seed-emulator icon indicating copy to clipboard operation
seed-emulator copied to clipboard

Published 20 hours ago verified publisher icon seed-labs

Replay the packet flow

Open kevin-w-du opened this issue 4 years ago • 5 comments

When we visualize the packet flow, sometimes things happen too fast, and it is very difficult to see the actual flow. I am thinking about the following recording features:

  • A button to start/stop the recording
  • When the recording starts, the map will record the list of the nodes that are highlighted (in order), until the stop is pressed
  • A button to replay the recorded list. When this button is pressed, the nodes on the recorded list will be highlighted again (in order), but the progress will be delayed a little bit, so we can easily see the progression.

This does not seem to be difficult to implement, what do you think?

kevin-w-du avatar Nov 20 '21 20:11 kevin-w-du

A working version of this feature is now merged to the development branch.

Note the following changes to the requested features:

  • No button for start/stop recording. The UI is always recording packet flow. To clear recording, click the "clear" button in the log panel.
  • To replay, simply click "start replay"; The button will say "stop replay" when playing - click it to stop.
  • To slow down the replay, use the "speed multiplier" slider. Currently, you can go as slow as 0.01x speed and as fast as 2x speed.

magicnat avatar Nov 23 '21 16:11 magicnat

The following changes have been made:

  • Instead of using a time multiplier, a user-defined, fixed amount of delay is used between each event.
  • Instead of sorting events using the time the emulator observes the events, the timestamp from tcpdump is now used to sort the events. This is because multiple packets are captured in one tcpdump output. In order to replay every single packet, events must be sorted using the exact timestamp.
  • Clicking "start replay" now hides the log panel.

magicnat avatar Nov 24 '21 01:11 magicnat

Now, the replay feature is separated into a panel. The panel has:

  • Record start / stop button: toggle recording of events. Overwrites the old recording if one exists.
  • Play / pause button: enter replay mode. If already in replay mode, it toggles play / pause of the recorded events.
  • Stop button: exit replay mode.
  • Step forward button: step forward for one event.
  • Step backward button: step backward for one event.
  • Seek bar: jump to an event.
  • Interval input: the same as old interval input.

The above changes have been merged into the development branch.

magicnat avatar Nov 24 '21 03:11 magicnat

This is great. I have been testing it, and it works very well.

I am also thinking about adding an export button, so we can export the recorded tcpdump data to a pcap file. This way, we can load it to Wireshark to look at the data more closely. If this is too complicated to implement, you can leave it.

kevin-w-du avatar Nov 24 '21 13:11 kevin-w-du

Here is another suggestion: sometimes, there are multiple simultaneous flows in the events, and they interleave with one another, making it difficult to see which one is which. If we can somehow separate these flows using different colors, that will be great. We can simply use the source and destination IP addresses to roughly identify a flow, and then assign a color to it. This is not a very urgent feature. I am just documenting the thought here.

(added) We can just added a Map data structure to the implementation, using src IP and dst IP as the key, while the value will be the color. For each event to be visualized, just look up the color from the Map; if the key does not exists, just add a new entry. So, this does not seem be complicated.

kevin-w-du avatar Nov 24 '21 14:11 kevin-w-du