things to assist in packet analysis
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Analyze the ARP packets in a trace file. Calculates the ARP response time and idenifies ARP requests with no replies, gratuitous ARPs, duplicate IPs and duplicate MACs. See

Average a value returned by tshark. See

Builds a tshark filter by ANDing or ORing the values in a list with a tshark variable. See

Calcuate the bytes in flight after each ACK. See

Create a table of DNS server query response times and list of unanswered queries. See

Find TCP connection attempts that have a failed. There are 6 failure scenarios, See

Uses egrep to list all strings in a file that match an IPv4 address format and the sort -u to get a unique list. Really just a one-liner by this way I do not have to remember (or type) the egrep string. Its useful with to create a filter to display all the IPs listed in say a log file. See

Analyze a packet trace for packets where the sequence number in the ACK field does not match the sequence numbers in the selective acknowledgement blocks. See

Find TCP connections that have been reset without being closed. See

Find TCP connections that appear to have failed because of retransmission failures. See

Removes a partial packet at the end of a packet trace file. See

For each retransmitted TCP segment determine if the segment is seen more than once. See

Compares IP ID and absolute TCP sequence and ACK numbers between two traces to match up TCP segments where the IP addresses and or TCP have been changed (i.e. NAT). See

Extracts byte strings from a TCP stream in a template trace and looks for the strings in a target trace. The goal is to find a match TCP stream in the target trace file. See

For every connection in the trace file calculate the percentage of retransmissions for every source IP address as retransmissions / not-retransmitted source segments. segments must contain data, i.e.will not identify retransmitted SYNs or FINs without data. See

Send an ICMP echo request (ping) with a 16 character time stamp (HH:MM:SS.sssssssss) embedded in it instead of the standard sequence of ascii characaters. See

Send an ICMP echo request (ping) with a 16 character message embedded in it instead of the standard sequence of ascii characaters. See

Reads X.pcap and creates a set of X.pcap_IP1-Port1_IP2-Port2_split.pcap files, one for each TCP four-tuple. Reads only pcap files not pcapng. Requires Python and the scapy module. See

Runs tcpdump in the background with 10 files of 100 Meg each. See

Calculate the throughput of all TCP streams in a trace file. See

Calculate throughput per second of a specific stream at resolutions of 1, 1/10, 1/100, and 1/1000 of a second. results are suitable for graphing. See

Finds all files in the current directory and any sub directories and displays then start and end times in sorted order. See

Find TCP connections that have not been closed or reset. See