lessmost/TcpSeqRetrans.lua

## TcpSeqRetrans.lua
-- A simple script to analyze Tcp Sequence Numbers

-- Usega: wireshark -X lua_script:TcpSeqRetrans.lua
-- open a pcap file in wireshark, and then select
-- the 'TOOLS/Tcp Sequence Analyze' menu.

-- menu function
function tsa_menu_func()
   -- tsa analyze function
   function tsa_do(ip1, ip2)
      local results = {
         -- Total
         ["counter"] = 0,
         ["dupack"] = 0,
         ["retrans"] = 0,
         ["fastretrans"] = 0,
         ["zerowindow"] = 0,
         ["windowfull"] = 0,

         -- From ip1 to ip2
         ["counter1to2"] = 0,
         ["dupack1to2"] = 0,
         ["retrans1to2"] = 0,
         ["fastretrans1to2"] = 0,
         ["zerowindow1to2"] = 0,
         ["windowfull1to2"] = 0,

         -- From ip2 to ip1
         ["counter2to1"] = 0,
         ["dupack2to1"] = 0,
         ["retrans2to1"] = 0,
         ["fastretrans2to1"] = 0,
         ["zerowindow2to1"] = 0,
         ["windowfull2to1"] = 0,
      }
      local result_win = TextWindow.new("Tcp Sequence Numbers Analyze")
      local http_port = 80

      -- called by tap.draw
      function refresh_result()
         result_win:clear()
         result_win:set("Total\n")
         result_win:append("\tPackets counter: " .. results["counter"] .. "\n")
         result_win:append("\tDuplicate ACK: " .. results["dupack"] .. "\n")
         result_win:append("\tRetransmission: " .. results["retrans"] .. "\n")
         result_win:append("\tFast Retransmission: " .. results["fastretrans"] .. "\n")
         result_win:append("\tZero Window: " .. results["zerowindow"] .. "\n")
         result_win:append("\tWindow Full: " .. results["windowfull"] .. "\n")
         result_win:append("\n")
         result_win:append(ip1 .. " -> " .. ip2 .. "\n")
         result_win:append("\tPackets counter: " .. results["counter1to2"] .. "\n")
         result_win:append("\tDuplicate ACK: " .. results["dupack1to2"] .. "\n")
         result_win:append("\tRetransmission: " .. results["retrans1to2"] .. "\n")
         result_win:append("\tFast Retransmission: " .. results["fastretrans1to2"] .. "\n")
         result_win:append("\tZero Window: " .. results["zerowindow1to2"] .. "\n")
         result_win:append("\tWindow Full: " .. results["windowfull1to2"] .. "\n")
         result_win:append("\n")
         result_win:append(ip2 .. " -> " .. ip1 .. "\n")
         result_win:append("\tPackets counter: " .. results["counter2to1"] .. "\n")
         result_win:append("\tDuplicate ACK: " .. results["dupack2to1"] .. "\n")
         result_win:append("\tRetransmission: " .. results["retrans2to1"] .. "\n")
         result_win:append("\tFast Retransmission: " .. results["fastretrans2to1"] .. "\n")
         result_win:append("\tZero Window: " .. results["zerowindow2to1"] .. "\n")
         result_win:append("\tWindow Full: " .. results["windowfull2to1"] .. "\n")
      end

      -- packets counter, total
      local counter_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.port == " .. http_port)
      function counter_tap.reset()
         results["counter"] = 0
      end
      function counter_tap.packet(pinfo, tvb, ip)
         results["counter"] = results["counter"] + 1
      end
      function counter_tap.draw()
         refresh_result()
      end

      -- dupack, total
      local dupack_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.duplicate_ack" .. " && tcp.port == " .. http_port)
      function dupack_tap.reset()
         results["dupack"] = 0
      end
      function dupack_tap.packet(pinfo, tvb, ip)
         results["dupack"] = results["dupack"] + 1
      end
      function dupack_tap.draw()
         refresh_result()
      end

