Added tools for tcp sequence analyze.

.gitignore

@@ -142,3 +142,4 @@ compile
 /windows/packages/pthreads.redist.2.9.1.4
 /windows/bin/x64_Debug-ndpiReader/ndpiReader.exe
 /windows/obj/nDPI_Debug-ndpiReader_x64/nDPI.vcxproj.FileListAbsolute.txt
+utils/tcp_check_seq/tcp_check_seq

utils/tcp_check_seq/Makefile

@@ -0,0 +1,4 @@
+LIBS=-lpcap
+
+tcp_check_seq: tcp_check_seq.c
+	gcc -g -O2 -o $@  -Wall -Wextra -Wno-char-subscripts $< $(LIBS)

utils/tcp_check_seq/README

@@ -0,0 +1,8 @@
+The program is designed to work with only one tcp connection.
+
+The connection must start with SYN,SYN+ACK,ACK packets.
+
+The project https://github.com/caesar0301/pkt2flowt was used
+to separate the .pcap file into separate tcp connections
+
+Tested on Linux/x86_64 platform only!

utils/tcp_check_seq/samples/194.226.199.226_34101_8.247.226.126_80_1681887368.out

@@ -0,0 +1,19 @@
+09:56:08.538349 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [S], seq 1809120748, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
+09:56:08.549865 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [S.], seq 1270534815, ack 1809120749, win 42340, options [mss 1460,nop,nop,sackOK,nop,wscale 12], length 0
+09:56:08.549922 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [.], seq 1:3, ack 1, win 502, length 2: HTTP
+09:56:08.549922 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [P.], seq 1:497, ack 1, win 502, length 496: HTTP: GET /filestreamingservice/files/b4f27514-1618-47a0-bcd4-5fcb469edb63?P1=1681888058&P2=404&P3=2&P4=VJ2Qv%2bUXzBGOULZmyshxlc8XXx4pLl7hoFcLgf1iS33rDGfm0tCVrTPvZN8tn8yWBSrA0idwdtOBFLQMjZCUkw%3d%3d HTTP/1.1
+09:56:08.561681 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 1:7, ack 497, win 11, length 6: HTTP
+09:56:08.562824 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP
+09:56:08.562846 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [.], seq 497:499, ack 1, win 502, length 2: HTTP
+09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP
+09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP
+09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP
+09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP
+09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP
+09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP
+09:56:08.562825 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [.], seq 0:6, ack 497, win 11, length 6: HTTP
+09:56:08.562846 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [P.], seq 1:1023, ack 497, win 11, length 1022: HTTP: HTTP/1.1 206 Partial Content
+09:56:08.562959 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [.], seq 497:499, ack 1023, win 495, length 2: HTTP
+09:56:08.563218 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [F.], seq 497:499, ack 1023, win 501, length 2: HTTP
+09:56:08.574890 IP 8.247.226.126.80 > 194.226.199.226.34101: Flags [F.], seq 1023:1029, ack 498, win 11, length 6: HTTP
+09:56:08.574945 IP 194.226.199.226.34101 > 8.247.226.126.80: Flags [.], seq 498:500, ack 1024, win 501, length 2: HTTP

utils/tcp_check_seq/samples/194.226.199.5_56968_2.20.255.17_80_1681888014.out

@@ -0,0 +1,12 @@
+10:06:54.259374 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [S], seq 1890112204, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2375945527 ecr 0,sackOK,eol], length 0
+10:06:54.270235 IP 2.20.255.17.80 > 194.226.199.5.56968: Flags [S.], seq 1650820296, ack 1890112205, win 65160, options [mss 1460,sackOK,TS val 279405919 ecr 2375945527,nop,wscale 7], length 0
+10:06:54.276574 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [.], ack 1, win 2058, options [nop,nop,TS val 2375945543 ecr 279405919], length 0
+10:06:54.277606 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [P.], seq 1:353, ack 1, win 2058, options [nop,nop,TS val 2375945545 ecr 279405919], length 352: HTTP: GET /MFEwTzBNMEswSTAHBgUrDgMCGgQUSNrJoPsr0y1P8N5o0vVntzX5s8QEFBQusxe3WFbLrlAJQOYfr52LFMLGAhIDEUZTlpKT%2BXqjT5NKR7Y9kx8%3D HTTP/1.1
+10:06:54.289856 IP 2.20.255.17.80 > 194.226.199.5.56968: Flags [.], ack 353, win 507, options [nop,nop,TS val 279405937 ecr 2375945545], length 0
+10:06:54.290367 IP 2.20.255.17.80 > 194.226.199.5.56968: Flags [P.], seq 1:889, ack 353, win 507, options [nop,nop,TS val 279405938 ecr 2375945545], length 888: HTTP: HTTP/1.1 200 OK
+10:06:54.292592 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [.], ack 889, win 2045, options [nop,nop,TS val 2375945560 ecr 279405938], length 0
+10:06:54.812959 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [.], seq 352:354, ack 889, win 2048, length 2: HTTP
+10:06:54.823438 IP 2.20.255.17.80 > 194.226.199.5.56968: Flags [.], ack 353, win 507, options [nop,nop,TS val 279406472 ecr 2375945560], length 0
+10:07:24.714902 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [F.], seq 353, ack 889, win 2048, options [nop,nop,TS val 2375975982 ecr 279406472], length 0
+10:07:24.725666 IP 2.20.255.17.80 > 194.226.199.5.56968: Flags [F.], seq 889, ack 354, win 507, options [nop,nop,TS val 279436374 ecr 2375975982], length 0
+10:07:24.730253 IP 194.226.199.5.56968 > 2.20.255.17.80: Flags [.], ack 890, win 2048, options [nop,nop,TS val 2375975998 ecr 279436374], length 0

