http://research.protocollabs.com/captcp/
| # lsb_release –a No LSB modules are available. Distributor ID: LinuxMint Description: Linux Mint 12 Lisa Release: 12 Codename: lisa # uname -ri 3.2.0-32-generic x86_64 |
[ install captcp ]
| # git clone git://github.com/hgn/captcp.git # cd captcp/ # make # make install |
| # ls -l /usr/bin/captcp lrwxrwxrwx 1 root root 27 Oct 27 16:22 /usr/bin/captcp -> /usr/share/captcp/captcp.py |
Install required python modules
| # apt-get install -y python-pypcap python-dpkt python-geoip python-cairo python-numpy |
[ sample usage ]
At first , preare a pcap file.
| tshark -i br0 port 80 -w zzz.pcap |
| # /usr/bin/captcp statistic zzz.pcap General: Packets processed: 806 ( 100.00%) Network Layer ARP: 0 ( 0.00%) IPv4: 806 ( 100.00%) IPv6: 0 ( 0.00%) Unknown: 0 ( 0.00%) Transport Layer TCP: 806 ( 100.00%) UDP: 0 ( 0.00%) ICMP: 0 ( 0.00%) ICMPv6: 0 ( 0.00%) Unknown: 0 ( 0.00%) Connections: 1 192.168.10.15:47385<->74.125.235.83:80 Packets processed: 10 (1.2%) Flow 1.1: 192.168.10.15:47385 -> 74.125.235.83:80 Flow 1.2: 74.125.235.83:80 -> 192.168.10.15:47385 Packets: 6 packets Packets: 4 packets Data link layer: 1748 bytes Data link layer: 781 bytes Data network layer: 1664 bytes Data network layer: 725 bytes Data transport layer: 1544 bytes Data transport layer: 645 bytes Data application layer: 1344 bytes Data application layer: 509 bytes Retransmissions: 0 bytes Retransmissions: 0 bytes Retransmissions: 0 packets Retransmissions: 0 packets Retransmissions per byte: 0.00 percent Retransmissions per byte: 0.00 percent Retransmissions per packet: 0.00 percent Retransmissions per packet: 0.00 percent ACK flag set but no payload: 4 packets ACK flag set but no payload: 3 packets 2 192.168.10.15:47386<->74.125.235.83:80 Packets processed: 15 (1.9%) Flow 2.1: 192.168.10.15:47386 -> 74.125.235.83:80 Flow 2.2: 74.125.235.83:80 -> 192.168.10.15:47386 Packets: 9 packets Packets: 6 packets Data link layer: 3411 bytes Data link layer: 1546 bytes Data network layer: 3285 bytes Data network layer: 1462 bytes Data transport layer: 3105 bytes Data transport layer: 1342 bytes Data application layer: 2833 bytes Data application layer: 1142 bytes Retransmissions: 0 bytes Retransmissions: 0 bytes Retransmissions: 0 packets Retransmissions: 0 packets Retransmissions per byte: 0.00 percent Retransmissions per byte: 0.00 percent Retransmissions per packet: 0.00 percent Retransmissions per packet: 0.00 percent ACK flag set but no payload: 3 packets ACK flag set but no payload: 4 packets |
| # /usr/bin/captcp throughput --stdio zzz.pcap 1.0 0.0 2.0 0.0 3.0 0.0 4.0 0.0 5.0 3403.0 6.0 0.0 7.0 2425.0 8.0 34907.0 9.0 427526.0 10.0 128772.0 11.0 0.0 12.0 24511.0 13.0 79982.0 # total data (goodput): 703948 byte (5.63 Mbit) # throughput (goodput): 50576.25 byte/s (404.61 kbit/s) |
Output throughput graph
Make a directory to store the graph
| # mkdir throuput-graph |
| # captcp throughput --init --output-dir throuput-graph zzz.pcap |
Make png and PDF
| # cd throuput-graph/ # ls Makefile throughput.data throughput.gpi |
| # make png compillation of throughput.gpi make: gnuplot: Command not found make: *** [throughput.eps] Error 127 |
Error ..
Install gnuplog
| # apt-get install gnuplot -y |
Try again … error
| # make png compillation of throughput.gpi conversion in pdf format make: epstopdf: Command not found make: *** [throughput.pdf] Error 127 rm throughput.eps |
| # apt-get install -y texlive-font-utils |
| # make png compillation of throughput.gpi conversion in pdf format end conversion in png format end rm throughput.eps |
Okay.
| # ls throughput.p* throughput.pdf throughput.png |
Output sequence graph
| # captcp sequencegraph zzz.pcap --local=192.168.10.15 # ls *.pdf seq-graph.pdf |
Output specific connection
| # captcp sequencegraph --connection-id=3 --local=192.168.10.15 zzz.pcap --filename=con-3.pdf --rtt=0.5 |
You can check connection ID like this:
| # captcp statistic zzz.pcap | grep "<->" 1 192.168.10.15:47385<->74.125.235.83:80 2 192.168.10.15:47386<->74.125.235.83:80 3 192.168.10.15:45850<->176.32.120.15:80 4 192.168.10.15:45851<->176.32.120.15:80 5 192.168.10.15:50662<->210.149.135.93:80 6 192.168.10.15:50663<->210.149.135.93:80 7 192.168.10.15:50664<->210.149.135.93:80 |
[ how to see help messages ]
Check module name with “captcp –help”
| # /usr/bin/captcp --help Usage: captcp [-h] modulename [modulename-options] <pcap-file> Available modules: stacktrace show spacing statistic payloadtimeport timesequence geoip inflight sound connection throughput template sequencegraph |
Check arguments of statstic module.
| # /usr/bin/captcp statistic –help Usage: captcp [options] Options: -h, --help show this help message and exit -v LOGLEVEL, --verbose=LOGLEVEL set the loglevel (info, debug, warning, error) -i FILTER, --filter=FILTER limit number of displayed connections "sip:sport- dip:dport", default "*:*-*:*" -m FORMAT, --format=FORMAT skip summary and display only selected values |
Thank you so much. It was of great help!
ReplyDeletethank you for stopping by my blog.
ReplyDeletemy pleasure. :)