      -- retransmission, total
      local retrans_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.retransmission" .. " && tcp.port == " .. http_port)
      function retrans_tap.reset()
         results["retrans"] = 0
      end
      function retrans_tap.packet(pinfo, tvb, ip)
         results["retrans"] = results["retrans"] + 1
      end
      function retrans_tap.draw()
         refresh_result()
      end

      -- fast retransmission, total
      local fastretrans_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.fast_retransmission" .. " && tcp.port == " .. http_port)
      function fastretrans_tap.reset()
         results["fastretrans"] = 0
      end
      function fastretrans_tap.packet(pinfo, tvb, ip)
         results["fastretrans"] = results["fastretrans"] + 1
      end
      function fastretrans_tap.draw()
         refresh_result()
      end

      -- zero window, total
      local zerowindow_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.zero_window" .. " && tcp.port == " .. http_port)
      function zerowindow_tap.reset()
         results["zerowindow"] = 0
      end
      function zerowindow_tap.packet(pinfo, tvb, ip)
         results["zerowindow"] = results["zerowindow"] + 1
      end
      function zerowindow_tap.draw()
         refresh_result()
      end

      -- window full, total
      local windowfull_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.window_full" .. " && tcp.port == " .. http_port)
      function windowfull_tap.reset()
         results["windowfull"] = 0
      end
      function windowfull_tap.packet(pinfo, tvb, ip)
         results["windowfull"] = results["windowfull"] + 1
      end
      function windowfull_tap.draw()
         refresh_result()
      end

      -- packets counter, ip1 -> ip2
      local counter1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.port == " .. http_port)
      function counter1to2_tap.reset()
         results["counter1to2"] = 0
      end
      function counter1to2_tap.packet(pinfo, tvb, ip)
         results["counter1to2"] = results["counter1to2"] + 1
      end
      function counter1to2_tap.draw()
         refresh_result()
      end

      -- dupack, ip1 -> ip2
      local dupack1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.duplicate_ack" .. " && tcp.port == " .. http_port)
      function dupack1to2_tap.reset()
         results["dupack1to2"] = 0
      end
      function dupack1to2_tap.packet(pinfo, tvb, ip)
         results["dupack1to2"] = results["dupack1to2"] + 1
      end
      function dupack1to2_tap.draw()
         refresh_result()
      end

      -- retransmission, ip1 -> ip2
      local retrans1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.retransmission" .. " && tcp.port == " .. http_port)
      function retrans1to2_tap.reset()
         results["retrans1to2"] = 0
      end
      function retrans1to2_tap.packet(pinfo, tvb, ip)
         results["retrans1to2"] = results["retrans1to2"] + 1
      end
      function retrans1to2_tap.draw()
         refresh_result()
      end

      -- fast retransmission, ip1 -> ip2
      local fastretrans1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.fast_retransmission" .. " && tcp.port == " .. http_port)
      function fastretrans1to2_tap.reset()
         results["fastretrans1to2"] = 0
      end
      function fastretrans1to2_tap.packet(pinfo, tvb, ip)
         results["fastretrans1to2"] = results["fastretrans1to2"] + 1
      end
      function fastretrans1to2_tap.draw()
         refresh_result()
      end

      -- zero window, ip1 -> ip2
      local zerowindow1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.zero_window" .. " && tcp.port == " .. http_port)
      function zerowindow1to2_tap.reset()
         results["zerowindow1to2"] = 0
      end
      function zerowindow1to2_tap.packet(pinfo, tvb, ip)
         results["zerowindow1to2"] = results["zerowindow1to2"] + 1
      end
      function zerowindow1to2_tap.draw()
         refresh_result()
      end

      -- window full, ip1 -> ip2
      local windowfull1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.window_full" .. " && tcp.port == " .. http_port)
      function windowfull1to2_tap.reset()
         results["windowfull1to2"] = 0
      end
      function windowfull1to2_tap.packet(pinfo, tvb, ip)
         results["windowfull1to2"] = results["windowfull1to2"] + 1
      end
      function windowfull1to2_tap.draw()
         refresh_result()
      end

