-
Notifications
You must be signed in to change notification settings - Fork 59
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added tools for tcp sequence analyze.
- Loading branch information
Showing
19 changed files
with
1,163 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
LIBS=-lpcap | ||
|
||
tcp_check_seq: tcp_check_seq.c | ||
gcc -g -O2 -o $@ -Wall -Wextra -Wno-char-subscripts $< $(LIBS) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
The program is designed to work with only one tcp connection. | ||
|
||
The connection must start with SYN,SYN+ACK,ACK packets. | ||
|
||
The project https://github.com/caesar0301/pkt2flowt was used | ||
to separate the .pcap file into separate tcp connections | ||
|
||
Tested on Linux/x86_64 platform only! |
19 changes: 19 additions & 0 deletions
19
utils/tcp_check_seq/samples/194.226.199.226_34101_8.247.226.126_80_1681887368.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
09:56:08.538349 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [S], seq 1809120748, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 | ||
09:56:08.549865 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [S.], seq 1270534815, ack 1809120749, win 42340, options [mss 1460,nop,nop,sackOK,nop,wscale 12], length 0 | ||
09:56:08.549922 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [.], seq 1:3, ack 1, win 502, length 2: HTTP | ||
09:56:08.549922 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [P.], seq 1:497, ack 1, win 502, length 496: HTTP: GET /filestreamingservice/files/b4f27514-1618-47a0-bcd4-5fcb469edb63?P1=1681888058&P2=404&P3=2&P4=VJ2Qv%2bUXzBGOULZmyshxlc8XXx4pLl7hoFcLgf1iS33rDGfm0tCVrTPvZN8tn8yWBSrA0idwdtOBFLQMjZCUkw%3d%3d HTTP/1.1 | ||
09:56:08.561681 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 1:7, ack 497, win 11, length 6: HTTP | ||
09:56:08.562824 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP | ||
09:56:08.562846 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [.], seq 497:499, ack 1, win 502, length 2: HTTP | ||
09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP | ||
09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP | ||
09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP | ||
09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP | ||
09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP | ||
09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP | ||
09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP | ||
09:56:08.562846 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [P.], seq 1:1023, ack 497, win 11, length 1022: HTTP: HTTP/1.1 206 Partial Content | ||
09:56:08.562959 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [.], seq 497:499, ack 1023, win 495, length 2: HTTP | ||
09:56:08.563218 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [F.], seq 497:499, ack 1023, win 501, length 2: HTTP | ||
09:56:08.574890 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [F.], seq 1023:1029, ack 498, win 11, length 6: HTTP | ||
09:56:08.574945 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [.], seq 498:500, ack 1024, win 501, length 2: HTTP |
Binary file added
BIN
+2.9 KB
utils/tcp_check_seq/samples/194.226.199.226_34101_8.247.226.126_80_1681887368.pcap
Binary file not shown.
12 changes: 12 additions & 0 deletions
12
utils/tcp_check_seq/samples/194.226.199.5_56968_2.20.255.17_80_1681888014.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
10:06:54.259374 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [S], seq 1890112204, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2375945527 ecr 0,sackOK,eol], length 0 | ||
10:06:54.270235 IP 2.20.255.17.80 > 194.226.199.5.56968: Flags [S.], seq 1650820296, ack 1890112205, win 65160, options [mss 1460,sackOK,TS val 279405919 ecr 2375945527,nop,wscale 7], length 0 | ||
10:06:54.276574 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [.], ack 1, win 2058, options [nop,nop,TS val 2375945543 ecr 279405919], length 0 | ||
10:06:54.277606 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [P.], seq 1:353, ack 1, win 2058, options [nop,nop,TS val 2375945545 ecr 279405919], length 352: HTTP: GET /MFEwTzBNMEswSTAHBgUrDgMCGgQUSNrJoPsr0y1P8N5o0vVntzX5s8QEFBQusxe3WFbLrlAJQOYfr52LFMLGAhIDEUZTlpKT%2BXqjT5NKR7Y9kx8%3D HTTP/1.1 | ||
10:06:54.289856 IP 2.20.255.17.80 > 194.226.199.5.56968: Flags [.], ack 353, win 507, options [nop,nop,TS val 279405937 ecr 2375945545], length 0 | ||
10:06:54.290367 IP 2.20.255.17.80 > 194.226.199.5.56968: Flags [P.], seq 1:889, ack 353, win 507, options [nop,nop,TS val 279405938 ecr 2375945545], length 888: HTTP: HTTP/1.1 200 OK | ||
10:06:54.292592 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [.], ack 889, win 2045, options [nop,nop,TS val 2375945560 ecr 279405938], length 0 | ||
10:06:54.812959 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [.], seq 352:354, ack 889, win 2048, length 2: HTTP | ||
10:06:54.823438 IP 2.20.255.17.80 > 194.226.199.5.56968: Flags [.], ack 353, win 507, options [nop,nop,TS val 279406472 ecr 2375945560], length 0 | ||
10:07:24.714902 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [F.], seq 353, ack 889, win 2048, options [nop,nop,TS val 2375975982 ecr 279406472], length 0 | ||
10:07:24.725666 IP 2.20.255.17.80 > 194.226.199.5.56968: Flags [F.], seq 889, ack 354, win 507, options [nop,nop,TS val 279436374 ecr 2375975982], length 0 | ||
10:07:24.730253 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [.], ack 890, win 2048, options [nop,nop,TS val 2375975998 ecr 279436374], length 0 |
Binary file added
BIN
+2.21 KB
utils/tcp_check_seq/samples/194.226.199.5_56968_2.20.255.17_80_1681888014.pcap
Binary file not shown.
