1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
BEGIN {
# we need the number of bytes in a packet to do the output
# in packet numbers rather than byte numbers.
if (packetsize <= 0)
packetsize = 512
expectNext = 1
lastwin = -1
}
{
# convert tcp trace to send/ack form.
n = split ($1,t,":")
tim = t[1]*3600 + t[2]*60 + t[3]
if (NR <= 1) {
tzero = tim
ltim = tim
OFS = "\t"
}
if ($6 != "ack") {
# we have a data packet record:
# ignore guys with syn, fin or reset 'cause we
# can't handle their sequence numbers. Try to
# detect and add a flag character for 'anomalies':
# * -> re-sent packet
# - -> packet after hole (missing packet(s))
# # -> odd size packet
if ($5 !~ /[SFR]/) {
i = index($6,":")
j = index($6,"(")
strtSeq = substr($6,1,i-1)
endSeq = substr($6,i+1,j-i-1)
len = endSeq - strtSeq
id = endSeq
if (! timeOf[id])
timeOf[id] = tim
if (endSeq - expectNext < 0)
flag = "*"
else {
if (strtSeq - expectNext > 0)
flag = "-"
else if (len != packetsize)
flag = "#"
else
flag = " "
expectNext = endSeq
}
printf "%7.2f\t%7.2f\t%s send %s %d", tim-tzero, tim-ltim,\
flag, $5, strtSeq
if (++timesSent[id] > 1)
printf " (%.2f) [%d]", tim - timeOf[id], timesSent[id]
if (len != packetsize)
printf " <%d>", len
}
} else {
id = $7
printf "%7.2f\t%7.2f\t%s ack %s %d", tim-tzero, tim-ltim,\
flag, $5, id
if ($9 != lastwin) {
printf " win %d", $9
lastwin = $9
}
printf " (%.2f)", tim - timeOf[id]
if (++timesAcked[id] > 1)
printf " [%d]", timesAcked[id]
}
printf "\n"
ltim = tim
}
|