      -- packets counter, ip2 -> ip1
      local counter2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.port == " .. http_port)
      function counter2to1_tap.reset()
         results["counter2to1"] = 0
      end
      function counter2to1_tap.packet(pinfo, tvb, ip)
         results["counter2to1"] = results["counter2to1"] + 1
      end
      function counter2to1_tap.draw()
         refresh_result()
      end

      -- dupack, ip2 -> ip1
      local dupack2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.duplicate_ack" .. " && tcp.port == " .. http_port)
      function dupack2to1_tap.reset()
         results["dupack2to1"] = 0
      end
      function dupack2to1_tap.packet(pinfo, tvb, ip)
         results["dupack2to1"] = results["dupack2to1"] + 1
      end
      function dupack2to1_tap.draw()
         refresh_result()
      end

      -- retransmission, ip2 -> ip1
      local retrans2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.retransmission" .. " && tcp.port == " .. http_port)
      function retrans2to1_tap.reset()
         results["retrans2to1"] = 0
      end
      function retrans2to1_tap.packet(pinfo, tvb, ip)
         results["retrans2to1"] = results["retrans2to1"] + 1
      end
      function retrans2to1_tap.draw()
         refresh_result()
      end

      -- fast retransmission, ip2 -> ip1
      local fastretrans2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.fast_retransmission" .. " && tcp.port == " .. http_port)
      function fastretrans2to1_tap.reset()
         results["fastretrans2to1"] = 0
      end
      function fastretrans2to1_tap.packet(pinfo, tvb, ip)
         results["fastretrans2to1"] = results["fastretrans2to1"] + 1
      end
      function fastretrans2to1_tap.draw()
         refresh_result()
      end

      -- zero window, ip2 -> ip1
      local zerowindow2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.zero_window" .. " && tcp.port == " .. http_port)
      function zerowindow2to1_tap.reset()
         results["zerowindow2to1"] = 0
      end
      function zerowindow2to1_tap.packet(pinfo, tvb, ip)
         results["zerowindow2to1"] = results["zerowindow2to1"] + 1
      end
      function zerowindow2to1_tap.draw()
         refresh_result()
      end

      -- window full, ip2 -> ip1
      local windowfull2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.window_full" .. " && tcp.port == " .. http_port)
      function windowfull2to1_tap.reset()
         results["windowfull2to1"] = 0
      end
      function windowfull2to1_tap.packet(pinfo, tvb, ip)
         results["windowfull2to1"] = results["windowfull2to1"] + 1
      end
      function windowfull2to1_tap.draw()
         refresh_result()
      end

      function remove_alltap()
         counter_tap:remove()
         dupack_tap:remove()
         retrans_tap:remove()
         fastretrans_tap:remove()
         zerowindow_tap:remove()
         windowfull_tap:remove()

         counter1to2_tap:remove()
         dupack1to2_tap:remove()
         retrans1to2_tap:remove()
         fastretrans1to2_tap:remove()
         zerowindow1to2_tap:remove()
         windowfull1to2_tap:remove()

         counter2to1_tap:remove()
         dupack2to1_tap:remove()
         retrans2to1_tap:remove()
         fastretrans2to1_tap:remove()
         zerowindow2to1_tap:remove()
         windowfull2to1_tap:remove()
      end

      result_win:set_atclose(remove_alltap)

      -- retap all the packets, then all the listeners begin to work.
      retap_packets()

   end

   -- Prompt for ip address
   new_dialog("Please input the address pair", tsa_do, "ip address 1:", "ip address 2:")
end

-- register the menu
register_menu("Tcp Sequence Numbers Analyze", tsa_menu_func, MENU_TOOLS_UNSORTED)
	-- A simple script to analyze Tcp Sequence Numbers

	-- Usega: wireshark -X lua_script:TcpSeqRetrans.lua
	-- open a pcap file in wireshark, and then select
	-- the 'TOOLS/Tcp Sequence Analyze' menu.