utils/tcp_check_seq/samples/194.226.199.5_60091_185.62.200.33_443_1681887650.out

@@ -0,0 +1,52 @@
+10:00:50.805561 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [S], seq 1557480090, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1931949575 ecr 0,sackOK,eol], length 0
+10:00:50.815118 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [S.], seq 2451296677, ack 1557480091, win 42340, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
+10:00:50.818737 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 1:3, ack 1, win 4096, length 2
+10:00:50.819037 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 1:518, ack 1, win 4096, length 517
+10:00:50.828607 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 1:7, ack 518, win 42, length 6
+10:00:50.828655 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 1:100, ack 518, win 42, length 99
+10:00:50.975625 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 518:520, ack 100, win 4094, length 2
+10:00:50.975818 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 518:953, ack 100, win 4096, length 435
+10:00:50.975818 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 517:519, ack 100, win 4096, length 2
+10:00:50.981306 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 518:953, ack 100, win 4096, length 435
+10:00:50.985165 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 100:106, ack 953, win 42, length 6
+10:00:50.985165 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 100:106, ack 953, win 42, length 6
+10:00:50.987349 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 100:1560, ack 953, win 42, length 1460
+10:00:50.987398 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 1560:3020, ack 953, win 42, length 1460
+10:00:50.987398 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 3020:4196, ack 953, win 42, length 1176
+10:00:50.987464 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 4196:4374, ack 953, win 42, length 178
+10:00:50.990764 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], ack 953, win 42, options [nop,nop,sack 1 {518:953}], length 0
+10:00:51.001371 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 953:955, ack 4374, win 4096, length 2
+10:00:51.008138 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 953:1027, ack 4374, win 4096, length 74
+10:00:51.017618 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 4374:4380, ack 1027, win 42, length 6
+10:00:51.017668 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 4374:4677, ack 1027, win 42, length 303
+10:00:51.017769 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 4677:4980, ack 1027, win 42, length 303
+10:00:51.017825 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 4980:5042, ack 1027, win 42, length 62
+10:00:51.093993 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 4980:5042, ack 1027, win 42, length 62
+10:00:51.155021 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 1027:2107, ack 5042, win 4085, length 1080
+10:00:51.155021 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], ack 5042, win 4085, options [nop,nop,sack 1 {4980:5042}], length 0
+10:00:51.165456 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 5042:5048, ack 2107, win 42, length 6
+10:00:51.167158 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 5042:5073, ack 2107, win 42, length 31
+10:00:51.168630 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 2107:2138, ack 5042, win 4096, length 31
+10:00:51.170358 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 2138:2140, ack 5073, win 4095, length 2
+10:00:51.172021 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 5073:6525, ack 2107, win 42, length 1452
+10:00:51.172075 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 6525:9445, ack 2107, win 42, length 2920
+10:00:51.172129 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 9445:11915, ack 2107, win 42, length 2470
+10:00:51.172171 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 11915:11946, ack 2107, win 42, length 31
+10:00:51.175418 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 2138:2140, ack 7985, win 4050, length 2
+10:00:51.176361 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 2138:2140, ack 11946, win 4096, length 2
+10:00:51.179219 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 11946:11952, ack 2138, win 42, length 6
+10:00:51.696904 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 2138:2256, ack 11946, win 4096, length 118
+10:00:51.706281 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 11946:11952, ack 2256, win 42, length 6
+10:00:51.706850 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 11946:12446, ack 2256, win 42, length 500
+10:00:51.714675 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 2256:2258, ack 12446, win 4088, length 2
+10:00:51.863605 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 2255:2257, ack 12446, win 4096, length 2
+10:00:51.873193 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [.], seq 12446:12452, ack 2256, win 42, length 6
+10:01:06.714741 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 12446:12485, ack 2256, win 42, length 39
+10:01:06.714755 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [P.], seq 12485:12509, ack 2256, win 42, length 24
+10:01:06.714755 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [F.], seq 12509:12515, ack 2256, win 42, length 6
+10:01:06.774055 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [F.], seq 12509:12515, ack 2256, win 42, length 6
+10:01:06.788322 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [.], seq 2256:2258, ack 12510, win 4095, length 2
+10:01:06.788938 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [P.], seq 2256:2295, ack 12510, win 4096, length 39
+10:01:06.790291 IP 194.226.199.5.60091 > 185.62.200.33.443: Flags [FP.], seq 2295:2319, ack 12510, win 4096, length 24
+10:01:06.798578 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [R.], seq 12510:12516, ack 2295, win 42, length 6
+10:01:06.799739 IP 185.62.200.33.443 > 194.226.199.5.60091: Flags [R], seq 2451309187:2451309193, win 0, length 6