N (or N through M). Arg can be used many times.\n\
If N is a file rather than a number, read list from file instead.\n\
-c ignore non-complete connections (didn't see syn's and fin's)\n\
-BN first segment number to analyze (default 1)\n\
-EN last segment number to analyze (default last in file)\n\
Graphing detail options\n\
-C produce color plot[s]\n\
-M produce monochrome (b/w) plot[s]\n\
-AN Average N segments for throughput graphs, default is 10\n\
-z zero axis options\n\
-z plot time axis from 0 rather than wall clock time (backward compat)\n\
-zx plot time axis from 0 rather than wall clock time\n\
-zy plot sequence numbers from 0 (time sequence graphs only)\n\
-zxy plot both axes from 0\n\
-y omit the (yellow) instantaneous throughput points in tput graph\n\
Misc options\n\
-Z dump raw rtt sample times to file[s]\n\
-p print all packet contents (can be very long)\n\
-P print packet contents for selected connections\n\
-t 'tick' off the packet numbers as a progress indication\n\
-fEXPR output filtering (see -hfilter)\n\
-v print version information and exit\n\
-w print various warning messages\n\
-d whistle while you work (enable debug, use -d -d for more output)\n\
-e extract contents of each TCP stream into file\n\
-h print help messages\n\
-u perform (minimal) UDP analysis too\n\
-Ofile dump matched packets to tcpdump file 'file'\n\
+[v] reverse the setting of the -[v] flag (for booleans)\n\
Dump File Names\n\
Anything else in the arguments is taken to be one or more filenames.\n\
The files can be compressed, see compress.h for configuration.\n\
If the dump file name is 'stdin', then we read from standard input\n\
rather than from a file\n\
");
fprintf(stderr,"\nExtended boolean options\n");
fprintf(stderr," (unambiguous prefixes also work)\n");
for (i=0; i < NUM_EXTENDED_BOOLS; ++i) {
struct ext_bool_op *pbop = &extended_bools[i];
fprintf(stderr," --%-20s %s %s\n",
pbop->bool_optname, pbop->bool_descr,
(*pbop->bool_popt == pbop->bool_default)?"(default)":"");
fprintf(stderr," --no%-18s DON'T %s %s\n",
pbop->bool_optname, pbop->bool_descr,
(*pbop->bool_popt != pbop->bool_default)?"(default)":"");
}
fprintf(stderr,"\nExtended variable options\n");
fprintf(stderr," (unambiguous prefixes also work)\n");
for (i=0; i < NUM_EXTENDED_VARS; ++i) {
char buf[256]; /* plenty large, but checked below with strncpy */
struct ext_var_op *pvop = &extended_vars[i];
strncpy(buf,pvop->var_optname,sizeof(buf)-10);
strcat(buf,"=\"STR\"");
fprintf(stderr," --%-20s %s (default: '%s')\n",
buf,
pvop->var_descr,
(*pvop->var_popt)?*pvop->var_popt:"<NULL>");
}
fprintf(stderr,"\n\
Module options\n\
-xMODULE_SPECIFIC (see -hxargs for details)\n\
");
}
static void
Version(void)
{
fprintf(stderr,"Version: %s\n", tcptrace_version);
fprintf(stderr," Compiled by '%s' at '%s' on machine '%s'\n",
built_bywhom, built_when, built_where);
}
static void
Formats(void)
{
int i;
fprintf(stderr,"Supported Input File Formats:\n");
for (i=0; i < NUM_FILE_FORMATS; ++i)
fprintf(stderr,"\t%-15s %s\n",
file_formats[i].format_name,
file_formats[i].format_descr);
fprintf(stderr,
"Try the tethereal program from the ethereal project to see if\n"
"it can understand this capture format. If so, you may use \n"
"tethereal to convert it to a tcpdump format file as in :\n"
"\t tethereal -r inputfile -w outputfile\n"
"and feed the outputfile to tcptrace\n");
}
static void
ListModules(void)
{
int i;
fprintf(stderr,"Included Modules:\n");
for (i=0; i < NUM_MODULES; ++i) {
fprintf(stderr," %-15s %s\n",
modules[i].module_name, modules[i].module_descr);
/* if (modules[i].module_usage) { */
/* fprintf(stderr," usage:\n"); */
/* (*modules[i].module_usage)(); */
/* } */
}
}
static void
UsageModules(void)
{
int i;
for (i=0; i < NUM_MODULES; ++i) {
fprintf(stderr," Module %s:\n", modules[i].module_name);
if (modules[i].module_usage) {
fprintf(stderr," usage:\n");
(*modules[i].module_usage)();
}
}
}
int
main(
int argc,
char *argv[])
{
int i;
double etime;
if (argc == 1)
Help(NULL);
/* initialize internals */
trace_init();
udptrace_init();
plot_init();
/* let modules start first */
LoadModules(argc,argv);
/* parse the flags */
CheckArguments(&argc,argv);
/* Used with <SP>-separated-values,
* prints a '#' before each header line if --csv/--tsv is requested.