	-- menu function
	function tsa_menu_func()
	-- tsa analyze function
	function tsa_do(ip1, ip2)
	local results = {
	-- Total
	["counter"] = 0,
	["dupack"] = 0,
	["retrans"] = 0,
	["fastretrans"] = 0,
	["zerowindow"] = 0,
	["windowfull"] = 0,

	-- From ip1 to ip2
	["counter1to2"] = 0,
	["dupack1to2"] = 0,
	["retrans1to2"] = 0,
	["fastretrans1to2"] = 0,
	["zerowindow1to2"] = 0,
	["windowfull1to2"] = 0,

	-- From ip2 to ip1
	["counter2to1"] = 0,
	["dupack2to1"] = 0,
	["retrans2to1"] = 0,
	["fastretrans2to1"] = 0,
	["zerowindow2to1"] = 0,
	["windowfull2to1"] = 0,
	}
	local result_win = TextWindow.new("Tcp Sequence Numbers Analyze")
	local http_port = 80

	-- called by tap.draw
	function refresh_result()
	result_win:clear()
	result_win:set("Total\n")
	result_win:append("\tPackets counter: " .. results["counter"] .. "\n")
	result_win:append("\tDuplicate ACK: " .. results["dupack"] .. "\n")
	result_win:append("\tRetransmission: " .. results["retrans"] .. "\n")
	result_win:append("\tFast Retransmission: " .. results["fastretrans"] .. "\n")
	result_win:append("\tZero Window: " .. results["zerowindow"] .. "\n")
	result_win:append("\tWindow Full: " .. results["windowfull"] .. "\n")
	result_win:append("\n")
	result_win:append(ip1 .. " -> " .. ip2 .. "\n")
	result_win:append("\tPackets counter: " .. results["counter1to2"] .. "\n")
	result_win:append("\tDuplicate ACK: " .. results["dupack1to2"] .. "\n")
	result_win:append("\tRetransmission: " .. results["retrans1to2"] .. "\n")
	result_win:append("\tFast Retransmission: " .. results["fastretrans1to2"] .. "\n")
	result_win:append("\tZero Window: " .. results["zerowindow1to2"] .. "\n")
	result_win:append("\tWindow Full: " .. results["windowfull1to2"] .. "\n")
	result_win:append("\n")
	result_win:append(ip2 .. " -> " .. ip1 .. "\n")
	result_win:append("\tPackets counter: " .. results["counter2to1"] .. "\n")
	result_win:append("\tDuplicate ACK: " .. results["dupack2to1"] .. "\n")
	result_win:append("\tRetransmission: " .. results["retrans2to1"] .. "\n")
	result_win:append("\tFast Retransmission: " .. results["fastretrans2to1"] .. "\n")
	result_win:append("\tZero Window: " .. results["zerowindow2to1"] .. "\n")
	result_win:append("\tWindow Full: " .. results["windowfull2to1"] .. "\n")
	end

	-- packets counter, total
	local counter_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.port == " .. http_port)
	function counter_tap.reset()
	results["counter"] = 0
	end
	function counter_tap.packet(pinfo, tvb, ip)
	results["counter"] = results["counter"] + 1
	end
	function counter_tap.draw()
	refresh_result()
	end

	-- dupack, total
	local dupack_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.duplicate_ack" .. " && tcp.port == " .. http_port)
	function dupack_tap.reset()
	results["dupack"] = 0
	end
	function dupack_tap.packet(pinfo, tvb, ip)
	results["dupack"] = results["dupack"] + 1
	end
	function dupack_tap.draw()
	refresh_result()
	end

	-- retransmission, total
	local retrans_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.retransmission" .. " && tcp.port == " .. http_port)
	function retrans_tap.reset()
	results["retrans"] = 0
	end
	function retrans_tap.packet(pinfo, tvb, ip)
	results["retrans"] = results["retrans"] + 1
	end
	function retrans_tap.draw()
	refresh_result()
	end

