whireshark script to show how sack make throughput jitter

tcpflow.lua

-- run by
-- "C:\Program Files\Wireshark\tshark" -Q -r ftp.pcapng -X lua_script:tcpflow.lua
local server = "1.1.1.1"
local tap = Listener.new("tcp", "ip.addr == "..server)

function gen_acc(seq) 
	local datas = {}
	local sum = 0
	local last_sum = 0

	function update(sid, ack) 
		if not datas[sid] then
		datas[sid] = ack
		sum = sum + ack
		else
		sum = sum + ack 
		if (seq) then sum = sum - datas[sid] end
		datas[sid] = ack
		end
	end
	function reset()
		local diff = sum - last_sum
		last_sum = sum
		return diff
	end
	
	return update, reset
end

local last_ts = 0.0

local tcp_update, tcp_reset = gen_acc(true)
local raw_update, raw_reset = gen_acc(false)
local re_update, re_reset = gen_acc(false)

local retrans = Field.new("tcp.analysis.retransmission")

function tap.packet(pinfo,tvb,tcp)
--print("packet called")
--    local stream, ack = tostring(tcp.stream), tostring(tcp.ack)
--	print(stream, ack)
   --print(tcp)
   local ack, sid = tostring(tcp.th_ack), tostring(tcp.th_stream)
   local rawlen = pinfo.len
   
   if (tostring(pinfo.dst) == server) then    
	tcp_update(sid, ack)
   end
   if (tostring(pinfo.src) == server) then
    if (retrans()) then
	  re_update(sid, rawlen)
	end
	raw_update(sid, rawlen)
   end
   
   local deltats = pinfo.rel_ts - last_ts
   if (deltats > 0.1) then
      print(pinfo.rel_ts, tcp_reset(), raw_reset(), re_reset())
	  last_ts = pinfo.rel_ts	  
   end
   --print(pinfo.rel_ts, sid, ack)
   --for k,_ in pairs(tcp) do print(k) end
end