search

hgn / captcp

A open source program for TCP analysis of PCAP files
http://research.protocollabs.com/captcp/
GNU General Public License v3.0
113 stars 40 forks source link

Fix to analyze IPv6 traffic #6

Closed fixje closed 11 years ago

fixje commented 11 years ago

This fix provides a support for analyzing traces with IPv6 packets.

This is what I got for a trace with IPv6 traffic only: $ captcp statistic youtube-20130422-03-filtered.pcap I experienced the following exception: Traceback (most recent call last): File "/usr/bin/captcp", line 4290, in sys.exit(captcp.run()) File "/usr/bin/captcp", line 4261, in run pcap_parser.run() File "/usr/bin/captcp", line 552, in run self.callback(dt, packet.data) File "/usr/bin/captcp", line 826, in internal_pre_process_packet self.cc.update(ts, packet) File "/usr/bin/captcp", line 2459, in update c = Connection(packet) File "/usr/bin/captcp", line 2264, in init TcpConn.init(self, packet) File "/usr/bin/captcp", line 2155, in init self.sip = Converter.dpkt_addr_to_string(ip.src) File "/usr/bin/captcp", line 480, in dpkt_addr_to_string iaddr = int(struct.unpack('I', addr)[0]) struct.error: unpack requires a string argument of length 4

fixje commented 11 years ago

You merged two commits which are listed here. The fix was only one of them. The other one added some statistics and introduced a dependency on numpy. But I guess this was intended

hgn commented 11 years ago

Yes, I liked the functionality! ;-) numpy was used anyway and is often already installed, lets see. If I get to many bad comments I will make this part conditional (e.g. --extended-stats).

Thank you Markus!

fixje commented 11 years ago

You are welcome, thanks for the tool :) I'm currently adding some more stuff to get information about packets in flight (median, percentiles) while running the statistics module. This saves time when investigating large dumps. I will also make a pull request when I'm finish and you can decide to include it.

hgn commented 11 years ago

Great! Two notes:

1. Can you make this code conditional by an new flag:

captcp statistic --extended trace.pcap

The special information (e.g. median, ...) makes the statistic module confusing for a quick view. So we should add an new flag. (commit 1)

Then you can add new statistics (commit 2, 3, n)

2. Formatting the output lines, there is a vertical missmatch between the other lines.