	-- fast retransmission, total
	local fastretrans_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.fast_retransmission" .. " && tcp.port == " .. http_port)
	function fastretrans_tap.reset()
	results["fastretrans"] = 0
	end
	function fastretrans_tap.packet(pinfo, tvb, ip)
	results["fastretrans"] = results["fastretrans"] + 1
	end
	function fastretrans_tap.draw()
	refresh_result()
	end

	-- zero window, total
	local zerowindow_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.zero_window" .. " && tcp.port == " .. http_port)
	function zerowindow_tap.reset()
	results["zerowindow"] = 0
	end
	function zerowindow_tap.packet(pinfo, tvb, ip)
	results["zerowindow"] = results["zerowindow"] + 1
	end
	function zerowindow_tap.draw()
	refresh_result()
	end

	-- window full, total
	local windowfull_tap = Listener.new("frame", "ip.addr == " .. ip1 .. " && ip.addr == " .. ip2 .. " && tcp.analysis.window_full" .. " && tcp.port == " .. http_port)
	function windowfull_tap.reset()
	results["windowfull"] = 0
	end
	function windowfull_tap.packet(pinfo, tvb, ip)
	results["windowfull"] = results["windowfull"] + 1
	end
	function windowfull_tap.draw()
	refresh_result()
	end

	-- packets counter, ip1 -> ip2
	local counter1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.port == " .. http_port)
	function counter1to2_tap.reset()
	results["counter1to2"] = 0
	end
	function counter1to2_tap.packet(pinfo, tvb, ip)
	results["counter1to2"] = results["counter1to2"] + 1
	end
	function counter1to2_tap.draw()
	refresh_result()
	end

	-- dupack, ip1 -> ip2
	local dupack1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.duplicate_ack" .. " && tcp.port == " .. http_port)
	function dupack1to2_tap.reset()
	results["dupack1to2"] = 0
	end
	function dupack1to2_tap.packet(pinfo, tvb, ip)
	results["dupack1to2"] = results["dupack1to2"] + 1
	end
	function dupack1to2_tap.draw()
	refresh_result()
	end

	-- retransmission, ip1 -> ip2
	local retrans1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.retransmission" .. " && tcp.port == " .. http_port)
	function retrans1to2_tap.reset()
	results["retrans1to2"] = 0
	end
	function retrans1to2_tap.packet(pinfo, tvb, ip)
	results["retrans1to2"] = results["retrans1to2"] + 1
	end
	function retrans1to2_tap.draw()
	refresh_result()
	end

	-- fast retransmission, ip1 -> ip2
	local fastretrans1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.fast_retransmission" .. " && tcp.port == " .. http_port)
	function fastretrans1to2_tap.reset()
	results["fastretrans1to2"] = 0
	end
	function fastretrans1to2_tap.packet(pinfo, tvb, ip)
	results["fastretrans1to2"] = results["fastretrans1to2"] + 1
	end
	function fastretrans1to2_tap.draw()
	refresh_result()
	end

	-- zero window, ip1 -> ip2
	local zerowindow1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.zero_window" .. " && tcp.port == " .. http_port)
	function zerowindow1to2_tap.reset()
	results["zerowindow1to2"] = 0
	end
	function zerowindow1to2_tap.packet(pinfo, tvb, ip)
	results["zerowindow1to2"] = results["zerowindow1to2"] + 1
	end
	function zerowindow1to2_tap.draw()
	refresh_result()
	end

	-- window full, ip1 -> ip2
	local windowfull1to2_tap = Listener.new("frame", "ip.src == " .. ip1 .. " && ip.dst == " .. ip2 .. " && tcp.analysis.window_full" .. " && tcp.port == " .. http_port)
	function windowfull1to2_tap.reset()
	results["windowfull1to2"] = 0
	end
	function windowfull1to2_tap.packet(pinfo, tvb, ip)
	results["windowfull1to2"] = results["windowfull1to2"] + 1
	end
	function windowfull1to2_tap.draw()
	refresh_result()
	end

