123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 |
- --------------------------------------------------
- -- Author: Cecylia Bocovich <cbocovic@uwaterloo.ca>
- -- Purpose: Extracts statistics about TLS handshakes
- -- Usage: tshark -q <other opts> -Xlua_script:tls_stats.lua -r <trace>
- --------------------------------------------------
- do
- -- Extractor definitions
- ip_addr_extractor = Field.new("ip.addr")
- tcp_src_port_extractor = Field.new("tcp.srcport")
- tcp_dst_port_extractor = Field.new("tcp.dstport")
- tcp_len_extractor = Field.new("tcp.len")
- tcp_stream_extractor = Field.new("tcp.stream")
- local function main()
- local tap = Listener.new("tcp")
- local count = 1
- local total_bytes = 0
- local file = assert(io.open("bandwidth"..tostring(count)..".csv", "w"))
- file:write("time,bytes\n")
- file:close()
- --------------------------------
- ----- Handshake Statistics -----
- --------------------------------
- -- Each stream has a table that holds the following data:
- -- {state = [SHAKING, SHOOK, APPLICATION],
- -- clnt_session_id = [Bytes], srvr_session_id = [Bytes],
- -- session_ticket = [Bytes], resumed = [Boolean],
- -- ccs_received = [Int],
- -- start_time = [Float], end_time = [Float], shake_time = [Float]}
- function stats_tls_handshake(pinfo, tvb)
- local ip_src, ip_dst = ip_addr_extractor()
- local port_src = tcp_src_port_extractor()
- local port_dst = tcp_dst_port_extractor()
- local tcp_len = tcp_len_extractor()
- -- check if stream is already saved
- if(tostring(port_src) == "1080") then
- --This packet is headed back to the browser
- if( not (tostring(tcp_len) == "0")) then
- total_bytes = total_bytes + tonumber(tostring(tcp_len))
- local file = assert(io.open("bandwidth"..tostring(count)..".csv", "a"))
- file:write(tostring(pinfo.abs_ts) .. "," .. tostring(total_bytes).."\n")
- file:close()
- end
- end
- if(tostring(port_dst) == "8888") then
- --start new file
- if(total_bytes > 0) then
- count = count + 1
- end
- total_bytes = 0
- local file = assert(io.open("bandwidth"..tostring(count)..".csv", "w"))
- file:write("time,bytes\n")
- file:close()
- end
- end
- -- start/end times
- local start_time
- local end_time
- function stats_start_end_times(pinfo)
- if (not start_time) then
- start_time = pinfo.abs_ts
- end_time = pinfo.abs_ts
- else
- if ( start_time > pinfo.abs_ts ) then start_time = pinfo.abs_ts end
- if ( end_time < pinfo.abs_ts ) then end_time = pinfo.abs_ts end
- end
- end
- -------------------
- ----- tap functions
- -------------------
- function tap.reset()
- end
- function tap.packet(pinfo,tvb,ip)
- stats_start_end_times(pinfo)
- stats_tls_handshake(pinfo, tvb)
- end
- function tap.draw()
- --print("=== Stream Information ===")
- --print_stream_info()
- print("=== Handshake Statistics ===")
- print("Capture Start Time: " .. tostring(start_time) )
- print("Capture End Time: " .. tostring(end_time) )
- end
- end
- main()
- end
|