summaryrefslogtreecommitdiff
path: root/usr.sbin/tcpdump/send-ack.awk
blob: f55b7c2f6d13c2469f410d68095f4ebde6f6312a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
BEGIN	{
	# we need the number of bytes in a packet to do the output
	# in packet numbers rather than byte numbers.
	if (packetsize <= 0)
		packetsize = 512
	expectNext = 1
	lastwin = -1
	}
	{
	# convert tcp trace to send/ack form.
	n = split ($1,t,":")
	tim = t[1]*3600 + t[2]*60 + t[3]
	if (NR <= 1) {
		tzero = tim
		ltim = tim
		OFS = "\t"
	}
	if ($6 != "ack") {
		# we have a data packet record:
		# ignore guys with syn, fin or reset 'cause we
		# can't handle their sequence numbers.  Try to
		# detect and add a flag character for 'anomalies':
		#   * -> re-sent packet
		#   - -> packet after hole (missing packet(s))
		#   # -> odd size packet
		if ($5 !~ /[SFR]/) {
			i = index($6,":")
			j = index($6,"(")
			strtSeq = substr($6,1,i-1)
			endSeq = substr($6,i+1,j-i-1)
			len = endSeq - strtSeq
			id = endSeq
			if (! timeOf[id])
				timeOf[id] = tim
			if (endSeq - expectNext < 0)
				flag = "*"
			else {
				if (strtSeq - expectNext > 0)
					flag = "-"
				else if (len != packetsize)
					flag = "#"
				else
					flag = " "
				expectNext = endSeq
			}
			printf "%7.2f\t%7.2f\t%s send %s %d", tim-tzero, tim-ltim,\
				flag, $5, strtSeq
			if (++timesSent[id] > 1)
				printf "  (%.2f) [%d]", tim - timeOf[id], timesSent[id]
			if (len != packetsize)
				printf " <%d>", len
		}
	} else {
		id = $7

		printf "%7.2f\t%7.2f\t%s  ack %s %d", tim-tzero, tim-ltim,\
			flag, $5, id
		if ($9 != lastwin) {
			printf "  win %d", $9
			lastwin = $9
		}
		printf "  (%.2f)", tim - timeOf[id]
		if (++timesAcked[id] > 1)
			printf " [%d]", timesAcked[id]
	}
	printf "\n"
	ltim = tim
	}