{"id":13844570,"url":"https://github.com/romain-fontugne/RTTanalysis","last_synced_at":"2025-07-11T23:33:53.762Z","repository":{"id":34129903,"uuid":"37962162","full_name":"romain-fontugne/RTTanalysis","owner":"romain-fontugne","description":"Estimation and analysis of round trip time in TCP traffic","archived":false,"fork":false,"pushed_at":"2022-04-11T19:43:01.000Z","size":19,"stargazers_count":13,"open_issues_count":0,"forks_count":2,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-08-05T17:42:25.866Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/romain-fontugne.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-06-24T04:25:54.000Z","updated_at":"2024-06-12T08:47:27.000Z","dependencies_parsed_at":"2022-08-18T00:35:44.654Z","dependency_job_id":null,"html_url":"https://github.com/romain-fontugne/RTTanalysis","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/romain-fontugne%2FRTTanalysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/romain-fontugne%2FRTTanalysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/romain-fontugne%2FRTTanalysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/romain-fontugne%2FRTTanalysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/romain-fontugne","download_url":"https://codeload.github.com/romain-fontugne/RTTanalysis/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225772647,"owners_count":17521868,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:02:45.878Z","updated_at":"2024-11-21T17:30:24.738Z","avatar_url":"https://github.com/romain-fontugne.png","language":"Python","funding_links":[],"categories":["Python (1887)","Python"],"sub_categories":[],"readme":"# RTTanalysis\nEstimation and analysis of round trip time from TCP traffic.\n\nThese scripts are written in python and traffic traces are read with Ipsumdump. Please make sure you have python and Ipsumdump (https://github.com/kohler/ipsumdump) installed on your computer. The analysis part requires certain python packages that are easily installed with \"pip install\":\n* numpy\n* pandas\n* dpcluster\n* matplotlib (optional)\n\n## RTT Estimation\nTo compute all RTT estimates for each pair of packets (SEQ/ACK) from a pcap file, run the following command:\n```Shell\nipsumdump -tsSdDFQKL --eth-dst -r pcapFile.dump.gz --filter=\"tcp\" | python rttEstimation_TCP.py \u003e rtt.csv\n```\n\nIpsumdump can deal with either a raw or compressed pcap file.\nIf you have to deal with large pcap files, pypy can do the same thing in less time:\n```Shell\nipsumdump -tsSdDFQKL --eth-dst -r pcapFile.dump.gz --filter=\"tcp\" | pypy rttEstimation_TCP.py \u003e rtt.csv\n```\n\nThe resulting csv file look like this:\n```Shell\nhead rtt.csv\n209.114.162.19,134.222.11.65,0.001618,00-16-9C-7C-B0-00\n209.114.168.106,217.134.46.150,0.000250,00-16-9C-7C-B0-00\n209.114.162.19,134.222.11.65,0.001878,00-16-9C-7C-B0-00\n209.114.168.106,97.241.163.189,0.000363,00-16-9C-7C-B0-00\n209.114.163.88,33.143.242.160,0.000294,00-16-9C-7C-B0-00\n209.114.169.91,49.196.160.103,0.005866,00-16-9C-7C-B0-00\n209.114.183.62,119.180.210.20,0.008859,00-16-9C-7C-B0-00\n168.203.147.150,71.29.55.34,0.009997,00-16-9C-7C-B0-00\n119.180.210.20,209.114.183.62,0.000618,00-0E-39-E3-34-00\n209.114.183.62,119.180.210.20,0.009848,00-16-9C-7C-B0-00\n```\n\nThe first and third columns are the most important ones. The third column is the estimated RTT for the IP address given by the first column.\nThe second and fourth columns are the destination IP and MAC address of the TCP acknowledgment packet used to estimate the corresponding RTT.\nNote that multiple RTT estimates are computed for the same TCP flow.\n\n## RTT Analysis\nThe goal here is to identify groups of similar RTT values for each IP address. The dpgmm.py script does this by finding mixed RTT distributions using the Dirichlet Process Gaussian Mixture Model. This script takes as input the CSV file generated previously:\n```Shell\npython dpgmm.py rtt.csv outputDirectory/\n```\nAnd it creates for each IP address a CSV file that looks like this:\n```Shell\ncat outputDirectory/209.114.162.19.csv\n0.00162277498992,3.3783390488e-06\n0.00150017549559,3.77950997701e-06\n0.00174587674708,4.1721750336e-06\n0.00187348282214,4.16300079454e-06\n0.00199608008361,4.96783666398e-06\n```\nEach line represents an RTT distribution and the two values are the corresponding mean and standard deviation.\n\n# Author\nRomain Fontugne (National Institute of Informatics) http://romain.fontugne.free.fr\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fromain-fontugne%2FRTTanalysis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fromain-fontugne%2FRTTanalysis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fromain-fontugne%2FRTTanalysis/lists"}