| Documentation (latest) | |
| Documentation (stable) | |
| License |  |
| Build Status |  |
| PyPI |  |
| DOI |  |
Mptcpanalyzer is a python tool conceived to help with MPTCP pcap analysis (as mptcptrace for instance). It works on linux only.
It accepts as input a capture file (*.pcap) and from there generates a CSV file (via a call to tshark, the terminal version of wireshark) with MPTCP fields for external processing. From there you can:
- list the MPTCP connections in the pcap
- display some statistics on a specific MPTCP connection (list of subflows etc...) It accepts as input a capture file (*.pcap) and depending on from there can :
- generate a CSV file with MPTCP fields
- plot data sequence numbers for all subflows
- plot DSN interarrival times
- See Features for more
Most commands are self documented and/or with autocompletion.
Then you have an interpreter with autocompletion that can generate & display plots such as the following:
You can reference mptcpanalyzer via the following Digital Object Identifier:
First of all you will need a wireshark version that supports MPTCP dissection, i.e., wireshark > 2.1.0. If you are on ubuntu, there are dev builds on https://launchpad.net/~dreibh/+archive/ubuntu/ppa/ .
Once wireshark is installed you can install mptcpanalyzer via pip:
$ python3.5 -mpip install mptcpanalyzer --user
python3.5+ is mandatory since we rely on its type hinting features. Dependancies are (some will be made optional in the future):
- stevedore to handle the plugins architecture
- the data analysis library pandas >= 0.17.1
- lnumexpr to run specific queries in pandas
- matplotlib to plot graphs
mptcpanalyzer can run into 3 modes:
- interactive mode (default): an interpreter with some basic completion will accept your commands. There is also some help embedded.
- if a filename is passed as argument, it will load commands from this file
- otherwise, it will consider the unknow arguments as one command, the same that could be used interactively
For example, we can load an mptcp pcap (I made one available on [wireshark wiki] (https://wiki.wireshark.org/SampleCaptures#MPTCP) or in this repository, in the examples folder).
Run $ mptcpanalyzer --load examples/iperf-mptcp-0-0.pcap. The script will try to generate
a csv file, it can take a few minutes depending on your computer.
Then you have a command line: you can type ? to list available commands. You have for instance:
lc(list connections)ls(list subflows)plot- ...
help ls will return the syntax of the command, i.e. ls [mptcp.stream] where mptcp.stream is one of the number appearing
in lc output.
It expects a trace to work with. If the trace has the form XXX.pcap extension, the script will look for its csv counterpart XXX.pcap.csv. The program will tell you what arguments are needed. Then you can open the generated graphs.
If I have forgotten about your tool, file an issue, for know we are aware of:
- mptcptrace with some examples here