mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-24 09:13:37 +01:00
4edb46e9a8
Obtained from: ftp://ftp.ee.lbl.gov/tcpdump.tar.Z on 19-Aug-1996.
69 lines
1.6 KiB
Awk
69 lines
1.6 KiB
Awk
BEGIN {
|
|
# we need the number of bytes in a packet to do the output
|
|
# in packet numbers rather than byte numbers.
|
|
if (packetsize <= 0)
|
|
packetsize = 512
|
|
expectNext = 1
|
|
lastwin = -1
|
|
}
|
|
{
|
|
# convert tcp trace to send/ack form.
|
|
n = split ($1,t,":")
|
|
tim = t[1]*3600 + t[2]*60 + t[3]
|
|
if (NR <= 1) {
|
|
tzero = tim
|
|
ltim = tim
|
|
OFS = "\t"
|
|
}
|
|
if ($6 != "ack") {
|
|
# we have a data packet record:
|
|
# ignore guys with syn, fin or reset 'cause we
|
|
# can't handle their sequence numbers. Try to
|
|
# detect and add a flag character for 'anomalies':
|
|
# * -> re-sent packet
|
|
# - -> packet after hole (missing packet(s))
|
|
# # -> odd size packet
|
|
if ($5 !~ /[SFR]/) {
|
|
i = index($6,":")
|
|
j = index($6,"(")
|
|
strtSeq = substr($6,1,i-1)
|
|
endSeq = substr($6,i+1,j-i-1)
|
|
len = endSeq - strtSeq
|
|
id = endSeq
|
|
if (! timeOf[id])
|
|
timeOf[id] = tim
|
|
if (endSeq - expectNext < 0)
|
|
flag = "*"
|
|
else {
|
|
if (strtSeq - expectNext > 0)
|
|
flag = "-"
|
|
else if (len != packetsize)
|
|
flag = "#"
|
|
else
|
|
flag = " "
|
|
expectNext = endSeq
|
|
}
|
|
printf "%7.2f\t%7.2f\t%s send %s %d", tim-tzero, tim-ltim,\
|
|
flag, $5, strtSeq
|
|
if (++timesSent[id] > 1)
|
|
printf " (%.2f) [%d]", tim - timeOf[id], timesSent[id]
|
|
if (len != packetsize)
|
|
printf " <%d>", len
|
|
}
|
|
} else {
|
|
id = $7
|
|
|
|
printf "%7.2f\t%7.2f\t%s ack %s %d", tim-tzero, tim-ltim,\
|
|
flag, $5, id
|
|
if ($9 != lastwin) {
|
|
printf " win %d", $9
|
|
lastwin = $9
|
|
}
|
|
printf " (%.2f)", tim - timeOf[id]
|
|
if (++timesAcked[id] > 1)
|
|
printf " [%d]", timesAcked[id]
|
|
}
|
|
printf "\n"
|
|
ltim = tim
|
|
}
|