Skip to content
Create a gist now

Instantly share code, notes, and snippets.

Embed URL


Subversion checkout URL

You can clone with
Download ZIP
generate a timeline using ggplot and tshark
FIELDS = c('frame.time_relative', 'frame.len',
'ip.src', 'tcp.srcport', 'udp.srcport',
'ip.dst', 'tcp.dstport', 'udp.dstport')
PCAP = 'nytimes.pcap'
TSHARK = paste('tshark','-E header=y', '-T fields')
data = read.csv(header=T, sep="\t", pipe(
paste(TSHARK, '-r', PCAP,
str_c(c('-e '), FIELDS, collapse=' '))))
# pick from yes or no, based on q.
select = function(q, yes, no) {
q = as.logical(q)
q[] <- F
result <- rep(no, length.out = length(q))
result[q] <- rep(yes, length.out = length(q))[q]
# Munge some fields -- use either the tcp or udp port for a given connection,
# and determine whether a packet is incoming or outgoing.
data = within(data, {
srcport = select(tcp.srcport, tcp.srcport, udp.srcport)
dstport = select(tcp.dstport, tcp.dstport, udp.dstport)
direction = select(srcport < 1000, "incoming", "outgoing")
server_ip = select(srcport < 1000, ip.src, ip.dst)
local_port = select(srcport < 1000, dstport, srcport)
server_port = select(srcport < 1000, srcport, dstport)
stream = paste(local_port, paste(server_ip, server_port, sep=":"))
p = ggplot(data=data, aes(x=frame.time_relative, y=stream,
color=direction, size=frame.len)) +
geom_point(position=position_jitter(width=0, height=0.2)) +
scale_fill_hue() +
scale_size(range=c(0.5, 5))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.