Minimal UHD N2x0 Packet sequence checker

analyze.py

#!/usr/bin/python2

import dpkt
import argparse

parser = argparse.ArgumentParser()
parser.add_argument("file", help="pcap file to read", type=argparse.FileType("r"))
args = parser.parse_args()

reader = dpkt.pcap.Reader(args.file)
last_seq = 0
for counter, (time, packet) in enumerate(reader):
	eth = dpkt.ethernet.Ethernet(packet)
	udp_data = eth.data.data.data #eth.ip.udp.payload
	sequence_number = ord(udp_data[1]) & 0xF
	if counter and not (last_seq + 1) & 0xF == sequence_number:
		print "Packet {counter:8d}: Seq. Nr {seq:X} does not follow {last:X}. Time {time:f}, length {len:d}B".format(
			counter = counter, seq = sequence_number, last = last_seq,
			time = time, len = len(udp_data)
		)
	last_seq = sequence_number
args.file.close()

n210_capture_samples_only.pcap

I've first filtered the capture to only contain sample packets coming from the device by UDP source port.

Then, I've saved that filtered output in PCAP (as opposed to PCAPng) format, since dpkt (which is the only packet capture analysis python module I'm somewhat familiar with) only knows how to deal with that. See the capture file

Then, I've run the script on that:

./analyze.py n210_capture_samples_only.pcap

giving me

Packet    45788: Seq. Nr 7 does not follow 5. Time 1426104210.261552, length 1472B
Packet    45789: Seq. Nr 6 does not follow 7. Time 1426104210.261187, length 1472B
Packet    45790: Seq. Nr 8 does not follow 6. Time 1426104210.261913, length 1472B
Packet    53602: Seq. Nr D does not follow B. Time 1426104213.097992, length 1472B
Packet    53606: Seq. Nr C does not follow 0. Time 1426104213.097629, length 1472B
Packet    53607: Seq. Nr 1 does not follow C. Time 1426104213.099440, length 1472B

Packets 45788 and 45789 came in reordered, and 53606 should have come after 53601.

• 45788/45789: Ok, hm, switched places on consecutive packets.
• 53601/53606: a packet delayed by four packets? I'm a bit confused.