	-- packets counter, ip2 -> ip1
	local counter2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.port == " .. http_port)
	function counter2to1_tap.reset()
	results["counter2to1"] = 0
	end
	function counter2to1_tap.packet(pinfo, tvb, ip)
	results["counter2to1"] = results["counter2to1"] + 1
	end
	function counter2to1_tap.draw()
	refresh_result()
	end

	-- dupack, ip2 -> ip1
	local dupack2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.duplicate_ack" .. " && tcp.port == " .. http_port)
	function dupack2to1_tap.reset()
	results["dupack2to1"] = 0
	end
	function dupack2to1_tap.packet(pinfo, tvb, ip)
	results["dupack2to1"] = results["dupack2to1"] + 1
	end
	function dupack2to1_tap.draw()
	refresh_result()
	end

	-- retransmission, ip2 -> ip1
	local retrans2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.retransmission" .. " && tcp.port == " .. http_port)
	function retrans2to1_tap.reset()
	results["retrans2to1"] = 0
	end
	function retrans2to1_tap.packet(pinfo, tvb, ip)
	results["retrans2to1"] = results["retrans2to1"] + 1
	end
	function retrans2to1_tap.draw()
	refresh_result()
	end

	-- fast retransmission, ip2 -> ip1
	local fastretrans2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.fast_retransmission" .. " && tcp.port == " .. http_port)
	function fastretrans2to1_tap.reset()
	results["fastretrans2to1"] = 0
	end
	function fastretrans2to1_tap.packet(pinfo, tvb, ip)
	results["fastretrans2to1"] = results["fastretrans2to1"] + 1
	end
	function fastretrans2to1_tap.draw()
	refresh_result()
	end

	-- zero window, ip2 -> ip1
	local zerowindow2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.zero_window" .. " && tcp.port == " .. http_port)
	function zerowindow2to1_tap.reset()
	results["zerowindow2to1"] = 0
	end
	function zerowindow2to1_tap.packet(pinfo, tvb, ip)
	results["zerowindow2to1"] = results["zerowindow2to1"] + 1
	end
	function zerowindow2to1_tap.draw()
	refresh_result()
	end

	-- window full, ip2 -> ip1
	local windowfull2to1_tap = Listener.new("frame", "ip.src == " .. ip2 .. " && ip.dst == " .. ip1 .. " && tcp.analysis.window_full" .. " && tcp.port == " .. http_port)
	function windowfull2to1_tap.reset()
	results["windowfull2to1"] = 0
	end
	function windowfull2to1_tap.packet(pinfo, tvb, ip)
	results["windowfull2to1"] = results["windowfull2to1"] + 1
	end
	function windowfull2to1_tap.draw()
	refresh_result()
	end

	function remove_alltap()
	counter_tap:remove()
	dupack_tap:remove()
	retrans_tap:remove()
	fastretrans_tap:remove()
	zerowindow_tap:remove()
	windowfull_tap:remove()

	counter1to2_tap:remove()
	dupack1to2_tap:remove()
	retrans1to2_tap:remove()
	fastretrans1to2_tap:remove()
	zerowindow1to2_tap:remove()
	windowfull1to2_tap:remove()

	counter2to1_tap:remove()
	dupack2to1_tap:remove()
	retrans2to1_tap:remove()
	fastretrans2to1_tap:remove()
	zerowindow2to1_tap:remove()
	windowfull2to1_tap:remove()
	end

	result_win:set_atclose(remove_alltap)

	-- retap all the packets, then all the listeners begin to work.
	retap_packets()

	end

	-- Prompt for ip address
	new_dialog("Please input the address pair", tsa_do, "ip address 1:", "ip address 2:")
	end

	-- register the menu
	register_menu("Tcp Sequence Numbers Analyze", tsa_menu_func, MENU_TOOLS_UNSORTED)