Skip to main content

Analyze mptcp traces (.pcap)

Project description

| | |
| --- | --- |
| Documentation (latest) | [![Dev doc](]( |
| Documentation (stable) | [![Master doc](]( |
| License | ![License]( |
| Build Status | [![Build status](]( |
| PyPI |[![PyPI package](]( |
| DOI | [![DOI](](|
[![built with nix](](


Mptcpanalyzer is a python (>=3.6) tool conceived to help with MPTCP pcap analysis (as [mptcptrace] for instance).
It is tested on linux only.

It accepts as input a capture file (.pcap or .pcapng) and from there generates a CSV file
(thanks to tshark, the terminal version of wireshark) with the MPTCP fields
required for analysis.
From there you can:

- list MPTCP connections
- compute statistics on a specific MPTCP connection (list of subflows,
reinjections, subflow actual contributions...)
It accepts as input a capture file (\*.pcap) and depending on from there can :
- export a CSV file with MPTCP fields
- plot data sequence numbers for all subflows
- plot DSN interarrival times
- See [Features](#Features) for more

Most commands are self documented and/or with autocompletion.

Then you have an interpreter with autocompletion that can generate & display plots such as the following:

![Data Sequence Number (DSN) per subflow plot](examples/dsn.png)

You can reference mptcpanalyzer via the following Digital Object Identifier:

# Table of Contents
[How to install](#How-to-install)

# How to install ?

First of all you will need a wireshark version that supports my MPTCP patches.
See the [next section](#Required-wireshark-version) to check for requirements.

Once wireshark is installed you can install mptcpanalyzer via pip:
`$ python3 -mpip install mptcpanalyzer --user`

python3.6 is mandatory since we rely on its type hinting features.
Dependancies are (some will be made optional in the future):

- [stevedore]( to handle the
plugins architecture
- the data analysis library [pandas]( >= 0.17.1
- lnumexpr to run specific queries in pandas
- [matplotlib](http://matplotlib) to plot graphs
- [cmd2]( to generate the command line

# Required wireshark version

- [My wireshark patches](

None pending \o/

You will need a wireshark version that contains:
- [Correctly find reinjections (19 june 2018)](;a=commit;h=dac91db65e756a3198616da8cca11d66a5db6db7)

# How to use ?

mptcpanalyzer can run into 3 modes:
1. interactive mode (default): an interpreter with some basic completion will accept your commands. There is also some help embedded.
2. if a filename is passed as argument, it will load commands from this file
3. otherwise, it will consider the unknow arguments as one command, the same that could be used interactively

For example, we can load an mptcp pcap (I made one available on [wireshark wiki]
( or in this repository, in the _examples_ folder).

Run `$ mptcpanalyzer --load examples/iperf-mptcp-0-0.pcap`. The script will try to generate
a csv file, it can take a few minutes depending on the computer/pcap until the promt shows up.
Type `?` to list available commands (and their aliases). You have for instance:
- `lc` (list connections)
- `ls` (list subflows)
- `plot`
- ...

`help ls` will return the syntax of the command, i.e. `ls []` where is one of the number appearing
in `lc` output.

Look at [Examples](#Examples)

# How to customize plots ?

From simple to hardcore:

1. Mptcpanalyzer itself proposes few flags to customize plots: --title to override the default title and --style.
You can set several --style at the same time, they are passed to matplotlib and as such allow for a wide
[Matplotlib customization](./styles/
1. Some commands can export datasets to a machine readable format such as --csv/--json. Else you can look in mptcpanalyzer cache for the full csv file yourself.
1. Mptcpanalyzer can automatically load (plot) plugins. See the doc.
1. Your last hope is to fork the project. Have fun !

# Examples

Plot One Way Delays from a connection:
`plot owd tcp examples/client_2_filtered.pcapng 0 examples/server_2_filtered.pcapng 0 --display`

Plot tcp sequence numbers in both directions:
`plot tcp_attr`

Get a summary of an mptcp connection
> load_pcap examples/server_2_filtered.pcapng
> summary 0

Map between server and client pcaps:

>map_tcp_connection examples/client_1_tcp_only.pcap examples/server_1_tcp_only.pcap 0
>print_owds examples/client_1_tcp_only.pcap examples/server_1_tcp_only.pcap 0 0

Map between server and client pcaps:
> map_mptcp_connection examples/client_2_filtered.pcapng examples/client_2_filtered.pcapng 0
2 mapping(s) found
0 <-> 0.0 with score=inf <-- should be a correct match 0: <-> (mptcpdest: Server) mapped to 0: <-> (mptcpdest: Server) with score=inf 2: <-> (mptcpdest: Server) mapped to 2: <-> (mptcpdest: Server) with score=inf 4: <-> (mptcpdest: Server) mapped to 4: <-> (mptcpdest: Server) with score=inf 6: <-> (mptcpdest: Server) mapped to 6: <-> (mptcpdest: Server) with score=inf
0 <-> 1.0 with score=0 0: <-> (mptcpdest: Server) mapped to 1: <-> (mptcpdest: Server) with score=30 2: <-> (mptcpdest: Server) mapped to 3: <-> (mptcpdest: Server) with score=30 4: <-> (mptcpdest: Server) mapped to 5: <-> (mptcpdest: Server) with score=30 6: <-> (mptcpdest: Server) mapped to 7: <-> (mptcpdest: Server) with score=30

# How to contribute

See the [doc](


- use configobj to load config defaults/validation ?
- as in mptcpplot plot some events (e.g., MP\_JOIN) differently ?
- choose colors of subflows


1. Why packets ids don't match the frame.number from my pcap ?

# Similar tools

If I have forgotten about your tool, file an issue, for know we are aware of:
- [mptcptrace] with some examples [here](
- [mptcpplot] with [generated output example](


Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
mptcpanalyzer-0.3-py3-none-any.whl (85.0 kB) Copy SHA256 hash SHA256 Wheel py3
mptcpanalyzer-0.3.tar.gz (36.4 MB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page