farrokhi/sipcap
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
sipcap/prototype/pcaputil.pl
farrokhi ced02e2365 - add capability of separating TX and RX in graph (in addition to "total traffic" graph) 
- add -S flag to specify source IP address
- improve graph look
2014-07-24 17:40:03 +04:30

286 lines
5.7 KiB
Perl
Executable File
Raw Blame History

#!/usr/bin/perl
use strict;
use warnings;
use Net::Pcap;
use NetPacket::IP;
use Getopt::Std;
my $duplex = 0;
my $src_addr = "";
my $pktcount = 0;
my $curtime = 0;
my $reftime = 0;
my $endtime = 0;
my $timelen = 0;
my $hoffset = -1;
my @pps_src = ();
my @pps_dst = ();
my @bps_src = ();
my @bps_dst = ();
sub process_pkt
{
my($user_data, $hdr, $pkt) = @_;
my $unpacket = unpack('H*', substr($pkt, 0,1));
if (($hoffset == 32) && ($unpacket == 88)) {
$hoffset = 34; # Add 2 bytes to the header is it is an IEEE 802.11 QOS frame
}
my $paquete = substr($pkt, $hoffset); # Hack to parse not only Ethernet but also IEEE 802.11 frames
my $ip_obj = NetPacket::IP->decode( $paquete );
$reftime = $hdr->{tv_sec} if ($reftime == 0);
$endtime = $hdr->{tv_sec};
$curtime = sprintf("%d\n", $hdr->{tv_sec} - $reftime);
$pktcount++;
my $arrsize=@pps_src;
if ($arrsize < $curtime) { # grow array if necessary
for (my $i = $arrsize; $i <= $curtime; $i++) {
$pps_src[$i] = 0;
$pps_dst[$i] = 0;
$bps_src[$i] = 0;
$bps_dst[$i] = 0;
}
}
if ($duplex) # We need separate TX/RX lines in graph
{
if ( $src_addr eq $ip_obj->{src_ip} ) # TX flow
{
$pps_src[$curtime]++;
$bps_src[$curtime]+=($hdr->{len} * 8);
}
elsif ( $src_addr eq $ip_obj->{dest_ip} ) # RX flow
{
$pps_dst[$curtime]++;
$bps_dst[$curtime]+=($hdr->{len} * 8);
}
else
{
$pps_src[$curtime]+=0;
$pps_dst[$curtime]+=0;
$bps_src[$curtime]+=0;
$bps_dst[$curtime]+=0;
}
}
else # We need one line in graph for TX+RX combined
{
$pps_src[$curtime]++;
$bps_src[$curtime]+=($hdr->{len} * 8);
}
}
sub help {
print "pcaputil -f pcapfile [-e filter expression] [-S src_ip] [-pbh]\n";
print "\n";
print "\t-h\t\thelp\n";
print "\t-f pcapfile\tinput file name (required)\n";
print "\t-e expression\tfilter expression (tcpdump compatible)\n";
print "\t-b\t\tgenerate bps graph\n";
print "\t-p\t\tgenerate pps graph\n";
print "\t-S src_ip\tseparate TX/RX flow graph based on source address\n";
print "\n";
exit();
}
sub dump_data_single {
my $data = shift;
open(my $fh, ">", "temp.data");
for (my $i = 0; $i <= $timelen; $i++) {
print $fh "$i @$data[$i]\n";
}
close($fh);
}
sub dump_data_double {
# received two arrays by reference
my $tx = shift;
my $rx = shift;
my $crx = 0;
my $ctx = 0;
open(my $fh, ">", "temp.data");
for (my $i = 0; $i <= $timelen; $i++) {
$ctx = 0;
$crx = 0;
$ctx = @$tx[$i] if (defined @$tx[$i]);
$crx = @$rx[$i] if (defined @$rx[$i]);
print $fh "$i $ctx $crx\n";
}
close($fh);
}
sub create_graph {
my ($dataset) = @_;
my $ylabel = "";
my $filename = "";
my $lddinecolor = "";
my $plotline = "";
my $title = "";
if ($dataset eq 'pps')
{
$ylabel = "Packets";
$filename = "pps";