52 changes: 52 additions & 0 deletions
52
utils/tcp_check_seq/samples/194.226.199.5_60091_185.62.200.33_443_1681887650.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
10:00:50.805561 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [S], seq 1557480090, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1931949575 ecr 0,sackOK,eol], length 0 | ||
10:00:50.815118 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [S.], seq 2451296677, ack 1557480091, win 42340, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0 | ||
10:00:50.818737 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 1:3, ack 1, win 4096, length 2 | ||
10:00:50.819037 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 1:518, ack 1, win 4096, length 517 | ||
10:00:50.828607 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 1:7, ack 518, win 42, length 6 | ||
10:00:50.828655 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 1:100, ack 518, win 42, length 99 | ||
10:00:50.975625 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 518:520, ack 100, win 4094, length 2 | ||
10:00:50.975818 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 518:953, ack 100, win 4096, length 435 | ||
10:00:50.975818 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 517:519, ack 100, win 4096, length 2 | ||
10:00:50.981306 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 518:953, ack 100, win 4096, length 435 | ||
10:00:50.985165 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 100:106, ack 953, win 42, length 6 | ||
10:00:50.985165 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 100:106, ack 953, win 42, length 6 | ||
10:00:50.987349 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 100:1560, ack 953, win 42, length 1460 | ||
10:00:50.987398 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 1560:3020, ack 953, win 42, length 1460 | ||
10:00:50.987398 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 3020:4196, ack 953, win 42, length 1176 | ||
10:00:50.987464 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 4196:4374, ack 953, win 42, length 178 | ||
10:00:50.990764 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], ack 953, win 42, options [nop,nop,sack 1 {518:953}], length 0 | ||
10:00:51.001371 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 953:955, ack 4374, win 4096, length 2 | ||
10:00:51.008138 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 953:1027, ack 4374, win 4096, length 74 | ||
10:00:51.017618 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 4374:4380, ack 1027, win 42, length 6 | ||
10:00:51.017668 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 4374:4677, ack 1027, win 42, length 303 | ||
10:00:51.017769 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 4677:4980, ack 1027, win 42, length 303 | ||
10:00:51.017825 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 4980:5042, ack 1027, win 42, length 62 | ||
10:00:51.093993 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 4980:5042, ack 1027, win 42, length 62 | ||
10:00:51.155021 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 1027:2107, ack 5042, win 4085, length 1080 | ||
10:00:51.155021 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], ack 5042, win 4085, options [nop,nop,sack 1 {4980:5042}], length 0 | ||
10:00:51.165456 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 5042:5048, ack 2107, win 42, length 6 | ||
10:00:51.167158 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 5042:5073, ack 2107, win 42, length 31 | ||
10:00:51.168630 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 2107:2138, ack 5042, win 4096, length 31 | ||
10:00:51.170358 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 2138:2140, ack 5073, win 4095, length 2 | ||
10:00:51.172021 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 5073:6525, ack 2107, win 42, length 1452 | ||
10:00:51.172075 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 6525:9445, ack 2107, win 42, length 2920 | ||
10:00:51.172129 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 9445:11915, ack 2107, win 42, length 2470 | ||
10:00:51.172171 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 11915:11946, ack 2107, win 42, length 31 | ||
10:00:51.175418 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 2138:2140, ack 7985, win 4050, length 2 | ||
10:00:51.176361 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 2138:2140, ack 11946, win 4096, length 2 | ||
10:00:51.179219 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 11946:11952, ack 2138, win 42, length 6 | ||
10:00:51.696904 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 2138:2256, ack 11946, win 4096, length 118 | ||
10:00:51.706281 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 11946:11952, ack 2256, win 42, length 6 | ||
10:00:51.706850 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 11946:12446, ack 2256, win 42, length 500 | ||
10:00:51.714675 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 2256:2258, ack 12446, win 4088, length 2 | ||
10:00:51.863605 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 2255:2257, ack 12446, win 4096, length 2 | ||
10:00:51.873193 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 12446:12452, ack 2256, win 42, length 6 | ||
10:01:06.714741 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 12446:12485, ack 2256, win 42, length 39 | ||
10:01:06.714755 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 12485:12509, ack 2256, win 42, length 24 | ||
10:01:06.714755 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [F.], seq 12509:12515, ack 2256, win 42, length 6 | ||
10:01:06.774055 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [F.], seq 12509:12515, ack 2256, win 42, length 6 | ||
10:01:06.788322 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 2256:2258, ack 12510, win 4095, length 2 | ||
10:01:06.788938 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 2256:2295, ack 12510, win 4096, length 39 | ||
10:01:06.790291 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [FP.], seq 2295:2319, ack 12510, win 4096, length 24 | ||
10:01:06.798578 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [R.], seq 12510:12516, ack 2295, win 42, length 6 | ||
10:01:06.799739 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [R], seq 2451309187:2451309193, win 0, length 6 |
Binary file added
BIN
+18.7 KB
utils/tcp_check_seq/samples/194.226.199.5_60091_185.62.200.33_443_1681887650.pcap
Binary file not shown.
Oops, something went wrong.