*/
comment = (char *)malloc(sizeof(char *) * 2);
memset(comment, 0, sizeof(comment));
if(csv || tsv || (sv != NULL))
snprintf(comment, sizeof(comment), "#");
/* optional UDP */
// if (do_udp)
// udptrace_init();
// if (run_continuously) {
// trace_init();
//}
/* get starting wallclock time */
gettimeofday(&wallclock_start, NULL);
num_files = argc;
printf("%s%d arg%s remaining, starting with '%s'\n",
comment,
num_files,
num_files>1?"s":"",
filenames[0]);
if (debug>1)
DumpFlags();
/* knock, knock... */
printf("%s%s\n\n", comment, VERSION);
/* read each file in turn */
numfiles = argc;
for (i=0; i < argc; ++i) {
if (debug || (numfiles > 1)) {
if (argc > 1)
printf("%sRunning file '%s' (%d of %d)\n", comment, filenames[i], i+1, numfiles);
else
printf("%sRunning file '%s'\n", comment, filenames[i]);
}
/* do the real work */
ProcessFile(filenames[i]);
}
/* clean up output */
if (printticks)
printf("\n");
/* get ending wallclock time */
gettimeofday(&wallclock_finished, NULL);
/* general output */
fprintf(stdout, "%s%lu packets seen, %lu TCP packets traced",
comment, pnum, tcp_trace_count);
if (do_udp)
fprintf(stdout,", %lu UDP packets traced", udp_trace_count);
fprintf(stdout,"\n");
/* processing time */
etime = elapsed(wallclock_start,wallclock_finished);
fprintf(stdout, "%selapsed wallclock time: %s, %d pkts/sec analyzed\n",
comment,
elapsed2str(etime),
(int)((double)pnum/(etime/1000000)));
/* actual tracefile times */
etime = elapsed(first_packet,last_packet);
fprintf(stdout,"%strace %s elapsed time: %s\n",
comment,
(num_files==1)?"file":"files",
elapsed2str(etime));
if (debug) {
fprintf(stdout,"%s\tfirst packet: %s\n", comment, ts2ascii(&first_packet));
fprintf(stdout,"%s\tlast packet: %s\n", comment, ts2ascii(&last_packet));
}
if (verify_checksums) {
fprintf(stdout,"%sbad IP checksums: %ld\n", comment, bad_ip_checksums);
fprintf(stdout,"%sbad TCP checksums: %ld\n", comment, bad_tcp_checksums);
if (do_udp)
fprintf(stdout,"%sbad UDP checksums: %ld\n", comment, bad_udp_checksums);
}
/* close files, cleanup, and etc... */
trace_done();
udptrace_done();
FinishModules();
plotter_done();
exit(0);
}
static void
ProcessFile(
char *filename)
{
pread_f *ppread;
int ret;
struct ip *pip;
struct tcphdr *ptcp;
int phystype;
void *phys; /* physical transport header */
tcp_pair *ptp;
int fix;
int len;
int tlen;
void *plast;
struct stat str_stat;
long int location = 0;
u_long fpnum = 0;
Bool is_stdin = 0;
static int file_count = 0;
/* share the current file name */
cur_filename = filename;
#ifdef __WIN32
/* If the file is compressed, exit (Windows version does not support compressed dump files) */
if (CompOpenHeader(filename) == (FILE *)-1) {
exit(-1);
}
#else
/* open the file header */
if (CompOpenHeader(filename) == NULL) {
exit(-1);
}
#endif /* __WIN32 */
/* see how big the file is */
if (FileIsStdin(filename)) {
