cbocovic
/
slitheen


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
							--------------------------------------------------
-- Author: Cecylia Bocovich <cbocovic@uwaterloo.ca>
-- Purpose: Extracts statistics about TLS handshakes
-- Usage: tshark -q <other opts> -Xlua_script:tls_stats.lua -r <trace>
--------------------------------------------------

do
    -- Extractor definitions
    ip_addr_extractor = Field.new("ip.addr")
    tcp_src_port_extractor = Field.new("tcp.srcport")
    tcp_dst_port_extractor = Field.new("tcp.dstport")
    tcp_len_extractor = Field.new("tcp.len")
    tcp_stream_extractor = Field.new("tcp.stream")

    local function main()
        local tap = Listener.new("tcp")

        local count = 1
        local total_bytes = 0

        local file = assert(io.open("bandwidth"..tostring(count)..".csv", "w"))
        file:write("time,bytes\n")
        file:close()

        --------------------------------
        ----- Handshake Statistics -----
        --------------------------------

        -- Each stream has a table that holds the following data:
        -- {state = [SHAKING, SHOOK, APPLICATION],
        --  clnt_session_id = [Bytes], srvr_session_id = [Bytes],
        --  session_ticket = [Bytes], resumed = [Boolean],
        --  ccs_received = [Int],
        --  start_time = [Float], end_time = [Float], shake_time = [Float]}

        function stats_tls_handshake(pinfo, tvb)
            local ip_src, ip_dst = ip_addr_extractor()
            local port_src = tcp_src_port_extractor()
            local port_dst = tcp_dst_port_extractor()
            local tcp_len = tcp_len_extractor()
            -- check if stream is already saved

            if(tostring(port_src) == "1080") then
                --This packet is headed back to the browser
                if( not (tostring(tcp_len) == "0")) then
                    total_bytes = total_bytes + tonumber(tostring(tcp_len))
                    local file = assert(io.open("bandwidth"..tostring(count)..".csv", "a"))
                    file:write(tostring(pinfo.abs_ts) .. "," .. tostring(total_bytes).."\n")
                    file:close()

                end
            end

            if(tostring(port_dst) == "8888") then
                --start new file
                if(total_bytes > 0) then
                    count = count + 1
                end
                total_bytes = 0
                local file = assert(io.open("bandwidth"..tostring(count)..".csv", "w"))
                file:write("time,bytes\n")
                file:close()
            end
        end

        -- start/end times
        local start_time
        local end_time
        function stats_start_end_times(pinfo)
            if (not start_time) then
                start_time =  pinfo.abs_ts
                end_time  =  pinfo.abs_ts
            else
                if ( start_time > pinfo.abs_ts ) then start_time = pinfo.abs_ts end
                if ( end_time < pinfo.abs_ts  ) then end_time = pinfo.abs_ts end
            end
        end

-------------------
----- tap functions
-------------------
        function tap.reset()
        end

        function tap.packet(pinfo,tvb,ip)
            stats_start_end_times(pinfo)
            stats_tls_handshake(pinfo, tvb)
        end

        function tap.draw()
            --print("=== Stream Information ===")
            --print_stream_info()
            print("=== Handshake Statistics ===")
            print("Capture Start Time: " .. tostring(start_time) )
            print("Capture End Time: " .. tostring(end_time) )

        end
    end

    main()
end