单个IPv4 TCP Pcap文件分析丢包/乱序

############

#function : analysis TCP packet from 1 file, only give the first drop cause.
#command : ./OneTcpFileAnalysis.sh file
#precondition : file contain only tcp packet and tcp not SACK.
#input  : csv files exported by wireshark as follow:
#       |ip.src#1 |ip.dst#1 |ip.id#1 |ip.len#1 |ip.frag_offset#1 |tcp.srcport#1 |tcp.dstport#1 |tcp.seq |tcp.nxtseq |tcp.ack
#output  : DownLost.csv UpLost.csv  DupAck.csv
#       DownLost.csv or UpLost.csv only include data packet:
#    |ip.src#1 |ip.dst#1 |tcp.srcport#1 |tcp.dstport#1 |tcp.seq
#       DupAck.csv only include ack packet:
#    |ip.src#1 |ip.dst#1 |tcp.srcport#1 |tcp.dstport#1 |tcp.ack |Num
############

 

#!/bin/sh

############
#function : analysis TCP packet from 1 file, only give the first drop cause.
#command : ./OneTcpFileAnalysis.sh file
#precondition : file contain only tcp packet and tcp not SACK.
#input : csv files exported by wireshark as follow:
# |ip.src#1 |ip.dst#1 |ip.id#1 |ip.len#1 |ip.frag_offset#1 |tcp.srcport#1 |tcp.dstport#1 |tcp.seq |tcp.nxtseq |tcp.ack
#output : DownLost.csv UpLost.csv DupAck.csv
# DownLost.csv or UpLost.csv only include data packet:
# |ip.src#1 |ip.dst#1 |tcp.srcport#1 |tcp.dstport#1 |tcp.seq
# DupAck.csv only include ack packet:
# |ip.src#1 |ip.dst#1 |tcp.srcport#1 |tcp.dstport#1 |tcp.ack |Num
############


for file
do

awk -F, 'NR>1{TcpAckNum[$1","$2","$6","$7","$10]++; if($9!="" && $9-$8>1){TcpDataNum[$1","$2","$6","$7","$8]++;if($9>TcpMaxDataSN[$1","$2","$6","$7]){TcpMaxDataSN[$1","$2","$6","$7]=$9;}}if(TcpAckNum[$1","$2","$6","$7","$10]==2 && TcpMaxDataSN[$2","$1","$7","$6]>$10){if(TcpDataNum[$2","$1","$7","$6","$10]>0){DownLostOrUpDisOrder[$2","$1","$7","$6","$10]++;}else{UpLost[$2","$1","$7","$6","$10]++;}}}END{OFS=",";for(i1 in DownLostOrUpDisOrder){if(TcpDataNum[i]>1) {print i1 > "DownLost"}else{print i1 > "UpDisOrder"}}for(i2 in UpLost){print i2 > "UpLost"}for(i3 in TcpAckNum){if(TcpAckNum[i3]>1)print i3,TcpAckNum[i3] > "DupAck"}}' $file

sort -t, -k1,4 -k5,5n DownLost > DownLost$file
sort -t, -k1,4 -k5,5n UpLost > UpLost$file
sort -t, -k1,4 -k5,5n DupAck > DupAck$file
sort -t, -k1,4 -k5,5n UpDisOrder > UpDisOrder$file

sed -i '1i\ip.src1, ip.dst1, tcp.srcport1, tcp.dstport1, tcp.seq' DownLost$file
sed -i '1i\ip.src1, ip.dst1, tcp.srcport1, tcp.dstport1, tcp.seq' UpLost$file
sed -i '1i\ip.src1, ip.dst1, tcp.srcport1, tcp.dstport1, tcp.ack, Num' DupAck$file
sed -i '1i\ip.src1, ip.dst1, tcp.srcport1, tcp.dstport1, tcp.seq' UpDisOrder$file

rm DownLost UpLost DupAck UpDisOrder

done

 

posted @ 2021-09-25 16:06  isarcyan  阅读(186)  评论(0)    收藏  举报