Last active
August 29, 2015 14:16
-
-
Save marcusmueller/b0ccc0c9b07e6704905a to your computer and use it in GitHub Desktop.
Minimal UHD N2x0 Packet sequence checker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python2 | |
import dpkt | |
import argparse | |
parser = argparse.ArgumentParser() | |
parser.add_argument("file", help="pcap file to read", type=argparse.FileType("r")) | |
args = parser.parse_args() | |
reader = dpkt.pcap.Reader(args.file) | |
last_seq = 0 | |
for counter, (time, packet) in enumerate(reader): | |
eth = dpkt.ethernet.Ethernet(packet) | |
udp_data = eth.data.data.data #eth.ip.udp.payload | |
sequence_number = ord(udp_data[1]) & 0xF | |
if counter and not (last_seq + 1) & 0xF == sequence_number: | |
print "Packet {counter:8d}: Seq. Nr {seq:X} does not follow {last:X}. Time {time:f}, length {len:d}B".format( | |
counter = counter, seq = sequence_number, last = last_seq, | |
time = time, len = len(udp_data) | |
) | |
last_seq = sequence_number | |
args.file.close() |
This file has been truncated, but you can view the full file.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've first filtered the capture to only contain sample packets coming from the device by UDP source port.
Then, I've saved that filtered output in PCAP (as opposed to PCAPng) format, since dpkt (which is the only packet capture analysis python module I'm somewhat familiar with) only knows how to deal with that. See the capture file
Then, I've run the script on that:
giving me
Packets 45788 and 45789 came in reordered, and 53606 should have come after 53601.