$title = "Packet Traffic Volume";
if ($duplex) # full duplex graph
{
$plotline="plot 'temp.data' using 1:2 title 'RX Packets/s' with lines ls 1, 'temp.data' using 1:3 title 'TX Packets/s' with lines ls 2";
}
else
{
$plotline="plot 'temp.data' using 1:2 title 'TX+RX Packets/s' with lines ls 1";
}
}
if ($dataset eq 'bps')
{
$ylabel = "Bits";
$filename = "bps";
$title = "Traffic Volume";
if ($duplex) # full duplex graph
{
$plotline="plot 'temp.data' using 1:2 title 'RX bits/s' with lines ls 1, 'temp.data' using 1:3 title 'TX bits/s' with lines ls 2";
}
else
{
$plotline="plot 'temp.data' using 1:2 title 'TX+RX bits/s' with lines ls 1";
}
}
my $gpi = <<"END_MESSAGE";
set terminal postscript eps enhanced color "Helvetica" 30
set title "$title"
set style line 99 linetype 1 linecolor rgb "#999999" lw 2
set key outside right bottom horizontal Right noreverse enhanced autotitles box linetype -1 linewidth 2.000
set key box linestyle 99
set key spacing 1.2
set grid xtics ytics mytics
set decimal locale "en_US.UTF-8"
set format y "%'.0f"
set size 2,1.6
set size ratio 0.4
set ylabel "$ylabel"
set xlabel "Time (Seconds)"
set style line 1 lc rgb '#4d0000' lt 1 lw 3
set style line 2 lc rgb '#00004d' lt 1 lw 3
$plotline
END_MESSAGE
open(GNUPLOT, "| gnuplot | epstopdf -f | convert -density 300 - $filename.png");
print GNUPLOT $gpi;
close(GNUPLOT);
}
#### main
my $err ='';
my %opts=();
getopts('hbpe:f:S:', \%opts);
help() if (defined $opts{h});
help() if (not defined $opts{f});
my $inputfile = $opts{f};
if (defined $opts{S})
{
$src_addr = $opts{S};
$duplex = 1;
}
# process the pcap again, now do the bps and pps calculation
my $pcap = Net::Pcap::open_offline($inputfile,\$err) or die "Can't open file...$err\n";
my $datalink;
$datalink = Net::Pcap::datalink($pcap);
CASE: {
# EN10MB capture files
($datalink == 1) && do {
$hoffset = 14;
last CASE;
};
# Linux cooked socket capture files
($datalink == 113) && do {
$hoffset = 16;
last CASE;
};
# DLT_IEEE802_11 capture files
($datalink == 105) && do {
$hoffset = 32;
last CASE;
}
}
if (defined $opts{e}) {
my $filter = $opts{e};
my $filter_t;
if (Net::Pcap::compile($pcap, \$filter_t, $filter, 1, 0) == -1) {
die "Unable to compile filter expression '$filter'\n";
}
Net::Pcap::setfilter($pcap, $filter_t);
}
Net::Pcap::loop($pcap, -1, \&process_pkt, '');
Net::Pcap::close($pcap);
$timelen = $endtime - $reftime;
print STDERR "Packet Count:\t\t $pktcount\n";
print STDERR "Capture Duration:\t $timelen seconds\n";
if ($pktcount < 2) {
print "\nNeed at least two packets to draw a graph.\n";
exit();
}
if (defined $opts{p})
{
print("Creating PPS graph...");
if ($duplex)
{
dump_data_double(\@pps_src,\@pps_dst);
}
else
{
dump_data_single(\@pps_src);
}
create_graph('pps');
print("Done.\n");
}
if (defined $opts{b})
{
print("Creating BPS graph...");
if ($duplex)
{
dump_data_double(\@bps_src,\@bps_dst);
}
else
{
dump_data_single(\@bps_src);
}
create_graph('bps');
print("Done.\n");
}
Reference in New Issue View Git Blame Copy Permalink