search

hgn / captcp

A open source program for TCP analysis of PCAP files
http://research.protocollabs.com/captcp/
GNU General Public License v3.0
113 stars 40 forks source link

timesequence -t option not working #12

Closed sh0x closed 11 years ago

sh0x commented 11 years ago

The -t option for timesequence doesn't appear to be working.

captcp timesequence -o timesequence/ -z -f 1.1 -i -t 4:6 *.pcap

The resulting pdf seems to ignore the -t option and includes the entire time sequence (10 seconds in my case).

hgn commented 11 years ago

Strange! -t behaviour was changed months before. Now -t n:m just add a statement to gnuplot command file. E.g.

set xrange [20.0:30.0]

for -t 20:30. So I assume the problem is somewhere else. Can you post the pcap file or check GPI file directly (time-sequence.gpi) in the output directory directly.

sh0x commented 11 years ago

I don't see xrange being added to my time-sequence.gpi. I converted this capture from snoop to libpcap.

~/test-cap/timesequence$ grep xrange * ~/test-cap/timesequence$ ~/test-cap/timesequence$ python -V Python 2.7.3rc2 ~/test-cap/timesequence$ gnuplot -V gnuplot 4.6 patchlevel 0

Just thought I'd check. Thanks for captcp!

hgn commented 11 years ago

I don't see xrange being added to my time-sequence.gpi. I converted this capture from snoop to libpcap.

captcp --version

sh0x commented 11 years ago

$ captcp --version 1.4

sh0x commented 11 years ago

Uploaded (temporarily) a randomized pcap of the one I'm using, to http://72.2.115.122/test.pcap.zip

hgn commented 11 years ago

captcp --version

1.4

OK, this is the current version. -t should work like a charm. Can you post time-sequence.gpi - generated via

captcp timesequence -i -o . -f 1.1 -t 1:2

sh0x commented 11 years ago 
root@noctool:~# captcp timesequence -i -o timesequence/ -f 1.1 -t 1:2 test.pcap
# captcp 2010-2013 Hagen Paul Pfeifer (c)
# connection: 1 (data flow: 1, ACK flow: 2)
# ADVICE: capture the data at sender side!
# now execute (cd timesequence/; make preview)
root@noctool:~# cat timesequence/time-sequence.gpi 
set terminal postscript eps enhanced color "Times" 25
set output "time-sequence.eps"
set title "Time Sequence Graph"

set style line 99 linetype 1 linecolor rgb "#999999" lw 2
set key right bottom
set key box linestyle 99
set key spacing 1.2

set grid xtics ytics mytics

set size 2
#set size ratio 0.4

set format y "%.0f"

set ylabel "Sequence Number"
set xlabel "Time [seconds]"

load "data-arrow.data"
load "data-arrow-retrans.data"
load "data-arrow-sack.data"

set style line 1 lc rgb '#00004d' lt 1 lw 3
set style line 2 lc rgb '#0060ad' lt 1 lw 3
set style line 3 lc rgb '#cdaf95' lt 1 lw 3

plot  \
    "seq.data" using 1:2 title "Seq" with linespoints ls 1, \
    "ack.data" using 1:2 title "ACK" with linespoints ls 2, \
    "win.data" using 1:2 title "AWND" with lines ls 3
hgn commented 11 years ago

Strange, the command works fine for me (using your exact command line, using your pcap file)

time-sequence

sh0x commented 11 years ago

Interesting! I'll try this on a few fresh distro installs to see if its reproducible. Mine is currently Debian 6.0.

hgn commented 11 years ago

Yes, I dont think that this "bug" is distribution/python-version/whatever related.

Please call make uninstall and make install again. But If this will not solve the problem we can start debuging! ;-)

/usr/share/captcp/data/templates/time-sequence.gpi should contain the following lines (line number 14):

set format y "%.0f" $XRANGE $YRANGE

These lines are substituted if the proper options are set: -t 1:2 exhibit in the generated as set xrange [2.0:3.0].

sh0x commented 11 years ago

That did it, thanks!

hgn commented 11 years ago

Your welcome