Commit ee8b916e authored by Philipp Winter's avatar Philipp Winter Committed by Cecylia Bocovich
Browse files

Adding scripts to process bridge-side pcap files

Here's how the scripts work:

    1. Adapt the variables CLIENT_TUPLE and SERVER_TUPLE in infer-throughput.py.
    2. Run the script: python infer-throughput.py download.pcap > download.csv
    3. Plot the results: Rscript plot-throughput.R download.csv
parent 2b38d5b5
#!/usr/bin/env python2
"""
Turn pcap into csv file.
Problem: A client is downloading a large file from a server and we want to
figure out if the throughput of the download degrades over time.
Solution: We analyze the pcap file of the download and extract the ACK segments
that the client sends to the server. From the ACK segments we can
infer how much data was transferred in a given time interval
(CUM_TIME_THRESHOLD). We can then plot the number of downloaded
bytes per time interval and do a simple qualitative inspection.
"""
import sys
import scapy.all as scapy
# Change this to whatever client/server tuple you want to analyze.
CLIENT_TUPLE = ("1.2.3.4", 1234)
SERVER_TUPLE = ("4.3.2.1", 4321)
# Number of seconds of our time intervals.
CUM_TIME_THRESHOLD = 1
def ignore_packet(packet):
# Make sure that we only inspect the given client and server IP
# addresses.
if not packet.haslayer(scapy.IP):
return True
if not packet[scapy.IP].src == CLIENT_TUPLE[0]:
return True
if not packet[scapy.IP].dst == SERVER_TUPLE[0]:
return True
# Make sure that we only inspect the given client and server TCP ports.
if not packet.haslayer(scapy.TCP):
return True
if not packet[scapy.TCP].sport == CLIENT_TUPLE[1]:
return True
if not packet[scapy.TCP].dport == SERVER_TUPLE[1]:
return True
# Make sure that we're only inspecting ACK segments.
if packet[scapy.TCP].flags != 16:
return True
return False
def process_file(pcap_file):
prev_ack = None
prev_time = None
cum_time = 0
sent_bytes = 0
print "bytes,timestamp"
packets = scapy.rdpcap(pcap_file)
for packet in packets:
if ignore_packet(packet):
continue
# Remember timestamp and ACK number of the very first segment.
if prev_time is None and prev_ack is None:
prev_time = packet[scapy.TCP].time
prev_ack = packet[scapy.TCP].ack
continue
ack = packet[scapy.TCP].ack
sent_bytes += (ack - prev_ack)
cum_time += (packet[scapy.TCP].time - prev_time)
if cum_time > CUM_TIME_THRESHOLD:
print "%d,%.2f" % (sent_bytes, int(packet[scapy.TCP].time))
sent_bytes = 0
cum_time = 0
prev_ack = ack
prev_time = packet[scapy.TCP].time
return 0
if __name__ == "__main__":
if len(sys.argv) != 2:
print >> sys.stderr, "\nUsage: %s PCAP_FILE\n" % sys.argv[0]
sys.exit(1)
pcap_file = sys.argv[1]
sys.exit(process_file(pcap_file))
require(ggplot2)
args <- commandArgs(trailingOnly = TRUE)
data <- read.csv(args[1], header=TRUE)
ggplot(data, aes(timestamp, bytes)) +
geom_point() +
geom_smooth() +
xlab("Time") +
ylab("# of transferred bytes") +
theme_minimal()
dev.off()
ggsave("throughput.pdf",
width = 5,
height = 2.5)
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment