A Multipath TCP analyzer.
mptcpanalyzer is a multipath TCP (www.multipath-tcp.org) protocol analyzer. Multipath TCP is an extension of the Transmission Control Protocol that allows applications to send one single stream of data over multiple TCP connections.
This software can automatically plot MPTCP characteristics such as Data Sequence Numbers, Data Acknowledgements etc. It can also map one packet capture to another to give more detailed statistics such as One-Way delays and reinjection qualifications.
list the MPTCP connections in the pcap
display chosen statistics on a specific MPTCP connection (list of subflows, number of reinjections, etc)
convert packet capture files (*.pcap) to *.csv files
plot data sequence numbers, dataacks for all subflows
can map packets between the client and server pcaps to plot one-way delays
Presentation
Mptcpanalyzer is a tool conceived to help with MPTCP pcap analysis (as mptcptrace for instance).
It accepts packet capture files (*.pcap) as inputs and from there you can:
- list MPTCP connections
- compute statistics on a specific MPTCP connection (list of subflows, reinjections, subflow actual contributions...)
- export a CSV file with MPTCP fields
- plot one way delays
- ...
Commands are self documented with autocompletion. The interpreter with autocompletion that can generate & display plots such as the following:
cabal configure --enable-profiling
cabal run mptcpanalyzer "load-pcap examples/client_2_filtered.pcapng" -- +RTS
-xc
Installation
You will need a wireshark version >= 3.6.0 .
Until changes are upstreamed, you will need this fork of optparse-applicative
- https://github.com/teto/optparse-applicative/tree/quantum-wip-16.1 to get autocompletion working
How to use
mptcpanalyzer can run into 2 modes:
- interactive mode (default): an interpreter with some basic completion will accept your commands. There is also interactive help.
- otherwise, it will consider the unknow arguments as one command, the same that could be used interactively
For example, we can load mptcp pcaps (available at wireshark wiki or in this folder).
mptcpanalyzer "map-tcp examples/client_2_filtered.pcapng examples/server_2_filtered.pcapng 0"
mptcpanalyzer "load-pcap examples/client_2_filtered.pcapng"
or for a live analysis:
plot-mptcp-live 10.0.0.1 10.0.0.2 33784 5201 client lo -f examples/client_2_cleaned_start.pcapng
See this blog for more tutorials about mptcpanalyzer.
NB: in a local repository, you can run the previous command prefixed with mptcpanalyzer$ cabal run -- COMMAND.
How to develop/contribute
See CONTRIBUTING.
Dependencies
- polysemy to handle effects
- Frames to analyze data
- haskell-chart with the svg backend
- wireshark to convert packet captures (.pcapng) to csv files.
Roadmap
- improve caching
- improve autocompletion
- live statistics/plotting
- plugins ?
- ability to leverage the API in ihaskell ?
Related tools
Similar software:
| Tool | Description |
|---|---|
| mptcptrace | C based: an example |
| mptcpplot | C based developed at NASA: generated output example |
Acknowledgements
This project is founded by .
wireshark-mptcp: https://www.wireshark.org/docs/dfref/m/mptcp.html polysemy: https://hackage.haskell.org/package/polysemy diagrams: https://hackage.haskell.org/package/diagrams frames: https://hackage.haskell.org/package/Frames shelltestrunner: https://github.com/simonmichael/shelltestrunner.