filesize = 1;
is_stdin = 1;
} else {
if (stat(filename,&str_stat) != 0) {
perror("stat");
exit(1);
}
filesize = str_stat.st_size;
}
/* determine which input file format it is... */
ppread = NULL;
if (debug>1)
printf("NUM_FILE_FORMATS: %u\n", (unsigned)NUM_FILE_FORMATS);
for (fix=0; fix < NUM_FILE_FORMATS; ++fix) {
if (debug)
fprintf(stderr,"Checking for file format '%s' (%s)\n",
file_formats[fix].format_name,
file_formats[fix].format_descr);
rewind(stdin);
ppread = (*file_formats[fix].test_func)(filename);
if (ppread) {
if (debug)
fprintf(stderr,"File format is '%s' (%s)\n",
file_formats[fix].format_name,
file_formats[fix].format_descr);
break;
} else if (debug) {
fprintf(stderr,"File format is NOT '%s'\n",
file_formats[fix].format_name);
}
}
/* if we haven't found a reader, then we can't continue */
if (ppread == NULL) {
int count = 0;
fprintf(stderr,"Unknown input file format\n");
Formats();
/* check for ASCII, a common problem */
rewind(stdin);
while (1) {
int ch;
if ((ch = getchar()) == EOF)
break;
if (!isprint(ch))
break;
if (++count >= 20) {
/* first 20 are all ASCII */
fprintf(stderr,"\
\n\nHmmmm.... this sure looks like an ASCII input file to me.\n\
The first %d characters are all printable ASCII characters. All of the\n\
packet grabbing formats that I understand output BINARY files that I\n\
like to read. Could it be that you've tried to give me the readable \n\
output instead? For example, with tcpdump, you need to use:\n\
\t tcpdump -w outfile.dmp ; tcptrace outfile.dmp\n\
rather than:\n\
\t tcpdump > outfile ; tcptrace outfile\n\n\
", count);
exit(1);
}
}
exit(1);
}
#ifndef __WIN32
/* open the file for processing */
if (CompOpenFile(filename) == NULL) {
exit(-1);
}
#endif /* __WIN32 */
/* how big is it.... (possibly compressed) */
if (debug) {
/* print file size */
printf("Trace file size: %lu bytes\n", filesize);
}
location = 0;
/* inform the modules, if they care... */
ModulesPerFile(filename);
/* count the files */
++file_count;
/* read each packet */
while (1) {
/* read the next packet */
ret = (*ppread)(¤t_time,&len,&tlen,&phys,&phystype,&pip,&plast);
if (ret == 0) /* EOF */
break;
/* update global and per-file packet counters */
++pnum; /* global */
++fpnum; /* local to this file */
/* in case only a subset analysis was requested */
if (pnum < beginpnum) continue;
if ((endpnum != 0) && (pnum > endpnum)) {
--pnum;
--fpnum;
break;
}
/* check for re-ordered packets */
if (!ZERO_TIME(&last_packet)) {
if (elapsed(last_packet , current_time) < 0) {
/* out of order */
if ((file_count > 1) && (fpnum == 1)) {
fprintf(stderr, "\
Warning, first packet in file %s comes BEFORE the last packet\n\
in the previous file. That will likely confuse the program, please\n\
order the files in time if you have trouble\n", filename);
} else {
static int warned = 0;
if (warn_ooo) {
fprintf(stderr, "\